Re: per-user data signatures [was: Re: multiple keys vs multiple identities]

Fri, 24 Sep 2010 10:19:35 -0700 

On 09/24/2010 12:57 PM, David Shaw wrote:
> Hmm.  It's a v3 sig which can't carry a notation.  Do you have force-v3-sigs 
> set anywhere?  Or any of the --pgpX options (which set force-v3-sigs) ?

yup, that was it.  i don't recall putting that in my gpg.conf explicitly
-- it must have been there from an early templated gpg.conf :(

Removing it makes things work as expected, thanks.  time to review the
rest of the file for cruft, i suppose.

the man page is a bit confusing:

>>       --force-v3-sigs
>> 
>>        --no-force-v3-sigs
>>               OpenPGP states that an implementation should generate v4  
>> signa‐
>>               tures  but PGP versions 5 through 7 only recognize v4 
>> signatures
>>               on key material. This option forces v3 signatures for 
>> signatures
>>               on data.  Note that this option implies --ask-sig-expire, 
>> --sig-
>>               policy-url, --sig-notation, and  --sig-keyserver-url,  as  
>> these
>>               features  cannot be used with v3 signatures.  
>> --no-force-v3-sigs
>>               disables this option.

first, there is no mention of what the default is (i assume it's
--no-force-v3-sigs).

second, what does "this option implies --ask-sig-expire ..." mean?  it
seems to mean "this implies that the following options are not
available" or something like that.

The attached patch clarifies things to my current understanding of them
(but i might be wrong!)

Thanks,

        --dkg

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 3b22fa7..10b63b8 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1964,10 +1964,12 @@ the type of the signature.
 OpenPGP states that an implementation should generate v4 signatures
 but PGP versions 5 through 7 only recognize v4 signatures on key
 material. This option forces v3 signatures for signatures on data.
-Note that this option implies @option{--ask-sig-expire},
-...@option{--sig-policy-url}, @option{--sig-notation}, and
-...@option{--sig-keyserver-url}, as these features cannot be used with v3
-signatures.  @option{--no-force-v3-sigs} disables this option.
+Note that this option implies that the following features are
+disabled, as they cannot be used with v3 signatures: 
+...@option{--ask-sig-expire}, @option{--sig-policy-url},
+...@option{--sig-notation}, and @option{--sig-keyserver-url}.
+...@option{--no-force-v3-sigs} allows v4 signatures to be generated.
+...@option{--no-force-v3-sigs} is the default.
 
 @item --force-v4-certs
 @itemx --no-force-v4-certs

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to