[openpgp-email] On Signed-Only Mails
Werner Koch
wk at gnupg.org
Sat Dec 3 16:24:02 CET 2016
On Fri, 2 Dec 2016 14:10, look at my.amazin.horse said:
> another mechanism like keyservers. We don't even get the whole
> fingerprint as an identifier, but instead have to assume that if the
> signature checks out we have the right key.
Depends on your OpenPGP implementation. GnuPG already uses the
#### Issuer Fingerprint
(1 octet key version number, N octets of fingerprint)
The OpenPGP Key fingerprint of the key issuing the signature. This
subpacket SHOULD be included in all signatures. If the version of the
issuing key is 4 and an Issuer subpacket is also included in the
signature, the key ID of the Issuer subpacket MUST match the low
64 bits of the fingerprint.
Note that the length N of the fingerprint for a version 4 key is 20
octets.
which we agreed upon in the WG. I hope that OpenKeychain will add that
signature subpacket soon.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161203/eb466435/attachment.sig>
More information about the Gnupg-devel
mailing list