[Announce] GnuPG 1.2.3 patch to remove ElGamal signing keys
Miguel Coca
mcoca at gnu.org
Thu Nov 27 15:05:37 CET 2003
On Thu, Nov 27, 2003 at 09:32:55 +0100, Werner Koch wrote:
> Hi,
>
> David Shaw wrote a patch against GnuPG 1.2.3 to disable the ability to
> create signatures using the ElGamal sign+encrypt (type 20) keys as
> well as to remove the option to create such keys.
>
> This patch will go into the next release; if you feel better with
> those flawed features disabled, you may want to apply this patch.
Hi,
This patch has a bug. It won't keep the key from being used if it's
the default one. I moved away my ~/.gnupg, created an ElGamal key, and
it allows me to sign with it:
$ ~/local/bin/gpg -a --sign
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
You need a passphrase to unlock the secret key for
user: "Prueba <nadie at example.com>"
768-bit ELG key, ID A4932F16, created 2003-11-27
Enter passphrase:
I need to manually specify the key on the command line:
$ ~/local/bin/gpg -u A4932F16 -a --sign
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: skipped `A4932F16': unusable secret key
gpg: signing failed: unusable secret key
This happens with both gnupg 1.2.3 and 1.3.3.
Hope this helps,
--
Miguel Coca (mcoca at gnu.org) http://miguel.cocabarrionuevo.com/
OpenPGP: E60A CBF4 5C6F 914E B6C1 C402 8C4D C7B6 27FC 3CA8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20031127/61ebe325/attachment.bin
More information about the Gnupg-devel
mailing list