BUG?: gpg 1.4.9 uses incorrect OpenPGP key type when creating subkeys via --edit-key

David Shaw dshaw at jabberwocky.com
Fri Jul 4 01:23:13 CEST 2008

On Jul 3, 2008, at 6:49 PM, Adam M. wrote:

> When creating RSA Encrypt-Only (type 2) or RSA Sign-Only (type 3)  
> subkeys using the --edit-key "addkey" command, gpg 1.4.9 seems to  
> create the subkey as type 1 (RSA [Encrypt or Sign]).
> Either that, or --list-keys --with-colons reports the type as 1 even  
> when it's actually 2 or 3.
> Since GPG forces the user to choose RSA Encrypt-Only or RSA Sign- 
> Only, you'd expect it to actually use that in the created subkey.

Not a bug.  RFC-4880:

13.5. RSA

    There are algorithm types for RSA Sign-Only, and RSA Encrypt-Only
    keys.  These types are deprecated.  The "key flags" subpacket in a
    signature is a much better way to express the same idea, and
    generalizes it to all algorithms.  An implementation SHOULD NOT
    create such a key, but MAY interpret it.

We use key flags to indicate the intended use of the key.


More information about the Gnupg-devel mailing list