A OpenPGP/GnuPG key ID


I understand the utility of the key block itself, and of a hash of the key, but I don't know why additional information would be necessary, so I can't begin to guess the utility of an additional bit of information.


  • What does it signify,
  • where is it used, and
  • (how) can it be determined given the public key block?

It tends to be mentioned tangentially and in passing, which leads to confusion since clearly spacewalk recognizes a difference between fingerprint and ID, while some GPG documentation put out by Fedora includes the phrase

For KEYNAME, substitute the key ID or fingerprint of your primary keypair,

which makes it seem as if the two share the same purpose; but that doesn't make sense because if that were the case why would you need both to begin with?

Best Answer

From RFC 4880:

A V4 fingerprint is the 160-bit SHA-1 hash of the octet 0x99, followed by the two-octet packet length, followed by the entire Public-Key packet starting with the version field. The Key ID is the low-order 64 bits of the fingerprint.

For V3 keys, calculation is similar, but the key length is omitted.

In other words, the fingerprint is calculated from a constant, the packet length and finally a part of the public key packet. Further explanation on what's included (and thus how to calculate it) in the linked RFC.

The (long) key id is represented by the lowest 64 bits, and is used as the full fingerprint is an unhandy and long value. Even more often, the short key id formed by the lowest-order 32 bits is used. These short key IDs are often considered to have a too high chance of collisions and usage of at least the long ID, if not even full fingerprint is recommended.

Recapped in a few words:

The fingerprint is the hash value calculated from the public key packet. The key IDs are a part of the fingerprint:

Fingerprint: 0D69 E11F 12BD BA07 7B37  26AB 4E1F 799A A4FF 2279
Long key ID:                                4E1F 799A A4FF 2279
Short key ID:                                         A4FF 2279

Sometimes, the IDs get prefixed by 0x as they're hex values.