>Message: 6 >Date: Wed, 5 Apr 2006 22:02:16 -0400 >From: David Shaw <[EMAIL PROTECTED]> >Subject: Re: 1.4.3 // proper syntax for --edit-key cross-certify ?
>PGP does not generate signing subkeys. You generated a RSA >encryption >key that happened to be without key flags (I guess that version of >PGP >didn't use them yet), and so it appears as a RSA sign+encrypt key >in >GnuPG. well, it is an 'atypical' pgp build ;-) but the subkey is recognized by gnupg as a 'signing' subkey, and moreover, is 'forced' by gnupg front ends to be used for signing (there is no '!' indicator available to put as an option in gpg.conf) here is an example of such a key: -----BEGIN PGP PRIVATE KEY BLOCK----- Comment: passphrase: rsav4t lQHqBDwg+g0BBADauhzNV+0XYAg1Q8O8m8QhyxXz2HUeqB/7+lOlFQT/UnNVvtmm 9ouqwy/7HUpsxYLep3laFCUek6tSmJQKF7agjCqN3HrzE6eFWp7kVejuiDGKj0UK OwuOUQVRtdtSZMY1Hh0MWhZDbtJYkQU81gijs9FOLva9x1jafrZuHjhdGQAFEf8D AwLsMC6ZozNWu2D5ziUHulKzmrRwWNCyCQkxVm+0z/bO9auiMlMUqk8WPuieHHQg ki+SvGekTtSJG8gEZeTkYo/+rYGs9bv9cm/5cZ3/5WQPEYc9zxggwIz9/E+4zOcV D9FPZuo0cOouE9eHRSd+xTT/c+YX6ypqa/WFicx71SYZ6FahYdsKNiK11nx7SVT+ dBF7hHcgH5vgfza2ZtA0M0y3d6/NFATNqFRVdl9D20MR+fBs/RDBHDudUFV07x7R pDPm/zai9dmLfsRsQcPKgjhC/YkNE08inkwMi7aUTKIOsKTHZuY+y2YnD0RLXakD udpmiA/2vtGR9D7NaVW24rqdtK6r/B8DW0CtGb/JqGw80JUAz8YwvNMXbLnggAvh IJTdjjf0CFhKQ8JF/aCBlmcXGaGo37URwKlgfdHnOa14DnO51Po3SIKisSGfLmpM 3soVFY0vj4vSXX2cibQYcnNhdjR0IDxyc2F2NHRAa2V5LnRlc3Q+nQO8BEQ0kkAB CADjn5GScd2SFDZ046cohclmm8nob1Nj/g2bqHfN16LQ77dLSESBuo56yxLXkS/s xVUtTOW7abZ1ksdBOF1xrq/g49bfP7i4RIrMf+CpFRO/Il1rqkjGuZSPBMRX12Ti hY1z4HU1jocPkyuccO3+VDXnrHOhzlBxzTlYH/4oIiPimyk+0n4Xg4RShcnyL8f+ uSXwb6pHWYypCOW1QxwthK9PtLs3TORLpebOXqnNwM3y5XtIcqkdbKfqmPR5OTqx NQmrEvzUThRmjRiiX/eOQww7tusr9CaIivBK3GcKkaUNxsT4RcLndQ8ZFR+skatY JDBUTC7jjxqhg0i6zwYw/sgJAAUR/gMDAi3o4bzxWYK4YGlXTPOA9lFQ8NCCLAnV BdqHIdfL8jowEowNcfhRaCKSqqF07yuTWyNfUoWuI1d1f7W8RHXgN9Ocs4cRnTeh D7KDi6ZyBPAJ+BCYpB0USAp4b/JbFc2orhUHpy+1355CBwze8aZF42N77RZ7QEJk 0Dq3ByjVdIuCb1P5SsJGWXVKJbkLAzaXDF9NJLCzcQW2jZzwFvmYrdUE3/Xo3U8C kK3JX4IugJhPaKq0sknX63rm7Y++CCRxJy1TGln08D8RMnwG/H+/lgT7cE/vZP7O GBLv6VUU2FtkNToWUm4tPFhAV03UCkmZKPsbFoEiVXwEVxgSYnoaLvHMP9w7BlFK MqyBYjPaI4JzgFvfyCrzZVH58to6Crb6Ens7kzbgums3/0rWg+2cldQyivhmoP7G 6Lx1Y1P7xtPgo7JQIsgIPaa2YsioRAoOhh338Tgu2ZJ1yvBqHhn3zxchWJZAAua0 998k6VShLO9+JAxV8J8fr6LIJiflByvqOUpjnMbYcR5VkwYcM2ebhbGiGfDS8PWy gSyFOz9QBZW1sWP6LZjOHQKPqgUl0avPG2EdcLarg3NV4ACTNsfuJtd7uksn/fGR E5rPlSvUFq/2ojNUT6tVZWpb3uLNFLikE6A2rM85NpG9UtZTYiBWbzRnb/DFjnJQ bskXNbxUWN3V9AujdTKdoJit7Rb1pPhebK6w+Pyj0HXwZ/pncx2ReVh1MmQ/L6A8 1WVS6KvXYd8qgCIKTsun25t2EtJlp7029iEHq8TaNsGqD5BsFoT/y3/J9YdmmUc1 wki+1ox6BSMhREjxZ2d9fZHJ6ALmZ2PP0ryVGlNcKV/wu/QMoIttrhkjWnVWADsc VCMkkQ8P/2MG2ukSA8qOdWLBVgTw6yLDHStkIl6Bpm+Y9Alnz6I= =oO4q -----END PGP PRIVATE KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: rsa v4 key with rsa signing subkey (ckt build 9 ) mQCLBDwg+g0BBADauhzNV+0XYAg1Q8O8m8QhyxXz2HUeqB/7+lOlFQT/UnNVvtmm 9ouqwy/7HUpsxYLep3laFCUek6tSmJQKF7agjCqN3HrzE6eFWp7kVejuiDGKj0UK OwuOUQVRtdtSZMY1Hh0MWhZDbtJYkQU81gijs9FOLva9x1jafrZuHjhdGQAFEbQY cnNhdjR0IDxyc2F2NHRAa2V5LnRlc3Q+iQCpBBABAwATBQI8IPoNCQsDBwgJBAoB AgIZAQAKCRBdrtpCF+ndm7PhA/0Rm9Yhj9WS4Ti6mpxYZJ4A6tNqK8VaRwXoEdU4 6ItU202v8GW08wYvhNQ/kX+fwKPXde3PxSigNfDuhriuzU4KoR4i7KwFSovLM3V2 4m7eHme3payGIyVW8YxjYYT3f/3UxJcsW7DZ5Yo7k0+j04t+M27KATrk1R0ONG3l 3IJQRrkBCwRENJJAAQgA45+RknHdkhQ2dOOnKIXJZpvJ6G9TY/4Nm6h3zdei0O+3 S0hEgbqOessS15Ev7MVVLUzlu2m2dZLHQThdca6v4OPW3z+4uESKzH/gqRUTvyJd a6pIxrmUjwTEV9dk4oWNc+B1NY6HD5MrnHDt/lQ156xzoc5Qcc05WB/+KCIj4psp PtJ+F4OEUoXJ8i/H/rkl8G+qR1mMqQjltUMcLYSvT7S7N0zkS6Xmzl6pzcDN8uV7 SHKpHWyn6pj0eTk6sTUJqxL81E4UZo0Yol/3jkMMO7brK/QmiIrwStxnCpGlDcbE +EXC53UPGRUfrJGrWCQwVEwu448aoYNIus8GMP7ICQAFEYkAlQMFGEQ1GQtdrtpC F+ndmwEIfboEAL/q413KmmQUIVR/khZuyR+uDW1btlXODx+Rq06eDDrahCPhsKoV jbXaCw3+wIGL8wLwXgRbCxdT6T8N4ndD9rXpSca6WgCQnjJktN2hVt5xKqixJ9yh s5CnPsm7AWe66kzq07LVEea2NKHzJwhce0XjeIFOd3jD/eaeVXdzDFwb =3A9P -----END PGP PUBLIC KEY BLOCK----- >Bottom line is, this does not work on PGP generated keys. a request then, can cross-certify be made to work with such a key, (preferred) or, can an option of '!' be made available so that gnupg front ends recognize and sign with the primary subkey, and avoid the whole issue tia, vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
