Question about details of key sigining

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Apr 25 05:10:54 CEST 2011


On 04/23/2011 06:11 AM, Quequanys wrote:
>  When you sign someones keys, does it 
> mean that their public key (with uids) is hashed 
> and the hash is encrypted, or maybe there is no 
> hashing and signing means only encryption of the 
> public keys and uids? Could you point me to 
> specific portions of documentation that cover this 
> issue?

Each User ID is signed separately.

For a certification over a Key + UID, the public key, user ID, and any
other subpackets (chosen by the certifier) are digested against a
specially-chosen prefix (a different prefix than the prefix used for
data signatures).

I believe you're interested in this section of the OpenPGP specification:

 https://tools.ietf.org/html/rfc4880#section-5.2.4

hth,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110424/2d6f3960/attachment.pgp>


More information about the Gnupg-users mailing list