On Mon, Oct 27, 2008 at 09:48:21AM -0400, [EMAIL PROTECTED] wrote: > >Date: Fri, 24 Oct 2008 20:42:14 -0400 > >From: David Shaw <[EMAIL PROTECTED]> > >Subject: PGP 6.5.8 ckt, just say no. (was: Re: set type digest > >mode? > > >On Oct 24, 2008, at 10:41 AM, [EMAIL PROTECTED] wrote: > > > >> [1] any ckt V4 rsa keys generated, > >> have the rsa subkey as both sign and encrypt, > >> and there is (as yet, afaik,) no way > >> that gnupg can be used to get such a key to cross-certify the > >> primary key, > >> and since the subkey will be used by default by gnupg to sign, > >> gnupg will give error messages about the verification > > > >gpg --edit-key (thekey) > >cross-certify > >save > > > >Please don't anyone take that to mean that I think people should > >use > >6.5.8ckt. I really don't. > > > OK, i won't > > but it *still* doesn't cross certify :-) > > (at least in 1.4.9 on windows) > (if you can get it to work on linux, > or gnupg 2.x, please let me know) > > here is an rsa v4 keypair generated in ckt > to try to cross certify:
Now that is an... interesting key. It's a V4 (OpenPGP) key with V3 (PGP 2.x) binding signature). GPG won't cross-certify such a key because it is a one-way change. Once cross-certified, the binding signature will be V4 (OpenPGP). Note that you can't change the expiration date of the subkey on that key either (for the same reason). David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users