v4 Signature Clarification Needed

David Shaw dshaw@jabberwocky.com
Wed Jan 9 15:31:01 2002

On Tue, Jan 08, 2002 at 09:33:23PM -0800, Nick Andriash wrote:
> Could someone kindly comment on the following:
> "OpenPGP states that an implementation should generate v4 signatures,
> but PGP 5.x recognizes v4 signatures only on key material. This option
> forces v3 signatures on data as well."
> Specifically, I'm having trouble grasping the concept of 'data' versus
> 'key material'. Are they saying that PGP 5.x recognises a v4 signature
> on a Key for instance, but will not recognise that same signature if
> used to clearsign a message?

It sounds like you do understand. :)

> Can someone provide an example of each so I
> can better understand the difference between a v3 and v4 signature?

If you sign ("certify") someone's key, PGP (any version after 5) can
handle a v3 or v4 signature.

If you sign a file, PGP 5.x and 6.x can only handle a v3 signature.


   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson