A note to Atom Smasher [WAS: Subkey DSA signature changes...]

Atom Smasher atom at smasher.org
Wed Oct 31 12:09:13 CET 2007

On Tue, 30 Oct 2007, YYZ wrote:

> Going through the list archives, I came across a few of your postings 
> that seem to indicate that you have more insight into the way subkey 
> self-signatures are generated than what I can gather from the RFC. 
> Arguably, it's one of the most confusing sections...
> http://lists.gnupg.org/pipermail/gnupg-users/2004-May/022511.html
> However, i didn't find any more posts from you explaining how did you 
> manage to generate the missing self-signatures on your subkeys. I'd 
> appreciate if you could share that knowledge with us...

don't try this at home - http://atom.smasher.org/gpg/gpg-migrate.txt

it's an ugly hack, there's really no reason you should ever have to do it, 
and last i checked it didn't even work with gpg since 1.2.4.

> Since the signatures are computed from the hash of the key material 
> (which differs in the secret and the public key packets), I'd suppose 
> the secret subkey signature to be different from the public subkey 
> signature.

it's been a while since i've dug through the RFC...

RFC2440:11.2. Key IDs and Fingerprints;  A V4 fingerprint is the 160-bit 
SHA-1 hash of the one-octet Packet Tag, followed by the two-octet packet 
length, followed by the entire _Public_ Key packet starting with the 
version field.

fingerprint are calculated using just the public parts of the [sub]key.


  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	"If there is anything the nonconformist hates worse than a
 	 conformist it's another nonconformist who doesn't conform
 	 to the prevailing standards of nonconformity."
 		-- Bill Vaughan

More information about the Gnupg-users mailing list