Signing sub-key with PGP
Wed May 23 15:53:02 2001

Hash: RIPEMD160

Patrice Fournier wrote:

> Please CC: your answers to me as I'm not a member of the mailing list.
> Hi,
> I need to sign messages in an automated setup. While the box is not
> multi-user, I'd prefer not to have the main key with no password. I looked
> at FAQ #4.13 and made my signing subkey and tried to interoperate with PGP
> 6/7 before doing the next steps.
> First test I made was to try to encrypt something to that user from PGP.
> It failed with an error about the key being invalid for encryption. I then
> decided to add a second encryption subkey and revoke the first one. (all
> subkeys have the same expiration day) Now that the last key is an
> encryption key, PGP is using it and encrypt sucessfully.
> Now, I signed a message with my signing subkey and tried to verify it with
> PGP 6 and 7. PGP 6 said the signature was bad while PGP 7 said the signing
> algorithm was not supported. When I signed the same message with the main
> key, both could verify the signature successfully... How can I use signing
> subkeys to sign messages destined to PGP users? Or will I need to use a
> second key for signing needs and completly replace that key when needed?
> Thanks,
convert subkey to a key (!) and import it into PGP then you will be able to verify messages signed in GPG with that subkey. I just did ! it works ! I tested with PGP 7.0.7 and 6.5.8ckt05 you can convert subkey to a key with a hex editor of course you must understand PGP key format.. read RFC2440 first == <EOF> == Disastry <----PGP plugins for Netscape and MDaemon ^--GPG for Win32 (supports loadable modules and IDEA) ^---PGP 2.6.3ia-multi03 (supports IDEA, CAST5, BLOWFISH, TWOFISH, AES, 3DES ciphers and MD5, SHA1, RIPEMD160 hashes) -----BEGIN PGP SIGNATURE----- Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1 iQA/AwUBOwuifzBaTVEuJQxkEQOKRQCeIQHoaXC8yi7UhfvkidAPh/9hRCsAoKC0 knZVV4h6WGSf1DRd9JDCBA2/ =Xq5i -----END PGP SIGNATURE-----