1.4.3 // proper syntax for --edit-key cross-certify ?

vedaal at hush.com vedaal at hush.com
Thu Apr 6 15:51:32 CEST 2006


>Message: 6
>Date: Wed, 5 Apr 2006 22:02:16 -0400
>From: David Shaw <dshaw at jabberwocky.com>
>Subject: Re: 1.4.3 // proper syntax for --edit-key cross-certify ?

>PGP does not generate signing subkeys.  You generated a RSA 
>encryption
>key that happened to be without key flags (I guess that version of 

>PGP
>didn't use them yet), and so it appears as a RSA sign+encrypt key 
>in
>GnuPG.

well,
it is an 'atypical' pgp build ;-)

but the subkey is recognized by gnupg as a 'signing' subkey,
and moreover, is 'forced' by gnupg front ends to be used for 
signing
(there is no '!' indicator available to put as an option in 
gpg.conf)

here is an example of such a key:

-----BEGIN PGP PRIVATE KEY BLOCK-----
Comment: passphrase:  rsav4t

lQHqBDwg+g0BBADauhzNV+0XYAg1Q8O8m8QhyxXz2HUeqB/7+lOlFQT/UnNVvtmm
9ouqwy/7HUpsxYLep3laFCUek6tSmJQKF7agjCqN3HrzE6eFWp7kVejuiDGKj0UK
OwuOUQVRtdtSZMY1Hh0MWhZDbtJYkQU81gijs9FOLva9x1jafrZuHjhdGQAFEf8D
AwLsMC6ZozNWu2D5ziUHulKzmrRwWNCyCQkxVm+0z/bO9auiMlMUqk8WPuieHHQg
ki+SvGekTtSJG8gEZeTkYo/+rYGs9bv9cm/5cZ3/5WQPEYc9zxggwIz9/E+4zOcV
D9FPZuo0cOouE9eHRSd+xTT/c+YX6ypqa/WFicx71SYZ6FahYdsKNiK11nx7SVT+
dBF7hHcgH5vgfza2ZtA0M0y3d6/NFATNqFRVdl9D20MR+fBs/RDBHDudUFV07x7R
pDPm/zai9dmLfsRsQcPKgjhC/YkNE08inkwMi7aUTKIOsKTHZuY+y2YnD0RLXakD
udpmiA/2vtGR9D7NaVW24rqdtK6r/B8DW0CtGb/JqGw80JUAz8YwvNMXbLnggAvh
IJTdjjf0CFhKQ8JF/aCBlmcXGaGo37URwKlgfdHnOa14DnO51Po3SIKisSGfLmpM
3soVFY0vj4vSXX2cibQYcnNhdjR0IDxyc2F2NHRAa2V5LnRlc3Q+nQO8BEQ0kkAB
CADjn5GScd2SFDZ046cohclmm8nob1Nj/g2bqHfN16LQ77dLSESBuo56yxLXkS/s
xVUtTOW7abZ1ksdBOF1xrq/g49bfP7i4RIrMf+CpFRO/Il1rqkjGuZSPBMRX12Ti
hY1z4HU1jocPkyuccO3+VDXnrHOhzlBxzTlYH/4oIiPimyk+0n4Xg4RShcnyL8f+
uSXwb6pHWYypCOW1QxwthK9PtLs3TORLpebOXqnNwM3y5XtIcqkdbKfqmPR5OTqx
NQmrEvzUThRmjRiiX/eOQww7tusr9CaIivBK3GcKkaUNxsT4RcLndQ8ZFR+skatY
JDBUTC7jjxqhg0i6zwYw/sgJAAUR/gMDAi3o4bzxWYK4YGlXTPOA9lFQ8NCCLAnV
BdqHIdfL8jowEowNcfhRaCKSqqF07yuTWyNfUoWuI1d1f7W8RHXgN9Ocs4cRnTeh
D7KDi6ZyBPAJ+BCYpB0USAp4b/JbFc2orhUHpy+1355CBwze8aZF42N77RZ7QEJk
0Dq3ByjVdIuCb1P5SsJGWXVKJbkLAzaXDF9NJLCzcQW2jZzwFvmYrdUE3/Xo3U8C
kK3JX4IugJhPaKq0sknX63rm7Y++CCRxJy1TGln08D8RMnwG/H+/lgT7cE/vZP7O
GBLv6VUU2FtkNToWUm4tPFhAV03UCkmZKPsbFoEiVXwEVxgSYnoaLvHMP9w7BlFK
MqyBYjPaI4JzgFvfyCrzZVH58to6Crb6Ens7kzbgums3/0rWg+2cldQyivhmoP7G
6Lx1Y1P7xtPgo7JQIsgIPaa2YsioRAoOhh338Tgu2ZJ1yvBqHhn3zxchWJZAAua0
998k6VShLO9+JAxV8J8fr6LIJiflByvqOUpjnMbYcR5VkwYcM2ebhbGiGfDS8PWy
gSyFOz9QBZW1sWP6LZjOHQKPqgUl0avPG2EdcLarg3NV4ACTNsfuJtd7uksn/fGR
E5rPlSvUFq/2ojNUT6tVZWpb3uLNFLikE6A2rM85NpG9UtZTYiBWbzRnb/DFjnJQ
bskXNbxUWN3V9AujdTKdoJit7Rb1pPhebK6w+Pyj0HXwZ/pncx2ReVh1MmQ/L6A8
1WVS6KvXYd8qgCIKTsun25t2EtJlp7029iEHq8TaNsGqD5BsFoT/y3/J9YdmmUc1
wki+1ox6BSMhREjxZ2d9fZHJ6ALmZ2PP0ryVGlNcKV/wu/QMoIttrhkjWnVWADsc
VCMkkQ8P/2MG2ukSA8qOdWLBVgTw6yLDHStkIl6Bpm+Y9Alnz6I=
=oO4q
-----END PGP PRIVATE KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: rsa v4 key with rsa signing subkey (ckt build 9 )

mQCLBDwg+g0BBADauhzNV+0XYAg1Q8O8m8QhyxXz2HUeqB/7+lOlFQT/UnNVvtmm
9ouqwy/7HUpsxYLep3laFCUek6tSmJQKF7agjCqN3HrzE6eFWp7kVejuiDGKj0UK
OwuOUQVRtdtSZMY1Hh0MWhZDbtJYkQU81gijs9FOLva9x1jafrZuHjhdGQAFEbQY
cnNhdjR0IDxyc2F2NHRAa2V5LnRlc3Q+iQCpBBABAwATBQI8IPoNCQsDBwgJBAoB
AgIZAQAKCRBdrtpCF+ndm7PhA/0Rm9Yhj9WS4Ti6mpxYZJ4A6tNqK8VaRwXoEdU4
6ItU202v8GW08wYvhNQ/kX+fwKPXde3PxSigNfDuhriuzU4KoR4i7KwFSovLM3V2
4m7eHme3payGIyVW8YxjYYT3f/3UxJcsW7DZ5Yo7k0+j04t+M27KATrk1R0ONG3l
3IJQRrkBCwRENJJAAQgA45+RknHdkhQ2dOOnKIXJZpvJ6G9TY/4Nm6h3zdei0O+3
S0hEgbqOessS15Ev7MVVLUzlu2m2dZLHQThdca6v4OPW3z+4uESKzH/gqRUTvyJd
a6pIxrmUjwTEV9dk4oWNc+B1NY6HD5MrnHDt/lQ156xzoc5Qcc05WB/+KCIj4psp
PtJ+F4OEUoXJ8i/H/rkl8G+qR1mMqQjltUMcLYSvT7S7N0zkS6Xmzl6pzcDN8uV7
SHKpHWyn6pj0eTk6sTUJqxL81E4UZo0Yol/3jkMMO7brK/QmiIrwStxnCpGlDcbE
+EXC53UPGRUfrJGrWCQwVEwu448aoYNIus8GMP7ICQAFEYkAlQMFGEQ1GQtdrtpC
F+ndmwEIfboEAL/q413KmmQUIVR/khZuyR+uDW1btlXODx+Rq06eDDrahCPhsKoV
jbXaCw3+wIGL8wLwXgRbCxdT6T8N4ndD9rXpSca6WgCQnjJktN2hVt5xKqixJ9yh
s5CnPsm7AWe66kzq07LVEea2NKHzJwhce0XjeIFOd3jD/eaeVXdzDFwb
=3A9P
-----END PGP PUBLIC KEY BLOCK-----

>Bottom line is, this does not work on PGP generated keys.

a request then,

can cross-certify be made to work with such a key, (preferred)
or,
can an option of '!' be made available so that gnupg front ends 
recognize and sign with the primary subkey,
and avoid the whole issue


tia,

vedaal





Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485




More information about the Gnupg-users mailing list