existing keys as subkey

disastry@saiknes.lv disastry@saiknes.lv
Fri Oct 4 12:22:02 2002

Hash: RIPEMD160

1984 wrote:
> Hello,
> I want to install a pgp/gpg secured mailinglist. The best possibility
> is to generate a new key, includes every key of the entered users.
> Every mail to the list must be encrypted with this public key.
> My question is: how can I build a key and implement other existing
> keys as subkeys of this one? So that every mail encrypted by the key
> is encrypted by the keys of all users.

this is not good idea, and even if you did it wouldn't help - 
if the key have multiple subkeys, and you encrypt to that key,
message is encrypted to only one of these subkeys, normaly to newest one.

> The only way, I think, is to use ADK of PGP, because in GnuPG you
> cannot take existing keys as a subkey, you can only generate a new
> one.

some time ago I added key to another as subkey as an experiment
(with hex editor and hacked PGP6.5.8), so it is possible,
but there are several problems, most important of them is
that original key and key converted to subkey cannot coexist
in the same keyring, at least not in PGP,
some PGP versions chrashed when I tried to import both,
others didn't crashed, bot imported only one of keys.
(I didn't tried to import both keys in GPG..)

Disastry  http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
 ^----PGP 2.6.3ia-multi06 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
      AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1