Series of minor questions about OpenPGP 1

David Shaw dshaw at
Mon Jan 26 15:52:19 CET 2009

On Jan 26, 2009, at 9:02 AM, Peter Thomas wrote:

> Hi folks.
> I'm currently reading RFC4880 and I think I have many minor  
> questions... is the gnupg-users list the right place to ask? Or is  
> there any better place?

Look for the ietf-openpgp mailing list at

> Anyway,... I think I start right now and ask my first question,..  
> (think it's easier to handle if I ask only one or two questions per  
> mail-thread).
> Hopefully you can help me and hopefully I'm not to annoying ;-)
> 1) In chapter on page 13 it says that the octet can have  
> values "255 or 254". Is there any difference between the two?

Yes, see section 5.5.3 for the exact details, but in general 254  
indicates that there is a SHA-1 hash of the secret data included.   
This is to prevent a secret key tampering attack.

> 2) I've digged a little bit into the bit layout of gpg created keys  
> (with hd and pgpdump), and it seems that gpg creates packets with  
> old packed format (bit 6 in the packet header cleard) whenever  
> possible.
> What's the reason for this? I mean the RFC recommends to use the new  
> packet format. Can I change that default behaviour? And if I have a  
> key, that's already used and signed by others, could I convert it to  
> using the new format?

You could convert it, but there is little point.  The function of a  
packet is the same no matter what.  It's purely a question of the  
*contents* of the packet.  GPG uses the old format when possible for  
backwards compatibility reasons.


More information about the Gnupg-users mailing list