fingerprint associated public key does not match displayed public key
Gregor Zattler
telegraph at gmx.net
Thu Dec 16 17:03:34 CET 2021
Hi S.B.,
* "S.B. via Gnupg-users" <gnupg-users at gnupg.org> [2021-12-16; 10:37]:
> maybe I'm not explaining it well. I was able to import a public key using:
>
> gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys fingerprint*
>
> the fingerprint was provided to me by the intended recipient via their
> profile page.
>
> the profile page also displayed the pgp public key block
>
> when i compared the imported pgp public key block (which I obtained
> using the import command and the provided fingerprint) to the
> displated pgp public key block, they didn't match
I assume you exported the public key you just downloaded
from the key server with gpg --export --armor fingerprint?
and then compared the output of this command to the key
block shown on the web page?
> shouldn't they match?
then no, the do not need to match. The fingerpint is the
fingerprint of the private signing key, while the key blocks
in question are the public key with its signatures. At
different times these may not match, because in between
someone might have signed the public key. Then the public
key block with this additional signature is different from
the time before the signature was added. The signer might
have mailed this public key block to the keys owner or to
the key server and the key owner might or might not have
imported this change to her/his public key and might have
updated the website or perhaps not.
Ciao; Gregor
--
-... --- .-. . -.. ..--.. ...-.-
More information about the Gnupg-users
mailing list