PGP: is there such a thing as a "signature only key?"

Owen Blacker owen.blacker at wheel.co.uk
Thu, 18 Oct 2001 10:19:49 +0100 

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Very brief summary of the off-list message I just sent to Dave Bird, for
any on-list readers interested in this apparently off-topic conversation

Dave Bird said, in relation to the Turnpike version of PGP 6,5,3:
> 
> I have here a key which says as a comment in the name field
> that it is <SIGNATURE KEY ONLY>.  I click on the padlock Icon
> to bring up a PgpTools toolbar, press the Encrypt button, 
> name a text file at random, and on the keys dialog drag this
> key across into recipients. IT ENCRYPTS WITHOUT OBJECTING.

That is different behavior to the versions of PGP for Windows that I have
used (well, the ones from 6,0,x upwards  :) .  I don't get offered
signature-only keys in the window that allows me to choose to which key(s)
I wish to encrypt.

> Where Turnpike is integrated with PGP, it also automatically
> encrypts to this key when the owner is recipient of mail.
> 
> I have an issue with the way PGP6.5.3 for Windoze32, and/or
> the integration with Turnpike, operates:  it does NOT
> automatically honour "signature only keys."

I think it's an issue with the specific way the Turnpike-shipped version of
PGP does things.  Whilst not technically a bug, I guess, it's certainly
inconvenient and could do with that behavior being amended...  :)
 
> COULD SOMEONE WITH 6.5.3 FOR WIN32 TRY TO DUPLICATE THIS?

I just got one of my colleagues to install 6,5,3 and it too does not
provide the option to encrypt to my signature-only key.  Nor does it let me
encrypt to a freshly-generated signature-only key where I revoked the
subkey instead of deleting it (as had been done with my previous key
0x3e2056b9, the key to which Dave Bird had inadvertently encrypted a
message).

Interested readers might be unaware of the PGP Users list at
http://cryptorights.org/pgp-users/ , where this would be more on-topic than
here (it's not a pticly high traffic list, for anyone thus concerned).

Apologies for posting off-topic (yet again), but I thought readers here
might be interested in these excerpts of my off-list mail...


O x
- -- 
Owen Blacker
Senior Software Developer / InfoSec Consultant    Wheel: Clerkenwell
See http://www.owens-place.org.uk/pgp.html -- more about my PGP keys
Sig  0xb48e805e | 0e31 ac2a 4ff2 62a0 89da  ddef 4223 99a6 b48e 805e

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
Comment: Due to RIP, pls check for revocation before using this key!

iQA/AwUBO86d+0Ijmaa0joBeEQLtpgCguTpMt1tiHOen9t4RGMUw5UY9Q1sAnRBe
XScABK8mqs9/HifcXehIhTaT
=11R4
-----END PGP SIGNATURE-----

_____________________________________________________________________
This message has been checked for all known viruses by UUNET delivered 
through the MessageLabs Virus Control Centre. For further information visit
http://www.uk.uu.net/products/security/virus/