bug in key flags on self-sigs

Len Sassaman rabbi at abditum.com
Tue Sep 3 16:48:07 CEST 2002

I think I've found a bug in GnuPG's key flags allocation.

I had an RSA v4 key (created with PGP 7.0 beta 115, I think) with key flag
0x3 on the pubkey selfsig, and 0xC on the subkey binding sig.

I used GnuPG 1.0.7 to add a new uid, and it put the key flag 0xF in the
self-sig. This turned my primary signing-only key into a sign and encrypt
key. Ugh.

This might be an argument for not deprecating the "RSA sign only" and "RSA
encrypt only" key types. I don't like key function being able to be
changed by a wiley program. If fundamental key usage such as this were to
be specified in the actual OpenPGP certificate area, rather than in the
self-sig, this problem would never have happened.


More information about the Gnupg-devel mailing list