keyflag subpacket and key expiration subpacket

Christoph Anton Mitterer cam at mathematica.scientia.net
Fri Dec 16 00:36:37 CET 2005


David Shaw wrote:

>It's tradition and history.  GnuPG will accept subpackets on either
>the 0x13 (0x10, 0x11, 0x12) or 0x1F, of course, but only generates the
>0x13.
>
So does this mean if a key would have its key-exp-time/key-flags on an 
0x1F that gpg would understand this?
All the other subpackets, that don't refer to a signature itself (like 
creation/expiration time of the sig/exportability), preferred algos and 
even things like the features subpacket would make sense on a 0x10-0x13 
selfsig indeed.


>If we switched over to 0x1F, we'd probably break compatibility
>with other OpenPGP implementations.
>  
>
Well these applications are not really implementations of OpenPGP. The 
standard clearly specifies which parts an implementation must not 
implement. And as far as I can see implementations are allowed to don't 
implement subpackets (but in that case they must consider these packets 
if the critical bit is set) but they aren't allowed to recognize 
subpackets only on specifiv sig-types (expect those where the standard 
itself allows a subpacket type only on special sig-types).


>I agree, though, that things like key expiration would really make
>more sense on a 0x1F sig.
>  
>
Yes,.. as an intermediate improvement, gpg could create the subpackets 
(key-exp and key flags) on a primary-flagged sig only.

>>btw: in keyid.c there's the method usagestr_from_pk() is it a bug that 
>>only keys that have the S-flag can have a C-flag, too?
>>    
>>
>I assume you're looking at 1.4.2.  No, it's not a bug because in 1.4.2
>there is only one internal flag (PUBKEY_USAGE_SIG) for both sign and
>certify.  The extra check for a primary key is just so the "C" flag is
>set in the display string.
>
>It's different in 1.4.3, by the way, where PUBKEY_USAGE_CERT is used
>in addition to PUBKEY_USAGE_SIG.  None of this is visible from the
>outside though.
>  
>
Ahh, ooops,.. you're right :-) .


Best wishes,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cam.vcf
Type: text/x-vcard
Size: 449 bytes
Desc: not available
Url : /pipermail/attachments/20051216/07fa4595/cam.vcf


More information about the Gnupg-devel mailing list