Hi Blake,
After discussing this further with the partner today, the partner's requirement is to have the key self-signed which would make the sigclass 0x13 instead of 0x10 by default. What are steps to self-sign a key after the creation of a new PGP key?
Confidentiality Notice: This message is intended only for the use of the individual or entity to which it is addressed. This communication may contain individual protected health information ("PHI") that is subject to protection under state and federal laws, or other privileged, confidential or proprietary information of Blue Cross and Blue Shield of North Carolina that may not be further disclosed. If you are not the intended recipient, or the employee or agent responsible for delivering this communication to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer. Thank you.
Original Message:
Sent: 5/23/2025 5:31:00 PM
From: Blake Thomas
Subject: RE: pgp command-line changing signature class
You're looking for the --trust-depth switch when signing the key. The PGP Command Line Guide does have a section and example for --trust-depth and is pretty straightforward.
I'm unsure what 0x13 translates into in regards to trust, but let us know if it changes if you successfully set the trust-depth.
Original Message:
Sent: May 23, 2025 12:08 AM
From: Paul Pham
Subject: pgp command-line changing signature class
I have a requirement from a vendor/trading partner who requires the key to have a signature class of 0x13, I am familiar with pgp command line but never dealt with this requirement before.
Recent new keys I created show to be created with sigclass=0x10, the trading partner requires this to be 0x13 and I've tried signing with a trusted key and reviewed the PGP manual for commandline but no luck in finding the right syntax/parameter to change the sigclass itself.
pgp --list-sig-details 0x1234567
Signature Details: user <user@email.com>
Signed Key ID: 0x1234567 (0x12345676CA07B)
Signed User ID: BCBSNC_TEST_key_for_BCBSA_BCM <user@email.com>
Signer Key ID: 0x1234567 (00x1234567CA07B)
Signer User ID: BCBSNC_TEST_key_for_BCBSA_BCM <user@email.com>
Type: RSA signature
Hash: SHA-1
Exportable: Yes
Status: Active
Created: 2025-05-22
Expires: Never
Trust Depth: 0
Domain: Absent
I'm curious if anyone out there knows how to change the trust depth in BOLD above as I believe this would also change the sigclass that my trading partner requires.