bezna wrote: > I'm having a disagreement with someone over this. From what I've > read, signatures on a "public key" or rather, a certificate, > including the self-signature, are stored as a packet on that key. The > important point: This data (IE all the signatures made on your > certificate) is encoded on the certificate within that block of ASCII > armoured text/binary data when it is exported for someone else to > import in their keyring.
Yes. No. Neither. OpenPGP implementations are free to store data however they want. The GnuPG keyring file is just a sequence of OpenPGP octets and packets, but there's no reason why it needs to be this way. Honestly, I'd much rather the data was stored in some kind of easily parseable format, whether it be XML or a simple context-free grammar or what-have-you, but that's neither here nor there. It doesn't make any sense to talk about what's "stored on the keyring" versus what's "stored on the certificate". Neither is well-defined. The only thing that's well-defined is the interoperability format. If your question is really "how does GnuPG do this", well, that gets a bit different. GnuPG's keyring file is essentially a long chain of certificates stored in the interoperability format. If you want to export a key, it just grabs the relevant part of the keyring, strips out local signatures and other installation-specific data, and dumps that. The preceding is a simplification, but as far as I understand it is essentially accurate. dshaw or wk will certainly correct me if I'm wildly wrong, which has been known to happen from time to time. :) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
