subkey binding signature with no usage flags and/or a critical notation

Daniel Kahn Gillmor dkg at
Tue Mar 19 16:25:25 CET 2013

On 03/19/2013 10:52 AM, Werner Koch wrote:
> On Fri, 15 Mar 2013 21:34, dkg at said:
>> i think the empty string is a clear and unambiguous description of "no
>> key flags set".  I don't see a need to special-case a "-", but i'd be
> There is another option: Add an '?' if tehre is any unknown key flag.

yep, this makes sense to me, assuming you mean that some unknown key
flag is set (that is, that the bit is 1, not 0) -- but ? shouldn't be
present if there is an all-zero usage flags subpacket.

>> My patch was just removing 3 lines ( ~ 30 bytes ) from
>> do_add_key_flags() in g10/keygen.c -- i don't see any sort of copyright
>> pertaining at all, but i'm fine waiting if you want me to wait.
> Okay, send again.

it's attached to this mail.

>> I'm assuming you are OK applying the subkey flag usage fix (your patch)
>> to all maintained branches; it's just the patch that allows one to
> Sure.  It is a bug.

great.  thanks!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: allow-empty-usage-flags.patch
Type: text/x-patch
Size: 219 bytes
Desc: not available
URL: </pipermail/attachments/20130319/65654bc8/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130319/65654bc8/attachment.sig>

More information about the Gnupg-devel mailing list