On Wed, Dec 13, 2000 at 11:44:03AM -0600, dvdeug@hushmail.com wrote: > I've been reading archives of debian-new-maintainer and debian-mentor, and > I'm somewhat confused about which older GPG keys have problems. If I have > a key > > ~/Program_Source $ gpg --list-keys "David Starner" > pub 1024D/C3E943FF 2000-04-18 David Starner <dstarner98@aasaa.ofe.org> > sub 1024g/39C9DE01 2000-04-18 > > and it was made with GnuPG 1.0.1-2, is that a problem? Do I need to make > a new key to get signed for Debian? If you chose the default key types when generating your key, you will have a DSA signing key and an ElGamal encryption key. The ElGamal key is signed by the DSA key, but not vice versa. Therefore, even if the keys were generated with 1.0.1 or earlier, there should be no ElGamal signatures involved. To be sure, you can run gpg -vv --check-sigs 2>&1 | less and examine the output. This will print the packets that are being processed for each key. There will be a signature packet for each uid or subkey. Algorithm type 17 corresponds to DSA and 16 to ElGamal. Simply check that none of the signature packets are of algorithm type 16. Only your ElGamal subkey itself should have algorithm type 16. Matt
Attachment:
pgpCG1mmp128p.pgp
Description: PGP signature