Mainkey with many subkeys??

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Tue Dec 9 01:08:17 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



On Monday 8 December 2014 at 3:28:49 PM, in
<mid:000701d012fb$a9f94000$fdebc000$@on.yourweb.de>, gnupgpacker
wrote:


> Some corporate partners are still using older versions
> of Symantec's PGP with WinXP, mostly for intranet.
> Problems with signing keys are known, sometimes it
> works, sometimes not. It is very difficult to rate
> compatibility because Symantec's enterprise support (!)
> isn't be able to send me old PGP versions for testing.

Unable rather than unwilling?



> Compatibility seems to be depending on order of subkey
> creation:  If encryption key is latest, it is working.
> If signing key is latest, mostly it is not working.

PGP 8.0.3 and 8.1 definitely did not handle signing subkeys, and
choked if it happened to be the newest subkey.

After trying and not liking PGP 9.x I switched to using GnuPG. I think
it was the UI and the removal of support for encrypting to groups that
prompted the switch, so I can't comment on signing subkey support.
However, Tom McCune [0] says:-

    "GPG began using subkeys for signing before PGP. Until PGP 8.1,
    PGP had no support for this, and could not verify signatures made
    with such a signing subkey. PGP 9.x adds signing subkey
    functioning. With PGP 9.x, you can now generate and use signing
    subkeys - this allows you to continue using your original signing
    key ID and fingerprint for continuity purposes, while being able
    to enhance your signing security with key replacement."



[0] <http://www.mccune.cc/PGPpage2.htm#Subkeys>


- --
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-groups at riseup.net

People who throw kisses are hopelessly lazy.
-----BEGIN PGP SIGNATURE-----

iQF8BAEBCgBmBQJUhj1zXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MDAwMDAwMDAwMDAwMDAwAAoJEGt8dM6zHyXw7jEH/jbHweGoMQgqjDDuF71KpsxW
8WY4kkpiOTwKAUD1sFCx5YIL9QWHsJ3VRKcxipckCjKnCLtGf3dhpPBj1Xt0dVsy
SNxmnVQ7slvcrKBd80fLZEFTvnfm+QjCGhvgjc+te3w/So69GRLAd4PNQZRJCM1E
aXyrinMUxKUrNic1G5ve/hTX/9M1vx6EpsGP2EnoQQdnhO8qlZYh/zjQqTnLOAI3
eyU/cu/n/NJcAQvotkLl2+HTECsd3f6YkL4DIvVbreZkeub0D7TzZ0/o4o0UYWbI
aP1zNgsq815HKBDSEszx2N+6uObIWGQtGCkSp/EqVPklmGaRwbiU0uk1qMLPEDqI
vgQBFgoAZgUCVIY9dF8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MDAwMDAwMDAwMDAwMAAKCRAXErxGGvd45OuqAQAwqOl8OsLjpqVkVAnDbcpu5TtV
AiFrQT42j44crGg+4QEAd0gnUIBPK4dQBRF3NdK8yP84rjsxIvXin17pe3ZWYgM=
=6iVl
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list