jh at jameshoward
Aug 31, 2009, 10:24 AM
Post #1 of 6
(727 views)
Permalink
|
|
Possible bug: addkey can create certifying subkey
|
|
I am not sure if this is a bug, but given the documentation it is not
the expected behavior. I created new keys this weekend, due to a lost
USB drive. Replicating it here, if you specify --expert and create a
RSA subkey with all the options off, it will create a subkey with all
the options, including certification turned on. Here's a slightly
edited transcript:
howardjp [at] thermopyla:~$ gpg --expert --edit 0xE6602099
Secret key is available.
pub 4096R/0xE6602099 created: 2009-08-30 expires: never usage: C
trust: ultimate validity: ultimate
sub 2048R/0xFCB31625 created: 2009-08-30 expires: never usage: E
sub 2048R/0xA40883BA created: 2009-08-30 expires: never usage: A
sub 2048R/0x2C3602D7 created: 2009-08-30 expires: never usage: S
sub 2048R/0x3EE4249E created: 2009-08-30 expires: never usage: S
[ultimate] (1). James Patrick Howard, II
Command> addkey
Key is protected.
You need a passphrase to unlock the secret key for
user: "James Patrick Howard, II"
4096-bit RSA key, ID 0xE6602099, created 2009-08-30
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
Your selection? 8
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? s
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Encrypt
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? e
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions:
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
pub 4096R/0xE6602099 created: 2009-08-30 expires: never usage: C
trust: ultimate validity: ultimate
sub 2048R/0xFCB31625 created: 2009-08-30 expires: never usage: E
sub 2048R/0xA40883BA created: 2009-08-30 expires: never usage: A
sub 2048R/0x2C3602D7 created: 2009-08-30 expires: never usage: S
sub 2048R/0x3EE4249E created: 2009-08-30 expires: never usage: S
sub 2048R/0xB892F408 created: 2009-08-31 expires: never usage: SCEA
[ultimate] (1). James Patrick Howard, II
Command> quit
Save changes? (y/N) n
Quit without saving? (y/N) y
howardjp [at] thermopyla:~$ gpg --version
gpg (GnuPG/MacGPG2) 2.0.12
libgcrypt 1.4.4
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
howardjp [at] thermopyla:~$
--
James P. Howard, II, MPA
jh [at] jameshoward
|
signature.asc
