On Tue, Apr 15, 2008 at 11:42:30PM +0200, Herbert Furting wrote: > On Tue, 2008-04-15 at 17:09 -0400, David Shaw wrote: > > Change your preferences and GPG will make a new selfsig for you. No > > source hacking needed. > Yes but ok let me explain what I want or would like to have ;-) > > My current key has the following layout: > ***[Pub key packet]*** > ???***[UID]???*** > ???***[0x13 selfsig (SHA1), with cipher-, hash-, compress- algo prefs, key > flags, features, key expiration time and of course stuff like signature > creation time]???*** > > What I would like to have is probably (I'm actually not yet sure ;) ): > ???***[pub key packet]???*** > ???***[0x1F selfsig]???*** > I assume that would be inserted here? > I think it should probably contain, key expiration time, key flags > because as far as I understand this information is clearly bond to the > key (would it make sense to have different key expiration times, or key > flags for different UIDs/roles?)
No. Key flags do not pertain to UIDs or roles. They pertain only to keys. What you sketch out above is legal by the spec. No program that I know of does it that way, but it's legal. > And perhaps even the algo prefs the and the features (if they are the > same for all UIDs). Again, legal, but nobody does it that way. > Now here I'm note yet sure and I still discuss with Christoph. > If the algorigthm preferences and features should be considered as > role-preferences,.. the proper place would always be the 0x13 (because > these are for the roles, which are effectively the UIDs). > But if not, it could make sense to put them on a 0x1F, when they're the > same for each UID(/role). > I still could add them to single UIDs if some of them have different > settings because of their environment. Same. > Hmm could one image to have different key-server-uri's per UID? Sure. Say I use the same key for home and work, so I have two UIDs on the key. Work has a keyserver, and home uses a public keyserver. > Is there perhaps a tool that simply allows to edit every aspect of > OpenPGP keys, and that then recreates the selfsigs as desired? Including > lenght calculation of the packets, the hash contexts and the signature > algorithms? > Perhaps something like a counterpart to pgpdump (I love that tool XD). None that I know of. > Ah and perhaps on last question (for now ;) ) if I have your attention > right now. > Does it make sense to put policy URI's on selfsigs? Could you imagine a > possible meaning of such a thing? It's not up to me to say whether it makes sense or not. Policy URIs are for specifying the policy under which a signature was issued. If you want to state the policy for your self sigs, this is how you do it. If you don't, don't. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
