Separate Fingerprint for elGamal-Subkey?
David Shaw
dshaw at jabberwocky.com
Mon Oct 22 14:03:02 CEST 2007
On Fri, Oct 19, 2007 at 05:47:51AM -0700, Pitigrilli wrote:
>
> Someone to whom I had recently sent my public key just called me to verify
> the Fingerprint of my key, created with gpg4win-1.1.3. I chose my key pair
> in the Windows privacy Tray and double clicked on it to tell him the
> fingerprint, and he confirmed it. The guy then told me "Now let's check the
> fingerprint of the elGamal-key." My reaction: "???". I could not find a
> separate fingerprint for the elGamal subkey (though threre is a respective
> subkey in my public key), neither with this software nor in the GNU privacy
> assistant. I did some research on the web and did not find any references to
> a separate "elGamal-fingerprint". Thus the guy insisted that his
> PGP-Software does display it (unfortunately I do not know which SW he uses).
> I thought that there is only one fingerprint and that this would be
> sufficient to confirm the integrity of the public key. Can any please
> provide me with some information? Thanks, Pitigrilli
To list both primary and subkey fingerprints, just list --fingerprint
twice:
gpg --fingerprint --fingerprint
However, you are correct that (outside of some special circumstances)
the primary key fingerprint is sufficient. When you identify an
OpenPGP key, you are really identifying the primary key. The user IDs
are attached to the primary. When you sign a key for someone, you are
signing the primary and user ID. Subkeys get their 'trust' via a
signature from the primary key, not directly.
David
More information about the Gnupg-users
mailing list