2
I am trying to import a GPG key to verify a download. The Key ID is 4203454C. Let me know if you need any more information. What is the process for GPG when you are trying to import a key by ID or by fingerprint?
ewizard
Posted 2014-04-08T07:22:39.037
Reputation: 133
2
To import the key use gpg2 --recv-keys and then KeyID or Better yet the longer more unique key fingerprint.
gpg2 --keyserver hkp://pool.sks-keyservers.net --recv-keys 4203454C
gpg: requesting key 4203454C from hkp server pool.sks-keyservers.net
gpg: key 4203454C: public key "Michael Büsch (Git tag signing key) <m@bues.ch>" imported
Warning KeyIDs can have collisions so an attacker might be able to generate another key with a duplicate KeyID. The fingerprint is longer and much more resistant to collisions.
KeyID: 4203454C
Fingerprint: 757FAB7CED1814AE15B4836E5FB027474203454C
P.S. This works the same with gpg as well as the newer gpg2
StackAbstraction
Posted 2014-04-08T07:22:39.037
Reputation: 782
1
It sounds like you're trying to lookup the key from a directory service or key server. You should follow the instructions for the software you're using to manage keys.
For example, for Kleopatra on Windows, you would do Ctrl + Shift + I to bring up the Certificate Lookup dialog, prepend "0x" to your key, and search for it.
There are other ways to do it - some keyservers let you search directly using a web interface. You can then copy + paste the key into a local certificate file to be imported - the steps depend on what you're using for key management.
scuzzy-delta
Posted 2014-04-08T07:22:39.037
Reputation: 773
this problem has since become irrelevant to me - but i am still interested in the how it works - i am using linux – ewizard – 2014-04-09T13:09:06.460