Possible bug: addkey can create certifying subkey

Alex Mauer hawke at hawkesnest.net
Tue Sep 1 20:57:47 CEST 2009

On 09/01/2009 02:45 AM, Werner Koch wrote:
> On Mon, 31 Aug 2009 19:24, jh at jameshoward.us said:
>> I am not sure if this is a bug, but given the documentation it is not
>> the expected behavior.  I created new keys this weekend, due to a lost
>> USB drive.  Replicating it here, if you specify --expert and create a
>> RSA subkey with all the options off, it will create a subkey with all
>> the options, including certification turned on.  Here's a slightly
> That is perfectly okay.  If you want to set the key flag for
> certification on a subkey, gpg allows you to do so.  The OpenPGP
> standard does not restrict this.  

I think it may still be a problem that attempting to turn off all the
flags has the actual effect of turning them all on instead...

-Alex Mauer "hawke"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090901/bd1e244e/attachment.pgp>

More information about the Gnupg-users mailing list