Signing with different sub-keys.

Denis McCauley DenisMcCauley@ifrance.com
Sat May 10 01:25:01 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Sat, 10 May 2003 05:54:35 +1000 (EST)
Stewart Wright <olafwazhere@yahoo.com.au> wrote:

> Hi All,
> 
> I am trying to work out how to have multiple signing
> subkeys and sign different files with different keys. 
> However, I am failing to get it to work.
> 
> Here's what I do -- perhaps someone can make a
> suggestion.
> 
> As a test I got rid of my secring and pubring and
> started from scratch generating a dummy DSA/ElGamal
> key which I then added DSA and RSA signing subkeys:
>  
> pub  1024D/B37D0D59 2003-05-08 test key 1 <test@key.1>
> sub  1024g/8A112A7E 2003-05-08
> sub  1024D/E1A24F95 2003-05-08
> sub  1024R/F2D5AAA9 2003-05-09
> 
> I then tried making a series of signings:
> 0) gpg --output msg0.asc --clearsign msg 
> 1) gpg --output msg1.asc --clearsign -u B37D0D59 msg
> 2) gpg --output msg2.asc --clearsign -u 8A112A7E msg
> 3) gpg --output msg3.asc --clearsign -u E1A24F95 msg
> 4) gpg --output msg4.asc --clearsign -u F2D5AAA9 msg
> 
> (Remembering that the ElGamal key 8A112A7E shouldn't
> be able to sign...)
> 
> I then verified the signature using 
>    gpg --verify msg0.asc
> 
> GnuPG tells me that the signatures were made with:
> 0) DSA key ID B37D0D59
> 1) RSA key ID F2D5AAA9
> 2) RSA key ID F2D5AAA9
> 3) RSA key ID F2D5AAA9
> 4) RSA key ID F2D5AAA9
> 
> Now, it seems that 
> 0) makes sense, but surely 
> 1) should be B37D0D59,
> 2) should be ???
> 3) is E1A24F95 and
> 4) F2D5AAA9
> 
As David Picon Alvarez has replied:
"If I remember correctly, writing an exclamation mark (!) after the
keyID should do the trick." 
Otherwise GPG will automatically use the most recently created subkey.

But your test 0 result seems strange because GPG should automatically
use a signature subkey if one is present. My signing key on this message
is an example of this behaviour.

Cheers
- --
=====================================
Denis McCauley
GPG/PGP keys at http://www.djmccauley.tk
=====================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1-nr1 (Windows 2000) - GPGshell v2.70
Comment: Key ID: 0x578247B4 (using signature subkey 0x4980C4F7)

iD8DBQE+vDflJpZGKkmAxPcRAuAIAJ9S84/lf5tbdpUZ7WTOsuEnrkoO2QCePu6J
u/xSgLtmsn2N/to0Id2RbR8=
=alva
-----END PGP SIGNATURE-----

_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France