On Tue, 2008-04-15 at 17:09 -0400, David Shaw wrote: > Change your preferences and GPG will make a new selfsig for you. No > source hacking needed. Yes but ok let me explain what I want or would like to have ;-)
My current key has the following layout: ***[Pub key packet]*** ***[UID]*** ***[0x13 selfsig (SHA1), with cipher-, hash-, compress- algo prefs, key flags, features, key expiration time and of course stuff like signature creation time]*** What I would like to have is probably (I'm actually not yet sure ;) ): ***[pub key packet]*** ***[0x1F selfsig]*** I assume that would be inserted here? I think it should probably contain, key expiration time, key flags because as far as I understand this information is clearly bond to the key (would it make sense to have different key expiration times, or key flags for different UIDs/roles?) And perhaps even the algo prefs the and the features (if they are the same for all UIDs). Now here I'm note yet sure and I still discuss with Christoph. If the algorigthm preferences and features should be considered as role-preferences,.. the proper place would always be the 0x13 (because these are for the roles, which are effectively the UIDs). But if not, it could make sense to put them on a 0x1F, when they're the same for each UID(/role). I still could add them to single UIDs if some of them have different settings because of their environment. Hmm could one image to have different key-server-uri's per UID? Does this make sense? (And just to prevent any unnecessary discussion,.. I know that this is not the way gpg does handle this stuff (now), and that it is not necessary implied by the standard. I just think that this could make sense. So especially for Robert, please wait until Christoph finishes his paper and post it to the WG.) then the UDIs+0x13's ***[UID]*** ***[the 0x13 selfsig (SHA1)) from above]*** ***[that sig nature revoked]*** (you remember my last mail where I asked you if that makes sense, and you just told me that I still use SHA1 in some places),.. but I still haven't thought about the best fitting reason for revocation [new 0x13 selfsig(SHA512) perhaps with some of the subpackets from above (the algo prefs),.. or not, depending on whether the above makes sense). ***[ the same for other UIDs ]*** So just changing the prefs via setprefs doesn't do this :-( I've already found the make_keysig_packet which is called from main keyedit.c to create the selfsig,... but the I got stuck,.. I think what I wish to do needs too much in depth knowledge of gnupgs functions. Is there perhaps a tool that simply allows to edit every aspect of OpenPGP keys, and that then recreates the selfsigs as desired? Including lenght calculation of the packets, the hash contexts and the signature algorithms? Perhaps something like a counterpart to pgpdump (I love that tool XD). Ah and perhaps on last question (for now ;) ) if I have your attention right now. Does it make sense to put policy URI's on selfsigs? Could you imagine a possible meaning of such a thing? Thanks a lot, Herbert. btw: If anybody here thinks I'm a barrater,... blame Christoph,.. he brought me to read the RFC ;) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
