v3 subkeys and signatures (was: Using second keyring may be)

David Shaw dshaw at jabberwocky.com
Sat Jun 23 22:41:19 CEST 2012


On Jun 23, 2012, at 9:59 AM, Georgi Guninski <guninski at guninski.com> wrote:

> On Sat, Jun 23, 2012 at 09:21:05AM -0400, David Shaw wrote:
>> Yes. Werner and I were discussing this in the context of the OpenPGP spec. In OpenPGP, v3 keys cannot have subkeys (it's in section 11 - "V3 keys MUST NOT have subkeys"). GPG actually allowed this for a while until the spec was changed.  If you patch the code, you can of course make it do anything you want :)
>> 
> 
> 
> I meant patched gpg generated the keys, testing was done with vanilla gpg.

Yes, this makes sense.  GPG won't generate a subkey on a V3 key (or a V3 subkey at all), but might accept them if generated elsewhere.  So you had to patch things to make the key, but no patch is needed to use the key.

David



More information about the Gnupg-devel mailing list