From: <mkuusio(_at_)surfeu(_dot_)fi>
What is the content of the secret key signature packet? I know that open
pgp doesn`t support secret key signing so hash left 2 bytes, DSA r and DSA
s are not included in the signature packet. I assume that the content is:
-Version number (1 octet)
-Signature type (1 octet)
-Public key algorithm (1 octet)
-Hash algorithm (1 octet)
-Hashed subpackets (n octets)
-Sub packet (issuer key id 8 octets)
I'm sorry, I don't know what you mean by a secret key signature packet.
As I noted earlier, we don't sign secret keys. There would be no point
in creating a "signature" packet that was missing the signature fields,
r and s.
Maybe this will help. OpenPGP implementations usually store the public
keys separately from the secret keys. Traditionally these stores are
called "key rings". The public key ring contains public keys (your
own public key and also those belonging to other people), user ids, and
signatures. The secret key ring contains your own secret keys and their
user ids. There is no need for signature packets on the secret key ring.
If there are any signature packets there, they will be signatures over
just the public key portion of the secret key packets. They are not
secret key signatures, there is no such thing.
Hal Finney