Discrepancies in extracted photo-id images from dumps

Peter Lebbing peter at digitalbrains.com
Sun Jan 20 19:22:10 CET 2019


On 20/01/2019 17:07, Peter Lebbing wrote:
> I had a quick scan through the source code, but couldn't find it.

Oops! I was looking at ancient code instead of the current code. That's
why I didn't find it. It's a RIPEMD-160 hash of the attribute that
contains the JPEG image, but I'm not 100% clear on the exact byte
sequence. But it just hashes a representation of the image.  You can see
the hash in it's hexadecimal form in:

--8<---------------cut here---------------start------------->8---
$ gpg --with-colons -k KEYID
[...]
uat:n::::1497792746::91EC5F9C95BBB125AC85F65C06EF025712FCD036::1 2111:
[...]
--8<---------------cut here---------------end--------------->8---

The 8th field (91EC...) is the UID hash, and is equal to the base32
encoded string in the %U escape.

Or as DETAILS.gz puts it:
| *** Field 8 - Certificate S/N, UID hash, trust signature info
|
|    Used for serial number in crt records.  For UID and UAT records,
|    this is a hash of the user ID contents used to represent that
|    exact user ID.  For trust signatures, this is the trust depth
|    separated by the trust value by a space.

Furthermore, 'n' = validity, '1497792746' is creation time, '1 2111' is
the number of attribute subpackets followed by the total attribute
subpacket size. For more DETAILS, well, see DETAILS.gz.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190120/9a4c056b/attachment.sig>


More information about the Gnupg-users mailing list