[kdepim-users] Re: Using subkeys to sign messages with Kontact and GnuPG

[Robert Simmons]

2011/4/11 Ingo Klöcker <kloecker at kde.org>:
> No, I guess not. You can probably set the fingerprint of the subkey
> manually in your ~/.kde/share/config/emailidentities . I haven't tested
> whether that works.

Well, I have added the fingerprint of the subkey from the command
$gpg --fingerprint --fingerprint {KEYID}
into that file.

This does sign the email with a subkey.  However, I think I have dug
up a bug.  This does not behave as you think it should.

First, Kontact ignores the fingerprint in
~/.kde/share/config/emailidentities.  Well, ignores is not exactly
what happens.  What happens is it signs email with the LAST subkey on
that primary key, no matter what.

This is the same behavior I have discovered in KGpg as well.

So, if I have the following:
One keypair for signing and one subkey for encrypting (this is the
default for gpg - both are RSA)
The following happens:
Everything works as expected.

If I have a primary key that is set to S for sign and another subkey
set to S then Kontact signs all email with the subkey, even if the
primary key's fingerprint is in the emailidentities file!

This is the same behavior as KGpg, so I think I should report them
both as separate bugs.

On a side note: Am I the first person to use subkeys?  Is this
something that is so unusual that only now has this been encountered?

The reason I want to use subkeys is that I want to sign my email with
a key that does not expire.  I also want to sign software with a
subkey that is set to expire.

Hence the problem, because my most recent subkey for signing software
is always the last one (and when it expires the new one will be last)
Kontact signs everything with that key, which is not good.

Any thoughts?

Thanks,
Rob
_______________________________________________
KDE PIM users mailing list
Subscription management: https://mail.kde.org/mailman/listinfo/kdepim-users