[openpgp-email] On Signed-Only Mails

Werner Koch wk at gnupg.org
Sat Dec 3 16:24:02 CET 2016

On Fri,  2 Dec 2016 14:10, look at my.amazin.horse said:

> another mechanism like keyservers. We don't even get the whole
> fingerprint as an identifier, but instead have to assume that if the
> signature checks out we have the right key.

Depends on your OpenPGP implementation.  GnuPG already uses the 

  #### Issuer Fingerprint
  (1 octet key version number, N octets of fingerprint)
  The OpenPGP Key fingerprint of the key issuing the signature.  This
  subpacket SHOULD be included in all signatures.  If the version of the
  issuing key is 4 and an Issuer subpacket is also included in the
  signature, the key ID of the Issuer subpacket MUST match the low
  64 bits of the fingerprint.
  Note that the length N of the fingerprint for a version 4 key is 20
which we agreed upon in the WG.  I hope that OpenKeychain will add that
signature subpacket soon.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161203/eb466435/attachment.sig>

More information about the Gnupg-devel mailing list