GnuPG key with subkeys garbled by PGP 5?

Rich Wales richw@webcom.com
Fri Sep 1 05:42:57 CEST 2000


L. Sassaman wrote:

	> There have been problems with GnuPG's handling of
	> subkeys for some time.  (I'm not 100% sure if the
	> problem stems entirely from GnuPG, but there are
	> clearly compatibility problems with PGP keys that
	> have multiple subkeys.)

Hmmm.  I tried using "gpg --list-packets" on my new key (the original
version, not the corrupted copy from the key server); see below for
the results, with an attempt on my part to annotate it (someone please
let me know if I got it wrong).

I'm still trying to learn the fine points of the key format, but one
thing looks strange to me here.  The signature packets on the main
key and the secondary user ID both contain type-9 subpackets with
expiration info (90 days) -- even though I specified that the main
key should never expire when I created it.  I did specify a 90-day
lifetime for the first subkey (which I created at the same time as
the main key), and I wonder if GnuPG may possibly have picked up
this expiration info and misapplied it to the main key.

For what it may (or may not) be worth, I also did "gpg --list-packets"
on the corrupted copy of my key which I retrieved from the key server.
This showed the signatures on each user ID in a different order (the
self-signature was last instead of first).  Also, the signatures on
the first two subkeys were gone; only the last subkey had its signature
intact.

Rich Wales         richw@webcom.com         http://www.webcom.com/richw/

========================================================================

[main key]
    :public key packet:
	    version 4, algo 17, created 967581340, expires 0
	    pkey[0]: [1024 bits]
	    pkey[1]: [160 bits]
	    pkey[2]: [1022 bits]
	    pkey[3]: [1023 bits]

[primary user ID]
    :user ID packet: "Rich Wales 2000/08/29 (GnuPG) <richw@webcom.com>"

[self-signature on primary user ID]
    :signature packet: algo 17, keyid 52EF6AD6A0301298
	    version 4, created 967581340, md5len 0, sigclass 13
	    digest algo 2, begin of digest f1 3c
	    hashed subpkt 2 len 5 (sig created 2000-08-29)
	    hashed subpkt 9 len 5 (key expires after 90d0h0m)
	    hashed subpkt 11 len 4 (pref-sym-algos: 10 4 3)
	    hashed subpkt 21 len 3 (pref-hash-algos: 3 2)
	    hashed subpkt 22 len 3 (pref-zip-algos: 2 1)
	    hashed subpkt 23 len 2 (key server preferences)
	    subpkt 16 len 9 (issuer key ID 52EF6AD6A0301298)
	    data: [159 bits]
	    data: [160 bits]

[signature on primary user ID, by key 0x2414EC47]
    :signature packet: algo 17, keyid 49B6492E2414EC47
	    version 4, created 967582247, md5len 0, sigclass 10
	    digest algo 2, begin of digest 4c 4d
	    hashed subpkt 2 len 5 (sig created 2000-08-29)
	    subpkt 16 len 9 (issuer key ID 49B6492E2414EC47)
	    data: [159 bits]
	    data: [159 bits]

[signature on primary user ID, by RSA key 0xFDF8FC65]
    :signature packet: algo 1, keyid 49B85F4CFDF8FC65
	    version 3, created 967755631, md5len 5, sigclass 10
	    digest algo 1, begin of digest 78 e2
	    data: [2048 bits]

[secondary user ID]
    :user ID packet: "Don't use this key for sensitive material
	    <experimental@use.only>"

[self-signature on secondary user ID]
    :signature packet: algo 17, keyid 52EF6AD6A0301298
	    version 4, created 967582026, md5len 0, sigclass 13
	    digest algo 2, begin of digest c4 76
	    hashed subpkt 2 len 5 (sig created 2000-08-29)
	    hashed subpkt 9 len 5 (key expires after 90d0h0m)
	    hashed subpkt 11 len 4 (pref-sym-algos: 10 4 3)
	    hashed subpkt 21 len 3 (pref-hash-algos: 3 2)
	    hashed subpkt 22 len 3 (pref-zip-algos: 2 1)
	    hashed subpkt 23 len 2 (key server preferences)
	    subpkt 16 len 9 (issuer key ID 52EF6AD6A0301298)
	    data: [158 bits]
	    data: [157 bits]

[signature on secondary user ID, by key 0x2414EC47]
    :signature packet: algo 17, keyid 49B6492E2414EC47
	    version 4, created 967582254, md5len 0, sigclass 10
	    digest algo 2, begin of digest 0a 04
	    hashed subpkt 2 len 5 (sig created 2000-08-29)
	    subpkt 16 len 9 (issuer key ID 49B6492E2414EC47)
	    data: [159 bits]
	    data: [159 bits]

[signature on secondary user ID, by RSA key 0xFDF8FC65]
    :signature packet: algo 1, keyid 49B85F4CFDF8FC65
	    version 3, created 967755641, md5len 5, sigclass 10
	    digest algo 1, begin of digest 8b 83
	    data: [2046 bits]

[first subkey]
    :public sub key packet:
	    version 4, algo 16, created 967581629, expires 0
	    pkey[0]: [4096 bits]
	    pkey[1]: [3 bits]
	    pkey[2]: [4096 bits]

[self-signature on first subkey]
    :signature packet: algo 17, keyid 52EF6AD6A0301298
	    version 4, created 967581629, md5len 0, sigclass 18
	    digest algo 2, begin of digest 27 79
	    hashed subpkt 2 len 5 (sig created 2000-08-29)
	    hashed subpkt 9 len 5 (key expires after 90d0h0m)
	    subpkt 16 len 9 (issuer key ID 52EF6AD6A0301298)
	    data: [158 bits]
	    data: [160 bits]

[second subkey]
    :public sub key packet:
	    version 4, algo 16, created 967749467, expires 0
	    pkey[0]: [2048 bits]
	    pkey[1]: [3 bits]
	    pkey[2]: [2048 bits]

[self-signature on second subkey]
    :signature packet: algo 17, keyid 52EF6AD6A0301298
	    version 4, created 967749467, md5len 0, sigclass 18
	    digest algo 2, begin of digest 4d 51
	    hashed subpkt 2 len 5 (sig created 2000-08-31)
	    hashed subpkt 9 len 5 (key expires after 90d0h0m)
	    subpkt 16 len 9 (issuer key ID 52EF6AD6A0301298)
	    data: [156 bits]
	    data: [159 bits]

[third subkey]
    :public sub key packet:
	    version 4, algo 16, created 967763695, expires 0
	    pkey[0]: [1024 bits]
	    pkey[1]: [3 bits]
	    pkey[2]: [1024 bits]

[self-signature on third subkey]
    :signature packet: algo 17, keyid 52EF6AD6A0301298
	    version 4, created 967763695, md5len 0, sigclass 18
	    digest algo 2, begin of digest 40 42
	    hashed subpkt 2 len 5 (sig created 2000-08-31)
	    hashed subpkt 9 len 5 (key expires after 90d0h0m)
	    subpkt 16 len 9 (issuer key ID 52EF6AD6A0301298)
	    data: [160 bits]
	    data: [160 bits]

========================================================================



More information about the Gnupg-devel mailing list