fingerprint associated public key does not match displayed public key
S.B.
sami.badri at gmail.com
Fri Dec 17 02:43:25 CET 2021
Thank you guys. This is helping.
No, I did not export the key. Using the fingerprint, I downloaded the
asc file from openpgp.org and placed it into my disk/users/SamiBadri,
and then used the command: cat filename, to reveal the key block.
That key block did not match the one on his profile. That’s what
confused me. But I’m learning (from you guys) that the key blocks
don’t necessarily have to match. So I can assume that:
- the fingerprint is specific for the secret key component of the
generated key pair and does not change.
- the pgp public key is, in a way, fluid. It can take many different
forms but encrypts specifically for the matching secret key only. The
same public key can have different key blocks.
- I could’ve used the keyserver-obtained public key (retrieved via the
fingerprint), or I could’ve used the displayed public key that was
given in armor text form. They are one and the same, even though
their revealed text is different.
Is all this correct?
When you want to give someone your public key, do you normally just
give your email, fingerprint, key ID, or the armor form key block?
and...
is there a command i could've used to directly import the key using
the displayed key block? I've tried some different ones I found in
various places but nothing worked.
Thank you guys.
S.B.
On Thu, Dec 16, 2021 at 11:12 AM Robert J. Hansen via Gnupg-users
<gnupg-users at gnupg.org> wrote:
>
> > when i compared the imported pgp public key block (which I obtained
> > using the import command and the provided fingerprint) to the
> > displated pgp public key block, they didn't match
> >
> > shouldn't they match?
>
> No.
>
> The key block is not a human-readable format. It's a binary format
> that's meant to be read by computers.
>
> Imagine a word processing document. You open up a blank document and
> type "Hello, World!". You save that as document-1. Then you think
> about it, erase your text, write something else, delete that, too, and
> after some more hemming and hawing you go back to "Hello, World!". You
> save this as document-2.
>
> Now open up document-1 and document-2 in a hex editor. Despite the fact
> they have exactly the same *human-meaningful* information, the two
> documents will look different to a computer. Things like a timestamp
> for when it was last edited, things like a revision history, things
> like... etc.
>
> For all human purposes, document-1 and document-2 are the same. But
> they're different on disk, and that's okay.
>
> The exact same thing happens with OpenPGP certificates. When you import
> the certificate, GnuPG starts tracking other information -- the same way
> the word processor does. But that doesn't mean the certificate is
> *different*, really, not in any way you care about.
>
> Hope this helps!
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
More information about the Gnupg-users
mailing list