Downloading the same key results in different files
Healer64 at protonmail.com
Fri Dec 8 19:37:28 CET 2017
Hi, as keyserver spoofing and poisoning has been a concern, I decided to test it by downloading the same key from the same keyserver at different times and from different locations.
When I exported the resulting keys using ascii the files were significantly different, 3k difference in file sizes. Is this expected?
All the keys have the same fingerprint and the same subkeys. All the keys successfully verify a good signature from the source address.
To account for differences in software version I imported each into a single machine, rexported, then deleted the imported key and followed the same process with the next key, so each key was exported using the same software version. They are still different from each other and identical with the original. Is there any explanation for this?
Sent with [ProtonMail](https://protonmail.com) Secure Email.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users