PGP 6.5.8 ckt,?just say no.

David Shaw dshaw at jabberwocky.com
Tue Oct 28 17:00:07 CET 2008


On Mon, Oct 27, 2008 at 09:48:21AM -0400, vedaal at hush.com wrote:
> >Date: Fri, 24 Oct 2008 20:42:14 -0400
> >From: David Shaw <dshaw at jabberwocky.com>
> >Subject: PGP 6.5.8 ckt,	just say no.  (was: Re: set type digest 
> >mode?
> 
> >On Oct 24, 2008, at 10:41 AM, vedaal at hush.com wrote:
> >
> >> [1] any ckt V4 rsa keys generated,
> >> have the rsa subkey as both sign and encrypt,
> >> and there is (as yet, afaik,) no way
> >> that gnupg can be used to get such a key to cross-certify the
> >> primary key,
> >> and since the subkey will be used by default by gnupg to sign,
> >> gnupg will give error messages about the verification
> >
> >gpg --edit-key (thekey)
> >cross-certify
> >save
> >
> >Please don't anyone take that to mean that I think people should 
> >use  
> >6.5.8ckt.  I really don't.
> 
> 
> OK, i won't
> 
> but it *still* doesn't cross certify :-)
> 
> (at least in 1.4.9 on windows)
> (if you can get it to work on linux, 
> or gnupg 2.x, please let me know)
> 
> here is an rsa v4 keypair generated in ckt 
> to try to cross certify:

Now that is an... interesting key.  It's a V4 (OpenPGP) key with V3
(PGP 2.x) binding signature).  GPG won't cross-certify such a key
because it is a one-way change.  Once cross-certified, the binding
signature will be V4 (OpenPGP).  Note that you can't change the
expiration date of the subkey on that key either (for the same
reason).

David



More information about the Gnupg-users mailing list