27

I generated a public key using GnuPG. I can see it using --list-keys

$  gpg --list-keys
/Users/mertnuhoglu/.gnupg/pubring.gpg
-------------------------------------
pub   4096R/CB3AF6E6 2015-12-24 [expires: 2016-12-23]
uid                  Mert Nuhoglu <mert.nuhoglu@gmail.com>
sub   4096R/0D6B756F 2015-12-24 [expires: 2016-12-23]

I want to share it on keyservers. This tutorial says I need to use the following command:

gpg --send-keys 'Your Name' --keyserver hkp://subkeys.pgp.net

I use that command, but I get the following error:

$  gpg --send-keys 'Mert Nuhoglu' --keyserver hkp://subkeys.pgp.net
gpg: "Mert Nuhoglu" not a key ID: skipping
gpg: "--keyserver" not a key ID: skipping
gpg: "hkp://subkeys.pgp.net" not a key ID: skipping

What is key id exactly?

Jens Erat
  • 23,446
  • 12
  • 72
  • 96
Mert Nuhoglu
  • 373
  • 1
  • 3
  • 6

2 Answers2

26

OpenPGP User IDs

User IDs in OpenPGP are used to connect keys to entities like names and e-mail addresses. These are used to search for keys on key servers, and matching them to users/e-mail addresses.

Be aware user IDs are not checked by key servers, make sure to verify them on your own!

OpenPGP Key IDs

OpenPGP key IDs (and fingerprints) are used to reference keys when performing several actions like requesting and sending keys, or when verifying ownership. For example, you'd exchange the fingerprint with the key's owner on a separate, trusted channel to make sure the key really belongs to the person that claims to own the key.

The OpenPGP (v4) key ID is an identifier calculated from the public key and key creation timestamp. From those, a hashsum is calculated. The hex-encoded version is called the fingerprint of the key. The last (lower order) 16 characters are called the long key ID, if you only take the last eight characters, it's the short key ID. An example for my own public key:

fingerprint: 0D69 E11F 12BD BA07 7B37  26AB 4E1F 799A A4FF 2279
long id:                                    4E1F 799A A4FF 2279
short id:                                             A4FF 2279

The primary public key's ID is referenced in the pub line after the key size, in your case the short key ID is CB3AF6E6:

pub   4096R/CB3AF6E6 2015-12-24 [expires: 2016-12-23]

Be aware the eight byte short key IDs do not provide a sufficiently large value space, and it is easily possible to generate duplicate keys through collision attacks. Instead of short key IDs, use at least long key IDs, and when software handles keys, always refer the whole fingerprint.

For more details on how the hash sums are derived, I refer to RFC 4880, OpenPGP, 12.2. Key IDs and Fingerprints which also explains the differences for deprecated OpenPGP v3 keys.

Sending and Receiving Keys From Key Servers

To send or receive keys from key servers, you must use the full key ID or fingerprint. GnuPG does not accept user IDs here. From man gpg:

--send-keys key IDs
    Similar to --export but sends the keys to a keyserver.  Fingerprints may be
    used instead of key IDs. [...]
 --recv-keys key IDs
    Import the keys with the given key IDs from a keyserver. [...]

If you want to search for a user ID (or parts of those) first, use gpg --search-keys. This will first query the key servers for the name, and provide some kind of assistant that asks you which keys to fetch afterwards (so, it will automatically run --recv-keys for the selected keys).

 --search-keys names
     Search the keyserver for the given names. Multiple names given here will be
     joined together to create the search string for the keyserver. [...]
Jens Erat
  • 23,446
  • 12
  • 72
  • 96
4

What is key id exactly?

The part that looks like CB3AF6E6. GPG also accepts using email address to refer to a key.

Lie Ryan
  • 31,089
  • 6
  • 68
  • 93
  • It looks like gpg on osx doesn't accept email address. `$ gpg --send-keys 'mert.nuhoglu@gmail.com' gpg: "mert.nuhoglu@gmail.com" not a key ID: skipping $ gpg --send-keys 'CB3AF6E6' gpg: sending key CB3AF6E6 to hkp server keys.gnupg.net` – Mert Nuhoglu Jan 09 '16 at 13:49
  • GnuPG does not always allow user IDs/e-mail addresses to be used for selecting specific keys. – Jens Erat Jan 09 '16 at 14:04