[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#932753: tag2upload should record git tag signer info in .dsc [and 1 more messages]


On Tue 23 Jul 2019 at 10:14PM +01, Ian Jackson wrote:

> Sean Whitton writes ("Bug#932753: tag2upload should record git tag signer info in .dsc [and 1 more messages]"):
>> AIUI a fingerprint fails to uniquely identify a PGP key unless you also
>> include the cryptographic algorithm that was used and the key size.  So
>> for example, my current key is uniquely identified by writing both 4096R
>> and 8DC2487E51ABDD90B5C4753F0F56D0553B6D411B.
>> Even though it's unlikely we'll get a clash of fingerprints within the
>> Debian keyring, it seems the algorithm and keysize ought to be included
>> alongside the fingerprint, if the above is right.
> In this message[1]
> [GNUPG:] VALIDSIG 559AE46C2D6B6D3265E7CBA1E3E3392348B50D39 2019-07-20 1563636558 0 4 0 1 8 01 559AE46C2D6B6D3265E7CBA1E3E3392348B50D39
>                                                                                        ^^^
> I think I want to include `1' for pubkey-algo and `8' for hash-algo
> then ?

Assuming this fact about PGP key fingerprints is not a misunderstanding
on my part, yes.  Sending a separate e-mail to ask the experts.

Sean Whitton

Attachment: signature.asc
Description: PGP signature

Reply to: