Key version games (was Re: problem with exporting subkeys)

disastry@saiknes.lv disastry@saiknes.lv
Thu Feb 28 19:55:01 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

David Shaw dshaw@jabberwocky.com wrote:
> > David Shaw dshaw@jabberwocky.com wrote:
> > > > Second question: why GPG chokes on it?
> > > 
> > > Judging from the listing you posted, it seems you did
> > > --export-secret-subkeys on a v3 key (mixed in with your v4 keys).  V3
> > > keys do not work with --export-secret-subkeys, and in fact cause the
> > > resulting file to be unusable.
> > > 
> > > I just committed a fix which makes --export-secret-subkeys ignore v3
> > > keys.
> > > David
> > 
> > note that v3 keys also can have subkeys. OpenPGP does not forbid it.
> > I have even seen v3 keys with subkeys.
> 
> Are you sure?

yes. at lest I'm sure that such keys do exist.

>  Section 10.1 ("Transferable Public Keys") says:
> 
>   However, any V4 key may have subkeys, and the subkeys may be
>   encryption-only keys, signature-only keys, or general-purpose keys.
> 
> That doesn't exactly forbid it, true, but also section 11.1 ("Key
> structures") does not show subkeys at all in the v3 allowable format
> which is a stronger statement.
> 
> We should construct such a key and see if any programs break with it.
> Where did you see it?

I have one on my keyring, I put it on web page at
http://disastry.dhs.org/pgp/testkeys/testv3withsubkey.asc

I don't remember from where I got this key, but I don't think
that I generated it myself, because it have passphrase "test"
(all may test keys have passphrase "a" or "12345678" :) )

but I also remember seen real (not test) key belonging to some person.
I can't find it...  it was RSAv3 key with Elgamal subkey.

GPG allows (maybe it does not allow now, but at least
older versions allowed) to add subkeys to v3 keys.

> Speaking of key versions - I spent some time looking at what versions
> were permitted with what a while ago and one thing that does seem to
> be explicitly permitted is v4 keys with v3 subkeys.  I did test this
> and PGP supports it (though this may be accidental support).  GnuPG
> 1.0.6 only partially supports it, but I fixed that in 1.0.7.
> 
> Florian, this can give you the unchangeable expiration date that you
> wanted, if you're willing to accept the restrictions (RSA only, etc.)
> on v3 keys :)
> David

btw, v3 subkeys are (seems to be) allowed too,
section 5.5.2. Public Key Packet Formats
   "A version 3 public key or public subkey packet contains:"


some time ago I did some experiments - added key to other key as subkey,
and converted subkey to key :) it worked.
test results here  http://disastry.dhs.org/pgp/testkeys
                       key       subkey
tstDSADSA.asc      0xA496AC49  0xCD80EA04
tstDSADSA-sub.asc  0xCD80EA04
tstRSADSA.asc      0x0FD8A43F  0xF3A46303
tstDSADSA-RSA2.asc 0xA496AC49  0x0FD8A43F

__
Disastry  http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
 ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
      AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1

iQA/AwUBPH5gFzBaTVEuJQxkEQM2xgCg8DJDWVFeW4uZS80GFWspQ83IEHAAn1/j
gBeCC+4Jp6G5C0JbG4V3PkhP
=TgR6
-----END PGP SIGNATURE-----