Possible bug: addkey can create certifying subkey

James P. Howard, II jh at jameshoward.us
Wed Sep 2 01:50:23 CEST 2009

On Tue Sep 01 2009 14:57:47 GMT-0400 (EST) , Alex Mauer
<hawke at hawkesnest.net> wrote:

> On 09/01/2009 02:45 AM, Werner Koch wrote:
>> On Mon, 31 Aug 2009 19:24, jh at jameshoward.us said:
>>> I am not sure if this is a bug, but given the documentation it is
>>> not the expected behavior.  I created new keys this weekend, due
>>> to a lost USB drive.  Replicating it here, if you specify
>>> --expert and create a RSA subkey with all the options off, it
>>> will create a subkey with all the options, including
>>> certification turned on.  Here's a slightly
>> That is perfectly okay.  If you want to set the key flag for 
>> certification on a subkey, gpg allows you to do so.  The OpenPGP 
>> standard does not restrict this.
> I think it may still be a problem that attempting to turn off all
> the flags has the actual effect of turning them all on instead...

Well, that was kind of my point, but was also confused by the certifying
subkey and may have undually dwelt on it.


James P. Howard, II, MPA
jh at jameshoward.us

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090901/45c37379/attachment.pgp>

More information about the Gnupg-users mailing list