Signing sub-key with PGP
Wed May 23 15:53:02 2001
-----BEGIN PGP SIGNED MESSAGE-----
Patrice Fournier wrote:
> Please CC: your answers to me as I'm not a member of the mailing list.
> I need to sign messages in an automated setup. While the box is not
> multi-user, I'd prefer not to have the main key with no password. I looked
> at FAQ #4.13 and made my signing subkey and tried to interoperate with PGP
> 6/7 before doing the next steps.
> First test I made was to try to encrypt something to that user from PGP.
> It failed with an error about the key being invalid for encryption. I then
> decided to add a second encryption subkey and revoke the first one. (all
> subkeys have the same expiration day) Now that the last key is an
> encryption key, PGP is using it and encrypt sucessfully.
> Now, I signed a message with my signing subkey and tried to verify it with
> PGP 6 and 7. PGP 6 said the signature was bad while PGP 7 said the signing
> algorithm was not supported. When I signed the same message with the main
> key, both could verify the signature successfully... How can I use signing
> subkeys to sign messages destined to PGP users? Or will I need to use a
> second key for signing needs and completly replace that key when needed?
convert subkey to a key (!) and import it into PGP
then you will be able to verify messages signed in GPG with that subkey.
I just did ! it works ! I tested with PGP 7.0.7 and 6.5.8ckt05
you can convert subkey to a key with a hex editor
of course you must understand PGP key format.. read RFC2440 first
== <EOF> ==
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
^--GPG for Win32 (supports loadable modules and IDEA)
^---PGP 2.6.3ia-multi03 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
AES, 3DES ciphers and MD5, SHA1, RIPEMD160 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1
-----END PGP SIGNATURE-----