fingerprint associated public key does not match displayed public key

Robert J. Hansen rjh at sixdemonbag.org
Sat Dec 18 03:24:15 CET 2021


> What other keys would it hold?

Behold:

pub   ed25519/1E7A94D4E87F91D5 2021-02-22 [SC]
       7D8EC4B85B6FEDD6C10D3C791E7A94D4E87F91D5
uid                 [ultimate] Robert J. Hansen <rob at hansen.engineering>
uid                 [ultimate] Robert J. Hansen <rjh at sixdemonbag.org>
sub   cv25519/7D6CCDB66CA1202F 2021-02-22 [E]


My public certificate has two keys: an Edwards-25519 signing key and a 
Curve-25519 encryption key.

Back in the '90s, certificates almost always held a single key that was 
used for both encryption and signing.  Then we realized, "if the courts 
force us to give our decryption key to the cops so they can read our 
traffic, we're also giving them the ability to impersonate us."  Since 
then, virtually every OpenPGP certificate has had at least two keys: one 
for signing and one for encryption.

There are cases where three or more keys are appropriate, but they're 
kind of outside the scope of the current discussion.

>> Sure it does.  I did that no more than twenty minutes ago myself.
> 
> So I typed the gpg --import > certificate.txt command and it says "no
> such file or directory: certificate.txt" (certificate has a different
> name of course).

Did you notice the command is "gpg --import < certificate.txt"?

> I placed the file in my .gnupg hidden folder.

Then you'd need to do "gpg --import < ~/.gnupg/certificate.txt".  If 
certificate.txt isn't in your current directory, you need to tell Linux 
where to look for it.

> Here is really the root of my problem.  As you probably know, I'm not
> using a Web Key Service/Directory enabled email provider, so if I were
> to get an encrypted message intended for me, I'd have to copy the
> encryption text, paste it into txt file, then import/decrypt it like
> that with: gpg --decrypt ~/Desktop/encryptedfile.txt | perl
> -MMIME::QuotedPrint -0777 -nle 'print decode_qp($_)'

That's shockingly bad.

Try using an email client with OpenPGP support built-in.  On Linux the 
two major choices are Evolution and Thunderbird.

> That's a command I found online from a source that I've been using for
> learning pgp.

Please stop using that resource.  As mentioned above, it's shockingly bad.

As the FAQ says, "The good news is the internet is a treasure trove of 
information. The bad news is that the internet is a festering sewer of 
misinformation, conspiracy theories, and half-informed speculations all 
masquerading as informed commentary."



More information about the Gnupg-users mailing list