Scute: feature request: Support CKA_TRUSTED attribute on X.509 certs
Werner Koch
wk at gnupg.org
Tue Apr 24 11:32:41 CEST 2007
On Mon, 23 Apr 2007 11:35, simon at josefsson.org said:
> Thanks. Btw, do you know what the best way to find out which
> certificate correspond to a private key? Using the key id seems
> somewhat fragile, but it is what I'll use unless I learn of a better
> way.
GnuPG uses a thing called keygrip
unsigned char *gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array)
Return the so called "keygrip" which is the SHA-1 hash of the public
key parameters expressed in a way depended on the algorithm.
@var{array} must either provide space for 20 bytes or be
@code{NULL}. In the latter case a newly allocated array of that size
is returned. On success a pointer to the newly allocated space or to
@var{array} is returned. @code{NULL} is returned to indicate an error
which is most likely an unknown algorithm or one where a "keygrip" has
not yet been defined. The function accepts public or secret keys in
@var{key}.
This might return more than one certificate in case a CA has reissued a
one. With gpgsm you can select keys based on there keygrip using
gpgsm -k '&1122334455667788990011223344556677889900'
The ampersand indicates a keygrip. Needs to be implemented for gpg2,
though.
Shalom-Salam,
Werner
More information about the Gnupg-devel
mailing list