* keygen.c (generate_subkeypair): 2440bis04 adds that creating subkeys on

v3 keys is a MUST NOT.

* getkey.c (finish_lookup): The --pgp6 "use the primary key" behavior
should only apply while data signing and not encryption. Noted by Roger
Sondermann.

g10/ChangeLog

@@ -1,3 +1,12 @@
+2002-04-20  David Shaw  <dshaw@jabberwocky.com>
+
+	* keygen.c (generate_subkeypair): 2440bis04 adds that creating
+	subkeys on v3 keys is a MUST NOT.
+
+	* getkey.c (finish_lookup): The --pgp6 "use the primary key"
+	behavior should only apply while data signing and not encryption.
+	Noted by Roger Sondermann.
+
 2002-04-19  David Shaw  <dshaw@jabberwocky.com>
 
 	* keyedit.c (menu_deluid): Only cause a trust update if we delete

g10/getkey.c

@@ -1827,9 +1827,10 @@ finish_lookup (GETKEY_CTX ctx)
   #define USAGE_MASK  (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC)
     unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
     /* Request the primary if we're certifying another key, and also
-       if --pgp6 is on (since pgp 6 (and 7) do not understand
-       signatures made by a signing subkey. */
-    int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) | opt.pgp6;
+       if signing data while --pgp6 is on (since pgp 6 (and 7) do not
+       understand signatures made by a signing subkey. */
+    int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
+      (opt.pgp6 && (ctx->req_usage & PUBKEY_USAGE_SIG));
     u32 latest_date;
     KBNODE latest_key;
     u32 curtime = make_timestamp ();

g10/keygen.c

@@ -2072,9 +2072,11 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
 	}
     }
 
-    if (sk->version < 4) 
+    if (sk->version < 4) {
         log_info (_("NOTE: creating subkeys for v3 keys "
                     "is not OpenPGP compliant\n"));
+	goto leave;
+    }
 
     /* unprotect to get the passphrase */
     switch( is_secret_key_protected( sk ) ) {