Which Key ID for Business Card?

Charly Avital shavital at mac.com
Sat Jan 3 14:35:47 CET 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Rippit the Ogg Frog wrote the following on 1/3/09 6:23 AM:
> Greetings, I just subscribed.

Welcome, fellow Mac user :-)

> 
> I'm getting ready to have business cards printed, and want to include my 
> Key ID on them so that recipients can look up my key from the keyservers.
> 
> My old business card had the Key ID F7605786, UID crawford at goingware.com 
>   This is a 1024-bit key that I generated with the old Open Source PGP 
> way back when.
> 
> But I have some hazy memory of generating a 2048-bit DSA key at some 
> point, which I think is the key one should use when sending me mail 
> these days.
> 
> Given the following:
> 
> $ gpg --fingerprint rippit at oggfrog.com
> 
> 
> pub   1024D/F7605786 1999-01-11
>    Key fingerprint = 9B9F 2D03 9996 AF83 9A4F  CB26 20E8 0D0B F760 5786
> uid                  Michael David Crawford (aka Rippit the Ogg Frog)
>                          <rippit at oggfrog.com>
> uid                  Michael David Crawford
>                          <michael at geometricvisions.com>
> uid                  Michael D. Crawford <crawford at goingware.com>
> sub   2048g/1EA551E9 1999-01-11
> 
> 
> Which is the Key ID to print on my business card? F7605786 or 1EA551E9?

F7605786 is your master key, 1EA551E9 is the subkey used for encryption.
Please read on.
> 
> Or should I generate a new key entirely?
> 
> Following is my latest key.

After importing the key block you included in your message, I have:
- -----
pub  1024D/F7605786  created: 1999-01-11  expires: never     usage: SCA
                     trust: unknown       validity: unknown
sub  2048g/1EA551E9  created: 1999-01-11  expires: never     usage: E
[ unknown] (1). Michael David Crawford (aka Rippit the Ogg Frog)
<rippit at oggfrog.com>
[ unknown] (2)  Michael David Crawford <michael at geometricvisions.com>
[ unknown] (3)  Michael D. Crawford <crawford at goingware.com>
- ----

Your master key ID is F7605786, or more conservatively 0xF7605786
(Zerox........). Some key servers require the format 0XF7605786.

The eight digits F7605786 are the last 8 digits of the fingerprint of
that key, as you can in the fingerprint you indicated above.

In my opinion 0xF7605786 is the key ID you should print on your visiting
cards. It is the same you have on the old cards, except for the 0x prefix.

> I just used gpg --edit-key adduid to add the first two UIDs, which seems 
> to have rendered my key untrustworthy.

Why? You have added those UIDs because, apparently your wanted you key
to include the three e-mail addresses you use, and that's perfectly OK.
As a matter of fact, it is best, if not mandatory, to include in one's
key the different e-mail addresses one is going to use.

> Once I'm completely happy with 
> my key I'll get some friends to sign it again.

Referring to "...have some friends sign it again". In its present state,
your key, as I have downloaded and imported it into my public key ring,
contains only your self-signatures, as shown below. You should have your
friends sign your key, not signing it again.

Command> check
uid  Michael David Crawford (aka Rippit the Ogg Frog) <rippit at oggfrog.com>
sig!3        F7605786 2009-01-03  [self-signature]
uid  Michael David Crawford <michael at geometricvisions.com>
sig!3        F7605786 2009-01-03  [self-signature]
uid  Michael D. Crawford <crawford at goingware.com>
sig!         F7605786 2007-04-19  [self-signature]


I don't know what will make you completely happy with your key, but I
take the liberty of suggesting the following:
- - this is not related to your key specifically, but you'd better update
your gpg to 1.4.9, that is the current stable version. Source code is
available at www.gnupg.org if you want to compile it, or you can
download a binary installer at
<http://homepage.ntlworld.com/benjamin.donnachie/gpg1.4.9-1.zip>

- - add a signing subkey to your key. When you sign, you will be using
that subkey, instead of your master key.
Because your master key is 1024 bits, you can use only the SHA1 message
digest (which is also true in the present configuration of your key,
where you use your master key to sign).
The strength and security of SHA1 is debated. Many users still use it,
others prefer to use SHA256, or even SHA512. If you want to use SHA256,
you will have to generate a signing RSA subkey of at least 2048 bits.
I believe, but I am not sure, that if you enable in your
~/.gnupg/gpg.conf file the option:
enable-dsa2
you will be able to add a 2048 bits DSA subkey. You will also have to
enable in your gpg.conf file the option 'digest-algo SHA256'

But I *recommend* that you wait for reactions to this message from users
in this forum who are *really experienced*, I am just a
cobbler-empirical user.


> 
> Thanks!
> 
> Mike Crawford
> rippit at oggfrog.com
> http://www.oggfrog.com/

[...]

You're welcome.

Because you are a Mac user, I suggest:
<http://macgpg.sourceforge.net/>
and especially:
<http://macgpg2.wiki.sourceforge.net/>

You are using: User-Agent: Thunderbird 2.0.0.18 (Macintosh/20081105)
The current stable version is 2.0.0.19. You should be able to update
automatically from 2.0.0.18.

Charly
MacOS 10.5.6 - MacBook Intel C2Duo "Aluminum Late 2008"- GnuPG 1.4.9 -
GPG2 2.0.10rc1 - Testing TB 3.0b1+EM 0.96a - Apple's Mail+GPGMail v56
PGP key: 0xA57A8EFA
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10rc1 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJJX2msAAoJEM3GMi2FW4PvVTAH/RbYK0U58oq1k4l7gMkBJg1d
XN1HBVU0ahTqYfs0glmX8FOwUqrj+t8rEQ+rFbmrAfMnZAk45efk+uXx/o55sNXR
Hj4tuwyVU7+QjxxRSGe/eVMcTIMDycYnnXMMlQwGQpSijPDohWtE/UiaKiPgyJER
CknAZcU3dxHtbn7x1/7QWUTGz394DA/OA8FD2nTnCVgZQshDpym2AxXDCxQ07mOL
XkqkAwKEO8G571QrxvJGh8Yepk/vBCw8HuDN23aF3PrYGKvevIql/igage/zn6Zk
oL/u6evWLhiHy0ujRih9EaTNuZX+DaXuVuB/Sr98GEq9l1l1BcdimSK/0WvSf34=
=HyG6
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list