How to detect fingerprint and type of the key from pubring.gpg(public keyring file)?
Martin T
m4rtntns at gmail.com
Fri Aug 9 16:35:13 CEST 2013
Ok, I see. Probably RIPE server-side software behaves like file(1)
utility(or just calls the file(1) utility), which seems to determine
file as a "PGP public key block" if it contains the "BEGIN PGP PUBLIC
KEY BLOCK" string:
noc at T42 ~/.gnupg $ file pubkey.txt
pubkey.txt: PGP public key block
noc at T42 ~/.gnupg $ hexdump -C /usr/share/file/magic.mgc | grep -B 3 -A
3 "PGP PUBLIC"
000011f0 00 00 00 00 00 00 00 00 00 00 20 00 3d 1e 05 00 |.......... .=...|
00001200 00 00 00 00 02 00 00 00 00 00 00 00 16 00 00 00 |................|
00001210 00 00 00 00 00 00 00 00 2d 2d 2d 42 45 47 49 4e |........---BEGIN|
00001220 20 50 47 50 20 50 55 42 4c 49 43 20 4b 45 59 20 | PGP PUBLIC KEY |
00001230 42 4c 4f 43 4b 2d 00 00 50 47 50 20 70 75 62 6c |BLOCK-..PGP publ|
00001240 69 63 20 6b 65 79 20 62 6c 6f 63 6b 00 00 00 00 |ic key block....|
00001250 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
noc at T42 ~/.gnupg $
regards,
Martin
On 8/2/13, David Shaw <dshaw at jabberwocky.com> wrote:
> On Aug 2, 2013, at 3:56 AM, Martin T <m4rtntns at gmail.com> wrote:
>
>> Hi,
>>
>> thanks for the reply!
>>
>>>> I think "method" in the example above is just indicating that this is a
>>>> PGP key.
>>
>> Exactly. However, how does RIPE server-side software detect that it's
>> a PGP key? Is this information(besides other information like key
>> creation date and UID) written into pubring.gpg file during the
>> creation of the public key?
>
> Not directly. There isn't some special tag that says "this is a PGP key"
> that lets you tell it apart from (say) some new image format that just
> happens to have a similar packet structure. If you think about it, that's
> not possible since some other file format might accidentally trip the
> detector since there is no global registry of tags.
>
> Many people use heuristics, based on the format in the spec. (For example,
> the 'file' program does this). Or the ultimate heuristic: if it looks like
> a PGP key, can you parse it and import it?
>
>>>> No. The fingerprint is based on the key material only. You can
>>>> add/change UIDs without the fingerprint changing.
>>
>> Indeed. I revoked my current UID and changed it to another one and
>> both public and private key fingerprints remained the same. So the key
>> fingerprint is a hashed key material? Is it a SHA-1, MD5 or some other
>> type of hash?
>
> SHA-1. The exact bytes that get fed into the hash are given in RFC-4880,
> but basically it's the public key material with a few bytes of structure
> around it.
>
> David
>
>
More information about the Gnupg-users
mailing list