From: John Dlugosz
I have a couple questions...
First, it seems that there are two utterly different version systems going
on. The "old packet" and "new packet" format allows more packet types in
the new format, but otherwise doesn't affect the content, since the Version
byte in the Type 6 (etc.) packet specifies Version 4 or 5. So NAI's
implementation (son of original PGP) uses old packets for "backward
compatibility" with v2.6, but then uses a Version 4 Public Key packet which
didn't exist before PGP 5.0, so using the older packet header is pointless.
What's the deal here? I'm supposing the real reason to use old packet
header is to save a byte, in cases where they can be used (tags < 16).
Second, how are the public key proper and the signing key specified? I'm
guessing that the key directly encoded in the Tag 6 is the signing(only)
key, and all subkey packets are for public message keys. The RFC says that
the sign/encrypt only types for RSA are no longer used, but rather flags in
the signature packet is used. I see the following: Public Key (tag 6),
User ID, Signature, User ID, Signature, Public Subkey, Signature. I have
two self-signed ID's (different email addresses), so I don't know what the
third one is for. I also suppose that although packets are not nested but
sequential, the "applies to" is implied as a hiararchy? That is, the sig
applies to the previous ID?
Anyway, with multiple signatures, does each one specify how the key is used
in addition to saying "I vouch for him", and how do you make sure they all
agree? Can someone clarify this, please?
What I'm doing: I'm using OpenPGP in a system, and want to specify exactly
which packets should be used, as the program may be limited to this. Also,
want to make sure I get it right when manipulating these files.
--John