A note to Atom Smasher [WAS: Subkey DSA signature changes...]

YYZ yyz01 at yahoo.com
Wed Oct 31 02:59:12 CET 2007 

Atom,

Going through the list archives, I came across a few of your postings
that seem to indicate that you have more insight into the way subkey
self-signatures are generated than what I can gather from the RFC. 
Arguably, it's one of the most confusing sections...

http://lists.gnupg.org/pipermail/gnupg-users/2004-May/022511.html

However, i didn't find any more posts from you explaining how did you
manage to generate the missing self-signatures on your subkeys. I'd
appreciate if you could share that knowledge with us...

Since the signatures are computed from the hash of the key material 
(which differs in the secret and the public key packets), I'd suppose
the secret subkey signature to be different from the public subkey
signature. However, that doesn't seem to be the case. I found out that
they actually have the same hash value. For some weird reason though,
the signature itself is different in case of newly generated keys.
But when importing from an exported private key or the secret keyring,
the secret subkey signature is just copied over to the private keyring.

Appreciate  if you could offer some insight into this.

Thanks!

--- YYZ <yyz01 at yahoo.com> wrote:

> 
> Hi everyone!
> 
> Can anyone exlain this strange gpg behavior, observed when I follow
> these steps?
>  
> I use gpg to generate a key-pair using default options (1024D/2048g).
> Afterwards, I import the secret keyring into another account, and
> issue
> the following commands "gpg --export" and "gpg --export-secret-key"
> in
> both the accounts.
> 
> I noticed that while the second command yeilds identical results, the
> output of the first command is slightly different in the two cases
> (actually, just the last 44 bytes). A little analysis reveals that
> the
> bytes that differ are really the two MPIs representing the "r" and
> "s"
> components of the DSA signature for the ELG subkey.
> 
> Further, if I export my secret keyring to several different accounts/
> computers, all of them end up with identical DSA signature for the
> exported subkey (but it's different from the original signature). Can
> someone please explain why is it like this?
> 
> Thanks!
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the Gnupg-users mailing list