mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-25 17:12:06 +01:00
ch4: attempt at clarifying the kind-of-unique-but-technically-not property of fingerprints, to deal with #113
This commit is contained in:
parent
b337068d61
commit
02b0785584
1 changed files with 7 additions and 1 deletions
|
@ -80,7 +80,7 @@ Each OpenPGP component key possesses an *OpenPGP fingerprint*. This fingerprint
|
|||
:name: fig-fingerprint
|
||||
:alt: Depicts a box with white background and the title "Fingerprint of an OpenPGP component key". Inside, another box with a green frame, the title "Component Key", the text "key creation time" on the lower left and a the green public key symbol on the lower right is shown. Below the component key box a fingerprint in a box with a light-yellow background and a yellow dotted line is depicted. The word "Fingerprint" is shown left of the box with the fingerprint and both are connected with a yellow dotted line.
|
||||
|
||||
Every OpenPGP component key is identifiable by a fingerprint. Although it's technically possible for different keys to share a fingerprint, [cryptographic mechanisms](crypto-hash) make it exceedingly difficult, if not practically impossible with current technology, to find keys that share a fingerprint.
|
||||
Every OpenPGP component key is identifiable by a fingerprint.
|
||||
```
|
||||
|
||||
The fingerprint of our example OpenPGP component key is `C0A5 8384 A438 E5A1 4F73 7124 26A4 D45D BAEE F4A3 9E6B 30B0 9D55 13F9 78AC CA94`[^keyid].
|
||||
|
@ -89,6 +89,12 @@ The fingerprint of our example OpenPGP component key is `C0A5 8384 A438 E5A1 4F7
|
|||
For example, an OpenPGP version 4 certificate with the fingerprint `B3D2 7B09 FBA4 1235 2B41 8972 C8B8 6AC4 2455 4239` might be referenced by the 64-bit Key ID `C8B8 6AC4 2455 4239` or formatted as `0xC8B86AC424554239`.
|
||||
Historically, even shorter 32-bit identifiers were used, like this: `2455 4239`, or `0x24554239`. Such identifiers still appear in very old documents about PGP. However, [32-bit identifiers have been long deemed unfit for purpose](https://evil32.com/). At one point, 32-bit identifiers were called "short Key ID," while 64-bit identifiers were referred to as "long Key ID."
|
||||
|
||||
```{note}
|
||||
In practice, the fingerprint of a component key is used like a unique identifier.
|
||||
|
||||
However, formally, a fingerprint is not unique. For every component key, other component keys with the same fingerprint exist, in theory. But because fingerprints are calculated using a [cryptographic hash algorithm](crypto-hash), it is practically impossible to find two different component keys that have the same fingerprint.
|
||||
```
|
||||
|
||||
### Primary key
|
||||
|
||||
The OpenPGP primary key is a component key that serves a distinct, central role in an OpenPGP certificate:
|
||||
|
|
Loading…
Reference in a new issue