PGP-GPG Compatibility

Charly Avital shavital@mac.com
Tue Jun 11 16:57:02 2002


On 6/11/02 5:03 PM, "Juergen P. Sonsalla" <sonsalla@web.de> wrote:

> Thank you for all the hints, i'll try them asap.
> 
> In the meantime i figured out, that GPG returns a different key ID than the
> original one, you also referred in your mail. Is it possible that PGP/GPG
> changes the ID of a key ?
> 
> Juergen

Hi,

I have retrieved (Key ID) and search for (your name) your key, found only
one:
--------------------
gpg --recv-key A487766F
[------]% gpg --recv-key A487766F
gpg: requesting key A487766F from HKP keyserver wwwkeys.us.pgp.net
gpg: signature packet without keyid
gpg: key A487766F: public key imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
-----------------------------------------
gpg --search-keys Juergen P. Sonsalla
[-----]% gpg --search-keys Juergen P. Sonsalla
gpg: searching for "Juergen P. Sonsalla" from HKP server wwwkeys.us.pgp.net
Keys 1-1 of 1 for "Juergen P. Sonsalla"
(1)     Juergen P. Sonsalla <sonsalla@web.de> 1024
          created 2002-03-23, key A487766F
Enter number(s), N)ext, or Q)uit > 1
gpg: requesting key A487766F from HKP keyserver wwwkeys.us.pgp.net
gpg: signature packet without keyid
gpg: key A487766F: not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
------------------------------------

As you can see:
- GPG returns the already known key ID A487766F, same as PGP.
- in both occurrences, there is: "gpg: signature packet without keyid"

Further more, --edit-keys and Command> check gives:
------------------------------------------
pub  1024R/A487766F  created: 2002-03-24 expires: never      trust: -/-
(1). Juergen P. Sonsalla <sonsalla@web.de>

Command> check
uid  Juergen P. Sonsalla <sonsalla@web.de>
sig!        A487766F 2002-04-16   [self-signature]
------------------------
There you can see that, indeed, there is no uid in sig!
In PGP, the self signature shows explicitly your full user ID, but there is
here something unusual:
The key itself was created on March 24, 2002.
The self signature was done on April 16 2002
There is another signature by 0xD67A4987, defined as "Unknown Signature",
made by CN=WEB.DE Trustcenter Voll-Zertifikate, EMAIL=trust@web.de, OU=
TrustCenter CA, O=WEB.DE AG, L=D-76227 Karlsruhe, C=DE.

This would mean that when the key was created, March 24,2002, it was not
automatically self signed on the *same day*, as it usually happens when a
key is created. The self signature was done, according to PGP, much later,
on April 16, 2002.

Therefore, GPG would be right when it says:
"gpg: signature packet without keyid"

Moreover, GPG doesn't even mention the presence of a "signature unchecked
because lacking matching keys", meaning it doesn't recognize the format of
the Certificate delivered by TrustCenter Certifying Authority.

I've no experience with these kind of problems, but I have the feeling that
this particular key is either going to be impossible to use with GPG, or
will need some kind of manipulating, of which I have no clue, in order to be
accetped by GPG.

I hope other list members can help here.

Charly

PS - referring to your question about GPG returning a different key ID.
Although it didn't happen in the search I made with gpg, I have seen
keyservers returning a different key ID when searching for a "new-style" RSA
key (v4), and interpreting it as a Legacy RSA key.
I discussed the matter with the pgp-keyserver-folk@flame.org people, and it
seems there is a bug in some keyservers which makes the keyserver compute
wrongly the key ID. There is a hack in 1.0.7 "refresh-add-fake-v3-keyids".
But as I said, this applied to a search for a v4 RSA key (which has a
subkey), when the keyserver "takes" it to be a Legacy RSA key, and returns a
different, fake, key ID.