John Dlugosz writes:
First, it seems that there are two utterly different version systems going
on. The "old packet" and "new packet" format allows more packet types in
the new format, but otherwise doesn't affect the content, since the Version
byte in the Type 6 (etc.) packet specifies Version 4 or 5. So NAI's
implementation (son of original PGP) uses old packets for "backward
compatibility" with v2.6, but then uses a Version 4 Public Key packet which
didn't exist before PGP 5.0, so using the older packet header is pointless.
What's the deal here? I'm supposing the real reason to use old packet
header is to save a byte, in cases where they can be used (tags < 16).
If you're not interested in backwards compatibility with PGP 2, you can
use the new format packet tags. If you require backwards compatibility,
you must use the old format tags and only V3 RSA keys. If you're asking
why the commercial PGP versions use old format tags with V4 DSA keys,
it was in the hope that 2.6.2 could still parse the packets in terms of
their lengths, and skip over their unrecognizable contents.
Second, how are the public key proper and the signing key specified? I'm
guessing that the key directly encoded in the Tag 6 is the signing(only)
key, and all subkey packets are for public message keys. The RFC says that
the sign/encrypt only types for RSA are no longer used, but rather flags in
the signature packet is used. I see the following: Public Key (tag 6),
User ID, Signature, User ID, Signature, Public Subkey, Signature. I have
two self-signed ID's (different email addresses), so I don't know what the
third one is for. I also suppose that although packets are not nested but
sequential, the "applies to" is implied as a hiararchy? That is, the sig
applies to the previous ID?
Yes, there is an implied hierarchy. This is illustrated in section 11.1
of the RFC.
Anyway, with multiple signatures, does each one specify how the key is used
in addition to saying "I vouch for him", and how do you make sure they all
agree? Can someone clarify this, please?
For the subkeys, the key usage flags subpacket can go in the subkey
signature. For the top level key, probably the best place is in the
self-signature on all the userids. I think the commercial PGP versions
look specifically in the self-sig on the primary userid.
The commercial versions of PGP do not support signature sub-keys.