How to detect fingerprint and type of the key from pubring.gpg(public keyring file)?
John at enigmail.net
Fri Aug 2 14:43:16 CEST 2013
Martin T wrote:
> thanks for the reply!
>>> I think "method" in the example above is just indicating that this is a PGP key.
> Exactly. However, how does RIPE server-side software detect that it's
> a PGP key? Is this information(besides other information like key
> creation date and UID) written into pubring.gpg file during the
> creation of the public key?
Yes it's stored in the key packets. The format for all the packets is
described in RFC 4880
You can see the data yourself by listing the packet data
gpg --export 0xDECAFBAD | gpg --list-packets
gpg --export 0xDEADBEEF | pgpdump
--list-packets accepts the -v option to increase verbosity. See the gpg man page
>>> No. The fingerprint is based on the key material only. You can
>>> add/change UIDs without the fingerprint changing.
> Indeed. I revoked my current UID and changed it to another one and
> both public and private key fingerprints remained the same. So the key
> fingerprint is a hashed key material? Is it a SHA-1, MD5 or some other
> type of hash?
SHA-1 for current V4 keys. Covered in RFC 4880
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 520 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users