Question regarding user identification withing the keyrring

Federico Tello Gentile federicotg at gmail.com
Sun Feb 13 01:04:24 CET 2005


Hi.
I am writting a tool to help distribute files securely using 
cryptography and I am basing my ideas on PGP (in fact its web of trust 
model).
I have a doubt regarding how does such a tool (GPG, PGP) identify users 
when it has to pick up a public key from the keyrring to verify a signature.

Does the signed message provide the signer's public key along with its 
name and email? Does the system look for the email and name in the 
reciever's keyring and try to verify the signature with one that matches?

I have to decide what information would I use for matching a signed 
document with a user's certificate, should I use the public key or the 
email?

I know X.509 certificates have a unique Id per certificate issued, but 
that is because there is a central CA issueing all certs., which is not 
the case when using GPG.

I know this is not related to GPG particularly, but I thought maybe some 
of you may help me.
I hope you understand my question.
Thanks you  and sorry for bothering you.



More information about the Gnupg-users mailing list