GnuPG race causes misordered uids?

David Shaw dshaw at
Thu May 8 17:29:21 CEST 2003

Hash: SHA1

On Mon, May 05, 2003 at 11:23:08PM -0400, David Shaw wrote:
> On Mon, May 05, 2003 at 08:40:46PM +0200, Marcus Brinkmann wrote:
> > I amnot sure if the way the keyring is generated even leads to a
> > deterministic order of user IDs.  But when I had the order as is in the
> > file, and just run the test (without rebuilding the keyring and everything),
> > I saw the buggy behaviour.
> Okay, I looked at this and what seems to be the problem is that some
> of the user IDs were generated in the same second.  That foils the
> current user ID sorting algorithm.
> That may explain the problem you saw, but I think this isn't good
> behavior in general for GnuPG.  If the "first uid is primary" behavior
> is going to be depended on by other programs, then we must guarantee
> that this is always true.  It doesn't really matter what is used as
> the secondary sorting key, so long as it is reliable.  I'm tempted to
> use the raw signature packet data - it's easily accessible, and is
> absurdly unlikely to collide.

Ok, I did this, and it seems to work ok.  It's a corner case, but it's
nice to address those as well.

Still, this might not have been the problem you saw.  Have you had any
luck reproducing it?  I wrote a quick test and ran 40,000 cycles of
- --list-keys with no run giving the wrong answer.

Version: GnuPG v1.2.2 (GNU/Linux)


More information about the Gnupg-devel mailing list