AW: Why do Key Fingerprints include Creation Timestamp?

Fiedler Roman Roman.Fiedler at
Wed Jan 31 10:37:54 CET 2018

> Von: Gnupg-users [mailto:gnupg-users-bounces at] Im Auftrag von
> On Tue 2018-01-30 21:35:57 -0500, FuzzyDrawrings via Gnupg-users wrote:
> > Wouldn't it make more sense to hash only the public-key's MPI
> > value(s)? That way if an implementation's code fails to generate a
> > unique key-pair, it will be known because the fingerprint will be the
> > same as some other key.
> >
> > But as it is, with the Fingerprint hash including the timestamp, any
> > "colliding" keys will have different fingerprints and so will go
> > undetected.
> >
> > Is there a good reason for it to be this way?
> This is a great question, and one that i've struggled with over time.  I
> currently think that including the creation time in the fingerprint is a
> *good* thing, but i have felt otherwise in the past.

Including it provides a fast way to generate keys without changing 
cryptographic material (slow), thus speeds up creating keys with given 32 
key-ID, 64 key-id might also be possible. Thus making it easier to provoke 
human errors (fingerprints where first/last 16 bit are matching another key, 
identical key-ID) ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4814 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list