On Mon, 20 Apr 2015 18:49, ben(_at_)adversary(_dot_)org said:
keyblock formats? Specifically that newly generated keys should *NOT*
consist solely of a primary with SCE or SCEA. Though as near as I can
tell, this will mainly only affect the Kmail + Kleopatra Kontingent
Sorry, I do not understand this. I can imagine reasons why you want a
signing and encryption capable key and no subkeys.
What has this to do with Kmail + Kleopatra ? They use standard GnuPG
and I am pretty sure that they create RSA+RSA keys; after all this is
what gpg4win does which is the standard installer for GnuPG.
(out of the box) and, maybe, the Bouncy Castle Java devs who continue
to insist on that kind of poor design choice and then inflict them on
unsuspecting end users to the detriment of those users and everyone
In case you refer to a bug report where some Bouncy Castle based
implementation ignored the keyflags [1]: This is clearly a bug in that
implementation. I actually heard stories at the weekend about
implementations which didn't implement even very basic requirements. It
is not a problem of Bouncy Castle, though.
Shalom-Salam,
Werner
[1] Which ignored the key flags and encrypted to the primary key which
happened to be on a smartcard which enforces PKCS#1 for the key so
that the reporter was not able to decrypt.
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp