3

I create a pair keyring with the new embedded tool from Thunderbird and export it into a file (.asc by default and readable).

Then I import these keys with gpg, finally I export again these keys with gpg --export --armor options.

I compare the two readable public key coming from both methods and it appears the first characters up to the first / differ. Also the last characters at the very last line after the = differs. The same arises for private keys. I don't understand why.

Somebody could clarify this. I tried to find on the web the "structure" of the public key that might encoded software something like heading information?

Also, which public key should I upload on a pgp server?

Sincerely.

Stewart
  • 12,628
  • 1
  • 37
  • 80
Airwan
  • 81
  • 6
  • Dupe https://unix.stackexchange.com/questions/447205/gpg-seems-to-alter-imported-keys and crossdupe https://superuser.com/questions/1610188/gpg-imported-and-exported-public-keys-do-not-match (pgp and especially Thunderbird are not specific to Unix) – dave_thompson_085 Feb 23 '21 at 03:19
  • Thanks a lot for the links. It answers. Not so easy to match with the good keywords through search engine for non native english speaker :) – Airwan Feb 25 '21 at 01:13

1 Answers1

2

I think the difference between the public key blocks is dis-interesting. You aren't meant to decode, read and understand the ascii contained in the PGP public key block. You certainly aren't expected to compare each individual character of the block. When manually comparing PGP keys, you compare the fingerprint only. With GPG this is found by using the --fingerprint command instead of --export. I don't know how it's done with thunderbird.

I think you can upload either pgp public key to the keyserver without any impact.

If you don't trust that last sentence (I can understand why you wouldn't take a stranger's word for it ... you are a PGP user), then upload the version from Thunderbird. That's because Thunderbird generated the public/private key pair and so the public key from thunderbird is certain to match the private key from Thunderbird.

Stewart
  • 12,628
  • 1
  • 37
  • 80
  • Many thanks. With your comment I decided to encrypt a mail with thunderbird, send it and then, after download it, I decrypt the email with the gpg key. It works. I am more confident. Nevertheless, I think I will store both private key. I don't now at this time a method to encrypt with gpg then decrypt with thunderbird, to be sure :) – Airwan Feb 22 '21 at 21:56