Re: Possible bug: addkey can create certifying subkey
On Mon, 31 Aug 2009 19:24, j...@jameshoward.us said: I am not sure if this is a bug, but given the documentation it is not the expected behavior. I created new keys this weekend, due to a lost USB drive. Replicating it here, if you specify --expert and create a RSA subkey with all the options off, it will create a subkey with all the options, including certification turned on. Here's a slightly That is perfectly okay. If you want to set the key flag for certification on a subkey, gpg allows you to do so. The OpenPGP standard does not restrict this. Note that despite a subkey carrying this flag, OpenPGP (and thus gpg) will always use the primary key for certification of user-ids and other subkeys (binding signatures) and for certifying other keys (key signatures). Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Possible bug: addkey can create certifying subkey
On 09/01/2009 02:45 AM, Werner Koch wrote: On Mon, 31 Aug 2009 19:24, j...@jameshoward.us said: I am not sure if this is a bug, but given the documentation it is not the expected behavior. I created new keys this weekend, due to a lost USB drive. Replicating it here, if you specify --expert and create a RSA subkey with all the options off, it will create a subkey with all the options, including certification turned on. Here's a slightly That is perfectly okay. If you want to set the key flag for certification on a subkey, gpg allows you to do so. The OpenPGP standard does not restrict this. I think it may still be a problem that attempting to turn off all the flags has the actual effect of turning them all on instead... -Alex Mauer hawke signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Possible bug: addkey can create certifying subkey
On Tue Sep 01 2009 14:57:47 GMT-0400 (EST) , Alex Mauer ha...@hawkesnest.net wrote: On 09/01/2009 02:45 AM, Werner Koch wrote: On Mon, 31 Aug 2009 19:24, j...@jameshoward.us said: I am not sure if this is a bug, but given the documentation it is not the expected behavior. I created new keys this weekend, due to a lost USB drive. Replicating it here, if you specify --expert and create a RSA subkey with all the options off, it will create a subkey with all the options, including certification turned on. Here's a slightly That is perfectly okay. If you want to set the key flag for certification on a subkey, gpg allows you to do so. The OpenPGP standard does not restrict this. I think it may still be a problem that attempting to turn off all the flags has the actual effect of turning them all on instead... Well, that was kind of my point, but was also confused by the certifying subkey and may have undually dwelt on it. James -- James P. Howard, II, MPA j...@jameshoward.us signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Possible bug: addkey can create certifying subkey
On Tue, 1 Sep 2009 20:57, ha...@hawkesnest.net said: I think it may still be a problem that attempting to turn off all the flags has the actual effect of turning them all on instead... That is per OpenPGP: Key flags are not required and thus lacking any key flags, we need to assume all capabilities. Of course it would be possible to add an empty list of key flags (in contrast to no list). IMHO this does not make any sense thus we don't create a key flags list at all if you reset all key flags. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users