[I'm bored and on the train, so I have time to catch up on some lists which I usually do not read in detail.] On Tue, 10 Feb 2004, Martin Michlmayr wrote: > A note about GPG keys: RSA keys are fine as long as they are version 4 or > higher. You can check this the following way: > gpg --export -a 2A5B2B0D > 2A5B2B0D > gpg -vv 2A5B2B0D > This produces a long output cointaining stuff like "version 4, algo 17, > created 974499721, expires 0". version 3 cannot be accepted, version 4 is > fine. Two minor comments: There is no 'or later' :) At least not now and hopefully not any time soon. The most simple way is to check the fingerprint. If it's an md5 checksum (short) then it's a v3 key. If it's sha1, it's a v4 key. Similarily, if the keyid is equal to the last digites of the fingerprint it's a v4 key, otherwise not. v3: Key fingerprint = BB A2 DC FE D7 D2 09 BF 93 46 36 6F C1 A4 41 1A v4: Key fingerprint = 5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E 94C0 9C7F v3: pub 1024R/D1A3A329 1999-02-22 Peter Palfrader <peter@palfrader.org> ^^^^^^^^ Key fingerprint = BB A2 DC FE D7 D2 09 BF 93 46 36 6F C1 A4 41 1A ^^^^^^^^^^^ v4: pub 1024D/94C09C7F 1999-11-10 Peter Palfrader ^^^^^^^^ Key fingerprint = 5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E 94C0 9C7F ^^^^^^^^^ PGP calls v3 keys 'legacy RSA keys'. Note that there are also v4 RSA keys, so just because a key is RSA, doesn't mean it's v3. That's it, maybe it makes a thing clearer or two for somebody. -- Peter
Attachment:
signature.asc
Description: Digital signature