On 09/24/2010 12:57 PM, David Shaw wrote: > Hmm. It's a v3 sig which can't carry a notation. Do you have force-v3-sigs > set anywhere? Or any of the --pgpX options (which set force-v3-sigs) ?
yup, that was it. i don't recall putting that in my gpg.conf explicitly -- it must have been there from an early templated gpg.conf :( Removing it makes things work as expected, thanks. time to review the rest of the file for cruft, i suppose. the man page is a bit confusing: >> --force-v3-sigs >> >> --no-force-v3-sigs >> OpenPGP states that an implementation should generate v4 >> signa‐ >> tures but PGP versions 5 through 7 only recognize v4 >> signatures >> on key material. This option forces v3 signatures for >> signatures >> on data. Note that this option implies --ask-sig-expire, >> --sig- >> policy-url, --sig-notation, and --sig-keyserver-url, as >> these >> features cannot be used with v3 signatures. >> --no-force-v3-sigs >> disables this option. first, there is no mention of what the default is (i assume it's --no-force-v3-sigs). second, what does "this option implies --ask-sig-expire ..." mean? it seems to mean "this implies that the following options are not available" or something like that. The attached patch clarifies things to my current understanding of them (but i might be wrong!) Thanks, --dkg
diff --git a/doc/gpg.texi b/doc/gpg.texi index 3b22fa7..10b63b8 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1964,10 +1964,12 @@ the type of the signature. OpenPGP states that an implementation should generate v4 signatures but PGP versions 5 through 7 only recognize v4 signatures on key material. This option forces v3 signatures for signatures on data. -Note that this option implies @option{--ask-sig-expire}, -...@option{--sig-policy-url}, @option{--sig-notation}, and -...@option{--sig-keyserver-url}, as these features cannot be used with v3 -signatures. @option{--no-force-v3-sigs} disables this option. +Note that this option implies that the following features are +disabled, as they cannot be used with v3 signatures: +...@option{--ask-sig-expire}, @option{--sig-policy-url}, +...@option{--sig-notation}, and @option{--sig-keyserver-url}. +...@option{--no-force-v3-sigs} allows v4 signatures to be generated. +...@option{--no-force-v3-sigs} is the default. @item --force-v4-certs @itemx --no-force-v4-certs
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users