Which Key ID for Business Card?
shavital at mac.com
Sat Jan 3 14:35:47 CET 2009
-----BEGIN PGP SIGNED MESSAGE-----
Rippit the Ogg Frog wrote the following on 1/3/09 6:23 AM:
> Greetings, I just subscribed.
Welcome, fellow Mac user :-)
> I'm getting ready to have business cards printed, and want to include my
> Key ID on them so that recipients can look up my key from the keyservers.
> My old business card had the Key ID F7605786, UID crawford at goingware.com
> This is a 1024-bit key that I generated with the old Open Source PGP
> way back when.
> But I have some hazy memory of generating a 2048-bit DSA key at some
> point, which I think is the key one should use when sending me mail
> these days.
> Given the following:
> $ gpg --fingerprint rippit at oggfrog.com
> pub 1024D/F7605786 1999-01-11
> Key fingerprint = 9B9F 2D03 9996 AF83 9A4F CB26 20E8 0D0B F760 5786
> uid Michael David Crawford (aka Rippit the Ogg Frog)
> <rippit at oggfrog.com>
> uid Michael David Crawford
> <michael at geometricvisions.com>
> uid Michael D. Crawford <crawford at goingware.com>
> sub 2048g/1EA551E9 1999-01-11
> Which is the Key ID to print on my business card? F7605786 or 1EA551E9?
F7605786 is your master key, 1EA551E9 is the subkey used for encryption.
Please read on.
> Or should I generate a new key entirely?
> Following is my latest key.
After importing the key block you included in your message, I have:
pub 1024D/F7605786 created: 1999-01-11 expires: never usage: SCA
trust: unknown validity: unknown
sub 2048g/1EA551E9 created: 1999-01-11 expires: never usage: E
[ unknown] (1). Michael David Crawford (aka Rippit the Ogg Frog)
<rippit at oggfrog.com>
[ unknown] (2) Michael David Crawford <michael at geometricvisions.com>
[ unknown] (3) Michael D. Crawford <crawford at goingware.com>
Your master key ID is F7605786, or more conservatively 0xF7605786
(Zerox........). Some key servers require the format 0XF7605786.
The eight digits F7605786 are the last 8 digits of the fingerprint of
that key, as you can in the fingerprint you indicated above.
In my opinion 0xF7605786 is the key ID you should print on your visiting
cards. It is the same you have on the old cards, except for the 0x prefix.
> I just used gpg --edit-key adduid to add the first two UIDs, which seems
> to have rendered my key untrustworthy.
Why? You have added those UIDs because, apparently your wanted you key
to include the three e-mail addresses you use, and that's perfectly OK.
As a matter of fact, it is best, if not mandatory, to include in one's
key the different e-mail addresses one is going to use.
> Once I'm completely happy with
> my key I'll get some friends to sign it again.
Referring to "...have some friends sign it again". In its present state,
your key, as I have downloaded and imported it into my public key ring,
contains only your self-signatures, as shown below. You should have your
friends sign your key, not signing it again.
uid Michael David Crawford (aka Rippit the Ogg Frog) <rippit at oggfrog.com>
sig!3 F7605786 2009-01-03 [self-signature]
uid Michael David Crawford <michael at geometricvisions.com>
sig!3 F7605786 2009-01-03 [self-signature]
uid Michael D. Crawford <crawford at goingware.com>
sig! F7605786 2007-04-19 [self-signature]
I don't know what will make you completely happy with your key, but I
take the liberty of suggesting the following:
- - this is not related to your key specifically, but you'd better update
your gpg to 1.4.9, that is the current stable version. Source code is
available at www.gnupg.org if you want to compile it, or you can
download a binary installer at
- - add a signing subkey to your key. When you sign, you will be using
that subkey, instead of your master key.
Because your master key is 1024 bits, you can use only the SHA1 message
digest (which is also true in the present configuration of your key,
where you use your master key to sign).
The strength and security of SHA1 is debated. Many users still use it,
others prefer to use SHA256, or even SHA512. If you want to use SHA256,
you will have to generate a signing RSA subkey of at least 2048 bits.
I believe, but I am not sure, that if you enable in your
~/.gnupg/gpg.conf file the option:
you will be able to add a 2048 bits DSA subkey. You will also have to
enable in your gpg.conf file the option 'digest-algo SHA256'
But I *recommend* that you wait for reactions to this message from users
in this forum who are *really experienced*, I am just a
> Mike Crawford
> rippit at oggfrog.com
Because you are a Mac user, I suggest:
You are using: User-Agent: Thunderbird 184.108.40.206 (Macintosh/20081105)
The current stable version is 220.127.116.11. You should be able to update
automatically from 18.104.22.168.
MacOS 10.5.6 - MacBook Intel C2Duo "Aluminum Late 2008"- GnuPG 1.4.9 -
GPG2 2.0.10rc1 - Testing TB 3.0b1+EM 0.96a - Apple's Mail+GPGMail v56
PGP key: 0xA57A8EFA
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10rc1 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Gnupg-users