v4 Signature Clarification Needed
David Shaw
dshaw@jabberwocky.com
Wed Jan 9 15:31:01 2002
On Tue, Jan 08, 2002 at 09:33:23PM -0800, Nick Andriash wrote:
> Could someone kindly comment on the following:
>
> "OpenPGP states that an implementation should generate v4 signatures,
> but PGP 5.x recognizes v4 signatures only on key material. This option
> forces v3 signatures on data as well."
>
> Specifically, I'm having trouble grasping the concept of 'data' versus
> 'key material'. Are they saying that PGP 5.x recognises a v4 signature
> on a Key for instance, but will not recognise that same signature if
> used to clearsign a message?
It sounds like you do understand. :)
> Can someone provide an example of each so I
> can better understand the difference between a v3 and v4 signature?
If you sign ("certify") someone's key, PGP (any version after 5) can
handle a v3 or v4 signature.
If you sign a file, PGP 5.x and 6.x can only handle a v3 signature.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson