subkey binding signature with no usage flags and/or a critical notation
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Mar 13 22:30:36 CET 2013
On 03/13/2013 07:22 AM, Christian Aistleitner wrote:
> With GnuPG 2.0.19, this signature is considered a bad signature. It
> says so, when trying to import the key:
Ah, interesting. Thanks for pointing this out. I was only looking at
it from the keyring which generated the subkey binding signature in the
first place.
When i gpg --import with 1.4.12, i see something similar to what you see:
0 dkg at alice:~/src/gnupg/usage-tests$ chmod 0700 x
0 dkg at alice:~/src/gnupg/usage-tests$ export GNUPGHOME=x
0 dkg at alice:~/src/gnupg/usage-tests$ gpg --import < example.key
gpg: keyring `x/secring.gpg' created
gpg: keyring `x/pubring.gpg' created
gpg: assuming bad signature from key C9A3FA35 due to an unknown critical bit
gpg: x/trustdb.gpg: trustdb created
gpg: key C9A3FA35: public key "test key with dsa subkey" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
0 dkg at alice:~/src/gnupg/usage-tests$ gpg --edit-key test
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub 1024R/C9A3FA35 created: 2013-03-05 expires: 2013-04-04 usage: SC
trust: unknown validity: unknown
sub 512D/48B80074 created: 2013-03-07 expires: 2013-04-06 usage: SCA
sub 768D/5BA8B581 created: 2013-03-12 expires: 2013-03-19 usage: SCA
[ unknown] (1). test key with dsa subkey
gpg>
>> * what should GnuPG do when presented with a subkey binding signature
>> with an all-zero usage flags subpacket?
>
> RFC 4880, § 5.2.3.21:
>
> If a
> list is shorter than an implementation expects, the unstated flags
> are considered to be zero.
>
> Although this sentence comes with a vague precondition of the
> implementation expecting something, I'd nevertheless interpret a key
> flags subpacket being all-zero, as signalling that this key should
> /not/ be used for signing, encrypting, ...
So there might be three cases (setting aside the notation business for
the moment):
0) the first case has no key usage flags subpacket at all -- this might
be a legacy key, for example, before the usage flag subpacket existed.
1) a key usage flags subpacket exists, but is 0 octets
2) a key usage flags subpacket exists, is 1 octet in length, with a
value of 0x00.
I think gpg is definitely doing the wrong thing with case 2. I think
it's doing the right thing with case 0, and i haven't managed to test
case 1 yet (i think case 1 should properly be handled like case 2 based
on the section you quote above.
>> * (less importantly) should GnuPG be able to generate such a subkey
>> binding signature?
>
> If it's hidden behind --expert, I would not mind. However, I do not
> see a really compelling use case for allowing to generate such a
> key. Well, maybe the OTR usage you mentioned on the IETF mailing list
> just is such a use case :-)
that's why i'm asking :)
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130313/aec98793/attachment.sig>
More information about the Gnupg-devel
mailing list