I was trying to verify signature of linux-firmware with GnuPG
gpg --locate-keys [email protected]
- I've got publick key with :
gpg --export --armor | less
This key have 88 lines - I used public PGP server and found public key at https://pgp.surfnet.nl/pks/lookup?search=jboyer%40redhat.com
- I start to compare locate-keys key with one form public key server - they have same fingerpring, same at begining but don't match after a middle of short 88 lines version.
- I imported key from PGP server and make
gpg --export --armor | less
again - this key had 945 lines gpg --verify linux-firmware-20210208.tar.asc
showed same Primary key fingerpring and no errors for both keys - short 88 lines from gpg -locate-keys and long 945 lines from public server
I am comparing "PGP PUBLIC KEY BLOCK" of two same keys [email protected] with same fingerprint but different length.
Why there is two public keys with same fingerprints and different length?
showed me that "PGP PUBLIC KEY BLOCK" has complex format and keep some history within "signature packet" blocks that I don't understand for now. Two keys has differen count of "signature packat" blocks.