A note to Atom Smasher [WAS: Subkey DSA signature changes...]
atom at smasher.org
Wed Oct 31 12:09:13 CET 2007
On Tue, 30 Oct 2007, YYZ wrote:
> Going through the list archives, I came across a few of your postings
> that seem to indicate that you have more insight into the way subkey
> self-signatures are generated than what I can gather from the RFC.
> Arguably, it's one of the most confusing sections...
> However, i didn't find any more posts from you explaining how did you
> manage to generate the missing self-signatures on your subkeys. I'd
> appreciate if you could share that knowledge with us...
don't try this at home - http://atom.smasher.org/gpg/gpg-migrate.txt
it's an ugly hack, there's really no reason you should ever have to do it,
and last i checked it didn't even work with gpg since 1.2.4.
> Since the signatures are computed from the hash of the key material
> (which differs in the secret and the public key packets), I'd suppose
> the secret subkey signature to be different from the public subkey
it's been a while since i've dug through the RFC...
RFC2440:11.2. Key IDs and Fingerprints; A V4 fingerprint is the 160-bit
SHA-1 hash of the one-octet Packet Tag, followed by the two-octet packet
length, followed by the entire _Public_ Key packet starting with the
fingerprint are calculated using just the public parts of the [sub]key.
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"If there is anything the nonconformist hates worse than a
conformist it's another nonconformist who doesn't conform
to the prevailing standards of nonconformity."
-- Bill Vaughan
More information about the Gnupg-users