Generation of key ID's
Peter Pentchev
roam at ringlet.net
Wed Sep 25 23:02:28 CEST 2013
On Wed, Sep 25, 2013 at 08:29:58PM +0100, MFPA wrote:
>
> Hi
>
> On Sunday 22 September 2013 at 9:30:52 PM, in
> <mid:523F537C.2090707 at fifthhorseman.net>, Daniel Kahn Gillmor wrote:
>
> > You can read up on the specifics in the standard:
> > https://tools.ietf.org/html/rfc4880#section-12.2
>
> Does anybody know the answer to the OP's other question:-
> "And why is it done that way?"
Of course, I cannot speak for the designers of the PGP and later OpenPGP
key format, but... Um. When assigning identifiers to pieces of data
created randomly by independent parties all around the world with no
means of communication or synchronization, it makes perfect sense that
the identifier would be some kind of hash over both information supplied
by the person generating the piece of data and information generated
randomly, that is, part of the data. So it makes perfect sense that the
identifier should be some kind of a hash over parts of the PGP key
material.
Furthermore, the identifier should not change when the key owner makes
modifications to the key itself, so it may not include user IDs or
signatures made either by the owner or other people after the key has
been generated. What does not change in a PGP key? Well, obviously,
the key parameters themselves: the algorithm, the numbers comprising the
key (be they primes or curve specifiers or whatever). In addition, a
key may only be created once, so the creation time is not supposed to
change.
So there you have it - a long, long time ago, in a galaxy far, far away,
the V3 key fingerprint was formed by hashing only the key parameters;
they obviously characterize this key and they obviously will not change
with time as this key is being used. Then, in V4 of the format, more
information was included, but once again, all of it is not supposed to
change with time.
As an additional benefit, hashing the public key material also provides
a quick and quite reliable way to make sure that the public key itself
has not been damaged in transit.
Note: in this text I repeatedly referred to "PGP keys" and not "OpenPGP
keys" because, unless I am gravely mistaken, both the V3 and V4 key
formats were designed before (okay, V4 was almost at the same time as)
the OpenPGP Alliance was formed.
G'luck,
Peter
--
Peter Pentchev roam at ringlet.net roam at FreeBSD.org p.penchev at storpool.com
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
"yields falsehood, when appended to its quotation." yields falsehood, when appended to its quotation.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20130926/e0e7fd0e/attachment.sig>
More information about the Gnupg-users
mailing list