Keygrip v fingerprint ?

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Sun Nov 30 01:32:57 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 11/30/2014 12:23 AM, Philip Jackson wrote:
> I see on :
> 
> https://www.gnupg.org/documentation/manuals/gnupg/Option-Index.html#Option-Index
>
>  references to both --with-keygrip and --with-fingerprint.  When I
> try --with-keygrip on gnupg2.0.26, it appears not to be a valid
> option.
> 

It is available in 2.1

> The only other time I have seen a reference to a keygrip (and I
> don't remember where I saw it), it seemed to me that a keygrip
> looked just like a fingerprint.
> 
> Could someone please explain the difference between a keygrip and a
> fingerprint or point me to a relevant document ?

The keygrip is protocol-agnostic whereby the fingerprint would differ
e.g. between OpenPGP and X.509. From [0] (note "[2]"):

The keygrip is a unique identifier for a key pair, it is
independent of any protocol, so that the same key can be used with
different protocols.  PKCS-15 calls this a subjectKeyHash; it can be
calculated using Libgcrypt's gcry_pk_get_keygrip ().

References:
[0]
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=agent/keyformat.txt;h=42c4b1f06faf1bbe71ffadc2fee0fad6bec91a97;hb=refs/heads/master

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"I have always wished that my computer would be as easy to use as my
telephone.
My wish has come true -- I no longer know how to use my telephone"
(Bjarne Stroustrup, April 1999)
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUemW3AAoJEPw7F94F4Tag29IP/iO+JvAlFBZyqgF5Juf+F005
iCHj7piTb5uTKFHCS+tZl481HCet1dEti8JUlQBYq5G7HAKfwWGvSsg3XSg+bpJu
s9UM3JQpC4Nc+rxVqyYkB6rwPRCdWHiJgVV9vCBX9WzRfLT4TkVBVarMRWl7v6mx
mUspI9PAm3pHVS9Sp4ehvLaDH+0tew3sCGeMLa6F4tvEcjtl6v9TXEtlsmJaBE0R
4m945ik6rAidSLVViCHBBL28UmKsXgho0YHP1fINT3nrmqojesZhqSwQ/dGL3Ppn
9Jcqiz7jLJAmx3pwBgeOV5kzFLE0iWS4x6bwNLaopjI0gM2U/ccuH3HVKbl0xu0w
Ki+z9U1eLXc2zxuGrc7M0bVjcGt72pdODPf2HNUzYeFlTcX6mmIRRVGydoKbvQBB
o84Io2pIjprCcC07lqyWU8lB6QaNHHrJ/cp1NVSfPhnxfpnPLW3u62K/2WXiWfMJ
aztfgWSIFNjrFUY01ayQj/OePei6V4FRQa9G13PSCF8C+6ESNOvLL7FpeAqQM9Es
H0I8FjWmBpVfbamuNiQxZymwN2Rc0FknGHxpwvWcZEu6PUJUyY2PtNmWwKd7nvpq
rYfp9okBRs0TCIAs0XRuF0RepwbVcbr9Z2Kxy5vqE3XsSZ5B9a4zU7OzGIoqkcH5
UQtfRrgLvyVpIiEgWq8V
=ZaEC
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list