[openpgp-email] On Signed-Only Mails

Werner Koch wk at gnupg.org
Sat Dec 3 16:24:02 CET 2016


On Fri,  2 Dec 2016 14:10, look at my.amazin.horse said:

> another mechanism like keyservers. We don't even get the whole
> fingerprint as an identifier, but instead have to assume that if the
> signature checks out we have the right key.

Depends on your OpenPGP implementation.  GnuPG already uses the 

  #### Issuer Fingerprint
  
  (1 octet key version number, N octets of fingerprint)
  
  The OpenPGP Key fingerprint of the key issuing the signature.  This
  subpacket SHOULD be included in all signatures.  If the version of the
  issuing key is 4 and an Issuer subpacket is also included in the
  signature, the key ID of the Issuer subpacket MUST match the low
  64 bits of the fingerprint.
  
  Note that the length N of the fingerprint for a version 4 key is 20
  octets.
  
which we agreed upon in the WG.  I hope that OpenKeychain will add that
signature subpacket soon.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161203/eb466435/attachment.sig>


More information about the Gnupg-devel mailing list