Question about fingerprints and keys uploaded to keyservers

David Shaw dshaw at
Sat Feb 21 14:52:01 CET 2004

On Sat, Feb 21, 2004 at 02:34:32PM -0500, gabriel rosenkoetter wrote:
> On Sat, Feb 21, 2004 at 01:15:32PM -0600, Newton Hammet wrote:
> > 785F DFF3 7029 3FBD 45CE  747C 93CA E808 136F C036
> I'm not sure you're reading the right fingerprint:
> uriel:~% gpg --recv-key  136FC036
> gpg: requesting key 136FC036 from
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0
> > But reports the following finger print:
> > 
> > BAC5 85A2 3322 71A9 E817 D2B4 CF2E B411 7E07
> Something's very wrong here. That's 32 bytes too short for a
> fingerprint. Are you sure you reproduced it correctly?

> > My guess is that the fingerprint constructed by the keyserver uses
> > a different algorithm than the one used by gnupg-1.2.4, or it
> > takes its fingerprint from something different than does gnupg-1.2.4
> Probably not. You said "here's an RSA key in OpenPGP format", if the
> keyserver were using "a different algorithm" than something would be
> horribly broken about and we'd have noticed that by now.

We did. is, in fact, horribly broken in many ways (this
particular problem is just the tip of the iceberg).  It's never worked
properly.  I mailed them about fixing it a few years ago, but all the
mail disappeared into a black hole, so I gave up.

What happens here, if you're curious, is that the broken software on sees "V4 RSA" and calculates the fingerprint for "V3
RSA".  That's why it's 32 bits short (and wrong).

As always, the answer is  It Just Works(tm).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 330 bytes
Desc: not available
Url : /pipermail/attachments/20040221/e50a3bf9/attachment.bin

More information about the Gnupg-users mailing list