Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

fingerprint

 

 

GnuPG users RSS feed   Index | Next | Previous | View Threaded


mick.crane at gmail

Apr 28, 2012, 2:20 PM

Post #1 of 4 (402 views)
Permalink
fingerprint

what is the reasoning for attaching the key ID to the end of the
fingerprint string ?

regards

mick


--
keyID: 0x4BFEBB31



_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


mailinglisten at hauke-laging

Apr 28, 2012, 1:36 PM

Post #2 of 4 (379 views)
Permalink
Re: fingerprint [In reply to]

Am Sa 28.04.2012, 22:21:52 schrieb michael crane:
> what is the reasoning for attaching the key ID to the end of the
> fingerprint string ?

The "reason" is that the short and long key ID are defined as the last 4/8
bytes of the fingerprint. In other words: They are not attached to the
fingerprint (which has 160 bits / 20 bytes) but simply part of it.


Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
Attachments: signature.asc (0.54 KB)


kf at sumptuouscapital

Apr 28, 2012, 1:40 PM

Post #3 of 4 (375 views)
Permalink
Re: fingerprint [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 28.04.2012 23:21, michael crane wrote:
> what is the reasoning for attaching the key ID to the end of the
> fingerprint string ?
>

Hi Mick

If I understand your question correctly it is actually the other way
around, with the KeyID being based on the fingerprint.

Multiple keys can share the same KeyID, which is why for verification
purposes the fingerprint should always be used.

- --
- ----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Corruptissima re publica plurimę leges
The greater the degeneration of the republic, the more of its laws
- ----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is now
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
- ----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJPnFXHAAoJEBbgz41rC5UIrwQP/AnJ7W9aZOqNkdgvJUhILyK9
mgXBX5QunHmV5R/tRE7B2jYPwwdfCAVkueQnUF3c5G5s4zmlyJ+pSj5BZ+z+GJyF
yKFzaFknICbewj3NmIOBHiG9iv9m+9YFEWj1/9xwUHSdIk2U3KlNJKTcZtvdSRrV
DL26Sv42GWSEHTZ1soz5DaskdXUvNy/Qk3HlKNcvNQ3VomLHWHIL6z7R/mA4QXvz
faWeyoBt5lEDfrb4ZRiBGKfETlOOYGA5G8WbfxVkBkl1KNyO214Ir//8rJXV3fOi
POLBvL+UUfraqLVQEwD9vBwDmcwnIEd3q8SfqTbhNyxC80ORW/Wu+els/jCSWsi5
m+XaSSn44gwpES4o1A7VipoDFrcklwKzrF5UyquEiWIqfRb4+tin2CmepMmCzu7E
DYXl2yBTCAqWg1D+Mzo/WSmIkJlS3TwEx69DMVDmLkIbXedPH+veu7kDIWal66wo
r8QTkxSSxEceXZNYp/L1gJgtrbGVVlL0dX2PnBAgRgyL6R7G3uAOaAsaKtCOiDqK
K/WPFkdoSxmQkplTFqiuHCSthmGvQpUP/0d70SZmmHj+BfWuI2F1ChzdzCVzDtxn
xQeZqzrMAbmul7cHXrbDpY7fubouZD6iAABvBRjo4G5iZt9ZoMi9pj/1y5BOHBu6
ECzWXm9159POGfyOXPfo
=ofyE
-----END PGP SIGNATURE-----


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


sandals at crustytoothpaste

Apr 28, 2012, 5:28 PM

Post #4 of 4 (370 views)
Permalink
Re: fingerprint [In reply to]

On Sat, Apr 28, 2012 at 10:21:52PM +0100, michael crane wrote:
> what is the reasoning for attaching the key ID to the end of the
> fingerprint string ?

That's the way the key ID is derived for v4 keys. v4 keys use the low
64 bits (or 32 bits for short key IDs) as the key ID. v3 keys used the
low 64 bits (respectively 32 bits) of the RSA modulus. However, this
posed two problems. One is that the low bit is always one (multiplying
two large primes together does that). The other is that originally v4
keys were all DSA or Elgamal. Those algorithms don't have a modulus in
the same way[0], so a different technique had to be used to derive a
unique fingerprint.

[0] Basically, the one (for Elgamal) or two (for DSA) primes that are
use as moduli can be shared securely among many keys, so using them as
the sole basis for a key ID means arbitrarily many keys can have the
same key ID, which kinda defeats the purpose.

--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachments: signature.asc (0.82 KB)

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.