How to detect fingerprint and type of the key from pubring.gpg(public keyring file)?
John Clizbe
John at enigmail.net
Fri Aug 2 14:43:16 CEST 2013
Martin T wrote:
> Hi,
>
> thanks for the reply!
>
>>> I think "method" in the example above is just indicating that this is a PGP key.
>
> Exactly. However, how does RIPE server-side software detect that it's
> a PGP key? Is this information(besides other information like key
> creation date and UID) written into pubring.gpg file during the
> creation of the public key?
>
Yes it's stored in the key packets. The format for all the packets is
described in RFC 4880
You can see the data yourself by listing the packet data
gpg --export 0xDECAFBAD | gpg --list-packets
or
gpg --export 0xDEADBEEF | pgpdump
--list-packets accepts the -v option to increase verbosity. See the gpg man page
>
>>> No. The fingerprint is based on the key material only. You can
>>> add/change UIDs without the fingerprint changing.
>
> Indeed. I revoked my current UID and changed it to another one and
> both public and private key fingerprints remained the same. So the key
> fingerprint is a hashed key material? Is it a SHA-1, MD5 or some other
> type of hash?
SHA-1 for current V4 keys. Covered in RFC 4880
--
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 520 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130802/50918659/attachment.sig>
More information about the Gnupg-users
mailing list