Bug#317411: "type 4" GnuPG (gpg) key not clear

To: Andreas Barth <aba@not.so.argh.org>
Cc: 317411@bugs.debian.org
Subject: Bug#317411: "type 4" GnuPG (gpg) key not clear
From: Peter Palfrader <peter@palfrader.org>
Date: Thu, 22 Dec 2005 13:30:56 +0100
Message-id: <[🔎] 20051222123056.GA21817@asteria.noreply.org>
Reply-to: Peter Palfrader <peter@palfrader.org>, 317411@bugs.debian.org
In-reply-to: <[🔎] 20051222091658.GT25804@mails.so.argh.org>
References: <20050708100626.GB29949@deprecation.cyrius.com> <[🔎] 20051222091658.GT25804@mails.so.argh.org>

Andreas Barth schrieb am Donnerstag, dem 22. Dezember 2005:

> Hi Peter,
> 
> can you please write me some stanca for the developers reference (or hint
> me to the right section on nm.d.o).

Not tested if it compiles etc.


--- developers-reference.sgml.orig	2005-12-22 13:11:32.548733352 +0100
+++ developers-reference.sgml	2005-12-22 13:26:15.884445912 +0100
@@ -232,12 +232,39 @@
 OpenPGP is an open standard based on <url id="&url-rfc2440;" name="RFC
 2440">.
 	<p>
-You need a type 4 key for use in Debian Development.
+You need a version 4 key for use in Debian Development.
 Your key length must be at least 1024
 bits; there is no reason to use a smaller key, and doing so would be
-much less secure.  Your key must be signed with your own user
-ID; this prevents user ID tampering.  <prgn>gpg</prgn> does this
-automatically.
+much less secure.
+<footnote>Version 4 keys are keys conforming to
+the OpenPGP standard as defined in RFC 2440.  Version 4 is the key
+type that has always been created when using GnuPG.  PGP versions
+since 5.x also could create v4 keys, the other choice having beein
+pgp 2.6.x compatible v3 keys (also called "legacy RSA" by PGP).
+<p>
+Version 4 (primary) keys can either use the RSA or the DSA algorithms,
+so this has nothing to do with GnuPG's question about "which kind
+of key do you want: (1) DSA and Elgamal, (2) DSA (sign only), (5)
+RSA (sign only).  If you don't have any special requirements just pick
+the defailt.
+<p>
+The easiest way to tell whether an existing key is a v4 key or a v3
+(or v2) key is to look at the fingerprint:
+Fingerprints of version 4 keys are the SHA-1 hash of some key matieral,
+so they are 40 hex digits, usually grouped in blocks of 4.  Fingerprints
+of older key format versions used MD5 and are generally shown in blocks
+of 2 hex digits.  For example if your fingerprint looks like
+<tt>5B00&nbsp;C96D&nbsp;5D54&nbsp;AEE1&nbsp;206B&nbsp;&nbsp;AF84&nbsp;DE7A&nbsp;AF6E&nbsp;94C0&nbsp;9C7F</tt>
+then it's a v4 key.
+<p>
+Another possibility is to pipe the key into <prgn>pgpdump</prgn>,
+which will say something like "Public Key Packet - Ver 4".
+<p>
+Also note that your key must be self-signed (i.e. it has to sign
+all its own user IDs; this prevents user ID tampering).  All
+modern OpenPGP software does that automatically, but if you
+have an older key you may have to manually add those signatures.
+</footnode>
 	<p>
 If your public key isn't on public key servers such as &pgp-keyserv;,
 please read the documentation available locally in &file-keyservs;.


Peter
-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/

Reply to:

Follow-Ups:
- Bug#317411: "type 4" GnuPG (gpg) key not clear
  - From: Mohammed Adnène Trojette <adn+deb@diwi.org>

References:
- Bug#317411: "type 4" GnuPG (gpg) key not clear
  - From: Andreas Barth <aba@not.so.argh.org>

Prev by Date: Bug#317411: "type 4" GnuPG (gpg) key not clear
Next by Date: Bug#317411: "type 4" GnuPG (gpg) key not clear
Previous by thread: Bug#317411: "type 4" GnuPG (gpg) key not clear
Next by thread: Bug#317411: "type 4" GnuPG (gpg) key not clear
Index(es):
- Date
- Thread