Key Flags Discontinuity

David Shaw dshaw at
Mon Jul 28 22:42:15 CEST 2008

On Mon, Jul 28, 2008 at 01:09:18PM -0700, Loren M. Lang wrote:
> There seems to be a discontinuity on the usage of key flags between the  
> primary key and subkeys.  The key flags for subkeys is stored in the  
> subkey binding signature of which there is one of and affects all trust  
> on that subkey.  The primary key's key flags are stored in the  
> self-signatures of it's various user ids linking it to the trust of a  
> specific user id.  It seems to me that it would be more appropriate to  
> put the key flags in a direct key signature (0x1F) of the primary key.  
> Is this allowed by OpenPGP?

Allowed, yes.  Actually done, no.  There is a good bit of historical
"this is the way we do it" in OpenPGP, and this is one of those
cases.  OpenPGP allows key flags to be in either a user ID signature
(0x10-0x13) or the direct key signature (0x1F).  In practice, everyone
puts them in the user ID signature.


More information about the Gnupg-users mailing list