A note to Atom Smasher [WAS: Subkey DSA signature changes...]

YYZ yyz01 at yahoo.com
Fri Nov 2 03:37:26 CET 2007

--- Atom Smasher <atom at smasher.org> wrote:

> On Tue, 30 Oct 2007, YYZ wrote:
> > Going through the list archives, I came across a few of your
> postings 
> > that seem to indicate that you have more insight into the way
> subkey 
> > self-signatures are generated than what I can gather from the RFC. 
> > Arguably, it's one of the most confusing sections...
> >
> > http://lists.gnupg.org/pipermail/gnupg-users/2004-May/022511.html
> >
> > However, i didn't find any more posts from you explaining how did
> you 
> > manage to generate the missing self-signatures on your subkeys. I'd
> > appreciate if you could share that knowledge with us...
> ===================
> don't try this at home - http://atom.smasher.org/gpg/gpg-migrate.txt
> it's an ugly hack, there's really no reason you should ever have to
> do it, 
> and last i checked it didn't even work with gpg since 1.2.4.

Thanks! I can confirm that it doesn't work anymore. 
However, I have been able to hack the gpg code to do this, 
should I ever need to...

> > Since the signatures are computed from the hash of the key material
> > (which differs in the secret and the public key packets), I'd
> suppose 
> > the secret subkey signature to be different from the public subkey 
> > signature.
> =================
> it's been a while since i've dug through the RFC...
> RFC2440:11.2. Key IDs and Fingerprints;  A V4 fingerprint is the
> 160-bit 
> SHA-1 hash of the one-octet Packet Tag, followed by the two-octet
> packet 
> length, followed by the entire _Public_ Key packet starting with the 
> version field.
> fingerprint are calculated using just the public parts of the
> [sub]key.

Hash used for computing signatures is different from the fingerprint.
It changes every time a new signature is generated. However, what you
stated is true for signature hashes too - they are computed just using
the public parts of the key.

Anyway, i got my answers from the gpg source code. When generating a
new subkey pair, for some reason, it generates the signature twice,
one for the public keyring and one for the private keyring. Can't see
the rationale behind it, since it's computed over the same data...


Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the Gnupg-users mailing list