Re: [openpgp] New fingerprint: to v5 or not to v5

Werner Koch <> Sun, 04 October 2015 18:26 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 0022E1B346D for <>; Sun, 4 Oct 2015 11:26:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id UYiaHX-BhOA0 for <>; Sun, 4 Oct 2015 11:26:04 -0700 (PDT)
Received: from ( [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1D2E41B345C for <>; Sun, 4 Oct 2015 11:26:04 -0700 (PDT)
Received: from uucp by with local-rmail (Exim 4.80 #2 (Debian)) id 1Zinyz-0002VT-R5 for <>; Sun, 04 Oct 2015 20:26:01 +0200
Received: from wk by with local (Exim 4.84 #3 (Debian)) id 1ZinvC-0004wl-E9; Sun, 04 Oct 2015 20:22:06 +0200
From: Werner Koch <>
To: Phillip Hallam-Baker <>
References: <> <> <> <> <>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=F2AD85AC1E42B367;
Mail-Followup-To: Phillip Hallam-Baker <>, Watson Ladd <>, IETF OpenPGP <>, Daniel Kahn Gillmor <>
Date: Sun, 04 Oct 2015 20:22:06 +0200
In-Reply-To: <> (Phillip Hallam-Baker's message of "Sat, 3 Oct 2015 21:50:16 -0400")
Message-ID: <>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Archived-At: <>
Cc: Watson Ladd <>, IETF OpenPGP <>, Daniel Kahn Gillmor <>
Subject: Re: [openpgp] New fingerprint: to v5 or not to v5
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 04 Oct 2015 18:26:06 -0000

On Sun,  4 Oct 2015 03:50, said:

> Yes, hence the reason for my UDF design which salts the hash with the mime
> content type of the data being hashed. Thus one fingerprint format can be
> used for a S/MIME key or an OpenPGP key or an SSH key.

See rfc-4880, 12.2 (Key IDs and fingerprints)

  Here are the fields of the hash material, with the example of a DSA

   a.1) 0x99 (1 octet)
   a.2) high-order length octet of (b)-(e) (1 octet)
   a.3) low-order length octet of (b)-(e) (1 octet)
     b) version number = 4 (1 octet);
     c) timestamp of key creation (4 octets);
     d) algorithm (1 octet): 17 = DSA (example);
     e) Algorithm-specific fields.

   Algorithm-Specific Fields for DSA keys (example):
   e.1) MPI of DSA prime p;
   e.2) MPI of DSA group order q (q is a prime divisor of p-1);
   e.3) MPI of DSA group generator g;
   e.4) MPI of DSA public-key value y (= g**x mod p where x is secret).

also the MPI format is different from X.509 and from SSH.

Thus we already "salt" the fingerprints with version numbers and a
timestamp and get different fingerprints for these 3 protocols and most
likely for all protocols even for the same key material.  For a v5 key
the fingerprint will also be different due to a.3b).



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.