Expiry bug (can convert v3 key to current?)
Werner Koch
wk@gnupg.org
Thu Jun 28 08:50:01 2001
|| On Wed, 27 Jun 2001 14:25:55 -0700 (PDT)
|| Len Sassaman <rabbi@quickie.net> wrote:
ls> You can't make DSA signing subkeys with GnuPG.
You can. And it makes sense: GnuPG has that feature to replace the
secret primary key with a stub so that if your box gets compromised,
you can just revoke the subkeys and create new subkeys using your
offline stored secret primary key. Since 1.0.5 GnuPG favors a subkey
over the primary key unless you force using a specific key by appendig
a '!' to the keyID:
gpg -sbu 0x12345678 foo.txt
selects a suitable subkey/primary key from a keyblock
containing this keyID, whereas
gpg -sbu 0x12345678! foo.txt
will use the subkey/primary key with the ID 0x1234567 or complain.
(Using --debug 64 shows the process of selecting the key).
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus