That key block did not match the one on his profile. That’s what confused me. But I’m learning (from you guys) that the key blocks don’t necessarily have to match. So I can assume that:
More accurately, they're very unlikely to match. The version on his site may lack some signatures or user IDs present on the keyserver copy, or vice-versa. Think of them as two different snapshots of the same document at different points in time, as various minor edits are made to it. But the important bits, the stuff you care about, will be consistent through revisions so long as the fingerprint remains unchanged.
- the fingerprint is specific for the secret key component of the generated key pair and does not change.
No, and I'm going to strongly encourage you to stop asking implementation questions. You're not ready for them. For now, learn how to use the system, and only then start paying attention to the fine detail of how the system is implemented.
But if you insist, see section 12.2 of RFC4880. "A V4 fingerprint is the 160-bit SHA-1 hash of the octet 0x99, followed by the two-octet packet length, followed by the entire Public-Key packet starting with the version field. The Key ID is the low-order 64 bits of the fingerprint."
- the pgp public key is, in a way, fluid. It can take many different forms but encrypts specifically for the matching secret key only. The same public key can have different key blocks.
No. This will probably become easier to understand if we use the correct language. *Keys* are not fluid. *Certificates* can be. What you're calling a "key block" is a certificate, not a key. A certificate includes cryptographic keys and metadata about those keys. The keys generally don't change (although I can think of pathological cases where they do). The metadata about those keys can change a lot.
Most of the data in a certificate is metadata.
- I could’ve used the keyserver-obtained public key (retrieved via the fingerprint), or I could’ve used the displayed public key that was given in armor text form. They are one and the same, even though their revealed text is different.
You could have used it and the odds are quite good it wouldn't have mattered in the slightest.
When you want to give someone your public key, do you normally just give your email, fingerprint, key ID, or the armor form key block?
I use WKS.
is there a command i could've used to directly import the key using the displayed key block? I've tried some different ones I found in various places but nothing worked.
gpg --import < certificate.asc _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
