[rob@io.com] Bug#24222: gnupg: --pubkey-algo option has no effect

James Troup james at nocrew.org
Sat Jul 4 15:53:08 CEST 1998 

Hi,

This is a bug report reported via the Debian Bug Tracking System[1],
please reply to 24222 at bugs.debian.org and rob at io.com as well as the
list.

[1] http://www.debian.org/Bugs/

-- 
James
~Yawn And Walk North~                                  http://yawn.nocrew.org/
------- Start of forwarded message -------
Subject: Bug#24222: gnupg: --pubkey-algo option has no effect
Reply-To: rob at io.com, 24222 at bugs.debian.org
Resent-From: rob at io.com
Resent-To: debian-bugs-dist at lists.debian.org
Resent-CC: James Troup <jjtroup at comp.brad.ac.uk>
Resent-Date: Fri, 03 Jul 1998 21:18:04 GMT
Resent-Message-ID: <handler.24222.B.8995004726279 at bugs.debian.org>
Resent-Sender: iwj at debian.org
Message-Id: <m0ysD9b-000I2lC at selene.ddns.org>
Date: Fri, 3 Jul 1998 16:13:59 -0500 (CST)
From: rob at io.com
To: submit at bugs.debian.org

Package: gnupg
Version: 0.3.0-2

It appears that the --pubkey-algo option doesn't do anything; I've
looked through the source and this does indeed seem to be the case, as
the value is retrieved and stored in the "opt" structure but never
referenced anywhere.  (I would attempt to fix it myself, but as I am
in the US it would be pointless to do so.)

This causes problems with multi-algorithm keys, since gpg will always
use the first key even if it is inappropriate.  Since the default when
creating a new key is to create both a DSA and an ElGamal key -- which
appear in that order -- this makes encryption impossible, since the
DSA key can only be used for signing and there is no way to force the
use of the Elgamal key.  The inverse, creating an Elgamal key and then
adding a DSA key, is merely pointless since the DSA key can't be
used.

(The use of --pubkey-algo seems like it probably ought to be
unnecessary anyway -- during encryption, it ought to skip a sign-only
key, and during signing it ought to prefer a DSA key if one is
available given that the documentation says that signing using Elgamal
is deprecated.)


-- System Information
Debian Release: 2.0
Kernel Version: Linux selene 2.0.34 #1 Sun Jun 7 01:56:33 EST 1998 i486 unknown

Versions of the packages gnupg depends on:
hi  libc6           2.0.7r-1       The GNU C library version 2 (run-time files)
ii  zlib1g          1.1.2-0.1      compression library - runtime
------- End of forwarded message -------

More information about the Gnupg-devel mailing list