Strange Key ID problem. : subkey id is reported where primary key id should be reported as missing?
wk at gnupg.org
Mon Jun 29 09:03:37 CEST 2009
On Mon, 29 Jun 2009 07:56, chiaki.ishikawa at ubin.jp said:
> (After writing this summary, I now think it is a bug, but am not sure
Yes it is a bug. But not in GnupG but in tghe keyserver software.
> So I tried to obtain the key using gpg with arguments such as
> --keyserver pgp.mit.edu -recv-keys 17785FE8
> --keyserver pgp.nic.ad.jp -recv-keys 17785FE8
> to no avail.
Both keyservers run old and non-OpenPGP compatible software - Do not use
I tried this too (using gpg2 but that doesn't matter)
$ gpg2 --recv-key 17785FE8
gpg: requesting key 17785FE8 from hkp server keys.gnupg.net
gpg: key 812347DD: public key "Mozilla Software [...]
gpg: Total number processed: 1
gpg: imported: 1
So everything is fine. The key was taken from one of the SKS keyservers
to which keys.gnupg.net resolve. If you now look at the key:
$ gpg2 --list-key 17785FE8
pub 1024D/812347DD 2007-07-17 [expires: 2009-07-16]
uid Mozilla Software Releases <releases at mozilla.org>
sub 1024D/17785FE8 2007-07-17 [expires: 2009-07-16]
sub 2048g/1B0EC2E7 2007-07-17 [expires: 2009-07-16]
You will notice that 17785FE8 is a signing subkey. The old pks software
can't handle this and breaks the key.
We do have this problem for years now and at least the admins of
pgp.mit.edu don't care about it and keep on running this broken
I am now considering whether we should detect
and reject this one as entirely broken. Maybe just a warning if
--expert is used.
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-devel