bug in key flags on self-sigs
Len Sassaman
rabbi@abditum.com
Tue Sep 3 15:48:07 2002
I think I've found a bug in GnuPG's key flags allocation.
I had an RSA v4 key (created with PGP 7.0 beta 115, I think) with key flag
0x3 on the pubkey selfsig, and 0xC on the subkey binding sig.
I used GnuPG 1.0.7 to add a new uid, and it put the key flag 0xF in the
self-sig. This turned my primary signing-only key into a sign and encrypt
key. Ugh.
This might be an argument for not deprecating the "RSA sign only" and "RSA
encrypt only" key types. I don't like key function being able to be
changed by a wiley program. If fundamental key usage such as this were to
be specified in the actual OpenPGP certificate area, rather than in the
self-sig, this problem would never have happened.
--Len.