OpenPGP headers

Simon Josefsson jas at extundo.com
Wed Aug 11 00:08:10 CEST 2004


Atom 'Smasher' <atom at suspicious.org> writes:

> the fingerprint can be used in the OpenPGP-Key header (id) and/or the 
> OpenPGP-Fingerprint header. this is acceptable:
>
> 	OpenPGP-Key: id=0x762A3B98A3C396C9C6B7582AB88D52E4D9F57808 ;
> 		algo=1 ; size=4096
>
> and i should include that as an example in the draft.
>
> taking your point a step further, though, should the fingerprint be used 
> as an ID in the OpenPGP-Key header (id), and then there's no need for a 
> OpenPGP-Fingerprint header? or... should there be separate headers for the 
> fingerprint, algo and size?
>
> of these options, i sort of like using the full fingerprint in the id 
> field, and making that a MUST. and then the spec would consist of only two 
> headers, "OpenPGP-Key" and "OpenPGP-URL".

I prefer having only two headers.  Disallowing 4 byte or 8 byte key
ids, in favor of full fingerprints, could work, although it make the
header uglier, and more likely to wrap around to the next line.  Not
that these concerns are major, though.

This is what I prefer the most:

OpenPGP-Key: id=[0x][0-9A-Za-z]+; algo=[0-9]+; size=[0-9]+

Where id is allowed to be 4 byte, 8 byte or 16 byte.

Perhaps even

OpenPGP-Key: url=http://josefsson.org/key.txt

should be allowed?  Thus removing the need for OpenPGP-URL.  Hm.  Then
the header could be called simply 'OpenPGP' which is neat.  E.g.:

OpenPGP: id=B565716F; url=http://josefsson.org/key.txt; algo=1 (RSA); size=1280

Where all of the following would be equally valid:

OpenPGP: id=B565716F
OpenPGP: url=http://josefsson.org/key.txt
OpenPGP: id=B565716F; algo=1 (RSA); size=1280
OpenPGP: url=http://josefsson.org/key.txt; algo=1 (RSA); size=1280

Btw, does 2440 specify an unambiguous value for 'size' for DSA,
ElGamal, etc?

Just my 0.5 SEK of ramblings,
Simon




More information about the Gnupg-devel mailing list