Minor clarification for fingerprint calculation


Section 11.2 reads:

   A V4 fingerprint is the 160-bit SHA-1 hash of the one-octet Packet
   Tag, followed by the two-octet packet length, followed by the
   entire Public Key packet starting with the version field.

This is a bit misleading, as the "one-octet Packet Tag" is not the
actual packet tag of the public key in question, but rather an old
style packet tag with the length-of-length set to 1 (for a two byte
length).  In other words: 0x99.

I've seen this line misunderstood a few times, with the resulting
incorrect fingerprints which were based off of the actual packet tag
of the public key.

I believe this line would be better as:

   A V4 fingerprint is the 160-bit SHA-1 hash of the octet
   0x99... (etc)

Note that the example following the text, as well as the references in
5.2.4 (for general hashing of a public key), and an additional
reference in 11.2 as part of the discussion of subkey fingerprints all
use 0x99.

David

<Prev in Thread]	Current Thread	[Next in Thread>
Minor clarification for fingerprint calculation, David Shaw <= Re: Minor clarification for fingerprint calculation, Jon Callas Curiosity: use of deviant old-style headers in hash material, Michael Young

Previous by Date:	Re: Dash-escaping clarification, David Shaw
Next by Date:	Re: Dash-escaping clarification, Michael Young
Previous by Thread:	Minor typo change, David Shaw
Next by Thread:	Re: Minor clarification for fingerprint calculation, Jon Callas
Indexes:	[Date] [Thread] [Top] [All Lists]