Hello, On Tue 23 Jul 2019 at 10:14PM +01, Ian Jackson wrote:
> Sean Whitton writes ("Bug#932753: tag2upload should record git tag signer
> info in .dsc [and 1 more messages]"):
>> AIUI a fingerprint fails to uniquely identify a PGP key unless you also
>> include the cryptographic algorithm that was used and the key size. So
>> for example, my current key is uniquely identified by writing both 4096R
>> and 8DC2487E51ABDD90B5C4753F0F56D0553B6D411B.
>>
>> Even though it's unlikely we'll get a clash of fingerprints within the
>> Debian keyring, it seems the algorithm and keysize ought to be included
>> alongside the fingerprint, if the above is right.
>
> In this message[1]
>
> [GNUPG:] VALIDSIG 559AE46C2D6B6D3265E7CBA1E3E3392348B50D39 2019-07-20
> 1563636558 0 4 0 1 8 01 559AE46C2D6B6D3265E7CBA1E3E3392348B50D39
>
> ^^^
>
> I think I want to include `1' for pubkey-algo and `8' for hash-algo
> then ?
Assuming this fact about PGP key fingerprints is not a misunderstanding
on my part, yes. Sending a separate e-mail to ask the experts.
--
Sean Whitton
signature.asc
Description: PGP signature
