Hi, I tried to generate an RSAv4 certification-only key with GnuPG, but failed, even in "expert mode".
What I mean is a primary key that can be used to attach a subkey to it, or _maybe_ also to sign UserIDs of other keys (for the Web of Trust). But not for data signatures. As I understand the RFC, I want a primary key with key flags 0x01 (or maybe even 0x00?). But GnuPG only presents me with three "bits" to flip: - signature, which seems to set key flag 0x03 - encryption, which seems to set key flag 0x0C - authentication, which seems to set flag 0x21 I tried turning all three bits off, but then the key doesn't have a key flags subpacket (packet 27) at all and seems to be treated by GnuPG as a "everything is allowed" key. Is this impossible with GnuPG? Is it a bad idea? Why? Do I misunderstand the RFC? Thanks for your explanations, -- Lionel
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
