Does an OpenPGP signature contain the signer's user ID?

Question

I have a signed public key. I wanted to view all the signatures in this OpenPGP public key.

I've got the signature list, and when I tried to get the user IDs of the signers, nothing is returned.

So my doubt is whether an OpenPGP signature contains the signer's user IDs or not.

I used Thunderbird to view signatures, but it also show user ID not found for signature and when I imported the public key corresponing to the private key from that I signed, It showes the user ID of the signer.

My conclusion is OpenPGP signatures don't contain the signer's user IDs. They only contain the key ID. If you also have public key of signer, then it tries to get the user ID from that public key and show you.

Note: I am using the bouncy castle API.

Answer 1

When signing another key (respective a UID of this key), all that gets included from your key is the key ID.

Thunderbird tries to resolve that key ID to the key's default UID, but this only works if the public key is in Thunderbird's keyring.

If you want to resolve the UID in your own software, you must pull the key's ID and look for a matching public key.

so My conclusion is Pgp Signature doesn't contain signer's user id. It contains only keyid. If you also have public key of signer then it try to get userid from that public key and show you.

Yep, that's the only way to do.