Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to get a public OpenPGP key only knowing its fingerprint?

Tags:

cryptography

public-key

gnupg

openpgp

I have only an OpenPGP key's public fingerprint. I do not know the key ID or almost anything else.

How can I get the corresponding public key? Are there any online service to do this?

like image 640
igorpyan Avatar asked Mar 14 '23 09:03

igorpyan

2 Answers

How the Fingerprint and Long and Short Key IDs are Related

Each OpenPGP key has a fingerprint attached, calculated mainly from its public key packet which also contains the creation time. The calculation is defined in RFC 4880, OpenPGP, 12.2. Key IDs and Fingerprints.

There are short and long key IDs, which resemble the lower 32 respective 64 bits of the fingerprint. For example, looking at the IDs of my OpenPGP key:

fingerprint: 0D69 E11F 12BD BA07 7B37  26AB 4E1F 799A A4FF 2279
long id:                                    4E1F 799A A4FF 2279
short id:                                             A4FF 2279

Fingerprints and key IDs are used, as sharing and comparing a whole key with usually 1024 to 8096 bits (adding some more for headers like the creation date) is very impractical.

Receiving Keys from Key Servers

There is a bunch of key servers used to distribute keys -- they communicate with each other, choose any of them. GnuPG's option --keyserver hkp://pool.sks-keyservers.net (often set in it's configuration file ~/.gnupg/gpg.conf for Linux/UNIX systems, another path on Windows) uses a pool that will chose a random one each time you use it.

You can use any of those short and long IDs respective the full fingerprint to fetch the key using the --recv-keys command in GnuPG, while the fingerprint is the most specific (and chances for collisions with short key IDs are highest).

If no colliding keys exist, following statements would fetch the same key:

gpg --recv-keys 0D69E11F12BDBA077B3726AB4E1F799AA4FF2279
gpg --recv-keys 4E1F799AA4FF2279
gpg --recv-keys A4FF2279

If you want to query the key servers from your browser, make sure to search for the fingerprint, long or short key ID prefixed by 0x to indicate a search for key IDs (the GnuPG command line interface will do this for you automatically).

like image 190
Jens Erat Avatar answered Apr 26 '23 23:04

Jens Erat

Yes, there are servers for this. You can get key like this:

gpg --recv-keys <KEY_ID>

Update: see how KEY_ID interconnected with fingerprint:

Fingerprint:    EC2392F2EDE74488680DA3CF5F2B4756ED873D23
Long Key ID:                            5F2B4756ED873D23
Short Key ID:                                   ED873D23
like image 42
SergA Avatar answered Apr 27 '23 00:04

SergA
Sign in to Comment

Related questions

C# - Encrypting and Decrypting Data using RSA
How to securely verify an HMAC in Python 2.7?
What does the information of XOR of two cipher texts in one-time pad gives me?
Random number generator security: BCryptGenRandom vs RNGCryptoServiceProvider
.NET AES decryption breaks first few bytes
How can I use [20]bytes type as parameter instead of []bytes in crypto.rand.Read?
Why does a Fernet encryption token always start with the same sequence? (Python Cryptography package)
Modular exponentiation fails for large mod in C++

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!