Signing sub-key with PGP

disastry@saiknes.lv disastry@saiknes.lv
Wed May 23 15:53:02 2001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Patrice Fournier wrote:

> Please CC: your answers to me as I'm not a member of the mailing list.

> 

> Hi,

> 

> I need to sign messages in an automated setup. While the box is not

> multi-user, I'd prefer not to have the main key with no password. I looked

> at FAQ #4.13 and made my signing subkey and tried to interoperate with PGP

> 6/7 before doing the next steps.

> 

> First test I made was to try to encrypt something to that user from PGP.

> It failed with an error about the key being invalid for encryption. I then

> decided to add a second encryption subkey and revoke the first one. (all

> subkeys have the same expiration day) Now that the last key is an

> encryption key, PGP is using it and encrypt sucessfully.

> 

> Now, I signed a message with my signing subkey and tried to verify it with

> PGP 6 and 7. PGP 6 said the signature was bad while PGP 7 said the signing

> algorithm was not supported. When I signed the same message with the main

> key, both could verify the signature successfully... How can I use signing

> subkeys to sign messages destined to PGP users? Or will I need to use a

> second key for signing needs and completly replace that key when needed?

> Thanks,


convert subkey to a key (!) and import it into PGP
then you will be able to verify messages signed in GPG with that subkey.

I just did ! it works ! I tested with PGP 7.0.7 and 6.5.8ckt05

you can convert subkey to a key with a hex editor
of course you must understand PGP key format.. read RFC2440 first

== <EOF> ==
Disastry  http://i.am/disastry/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
 ^--GPG for Win32 (supports loadable modules and IDEA)
 ^---PGP 2.6.3ia-multi03 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
     AES, 3DES ciphers and MD5, SHA1, RIPEMD160 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1

iQA/AwUBOwuifzBaTVEuJQxkEQOKRQCeIQHoaXC8yi7UhfvkidAPh/9hRCsAoKC0
knZVV4h6WGSf1DRd9JDCBA2/
=Xq5i
-----END PGP SIGNATURE-----