Better way to ID keys

Jason Gunthorpe jgg at ualberta.ca
Mon May 31 10:01:18 CEST 1999


On Mon, 31 May 1999, Werner Koch wrote:

> This is quite old news.  And I think the keysigning party FAQ
> explictyely says that you have to compare more than justthe
> fingerprint.  The problem exists only with v3 keys (and that is in
> nearly all cases a RSA key).  OpenPGP and the v4 keys addresses this
> and other problems;  This is one of the reasons why RSA keys are
> depreciated and if we put RSA back after sep 2000 they will go into
> v4 packets of course.

This is good news, so the newer keys have unspoofable fingerprints while
the older RSA keys do not.. Is there any way to get GPG give output (and
do matches) for a RSA key in v4 form? 
 
> Please note that the key ID of a v4 key are the lowest 64 bits of the
> fingerprint.

Ah, that is good to know.

> > it's size. Furthermore, I would like it if there was a nice standard way
> > to give GPG an exact key specfication involving all relevent portions and
> > have it use that exact key.
> 
> The fingerprint is used all over the system as the unique key
> identifier.

The person who gave this information to me said it was essential to
specify both the fingerprint and the size for the RSA keys, but if there
is no way to ask GPG to do matches with both pieces of information then
there is not much point in storing it.

> Well I think it is better t amke sure that either the key IDs in the
> Debian keyring are unique (which is not required by OpenPGP) or that
> the finperprints are unique.

Our fingerprints are unique and we can deal with assuring that - if they
are not unique then how can I deal with it? There is no other way to
specify a key than by fingerprint, right?

Thanks,
Jason



More information about the Gnupg-devel mailing list