authenticate flag

[Alphax]

Aaron J. Graves wrote:
> I have created a key that for some reason does not have the "authenticate"
> flag set. Is there a way I can somehow set this flag? Or do I have to start
> from scratch?
> 
> Here's an example. From the key in question:
> 
> pub 1024D/9FB54294 created: 2006-09-17 expires: never usage: SC
> trust: ultimate validity: ultimate
> sub 4096g/DE94A6C4 created: 2006-09-17 expires: never usage: E
> 
> And from another key that has the flag set:
> pub 1024D/34BAFE51 created: 2006-08-26 expires: 2011-08-25 usage: SCA
> trust: ultimate validity: ultimate
> sub 4096g/84400184 created: 2006-08-26 expires: 2011-08-25 usage: E
> 
> Notice the "A" in the usage section. How can I add that to my other key?
> Or if it's not necessary, would it be possible to ask why?
> 

As someone wiser than me said about a year and a half ago, a key with
the "authenticate" flag could be used to eg. unlock your PC instead of
using a username/password.

To set the flag during key creation, use gpg --expert --gen-key:

> Please select what kind of key you want:
>    (1) DSA and Elgamal (default)
>    (2) DSA (sign only)
>    (3) DSA (set your own capabilities)
>    (5) RSA (sign only)
>    (7) RSA (set your own capabilities)
> Your selection?

Select (7) and toggle the "A" option.

Adding it to an existing key requires a deep understanding of the
OpenPGP spec (RFC 2440) and a hex editor; alternatively, you could add a
subkey with this capability (gpg --expert --edit 0x<keyid>, addkey,
<passphrase>, 7, A, Q).

HTH,
-- 
                Alphax
        Death to all fanatics!
  Down with categorical imperative!
OpenPGP key: http://tinyurl.com/lvq4g

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 542 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20061215/d597cc12/attachment.pgp