Signatures are tragically quite complicated and there are multiple ways to do them. I think this is probably due to the evolving nature of the OpenPGP standard.
If you have a specific message in mind, the best way to look at what you need to do is to use "gpg --list-packets" which will give you the tag information for the various packets contained and then you can determine exactly what type of message you're looking at. Generally, if the signature is a version 4 ( http://tools.ietf.org/html/rfc4880#section-5.2.3), you will need to look at the sub signature packets and see what key is sending the message. Does this point you in the right direction at least? Sean On Tue, Oct 2, 2012 at 7:43 PM, Jim Klo <[email protected]> wrote: > Given a PGP signed message, how might it get the signing key's > id/fingerprint? > > I'm trying to whitelist some PGP signed packets by signer. > > Thanks, > > - Jim > > > * > Jim Klo > Senior Software Engineer > Center for Software Engineering > SRI International > * > * > t. @nsomnac > * > > > _______________________________________________ > > http://openpgpjs.org > >
_______________________________________________ http://openpgpjs.org
