keygrip format

Werner Koch wk at
Thu Dec 7 22:40:19 CET 2017

On Thu,  7 Dec 2017 21:40, dkg at said:

> Can you guarantee that the keygrip will remain stable?

Yes, that is part of the Libcrypt ABI and will thus not change.  Sorry,
I should have put this into a separate paragraph.
> Right?  Using the mechanism defined in PKCS-15, what prevents an RSA key
> from having the same keygrip as an ECC key?

The Libgcrypt keygrip is in general different from the PCKS-15 keygrip.
With the exception of RSA the Libgcrypt keygrip always includes an
identifier for the algorithm.  I tried to keep the RSA keygrip similar
to the PCKS-15 defined one but:

/* Compute a keygrip.  [...]

   PKCS-15 says that for RSA only the modulus should be hashed -
   however, it is not clear whether this is meant to use the raw bytes
   (assuming this is an unsigned integer) or whether the DER required
   0 should be prefixed.  We hash the raw bytes.  */

For ECC we hash an s-expression with all curve parameters in a well
defined order.  For other algorithms we use the standard Libgcrypt
s-expression using the parameters in the order given by Libgcrypt's



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list