Question regarding user identification withing the keyrring
Federico Tello Gentile
federicotg at gmail.com
Sun Feb 13 01:04:24 CET 2005
Hi.
I am writting a tool to help distribute files securely using
cryptography and I am basing my ideas on PGP (in fact its web of trust
model).
I have a doubt regarding how does such a tool (GPG, PGP) identify users
when it has to pick up a public key from the keyrring to verify a signature.
Does the signed message provide the signer's public key along with its
name and email? Does the system look for the email and name in the
reciever's keyring and try to verify the signature with one that matches?
I have to decide what information would I use for matching a signed
document with a user's certificate, should I use the public key or the
email?
I know X.509 certificates have a unique Id per certificate issued, but
that is because there is a central CA issueing all certs., which is not
the case when using GPG.
I know this is not related to GPG particularly, but I thought maybe some
of you may help me.
I hope you understand my question.
Thanks you and sorry for bothering you.
More information about the Gnupg-users
mailing list