On Mon, Jan 26, 2009 at 10:54:55PM +0100, Peter Thomas wrote: > Hi again. > > This is about signature types and how gnupg uses them. > > I've looked through the signature types in chapter 5.2.1 > > 1) The 0x02 standalone signature: What is its intended use (by the > standard) and is it ever used by gnupg? > I mean it's clear to me that it signs just it's own subpackets, but > how could this be ever used?
It's a "token", that can be given from one person to another. The token contains only what is stated inside the signature itself. Let's say I put some useful information inside a notation packet, or perhaps it contains identity inside a keyID packet, etc. Think of it as a physical token and some uses come to mind. GPG doesn't support it. Neither does any other OpenPGP program that I know of. > 2) The 0x1F direct key signature: Is it ever used by gpg? I mean it > would perfectly fit for all subpacket types that apply directly to the > key, e.g. key expiration time (9), revocation key (12) or key flags > (27). > But gpg always puts these kind of information in the 0x13 signature. It's used for designated revocation signatures. There is no reason why it *couldn't* be used for key expiration or key flags, but 0x13 works just as well for this. OpenPGP supports both 0x1F and 0x13 (0x10, 0x11, 0x12), and historically people used 0x13, so there was never a real reason to change. > 3) Last but not least, the 0x50 3rd party signature. I must admit that > I absolutely don't understand its usage. Do you have an example? And > is this used by gpg? It's a Notary signature. For example: Alice writes a document. She later wants to be able to prove when it was written. Obviously we can't trust Alice's signature to prove that since she can set her clock to whatever she likes. We can, however, trust the notary (or many notaries). Alice signs the document, and then brings the signature to the Notary. The Notary verifies that the signature is sane (i.e. the date is current) and then signs the signature (with an 0x50). Alice gets her proof, and significantly does not have to show the Notary her original document. GPG doesn't support it. Neither does any other OpenPGP program that I know of. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
