From the draft:
8.2 V4 Key IDs and Fingerprints
A V4 fingerprint is the 160-bit SHA-1 hash of the one-octet Packet Tag,
followed by the two-octet packet length, followed by the entire Public
Key packet starting with the version field. The key ID is either the
low order 32 bits or 64 bits of the fingerprint. Here are the fields
of the hash material, with the example of a DSA key:
a.1) 0x99 (1 byte)
a.2) high order length byte of (b)-(f) (1 byte)
a.3) low order length byte of (b)-(f) (1 byte)
b) version number = 4 (1 byte);
c) time stamp of key creation (4 bytes);
e) algorithm (1 byte):
17 = DSA;
f) Algorithm specific fields.
Algorithm Specific Fields for DSA keys (example):
f.1) MPI of DSA prime p;
f.2) MPI of DSA group order q (q is a prime divisor of p-1);
f.3) MPI of DSA group generator g;
f.4) MPI of DSA public key value y (= g**x where x is secret).
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
This seems to imply that the fingerprint is always
generated as the hash over an old-style public key packet
with a two-byte length qualifier and the appropriate
packet tag. Is this correct and intended?
tlr
--
Thomas Roessler · 74a353cc0b19 · dg1ktr · http://home.pages.de/~roessler/
1280/593238E1 · AE 24 38 88 1B 45 E4 C6 03 F5 15 6E 9C CA FD DB