Is the OpenPGP signature of the signer's user ID signed?

I have a signed public key. I wanted to view all the signatures of this OpenPGP public key.

I have a list of signatures and when I tried to get the user IDs of the subscribers nothing is returned.

So, I doubt that OpenPGP signature contains subscriber user IDs or not.

I used Thunderbird to view the signatures, but it also showed the user ID that was not found to sign, and when I imported the public key corresponding to the private key from what I signed, it shows the user ID of the signer.

My conclusion is that OpenPGP signatures do not contain the signer's user IDs. They only contain the key ID. If you also have the signer's public key, it tries to get the user ID from that public key and show it to you.

Note. I am using the improved lock API.

+1


source to share


1 answer


When signing another key (corresponding to the UID of that key), all that goes into your key is the key ID.

Thunderbird tries to resolve this key ID for the default key UID, but this only works if the public key is in the Thunderbird firewall.

If you want to resolve UIDs in your own software, you have to pull out the key id and find the corresponding public key.



so my Pgp Signature output does not contain the user signer. It only contains the keyid. If you also have the signer's public key, then it tries to get the user ID from that public key and show it to you.

Yes, that's the only way to do it.

+2


source







All Articles