Symantec PGP Encryption

  • 1.  pgp command-line changing signature class

    Posted May 23, 2025 09:40 AM

    I have a requirement from a vendor/trading partner who requires the key to have a signature class of 0x13, I am familiar with pgp command line but never dealt with this requirement before.

    Recent new keys I created show to be created with sigclass=0x10, the trading partner requires this to be 0x13 and I've tried signing with a trusted key and reviewed the PGP manual for commandline but no luck in finding the right syntax/parameter to change the sigclass itself.

     pgp --list-sig-details 0x1234567
    Signature Details: user <user@email.com>
        Signed Key ID: 0x1234567 (0x12345676CA07B)
       Signed User ID: BCBSNC_TEST_key_for_BCBSA_BCM <user@email.com>

        Signer Key ID: 0x1234567 (00x1234567CA07B)
       Signer User ID: BCBSNC_TEST_key_for_BCBSA_BCM <user@email.com>

                 Type: RSA signature
                 Hash: SHA-1
           Exportable: Yes
               Status: Active
              Created: 2025-05-22
              Expires: Never
          Trust Depth: 0
               Domain: Absent

    I'm curious if anyone out there knows how to change the trust depth in BOLD above as I believe this would also change the sigclass that my trading partner requires.



  • 2.  RE: pgp command-line changing signature class

    Broadcom Employee
    Posted May 23, 2025 05:31 PM

    You're looking for the --trust-depth switch when signing the key. The PGP Command Line Guide does have a section and example for --trust-depth and is pretty straightforward.

    I'm unsure what 0x13 translates into in regards to trust, but let us know if it changes if you successfully set the trust-depth.




  • 3.  RE: pgp command-line changing signature class

    Posted May 23, 2025 06:28 PM
    Hi Blake,

    After discussing this further with the partner today, the partner's requirement is to have the key self-signed which would make the sigclass 0x13 instead of 0x10 by default. What are steps to self-sign a key after the creation of a new PGP key?



    Confidentiality Notice: This message is intended only for the use of the individual or entity to which it is addressed. This communication may contain individual protected health information ("PHI") that is subject to protection under state and federal laws, or other privileged, confidential or proprietary information of Blue Cross and Blue Shield of North Carolina that may not be further disclosed. If you are not the intended recipient, or the employee or agent responsible for delivering this communication to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer. Thank you.