PGP-GPG Compatibility

David Shaw dshaw@jabberwocky.com
Tue Jun 11 19:22:01 2002


On Tue, Jun 11, 2002 at 05:57:38PM +0300, Charly Avital wrote:
> In PGP, the self signature shows explicitly your full user ID, but there is
> here something unusual:
> The key itself was created on March 24, 2002.
> The self signature was done on April 16 2002
> There is another signature by 0xD67A4987, defined as "Unknown Signature",
> made by CN=WEB.DE Trustcenter Voll-Zertifikate, EMAIL=trust@web.de, OU=
> TrustCenter CA, O=WEB.DE AG, L=D-76227 Karlsruhe, C=DE.
> 
> This would mean that when the key was created, March 24,2002, it was not
> automatically self signed on the *same day*, as it usually happens when a
> key is created. The self signature was done, according to PGP, much later,
> on April 16, 2002.

This is not unusual.  Remember that the key preferences and expiration
date are contained in the self-signature.  If the key owner changes
their prefs or expiration date then a new self-signature will be
issued.

> Therefore, GPG would be right when it says:
> "gpg: signature packet without keyid"

This error message is due to the X.509-ish signature on the key.  This
is not part of OpenPGP, and is discarded by GnuPG.  The error can be
safely ignored.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson