GnuPG asks for a key ID when sharing my public key, what is that?
OpenPGP User IDs
User IDs in OpenPGP are used to connect keys to entities like names and e-mail addresses. These are used to search for keys on key servers, and matching them to users/e-mail addresses.
Be aware user IDs are not checked by key servers, make sure to verify them on your own!
OpenPGP Key IDs
OpenPGP key IDs (and fingerprints) are used to reference keys when performing several actions like requesting and sending keys, or when verifying ownership. For example, you'd exchange the fingerprint with the key's owner on a separate, trusted channel to make sure the key really belongs to the person that claims to own the key.
The OpenPGP (v4) key ID is an identifier calculated from the public key and key creation timestamp. From those, a hashsum is calculated. The hex-encoded version is called the fingerprint of the key. The last (lower order) 16 characters are called the long key ID, if you only take the last eight characters, it's the short key ID. An example for my own public key:
fingerprint: 0D69 E11F 12BD BA07 7B37 26AB 4E1F 799A A4FF 2279
long id: 4E1F 799A A4FF 2279
short id: A4FF 2279
The primary public key's ID is referenced in the pub
line after the key size, in your case the short key ID is CB3AF6E6
:
pub 4096R/CB3AF6E6 2015-12-24 [expires: 2016-12-23]
Be aware the eight byte short key IDs do not provide a sufficiently large value space, and it is easily possible to generate duplicate keys through collision attacks. Instead of short key IDs, use at least long key IDs, and when software handles keys, always refer the whole fingerprint.
For more details on how the hash sums are derived, I refer to RFC 4880, OpenPGP, 12.2. Key IDs and Fingerprints which also explains the differences for deprecated OpenPGP v3 keys.
Sending and Receiving Keys From Key Servers
To send or receive keys from key servers, you must use the full key ID or fingerprint. GnuPG does not accept user IDs here. From man gpg
:
--send-keys key IDs
Similar to --export but sends the keys to a keyserver. Fingerprints may be
used instead of key IDs. [...]
--recv-keys key IDs
Import the keys with the given key IDs from a keyserver. [...]
If you want to search for a user ID (or parts of those) first, use gpg --search-keys
. This will first query the key servers for the name, and provide some kind of assistant that asks you which keys to fetch afterwards (so, it will automatically run --recv-keys
for the selected keys).
--search-keys names
Search the keyserver for the given names. Multiple names given here will be
joined together to create the search string for the keyserver. [...]
What is key id exactly?
The part that looks like CB3AF6E6. GPG also accepts using email address to refer to a key.