RSA v4 keys

David Shaw dshaw at jabberwocky.com
Fri Nov 14 07:54:27 CET 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Nov 14, 2003 at 06:09:58AM +0000, taurus1 wrote:
> Hello David Shaw,
> 
> On Thu, 13 Nov 2003 10:20:19 -0500, you wrote:
> 
> >On Thu, Nov 13, 2003 at 06:36:03AM +0000, taurus1 wrote:
> >> Hi,
> >> 
> >> Using GPG (v1.2.2) <windows platform>;
> >> Created a 2048 RSA sign_only key. Added a 4096 RSA encrypt subkey, and 
> >> every time I make a signature, GPG uses the subkey for that.
> >> 
> >> The same key exported to PGP, signs with 2048 key, and encrypts with
> >> 4096 key.  I have added - default-key 0xkeyid! - with(!) - command
> >> in options files with no change.
> >
> >I cannot duplicate this problem here, so I need some more
> >information.  What does:
> >  gpg --export (yourkeyid) | gpg --list-packets
> >
> >say?
> >
> The following;
> 
> gpg: writing to stdout
> :public key packet:
>         version 4, algo 1, created 1068589881, expires 0
>         pkey[0]: [2048 bits]
>         pkey[1]: [5 bits]
> :user ID packet: "Test <test at test.mail>"
> :signature packet: algo 1, keyid 63FCD21A4A5C8066
>         version 4, created 1068590712, md5len 0, sigclass 10
>         digest algo 2, begin of digest 2a 69
>         hashed subpkt 2 len 4 (sig created 2003-11-11)
>         hashed subpkt 11 len 8 (pref-sym-algos: 9 8 7 2 10 1 3 4)
>         hashed subpkt 25 len 1 (primary user ID)
>         subpkt 16 len 8 (issuer key ID 63FCD21A4A5C8066)
>         data: [2047 bits]
> :public sub key packet:
>         version 4, algo 1, created 1068508800, expires 0
>         pkey[0]: [4096 bits]
>         pkey[1]: [5 bits]
> :signature packet: algo 1, keyid 63FCD21A4A5C8066
>         version 3, created 1068589973, md5len 5, sigclass 18
>         digest algo 2, begin of digest d1 62
>         data: [2048 bits]

Nothing is broken here.  You have a v3 signature on your subkey, which
implicitly makes it a sign+encrypt subkey.  When GnuPG sees a usable
subkey, it uses it instead of the primary.  PGP can't make signatures
with subkeys, so it uses the primary.  Everything is working as it
should.

That said, while the key is valid, the makeup of the key
is... eccentric.  You have a self-signature with class 10, which GnuPG
doesn't generate.  PGP does generate it, but it wouldn't have put
Blowfish in the preferences.  Then you have a v3 subkey binding
signature which neither GnuPG or PGP generates.  The key flags are
missing completely, making your primary key into a "sign+encrypt" key.

What did you use to make this key?

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.4-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iHEEARECADEFAj+00IMqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk
L2tleXMuYXNjAAoJEOJmXIdJ4cvJVAMAn3MkTS+FXhGMf2T8SEncLiscCdLfAJ9z
RS99ogysbGSY2mjDXVjN0BAkyQ==
=g9TS
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list