Sean Whitton writes ("Bug#932753: tag2upload should record git tag signer info in .dsc [and 1 more messages]"):
> AIUI a fingerprint fails to uniquely identify a PGP key unless you also
> include the cryptographic algorithm that was used and the key size. So
> for example, my current key is uniquely identified by writing both 4096R
> and 8DC2487E51ABDD90B5C4753F0F56D0553B6D411B.
>
> Even though it's unlikely we'll get a clash of fingerprints within the
> Debian keyring, it seems the algorithm and keysize ought to be included
> alongside the fingerprint, if the above is right.
In this message[1]
[GNUPG:] VALIDSIG 559AE46C2D6B6D3265E7CBA1E3E3392348B50D39 2019-07-20 1563636558 0 4 0 1 8 01 559AE46C2D6B6D3265E7CBA1E3E3392348B50D39
^^^
I think I want to include `1' for pubkey-algo and `8' for hash-algo
then ?
Ian.
[1] Part of the output of
gpgv --status-fd=2 --keyring=/usr/share/keyrings/debian-keyring.gpg < ../bpd/dgit_9.4.dsc
--
Ian Jackson <ijackson@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.