RE: PGP aside

> I describe my my PGP key according to the wot vocab using the terms:
> 
> fingerprint
> hex_id
> pubkeyAddress
> 
> If there's any better way to semantically describe my key, or i can
> use the cert ontology, would love to know.

You shouldn't need hex_id if you have fingerprint and pubkeyAddress.

For v3 keys: hex_id = low 64 bits of public modulus of the RSA key

For v4 keys: hex_id = low 64 bits of fingerprint

If you have both the key and the fingerprint, you'll know that the hex_id must be one or the other -- its sole purpose is for convenience to humans, so nothing actually processing WoT should need it handed to it.

If you have the key material and creation timestamp, you can generate both v4 (SHA-1) and v3 (MD5) fingerprints without much hassle. Running 'pgpdump' or equivalent on an exported public key packet (i.e., just the packet with tag 6) will give you everything PGP uses to generate a fingerprint and ID(version, timestamp key type, key material).

(I just re-checked, incidentally, and I lied about GnuPG: it does indeed generate v4 keys [it actually must, because v3 keys can only be RSA], it's just that it uses the "old" packet format, which confused me).

M.

http://www.bbc.co.uk/
This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.
					

Received on Thursday, 29 December 2011 12:40:35 UTC