Forging key signatures with collisions

[Georgi Guninski]

Forging key signatures with collisions

This is a fork of the keyring thread.
Attached is fake1 key which seemingly appears signed by
pub   1024D/40976EAF437D05B5 2004-09-12
uid   Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>

which is certainly not the case (good selfsig if the above is not imported)

Session:
$gpg --recv-keys 0x437D05B5

$gpg --import /tmp/fake1 
gpg: WARNING: digest algorithm MD5 is deprecated
gpg: please see http://www.gnupg.org/faq/weak-digest-algos.html for more information
gpg: key 79164387: public key "Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>" imported #WRONG
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
$gpg --check-sigs --keyid-f long
/home/joro2/.gnupg/pubring.gpg
------------------------------
pub   1024D/40976EAF437D05B5 2004-09-12
uid                          Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>
sig!3        40976EAF437D05B5 2004-09-12  Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>
sub   2048g/251BEFF479164387 2004-09-12
sig!         40976EAF437D05B5 2004-09-12  Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>

pub   2047R/251BEFF479164387 2012-06-22
uid                          fake   3 <f at f>
sig!3        251BEFF479164387 2012-06-22  Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com> #WRONG
sub   2047R/251BEFF479164387 2012-06-22 
sig!         251BEFF479164387 2012-06-22  Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com> #WRONG

40 signatures not checked due to missing keys


Stay assured the colliding keysize is completely under control...