On Sat, Apr 28, 2012 at 10:21:52PM +0100, michael crane wrote: > what is the reasoning for attaching the key ID to the end of the > fingerprint string ?
That's the way the key ID is derived for v4 keys. v4 keys use the low 64 bits (or 32 bits for short key IDs) as the key ID. v3 keys used the low 64 bits (respectively 32 bits) of the RSA modulus. However, this posed two problems. One is that the low bit is always one (multiplying two large primes together does that). The other is that originally v4 keys were all DSA or Elgamal. Those algorithms don't have a modulus in the same way[0], so a different technique had to be used to derive a unique fingerprint. [0] Basically, the one (for Elgamal) or two (for DSA) primes that are use as moduli can be shared securely among many keys, so using them as the sole basis for a key ID means arbitrarily many keys can have the same key ID, which kinda defeats the purpose. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
