Why do Key Fingerprints include Creation Timestamp?

FuzzyDrawrings fuzzy_drawrings at protonmail.com
Wed Jan 31 03:35:57 CET 2018


Wouldn't it make more sense to hash only the public-key's MPI value(s)? That way if an implementation's code fails to generate a unique key-pair, it will be known because the fingerprint will be the same as some other key.

But as it is, with the Fingerprint hash including the timestamp, any "colliding" keys will have different fingerprints and so will go undetected.

Is there a good reason for it to be this way?



More information about the Gnupg-users mailing list