Reputation: 43
How to get a public OpenPGP key only knowing its fingerprint?
I have only an OpenPGP key's public fingerprint. I do not know the key ID or almost anything else.
How can I get the corresponding public key? Are there any online service to do this?
Upvotes: 4
Views: 4533
Answers (2)
Reputation: 1174
Yes, there are servers for this. You can get key like this:
gpg --recv-keys <KEY_ID>
Update: see how KEY_ID interconnected with fingerprint:
Fingerprint: EC2392F2EDE74488680DA3CF5F2B4756ED873D23
Long Key ID: 5F2B4756ED873D23
Short Key ID: ED873D23
Upvotes: 1
Reputation: 38732
How the Fingerprint and Long and Short Key IDs are Related
Each OpenPGP key has a fingerprint attached, calculated mainly from its public key packet which also contains the creation time. The calculation is defined in RFC 4880, OpenPGP, 12.2. Key IDs and Fingerprints.
There are short and long key IDs, which resemble the lower 32 respective 64 bits of the fingerprint. For example, looking at the IDs of my OpenPGP key:
fingerprint: 0D69 E11F 12BD BA07 7B37 26AB 4E1F 799A A4FF 2279
long id: 4E1F 799A A4FF 2279
short id: A4FF 2279
Fingerprints and key IDs are used, as sharing and comparing a whole key with usually 1024 to 8096 bits (adding some more for headers like the creation date) is very impractical.
Receiving Keys from Key Servers
There is a bunch of key servers used to distribute keys -- they communicate with each other, choose any of them. GnuPG's option --keyserver hkp://pool.sks-keyservers.net (often set in it's configuration file ~/.gnupg/gpg.conf for Linux/UNIX systems, another path on Windows) uses a pool that will chose a random one each time you use it.
You can use any of those short and long IDs respective the full fingerprint to fetch the key using the --recv-keys command in GnuPG, while the fingerprint is the most specific (and chances for collisions with short key IDs are highest).
If no colliding keys exist, following statements would fetch the same key:
gpg --recv-keys 0D69E11F12BDBA077B3726AB4E1F799AA4FF2279
gpg --recv-keys 4E1F799AA4FF2279
gpg --recv-keys A4FF2279
If you want to query the key servers from your browser, make sure to search for the fingerprint, long or short key ID prefixed by 0x to indicate a search for key IDs (the GnuPG command line interface will do this for you automatically).
Upvotes: 6
Related Questions
- Get fingerprints of OpenPGP keys
- Import PGP public key from Fingerprint
- How do I verify a gpg signature matches a public key file?
- Extract gpg fingerprint
- How to get public key from an OpenPGP smart card without using key servers?
- Get key signature/fingerprint for GPG Public Key
- How to determine fingerprint of imported OpenPGP key in PHP using the GnuPG module?
- How to verify an OpenPGP signature on a public key?
- How to get a finger print for a public Key in C?
- OpenPGP Public Key Authentication in Go