Ok, I see. Probably RIPE server-side software behaves like file(1) utility(or just calls the file(1) utility), which seems to determine file as a "PGP public key block" if it contains the "BEGIN PGP PUBLIC KEY BLOCK" string:
noc@T42 ~/.gnupg $ file pubkey.txt pubkey.txt: PGP public key block noc@T42 ~/.gnupg $ hexdump -C /usr/share/file/magic.mgc | grep -B 3 -A 3 "PGP PUBLIC" 000011f0 00 00 00 00 00 00 00 00 00 00 20 00 3d 1e 05 00 |.......... .=...| 00001200 00 00 00 00 02 00 00 00 00 00 00 00 16 00 00 00 |................| 00001210 00 00 00 00 00 00 00 00 2d 2d 2d 42 45 47 49 4e |........---BEGIN| 00001220 20 50 47 50 20 50 55 42 4c 49 43 20 4b 45 59 20 | PGP PUBLIC KEY | 00001230 42 4c 4f 43 4b 2d 00 00 50 47 50 20 70 75 62 6c |BLOCK-..PGP publ| 00001240 69 63 20 6b 65 79 20 62 6c 6f 63 6b 00 00 00 00 |ic key block....| 00001250 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| noc@T42 ~/.gnupg $ regards, Martin On 8/2/13, David Shaw <ds...@jabberwocky.com> wrote: > On Aug 2, 2013, at 3:56 AM, Martin T <m4rtn...@gmail.com> wrote: > >> Hi, >> >> thanks for the reply! >> >>>> I think "method" in the example above is just indicating that this is a >>>> PGP key. >> >> Exactly. However, how does RIPE server-side software detect that it's >> a PGP key? Is this information(besides other information like key >> creation date and UID) written into pubring.gpg file during the >> creation of the public key? > > Not directly. There isn't some special tag that says "this is a PGP key" > that lets you tell it apart from (say) some new image format that just > happens to have a similar packet structure. If you think about it, that's > not possible since some other file format might accidentally trip the > detector since there is no global registry of tags. > > Many people use heuristics, based on the format in the spec. (For example, > the 'file' program does this). Or the ultimate heuristic: if it looks like > a PGP key, can you parse it and import it? > >>>> No. The fingerprint is based on the key material only. You can >>>> add/change UIDs without the fingerprint changing. >> >> Indeed. I revoked my current UID and changed it to another one and >> both public and private key fingerprints remained the same. So the key >> fingerprint is a hashed key material? Is it a SHA-1, MD5 or some other >> type of hash? > > SHA-1. The exact bytes that get fed into the hash are given in RFC-4880, > but basically it's the public key material with a few bytes of structure > around it. > > David > > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
