On 04/23/2011 06:11 AM, Quequanys wrote: > When you sign someones keys, does it > mean that their public key (with uids) is hashed > and the hash is encrypted, or maybe there is no > hashing and signing means only encryption of the > public keys and uids? Could you point me to > specific portions of documentation that cover this > issue?
Each User ID is signed separately. For a certification over a Key + UID, the public key, user ID, and any other subpackets (chosen by the certifier) are digested against a specially-chosen prefix (a different prefix than the prefix used for data signatures). I believe you're interested in this section of the OpenPGP specification: https://tools.ietf.org/html/rfc4880#section-5.2.4 hth, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
