On 10/10/2013 01:45 PM, Brian J. Murrell wrote: > I was told by a developer of a piece of software that my key does not > conform to rfc4800. He said: > > According to http://tools.ietf.org/html/rfc4880#section-5.2.2 > signatures of version 3 don't have subpackets, which are only > available in version 4. > > Looks like your key from 1998 is not compliant to RFC4880. > > Do I have any recourse other than to generate a new key?
your key 0x9771109462F2B970 appears to be an OpenPGPv4 key, not an
OpenPGPv3 key, so i'm not sure what the person you were talking to was
talking about.
that said, 0x9771109462F2B970 claims to have been generated on
1998-02-16, and is a 1024-bit DSA key. This is a weak key by today's
standards, and the fact that it has been in use for over 15 years makes
me think that you should probably generate a new primary key anyway.
You don't have to revoke your old key immediately, of course, but you
probably want to move to something stronger sooner rather than later.
Regards,
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
