[pgpony] $ download
// glossary / pgp-fingerprint

PGP fingerprint.

The 40-character hexadecimal string that uniquely identifies an OpenPGP key. It's derived from the key itself, not assigned externally — so it's stable, collision-resistant, and the safe way to refer to a key when verifying identity.

// definition

A PGP fingerprint is a cryptographic hash of an OpenPGP public key, rendered as 40 hexadecimal characters. It's the canonical way to identify a key — when you publish "your PGP key", what you actually publish is your fingerprint, because it can't be forged without finding a hash collision.

What it is.

OpenPGP keys, the actual binary blobs containing public exponents or curve points, are large and unwieldy. A fingerprint is a fixed-size summary: take the key's binary representation, hash it (SHA-1 for v4 keys; SHA-256 for v6), and you get a 160-bit or 256-bit number. Display it as hexadecimal and you have something humans can read aloud or compare on a screen.

Critically, the fingerprint is derived from the key. There's no central registry handing out fingerprints; you don't pick yours. Generate a different key and you get a different fingerprint. Modify a key (add a User ID, sign it, add a subkey) and the fingerprint of the affected primary stays the same — because it's derived from the primary key's material, not from the additions.

Why it matters.

The fingerprint is what you verify when you check that a key really belongs to who it claims to. Names and emails on a key can be anything (anyone can put your email on a key they generated). The fingerprint can't be — without colliding the underlying hash, which is computationally infeasible for any modern PGP key.

When you publish "my PGP key", what you actually publish is your fingerprint. When a correspondent verifies your identity, they verify your fingerprint. When a maintainer rotates keys, the transition statement names old and new fingerprints. Everything identity-related in OpenPGP ultimately reduces to fingerprints.

// example fingerprint
AAAA BBBB CCCC DDDD EEEE FFFF 1111 2222 3333 4444

40 hex characters, conventionally displayed as ten groups of four with a wider gap in the middle for readability. Same fingerprint, no spaces: AAAABBBBCCCCDDDDEEEEFFFF11112222 33334444.

// in PGPony Your fingerprint appears in the key detail view when you tap a key in the Keyring tab. The Exchange tab → Show My Key displays your fingerprint alongside the QR code for in-person verification. The Copy FP button copies just the fingerprint to your clipboard for sharing.

Related terms

Related guides

Setup

Publish your public key
Use

Share your key via QR code

Get PGPony

Free OpenPGP encryption for iOS and Android. No accounts, no tracking.

Download on the App Store Get it on Google Play