Certification-only key
Lionel Elie Mamane
lionel at mamane.lu
Mon Sep 5 16:41:40 CEST 2005
Hi,
I tried to generate an RSAv4 certification-only key with GnuPG, but
failed, even in "expert mode".
What I mean is a primary key that can be used to attach a subkey to
it, or _maybe_ also to sign UserIDs of other keys (for the Web of
Trust). But not for data signatures. As I understand the RFC, I want a
primary key with key flags 0x01 (or maybe even 0x00?).
But GnuPG only presents me with three "bits" to flip:
- signature, which seems to set key flag 0x03
- encryption, which seems to set key flag 0x0C
- authentication, which seems to set flag 0x21
I tried turning all three bits off, but then the key doesn't have a
key flags subpacket (packet 27) at all and seems to be treated by
GnuPG as a "everything is allowed" key.
Is this impossible with GnuPG? Is it a bad idea? Why? Do I
misunderstand the RFC?
Thanks for your explanations,
--
Lionel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: Digital signature
Url : /pipermail/attachments/20050905/928cbe33/attachment.pgp
More information about the Gnupg-users
mailing list