Manually compute key fingerprint

brian m. carlson sandals at crustytoothpaste.net
Tue Aug 30 04:39:04 CEST 2011


On Mon, Aug 29, 2011 at 10:23:30PM -0400, Dennis Nezic wrote:
> How can I manually compute the fingerprint for a key? "sha1sum
> pubkeybinary" doesn't match "gpg --with-fingerprint pubkeybinary" ...
> isn't the fingerprint simply supposed to be the sha1 hash of it?

The fingerprint is a hash of certain data in the public key packet, not
the entire file itself.  This makes sense if you think about it, because
the file containing the public key also contains user IDs, signatures,
and potentially subkeys.  If you were to just hash the file, then the
fingerprint would change every time you added a new ID or signature,
which would not be hhelpful.

If you need to be able to compute the fingerprint independently, you'll
need to parse the public key packet and follow the formula specified in
RFC 4880.  It's not terribly difficult.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110830/919b2d32/attachment.pgp>


More information about the Gnupg-users mailing list