PGP and signing subkeys

Len Sassaman rabbi@abditum.com
Tue Dec 3 11:21:03 2002


On Tue, 26 Nov 2002, David Shaw wrote:

> Hi folks,
>
> Some good news on the signing subkeys front - after the disappointment
> of the first beta, I wrote a note to the PGP folks giving the various
> rationales of signing subkeys and the new PGP 8 beta now supports
> signing subkeys.  I tested it, and it works fine with both DSA and RSA
> signing subkeys.
>
> Note that this doesn't mean PGP 8 can make signatures with a subkey,
> but it at least doesn't barf when it verifies a message signed with a
> signing subkey from GnuPG.
>
> Another nice thing that showed up in the latest beta is the ability to
> understand SHA-1 protected secret keys.  This means PGP 8 can handle
> keys generated with GnuPG 1.0.7 and later without any of the
> "--simple-sk-checksum & change your passphrase" stuff.
>
> Let's just hope that these features stay in for the final release. :)

Also, PGP 8 knows to ignore the comments packets in the secret keys
generated with GnuPG, so --no-comment is no longer necessary when
exporting those keys, and PGP can now verify v4 signatures with expiration
dates on regular files (though the client UI ignores the expiration
status).

There were a few other interop bugs I pointed out as well, but I haven't
heard if they have been fixed or not. In any case, it looks like we're a
good bit closer to seemless interoperability between PGP and GnuPG.


--Len.