How to detect fingerprint and type of the key from pubring.gpg(public keyring file)?
David Shaw
dshaw at jabberwocky.com
Fri Aug 2 14:53:40 CEST 2013
On Aug 2, 2013, at 3:56 AM, Martin T <m4rtntns at gmail.com> wrote:
> Hi,
>
> thanks for the reply!
>
>>> I think "method" in the example above is just indicating that this is a PGP key.
>
> Exactly. However, how does RIPE server-side software detect that it's
> a PGP key? Is this information(besides other information like key
> creation date and UID) written into pubring.gpg file during the
> creation of the public key?
Not directly. There isn't some special tag that says "this is a PGP key" that lets you tell it apart from (say) some new image format that just happens to have a similar packet structure. If you think about it, that's not possible since some other file format might accidentally trip the detector since there is no global registry of tags.
Many people use heuristics, based on the format in the spec. (For example, the 'file' program does this). Or the ultimate heuristic: if it looks like a PGP key, can you parse it and import it?
>>> No. The fingerprint is based on the key material only. You can add/change UIDs without the fingerprint changing.
>
> Indeed. I revoked my current UID and changed it to another one and
> both public and private key fingerprints remained the same. So the key
> fingerprint is a hashed key material? Is it a SHA-1, MD5 or some other
> type of hash?
SHA-1. The exact bytes that get fed into the hash are given in RFC-4880, but basically it's the public key material with a few bytes of structure around it.
David
More information about the Gnupg-users
mailing list