[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Minor clarification for fingerprint calculation
Section 11.2 reads:
A V4 fingerprint is the 160-bit SHA-1 hash of the one-octet Packet
Tag, followed by the two-octet packet length, followed by the
entire Public Key packet starting with the version field.
This is a bit misleading, as the "one-octet Packet Tag" is not the
actual packet tag of the public key in question, but rather an old
style packet tag with the length-of-length set to 1 (for a two byte
length). In other words: 0x99.
I've seen this line misunderstood a few times, with the resulting
incorrect fingerprints which were based off of the actual packet tag
of the public key.
I believe this line would be better as:
A V4 fingerprint is the 160-bit SHA-1 hash of the octet
Note that the example following the text, as well as the references in
5.2.4 (for general hashing of a public key), and an additional
reference in 11.2 as part of the discussion of subkey fingerprints all