3 files changed, 16 insertions, 4 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 057809f48..a428e5b03 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,12 @@
+2002-04-20  David Shaw  <[email protected]>
+
+	* keygen.c (generate_subkeypair): 2440bis04 adds that creating
+	subkeys on v3 keys is a MUST NOT.
+
+	* getkey.c (finish_lookup): The --pgp6 "use the primary key"
+	behavior should only apply while data signing and not encryption.
+	Noted by Roger Sondermann.
+
 2002-04-19  David Shaw  <[email protected]>
 
 	* keyedit.c (menu_deluid): Only cause a trust update if we delete
diff --git a/g10/getkey.c b/g10/getkey.c
index 13cd81102..2b8a510ac 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1827,9 +1827,10 @@ finish_lookup (GETKEY_CTX ctx)
   #define USAGE_MASK  (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC)
     unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
     /* Request the primary if we're certifying another key, and also
-       if --pgp6 is on (since pgp 6 (and 7) do not understand
-       signatures made by a signing subkey. */
-    int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) | opt.pgp6;
+       if signing data while --pgp6 is on (since pgp 6 (and 7) do not
+       understand signatures made by a signing subkey. */
+    int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
+      (opt.pgp6 && (ctx->req_usage & PUBKEY_USAGE_SIG));
     u32 latest_date;
     KBNODE latest_key;
     u32 curtime = make_timestamp ();
diff --git a/g10/keygen.c b/g10/keygen.c
index 7742fd3ac..437a61abf 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -2072,9 +2072,11 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
 	}
     }
 
-    if (sk->version < 4) 
+    if (sk->version < 4) {
         log_info (_("NOTE: creating subkeys for v3 keys "
                     "is not OpenPGP compliant\n"));
+	goto leave;
+    }
 
     /* unprotect to get the passphrase */
     switch( is_secret_key_protected( sk ) ) {