different fingeprint and uid after upload to keyserver

David Shaw dshaw@jabberwocky.com
Mon Jun 24 19:02:02 2002

On Mon, Jun 24, 2002 at 11:55:46AM -0400, Jason Harris wrote:

> This new key, 0x39BE64A8, is a special case that I know I need to
> handle in JHpatch2.  Whoever wrote RFC2440 apparently assumed all
> v4 keys would be over a certain size.  1024b v4 RSA keys wind up
> having 0x98 as their first byte.  The RFC, however, (incorrectly,
> IMO) dictates that when calculating fingerprints (and therefore
> keyids), the first byte must be 0x99.  Bah!

No, the RFC is correct here.  When calculating fingerprints, the
public key is canonicalized so that all programs calculate
fingerprints in the same way.  Specifically, the CTB byte is always
0x99 so that no matter how the key is rewritten it is still treated
the same.  It has nothing to do with what the first byte is in the key

For example, I could write the same key with a new-style CTB and
four-byte lengths just as well as with an old-style CTB and 2-byte
lengths.  It's the same key, but unless you canonicalize the key
before creating the fingerprint, you'll end up with the wrong

Note that calculating the key hash for signatures does the same thing,
for the same reason.


   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson