How to detect fingerprint and type of the key from pubring.gpg(public keyring file)?

Martin T m4rtntns at gmail.com
Fri Aug 2 09:56:59 CEST 2013 

Hi,

thanks for the reply!

>> I think "method" in the example above is just indicating that this is a PGP key.

Exactly. However, how does RIPE server-side software detect that it's
a PGP key? Is this information(besides other information like key
creation date and UID) written into pubring.gpg file during the
creation of the public key?


>> No.  The fingerprint is based on the key material only.  You can add/change UIDs without the fingerprint changing.

Indeed. I revoked my current UID and changed it to another one and
both public and private key fingerprints remained the same. So the key
fingerprint is a hashed key material? Is it a SHA-1, MD5 or some other
type of hash?



regards,
Martin

2013/8/2, David Shaw <dshaw at jabberwocky.com>:
> On Aug 1, 2013, at 6:58 PM, Martin T <m4rtntns at gmail.com> wrote:
>
>> Hi,
>>
>> RIPE(RIR in European region) database allows one to upload ASCII armored
>> PGP public keys: http://www.ripe.net/data-tools/support/security/pgp
>> Server-side software is able to generate some "key-cert" object attributes
>> automatically. For example "method", "owner" and "fingerpr":
>>
>> noc at T42 ~ $ whois -h whois.ripe.net -t key-cert | grep gene
>> method:         [generated]  [single]     [ ]
>> owner:          [generated]  [multiple]   [ ]
>> fingerpr:       [generated]  [single]     [inverse key]
>> noc at T42 ~ $
>>
>>
>> Example "key-cert" object provided by RIPE:
>>
>> key-cert: PGPKEY-4B8AE00D
>> method:   PGP
>> owner:    Joe User <joe at example.net>
>> fingerpr: 9D 82 4B B8 38 56 AE 12  BD 88 73 F7 EF D3 7A 92
>> certif:   ---BEGIN PGP PUBLIC KEY BLOCK---
>> certif:   Version: 2.6.3ia
>> certif:
>> certif:   mQA9AzZizeQAAAEBgJsq2YfoInVOWlLxalmR14GlUzEd0WgrUH9iXjZ
>> certif:   a/uqWiLnvN59S4rgDQAFEbQeSm9lIFRoZSBVc2VyIDxqb2VAZXhhbXB
>> certif:   iQBFAwUQNmLN5ee83n1LiuANAQFOFQGAmowlUYtF+xnWBdMNDKBiOSy
>> certif:   YvpKr05Aycn8Rb55E1onZL5KhNMYU/gd
>> certif:   =nfno
>> certif:   ---END PGP PUBLIC KEY BLOCK---
>> mnt-by:   EXAMPLE-MNT
>> changed:  joe at example.net 19981117
>> source:   TEST
>>
>>
>> How are those fields automatically detected/generated? "Owner"(UID in gpg
>> terminology) is written to public key- one can verify this with analyzing
>> the public key with hex editor. However:
>>
>> 1) is "method" also built into public key? At least "hexdump -C
>> pubring.gpg | grep -i pgp" does not indicate this.. Or has "PGP" some sort
>> of special fingerprint which is understood by server-side software? Last
>> but not least, are there any other types besides "PGP"? I guess it is as
>> pgpdump is even able to dump the timestamp when the key itself was
>> generated.
>
> I think "method" in the example above is just indicating that this is a PGP
> key.  That is, there may be other types than PGP that RIPE supports, but
> you'd have to ask them about that.
>
>
>> 2) is fingerprint automatically hashed based on the UID?
>
> No.  The fingerprint is based on the key material only.  You can add/change
> UIDs without the fingerprint changing.
>
> David
>
>

More information about the Gnupg-users mailing list