keyflag subpacket and key expiration subpacket

David Shaw dshaw at jabberwocky.com
Thu Dec 15 22:43:32 CET 2005


On Thu, Dec 15, 2005 at 02:54:27AM +0100, Christoph Anton Mitterer wrote:
> Hi.
> 
> Everything applies to primary keys only:
> 
> Why does gpg store the key flags (subpacket 27) and the key expiration 
> time (subpacet 9) in a typ 0x13 selfsignature? Of course the standard 
> allows this but wouldn't a 1F-sig be more appropriate?

It's tradition and history.  GnuPG will accept subpackets on either
the 0x13 (0x10, 0x11, 0x12) or 0x1F, of course, but only generates the
0x13.  If we switched over to 0x1F, we'd probably break compatibility
with other OpenPGP implementations.

I agree, though, that things like key expiration would really make
more sense on a 0x1F sig.

> btw: in keyid.c there's the method usagestr_from_pk() is it a bug that 
> only keys that have the S-flag can have a C-flag, too?

I assume you're looking at 1.4.2.  No, it's not a bug because in 1.4.2
there is only one internal flag (PUBKEY_USAGE_SIG) for both sign and
certify.  The extra check for a primary key is just so the "C" flag is
set in the display string.

It's different in 1.4.3, by the way, where PUBKEY_USAGE_CERT is used
in addition to PUBKEY_USAGE_SIG.  None of this is visible from the
outside though.

David



More information about the Gnupg-devel mailing list