Strange Key ID problem. : subkey id is reported where primary key id should be reported as missing?

Werner Koch wk at
Mon Jun 29 09:03:37 CEST 2009

On Mon, 29 Jun 2009 07:56, chiaki.ishikawa at said:

> (After writing this summary, I now think it is a bug, but am not sure

Yes it is a bug.  But not in GnupG but in tghe keyserver software.

> So I tried to obtain the key using gpg with arguments such as
> --keyserver -recv-keys 17785FE8
> --keyserver -recv-keys 17785FE8
> to no avail.

Both keyservers run old and non-OpenPGP compatible software - Do not use

I tried this too (using gpg2 but that doesn't matter)

  $ gpg2 --recv-key 17785FE8
  gpg: requesting key 17785FE8 from hkp server
  gpg: key 812347DD: public key "Mozilla Software [...]
  gpg: Total number processed: 1
  gpg:               imported: 1
So everything is fine.  The key was taken from one of the SKS keyservers
to which resolve.  If you now look at the key:

  $ gpg2 --list-key 17785FE8
  pub   1024D/812347DD 2007-07-17 [expires: 2009-07-16]
  uid                  Mozilla Software Releases <releases at>
  sub   1024D/17785FE8 2007-07-17 [expires: 2009-07-16]
  sub   2048g/1B0EC2E7 2007-07-17 [expires: 2009-07-16]
You will notice that 17785FE8 is a signing subkey.  The old pks software
can't handle this and breaks the key.

We do have this problem for years now and at least the admins of don't care about it and keep on running this broken

I am now considering whether we should detect 
  Server: pks_www/0.9.6
and reject this one as entirely broken.  Maybe just a warning if
--expert is used.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-devel mailing list