Expiration Date on Subkeys and PGP [was: Re: Convert "Sign Only" Primary Key]

Klaus Fuerstberger lnx1 at arcor.de
Wed Oct 5 11:55:34 CEST 2005


Alphax said the following on 10/04/05 14:56:

>>>>>>a time ago I created a "Sign Only" DSA Key with an ElGamal Encrypt
>>>>>>Subkey. Now I noticed that it is not possible to encrypt a message with
>>>>>>PGP to this Public Key because PGP only sees the "sign only" primary Key
>>>>>>and not the encrypting subkey.

> It may be that PGP 5 doesn't support ElGamal keys. Try adding an RSA subkey.

Ok, a bit more tries. Meanwhile I could locate the error. It's does not
matter what kind of Subkey I use. The expiration Date is the only
Problem. When the subkey is created with the addkey command with no
expiration Date, the exported public Key can be used with PGP5 for
encrypting. But when I afterwards set the expiration Date with the
"expire" command, the Key becomes again a "Sign Only" public Key for
PGP5. So now the strange thing. When I try to set the expiration Date
again to unlimited on the existing Key, export again - the Key is also
just a "Sign Only" Key! At least for my pgp5i Version from debian/oldstable.

There must be some difference how GnuPG 1.4.1 sets the expiration Date
on Subkey creation and the Menu Option "expire".

Can someone verify this?


More information about the Gnupg-users mailing list