Re: fingerprint associated public key does not match displayed public key
Thank you guys. This is helping. No, I did not export the key. Using the fingerprint, I downloaded the asc file from openpgp.org and placed it into my disk/users/SamiBadri, and then used the command: cat filename, to reveal the key block. That key block did not match the one on his profile. That’s what confused me. But I’m learning (from you guys) that the key blocks don’t necessarily have to match. So I can assume that: - the fingerprint is specific for the secret key component of the generated key pair and does not change. - the pgp public key is, in a way, fluid. It can take many different forms but encrypts specifically for the matching secret key only. The same public key can have different key blocks. - I could’ve used the keyserver-obtained public key (retrieved via the fingerprint), or I could’ve used the displayed public key that was given in armor text form. They are one and the same, even though their revealed text is different. Is all this correct? When you want to give someone your public key, do you normally just give your email, fingerprint, key ID, or the armor form key block? and... is there a command i could've used to directly import the key using the displayed key block? I've tried some different ones I found in various places but nothing worked. Thank you guys. S.B. On Thu, Dec 16, 2021 at 11:12 AM Robert J. Hansen via Gnupg-users wrote: > > > when i compared the imported pgp public key block (which I obtained > > using the import command and the provided fingerprint) to the > > displated pgp public key block, they didn't match > > > > shouldn't they match? > > No. > > The key block is not a human-readable format. It's a binary format > that's meant to be read by computers. > > Imagine a word processing document. You open up a blank document and > type "Hello, World!". You save that as document-1. Then you think > about it, erase your text, write something else, delete that, too, and > after some more hemming and hawing you go back to "Hello, World!". You > save this as document-2. > > Now open up document-1 and document-2 in a hex editor. Despite the fact > they have exactly the same *human-meaningful* information, the two > documents will look different to a computer. Things like a timestamp > for when it was last edited, things like a revision history, things > like... etc. > > For all human purposes, document-1 and document-2 are the same. But > they're different on disk, and that's okay. > > The exact same thing happens with OpenPGP certificates. When you import > the certificate, GnuPG starts tracking other information -- the same way > the word processor does. But that doesn't mean the certificate is > *different*, really, not in any way you care about. > > Hope this helps! > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: fingerprint associated public key does not match displayed public key
Hi S.B., * "S.B. via Gnupg-users" [2021-12-16; 10:37]: > maybe I'm not explaining it well. I was able to import a public key using: > > gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys fingerprint* > > the fingerprint was provided to me by the intended recipient via their > profile page. > > the profile page also displayed the pgp public key block > > when i compared the imported pgp public key block (which I obtained > using the import command and the provided fingerprint) to the > displated pgp public key block, they didn't match I assume you exported the public key you just downloaded from the key server with gpg --export --armor fingerprint? and then compared the output of this command to the key block shown on the web page? > shouldn't they match? then no, the do not need to match. The fingerpint is the fingerprint of the private signing key, while the key blocks in question are the public key with its signatures. At different times these may not match, because in between someone might have signed the public key. Then the public key block with this additional signature is different from the time before the signature was added. The signer might have mailed this public key block to the keys owner or to the key server and the key owner might or might not have imported this change to her/his public key and might have updated the website or perhaps not. Ciao; Gregor -- -... --- .-. . -.. ..--.. ...-.- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: fingerprint associated public key does not match displayed public key
when i compared the imported pgp public key block (which I obtained using the import command and the provided fingerprint) to the displated pgp public key block, they didn't match shouldn't they match? No. The key block is not a human-readable format. It's a binary format that's meant to be read by computers. Imagine a word processing document. You open up a blank document and type "Hello, World!". You save that as document-1. Then you think about it, erase your text, write something else, delete that, too, and after some more hemming and hawing you go back to "Hello, World!". You save this as document-2. Now open up document-1 and document-2 in a hex editor. Despite the fact they have exactly the same *human-meaningful* information, the two documents will look different to a computer. Things like a timestamp for when it was last edited, things like a revision history, things like... etc. For all human purposes, document-1 and document-2 are the same. But they're different on disk, and that's okay. The exact same thing happens with OpenPGP certificates. When you import the certificate, GnuPG starts tracking other information -- the same way the word processor does. But that doesn't mean the certificate is *different*, really, not in any way you care about. Hope this helps! ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: fingerprint associated public key does not match displayed public key
On Donnerstag, 16. Dezember 2021 16:37:30 CET S.B. via Gnupg-users wrote: > maybe I'm not explaining it well. Indeed. > I was able to import a public key using: > > gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys fingerprint* > > the fingerprint was provided to me by the intended recipient via their > profile page. > > the profile page also displayed the pgp public key block > > when i compared the imported pgp public key block (which I obtained > using the import command and the provided fingerprint) to the > displated pgp public key block, they didn't match > > shouldn't they match? I'm sorry, but I have no idea what you are comparing because you do not tell us how you get the "fingerprints" that you are comparing. If you do not want to give us more details because you want to protect the personal data of the intended recipient then that's completely understandable. But in this case you have to ask the intended recipient why the information provided by them on their profile page does not match what you get when you receive their key from the key server. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: fingerprint associated public key does not match displayed public key
maybe I'm not explaining it well. I was able to import a public key using: gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys fingerprint* the fingerprint was provided to me by the intended recipient via their profile page. the profile page also displayed the pgp public key block when i compared the imported pgp public key block (which I obtained using the import command and the provided fingerprint) to the displated pgp public key block, they didn't match shouldn't they match? thank you On Thu, Dec 16, 2021 at 8:34 AM Ingo Klöcker wrote: > > On Donnerstag, 16. Dezember 2021 12:52:28 CET S.B. via Gnupg-users wrote: > > Here is my situation: I have imported a public key using > > gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys fingerprint* > > > > *provided by the intended recipient on their profile page > > > > The person also displayed the pgp public key block text (in armor) but > > not as an asc file. I first tried importing the block directly into > > gpg but couldn't figure it out. > > > > when comparing the imported key (again, obtained via the keyserver > > using the fingerprint) to the displayed public key block, they do not > > match. > > How do you do this, i.e. what commands are you using? > > > Reasons for this (I think) are: > > 1. either the fingerprint or the key has been changed but not updated > > on the profile page > > The fingerprint of an OpenPGP key never changes (except if its creation time > changes). > > Regards, > Ingo > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: fingerprint associated public key does not match displayed public key
On Donnerstag, 16. Dezember 2021 12:52:28 CET S.B. via Gnupg-users wrote: > Here is my situation: I have imported a public key using > gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys fingerprint* > > *provided by the intended recipient on their profile page > > The person also displayed the pgp public key block text (in armor) but > not as an asc file. I first tried importing the block directly into > gpg but couldn't figure it out. > > when comparing the imported key (again, obtained via the keyserver > using the fingerprint) to the displayed public key block, they do not > match. How do you do this, i.e. what commands are you using? > Reasons for this (I think) are: > 1. either the fingerprint or the key has been changed but not updated > on the profile page The fingerprint of an OpenPGP key never changes (except if its creation time changes). Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
fingerprint associated public key does not match displayed public key
Hello GnuPG world, I'm a new (and obsessed) pgp user, so please bear with me. Also, I hope I'm in the right place. I read through some archives and the questions seemed a little advanced. I hope I'm not annoying anyone here. I use GnuPG 2.3.3 on a MacBook Pro running Mac OS Monterey (v. 12.0.1) Here is my situation: I have imported a public key using gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys fingerprint* *provided by the intended recipient on their profile page The person also displayed the pgp public key block text (in armor) but not as an asc file. I first tried importing the block directly into gpg but couldn't figure it out. when comparing the imported key (again, obtained via the keyserver using the fingerprint) to the displayed public key block, they do not match. Reasons for this (I think) are: 1. either the fingerprint or the key has been changed but not updated on the profile page 2. it's a scam/hack 3. I don't understand what's going on (most likely reason) Any help would be appreciated. Thank you. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users