On Sun, 30 May 1999, Oliver Elphick wrote:
> Jason Gunthorpe wrote:
>
> >I have generated a mapping of user to pgp key, please verify the spelling
> >and associated keys for your name. It is available at
> >http://www.debian.org/~jgg/keymap.txt. This information is also available
> >from http://db.debian.org/ and through the email gateway
> >ping@db.debian.org (send a PGP signed email)
> >
> >-PLEASE CHECK YOUR OWN RECORD-
>
> What is the big hex number in the 3rd column? How can I check it? Do
> I need to?
3rd column? Where are you looking?
Anyhow, that is the PGP key fingerprint compressed without spaces, ie:
Wakko{jgg}~/work/ldap/userdir-ldap#pgp -kvc elphick
Type Bits/KeyID Date User ID
pub 1024/32B8FAA1 1997/03/25 Oliver Elphick <Oliver.Elphick@lfix.co.uk>
Key fingerprint = 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47
Wakko{jgg}~/work/ldap/userdir-ldap#grep -i elphick ../debian/keymap.txt
Oliver Elphick <elphick@debian.org>: 97EA1D47723F28476B7E39CC56E4C147
It is the single most important field to check. It serves the same purpose
as the keyID except that it is much more reliable and cannot be faked at
all. It is a MD5 of the actual RSA key itself IIRC. For 'GPG' (DSS) keys
it is a SHA hash of the key and has a few extra digits.
Jason