What are the keyid and finguerprint of a public key in gpg and apt-key?

Question

https://superuser.com/a/931814/ says

Here follows an example command to use the GnuPG package's gpg command to receive a key (-recv-keys) with the fingerprint 7CE8FC69BE118222:

$ gpg --recv-keys 7CE8FC69BE118222

Are a key and its fingerprint different concepts?

From manpage of apt-key:

apt-key export <keyid>

Output the key keyid to standard output.

Are a key and its keyid different concepts?

Are the keyid and fingerprint of a key the same concept?

For example, we can first retrieve the key with

gpg --keyserver keyserver.ubuntu.com --recv-key E298A3A825C0D65DFD57CBB651716619E084DAB9

and then feed it to apt-key with

gpg -a --export E298A3A825C0D65DFD57CBB651716619E084DAB9 | sudo apt-key add -

Is E298A3A825C0D65DFD57CBB651716619E084DAB9 a key, the keyid of a key, or the fingerprint of a key?

Why does it still work if I replace E298A3A825C0D65DFD57CBB651716619E084DAB9 with 51716619E084DAB9?

Answer 1

The answers to GnuPG : representations of key IDs and fingerprints explain the differences between key ids and fingerprints. Key ids and fingerprints are (parts of) hashes of keys, so they are different from keys.

Let’s take one of my public keys as an example; a minimal export in binary format is just under 4KiB in length, and that’s the whole key (without its signatures). That’s rather unwieldy, so my key is identified by its fingerprint:

7196 E081 94D5 3FCB FD15  D960 FA6C 71F9 A73D BE0B

That’s a reliable identifier for my key.

Key ids are shorter; the “long” key id is

0xFA6C71F9A73DBE0B

(the last eight bytes of the fingerprint), and the “short” key id is

0xA73DBE0B

Neither of these should be used for key identification nowadays — it is possible to create keys with matching key ids (and this has been demonstrated with short key ids).