gpgme license

Peter Gutmann pgut001 at
Thu Jul 25 14:20:02 CEST 2002

Werner Koch <wk at> writes:
>On Thu, 25 Jul 2002 21:35:09 +1200 (NZST), Peter Gutmann said:
>>S/MIME doesn't require X.509 (I've been doing it with PGP keys for several
>>years now), so it's not a deadly failing.
>You mean by using the subjectKeyIdentifier?


>What method of creating it should be used?  The RFC mentions 2, afaik you use
>a modified one and for me it would make sense to use the PGP fingerprint.

Flip a coin 128 times?  Anything you feel like.  Remember that while with PGP
the keyIDs are implicit (which is a royal pain IMHO), with X.509 they're
explicit, so you can use any value you want.  It is in fact quite valid to use
a PGP keyID as a subjectKeyIdentifier if you want to (I use a hash of the
subjectPublicKeyInfo, which is a well-defined and unambiguous value).  I've
seen CAs use bits of key hashes, monotonically increasing integers, numeric
text strings, MPEGs of cats...


More information about the Gnupg-devel mailing list