Create Subkey Binding

[David Shaw]

On Thu, Jan 23, 2003 at 11:39:11PM -0600, Laager, Richard James wrote:

> I have a DSS/DH key pair that I'm trying to use with GPG. It refuses
> to encrypt to the key because there is no subkey (i.e. gpg --list-key
> 0xMYKEYID doesn't list any "sub" keys). However, gpg --edit-key
> 0xMEKEYID...toggle lists the ssb. PGP 7.0.3 lists the key as having a
> subkey, but doesn't allow it to be used for encryption. Running
> pgpdump shows that there is no subkey binding. How can I create a
> subkey binding so that this key can be used?

Let me make sure I understand what you are trying to do - you have a
secret/public keypair that has no subkey binding, so you want to add a
binding to the subkey so you can use it.  There is no easy way to do
this, as GnuPG obviously wants to reject an invalid/corrupt subkey.
You'd have to patch the code to override the checks and force GnuPG to
put a binding signature in place.

> P.S. For those that are curious, I'm trying to import a key from
> s-mail.com. If someone has an easier way to do this, I'd take that as
> well. I'd still be curious to know if it's possible to add a subkey
> binding.

I took a look at s-mail.com, and it looks rather similar to hushmail.
Was the key generated by s-mail.com and exported to you?  Subkeys
without bindings are not at all secure since any random person can
insert one and become a man in the middle.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson