Hi, thanks for the reply!
>> I think "method" in the example above is just indicating that this is a PGP >> key. Exactly. However, how does RIPE server-side software detect that it's a PGP key? Is this information(besides other information like key creation date and UID) written into pubring.gpg file during the creation of the public key? >> No. The fingerprint is based on the key material only. You can add/change >> UIDs without the fingerprint changing. Indeed. I revoked my current UID and changed it to another one and both public and private key fingerprints remained the same. So the key fingerprint is a hashed key material? Is it a SHA-1, MD5 or some other type of hash? regards, Martin 2013/8/2, David Shaw <ds...@jabberwocky.com>: > On Aug 1, 2013, at 6:58 PM, Martin T <m4rtn...@gmail.com> wrote: > >> Hi, >> >> RIPE(RIR in European region) database allows one to upload ASCII armored >> PGP public keys: http://www.ripe.net/data-tools/support/security/pgp >> Server-side software is able to generate some "key-cert" object attributes >> automatically. For example "method", "owner" and "fingerpr": >> >> noc@T42 ~ $ whois -h whois.ripe.net -t key-cert | grep gene >> method: [generated] [single] [ ] >> owner: [generated] [multiple] [ ] >> fingerpr: [generated] [single] [inverse key] >> noc@T42 ~ $ >> >> >> Example "key-cert" object provided by RIPE: >> >> key-cert: PGPKEY-4B8AE00D >> method: PGP >> owner: Joe User <j...@example.net> >> fingerpr: 9D 82 4B B8 38 56 AE 12 BD 88 73 F7 EF D3 7A 92 >> certif: ---BEGIN PGP PUBLIC KEY BLOCK--- >> certif: Version: 2.6.3ia >> certif: >> certif: mQA9AzZizeQAAAEBgJsq2YfoInVOWlLxalmR14GlUzEd0WgrUH9iXjZ >> certif: a/uqWiLnvN59S4rgDQAFEbQeSm9lIFRoZSBVc2VyIDxqb2VAZXhhbXB >> certif: iQBFAwUQNmLN5ee83n1LiuANAQFOFQGAmowlUYtF+xnWBdMNDKBiOSy >> certif: YvpKr05Aycn8Rb55E1onZL5KhNMYU/gd >> certif: =nfno >> certif: ---END PGP PUBLIC KEY BLOCK--- >> mnt-by: EXAMPLE-MNT >> changed: j...@example.net 19981117 >> source: TEST >> >> >> How are those fields automatically detected/generated? "Owner"(UID in gpg >> terminology) is written to public key- one can verify this with analyzing >> the public key with hex editor. However: >> >> 1) is "method" also built into public key? At least "hexdump -C >> pubring.gpg | grep -i pgp" does not indicate this.. Or has "PGP" some sort >> of special fingerprint which is understood by server-side software? Last >> but not least, are there any other types besides "PGP"? I guess it is as >> pgpdump is even able to dump the timestamp when the key itself was >> generated. > > I think "method" in the example above is just indicating that this is a PGP > key. That is, there may be other types than PGP that RIPE supports, but > you'd have to ask them about that. > > >> 2) is fingerprint automatically hashed based on the UID? > > No. The fingerprint is based on the key material only. You can add/change > UIDs without the fingerprint changing. > > David > > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
