signatures, key ids etc.

David Shaw dshaw at jabberwocky.com
Thu Jul 7 23:47:30 CEST 2005


On Wed, Jul 06, 2005 at 10:59:46PM +0100, Nicholas Cole wrote:
> As I read 2440 (and the output of gpg), only the Key
> ID of the key that signed a key is stored with the
> signature.  The chance of two keys with the same ID is
> lower than the chance of two with the same
> fingerprint, so I was wondering why the fingerprint
> was not stored.

History.  Way back when, only the key ID was stored.

> Is there any way that a user would be able to tell, in
> the theoretical case that two keys with the same ID
> were on his keyring, which had made a signature?

Sure - it'll only verify correctly with one of them :)

David



More information about the Gnupg-devel mailing list