[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Number of developers, keyring map

On Sun, 30 May 1999, Oliver Elphick wrote:

> Jason Gunthorpe wrote:
>   >I have generated a mapping of user to pgp key, please verify the spelling
>   >and associated keys for your name. It is available at
>   >http://www.debian.org/~jgg/keymap.txt. This information is also available
>   >from http://db.debian.org/ and through the email gateway
>   >ping@db.debian.org (send a PGP signed email)
>   >
> What is the big hex number in the 3rd column?  How can I check it? Do
> I need to?

3rd column? Where are you looking?

Anyhow, that is the PGP key fingerprint compressed without spaces, ie:

Wakko{jgg}~/work/ldap/userdir-ldap#pgp -kvc elphick

Type Bits/KeyID    Date       User ID
pub  1024/32B8FAA1 1997/03/25 Oliver Elphick <Oliver.Elphick@lfix.co.uk>
            Key fingerprint = 97 EA 1D 47 72 3F 28 47  6B 7E 39 CC 56 E4 C1 47

Wakko{jgg}~/work/ldap/userdir-ldap#grep -i elphick ../debian/keymap.txt
Oliver Elphick <elphick@debian.org>: 97EA1D47723F28476B7E39CC56E4C147

It is the single most important field to check. It serves the same purpose
as the keyID except that it is much more reliable and cannot be faked at
all. It is a MD5 of the actual RSA key itself IIRC. For 'GPG' (DSS) keys
it is a SHA hash of the key and has a few extra digits.


Reply to: