Size of client key jumped from 2KB to 25KB

Steve Strobel steve.strobel at link-comm.com
Mon Mar 10 16:36:18 CET 2014


Johan Wevers <johanw at vulcan.xs4all.nl>
> Perhaps it collected a lot of signatures?

I would not have said so, but you are right.

On Sat, Mar 8, 2014 at 2:42 AM, Peter Lebbing <peter at digitalbrains.com>
 wrote:

> You can inspect the data with a command like:
> $ gpg --list-packets "C:/Documents and Settings/steve.strobel/Application
> Data/gnupg\pubring.gpg"
>

Thanks for that command.  It does show a couple dozen additional sections
for the large key, sections like this:

:trust packet: flag=00 sigcache=03
:signature packet: algo 1, keyid E497A900BC02EE05
        version 4, created 1392850339, md5len 0, sigclass 0x13
        digest algo 2, begin of digest 15 d2
        hashed subpkt 2 len 4 (sig created 2014-02-19)
        hashed subpkt 27 len 1 (key flags: 2F)
        hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
        hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
        hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
        hashed subpkt 30 len 1 (features: 01)
        hashed subpkt 23 len 1 (key server preferences: 80)
        subpkt 16 len 8 (issuer key ID E497A900BC02EE05)
        data: [2040 bits]

Our application doesn't use the trust system for much, but the client does
assign ultimate trust to the server's key.  Maybe it is doing that more
than once (such as each time the program is started).  It could skip that
step if it has already been done.  Is there a better way to check that than
to use --list-packets and parse the output?

When we export the public key with a command like "gpg --output
client-key.gpg --export -a ID49C207DF", is there a way to do so without the
signatures?  We send that key to the server so it can be used to encrypt
data for the client, but we don't really need to transfer any information
about how trusted the client is.  Does that make sense?  Now that I think
about it, the client key shouldn't have any signatures at all;  there is
nothing else in the system to attest to them.  I posted the complete
--list-packets (and --list-keys) output at the URLs below in case it is
helpful:

    <http://link-comm.com/temp/small.txt>
    <http://link-comm.com/temp/big.txt>

Thanks, Peter and Johan, for your help.

Steve


-- 
Steve Strobel
Link Communications, Inc.
1035 Cerise Rd
Billings, MT 59101-7378
(406) 245-5002 ext 102
(406) 245-4889 (fax)
WWW: http://www.link-comm.com
MailTo:steve.strobel at link-comm.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140310/8e8b1207/attachment-0001.html>


More information about the Gnupg-users mailing list