Question about fingerprints and keys uploaded to keyservers

gabriel rosenkoetter gr at eclipsed.net
Sat Feb 21 14:34:32 CET 2004


On Sat, Feb 21, 2004 at 01:15:32PM -0600, Newton Hammet wrote:
> 785F DFF3 7029 3FBD 45CE  747C 93CA E808 136F C036

I'm not sure you're reading the right fingerprint:

uriel:~% gpg --recv-key  136FC036
gpg: requesting key 136FC036 from subkeys.pgp.net
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

> But www.keyserver.net reports the following finger print:
> 
> BAC5 85A2 3322 71A9 E817 D2B4 CF2E B411 7E07

Something's very wrong here. That's 32 bytes too short for a
fingerprint. Are you sure you reproduced it correctly?

What does GnuPG list as your keyid?

> My key consists of : a 4096-bit master RSA signing key, and a 
> 4096-bit RSA encryption key.

Ah, yes. I believe GnuPG will prefer to the subkey for all purposes
rather than the master, but don't quote me on that without checking
the documentation.

> My guess is that the fingerprint constructed by the keyserver uses
> a different algorithm than the one used by gnupg-1.2.4, or it
> takes its fingerprint from something different than does gnupg-1.2.4

Probably not. You said "here's an RSA key in OpenPGP format", if the
keyserver were using "a different algorithm" than something would be
horribly broken about and we'd have noticed that by now.

-- 
gabriel rosenkoetter
gr at eclipsed.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : /pipermail/attachments/20040221/61b8f3db/attachment.bin


More information about the Gnupg-users mailing list