fingerprint associated public key does not match displayed public key

Robert J. Hansen rjh at
Thu Dec 16 17:11:35 CET 2021

> when i compared the imported pgp public key block (which I obtained
> using the import command and the provided fingerprint) to the
> displated pgp public key block, they didn't match
> shouldn't they match?


The key block is not a human-readable format.  It's a binary format 
that's meant to be read by computers.

Imagine a word processing document.  You open up a blank document and 
type "Hello, World!".  You save that as document-1.  Then you think 
about it, erase your text, write something else, delete that, too, and 
after some more hemming and hawing you go back to "Hello, World!".  You 
save this as document-2.

Now open up document-1 and document-2 in a hex editor.  Despite the fact 
they have exactly the same *human-meaningful* information, the two 
documents will look different to a computer.  Things like a timestamp 
for when it was last edited, things like a revision history, things 
like... etc.

For all human purposes, document-1 and document-2 are the same.  But 
they're different on disk, and that's okay.

The exact same thing happens with OpenPGP certificates.  When you import 
the certificate, GnuPG starts tracking other information -- the same way 
the word processor does.  But that doesn't mean the certificate is 
*different*, really, not in any way you care about.

Hope this helps!

More information about the Gnupg-users mailing list