BUG?: gpg 1.4.9 uses incorrect OpenPGP key type when creating subkeys via --edit-key
David Shaw
dshaw at jabberwocky.com
Fri Jul 4 01:23:13 CEST 2008
On Jul 3, 2008, at 6:49 PM, Adam M. wrote:
> When creating RSA Encrypt-Only (type 2) or RSA Sign-Only (type 3)
> subkeys using the --edit-key "addkey" command, gpg 1.4.9 seems to
> create the subkey as type 1 (RSA [Encrypt or Sign]).
>
> Either that, or --list-keys --with-colons reports the type as 1 even
> when it's actually 2 or 3.
>
> Since GPG forces the user to choose RSA Encrypt-Only or RSA Sign-
> Only, you'd expect it to actually use that in the created subkey.
Not a bug. RFC-4880:
13.5. RSA
There are algorithm types for RSA Sign-Only, and RSA Encrypt-Only
keys. These types are deprecated. The "key flags" subpacket in a
signature is a much better way to express the same idea, and
generalizes it to all algorithms. An implementation SHOULD NOT
create such a key, but MAY interpret it.
We use key flags to indicate the intended use of the key.
David
More information about the Gnupg-devel
mailing list