fingerprint associated public key does not match displayed public key
kloecker at kde.org
Sat Dec 18 19:07:35 CET 2021
On Freitag, 17. Dezember 2021 18:04:04 CET S.B. via Gnupg-users wrote:
> > Otherwise, you can simply send your exported key to the person you want to
> > give your public key to.
> Yeah so, I can attach the .asc file that's in my Disk/users/SamiBadri
> folder (it's the only .asc file I've seen), but I'm assuming that is
> my public key. Is that correct?
Well, it depends. We have no idea what the .asc file in Disk/users/SamiBadri
contains. It could be your public key. Or it could be somebody else's public
key. Or it could be something other than a public key.
Quite frankly, I suggest that you follow Robert's advice and start your
learning experience with OpenPGP by using an email client that supports
OpenPGP out-of-the-box. All decent email clients should have a functionality
to attach your public key to an email without you having to attach some file
> Is there anyway to send your private key?
Sure. You can send any file to anyone, so, of course, you can do the same with
your private key (unless it's stored on a smartcard in a read-protected slot).
A decent email client should not offer a functionality to attach your secret
key to an email. So, if you stick to what your email client offers you, then
you should be safe.
> I want to know so that I don't do it accidentally.
Then don't attach random files you find on your disk to your emails without
knowing what those files contain.
> Also, if I
> use the cat SamiB.asc command, the terminal reveals a certificate (and
> I assume that's my public key certificate).
You shouldn't assume anything if you are dealing with encryption software. You
should be sure what you are doing. Otherwise, in the extreme, you could
jeopardize the lives of other people.
> Can I copy/paste and send
> that as a txt attachment? Will they be able to do anything with it?
> For instance, let's say they don't have my email, key ID, or
> fingerprint, only the pgp public key block (aka certificate), can you
> do anything with a txt-type file that only shows the certificate in
If you send someone the public key block of your public key, e.g. some file
that contains something like
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----
then this person can import your public key in their keyring and use it to
verify signatures made by you and to encrypt text or files for you.
You can use the command
gpg --show-key <SamiB.asc
to have a look at the key (or keys) contained in SamiB.asc. But, as with using
a proper email client you should probably also use a proper graphical tool for
working with GnuPG. On Linux, I suggest using Kleopatra. On Windows, I
> Lastly, I see that you have attached a signature .asc file with your
> email. I can import that file, and compare to?
No, you cannot import that file. You need an email client that supports
OpenPGP to do anything useful with it.
Alternatively, you could have a look at Mailvelope (https://mailvelope.com).
It's a browser add-on that will extend GMail (and many other webmail
providers) with OpenPGP support.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 195 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users