Hi S.B., * "S.B. via Gnupg-users" <gnupg-users@gnupg.org> [2021-12-16; 10:37]: > maybe I'm not explaining it well. I was able to import a public key using: > > gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys fingerprint* > > the fingerprint was provided to me by the intended recipient via their > profile page. > > the profile page also displayed the pgp public key block > > when i compared the imported pgp public key block (which I obtained > using the import command and the provided fingerprint) to the > displated pgp public key block, they didn't match
I assume you exported the public key you just downloaded from the key server with gpg --export --armor fingerprint? and then compared the output of this command to the key block shown on the web page? > shouldn't they match? then no, the do not need to match. The fingerpint is the fingerprint of the private signing key, while the key blocks in question are the public key with its signatures. At different times these may not match, because in between someone might have signed the public key. Then the public key block with this additional signature is different from the time before the signature was added. The signer might have mailed this public key block to the keys owner or to the key server and the key owner might or might not have imported this change to her/his public key and might have updated the website or perhaps not. Ciao; Gregor -- -... --- .-. . -.. ..--.. ...-.- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
