Keyserver question - key id

David Shaw
Thu May 2 14:27:02 2002

On Thu, May 02, 2002 at 03:35:45AM -0600, Ivan G. wrote:
> I apologize if this is an ignorant question... I have little knowledge of 
> keyservers  
> I attempted to export 2 gpg keys to the keyserver.
> One of the id's however was changed - I searched the keys online.
> When exported, the key id translates back to the original.
> I thought it's the keyserver's way of handling duplicate id's but I am not 
> sure if that's true.
> The result is: 
> 	 -my signature is marked "unknown signator"
> 	 -any files signed with my public key will fail the automatic key retrieval 
> since there is no such key ...correct id is 1D51605D. Changed to 1AA20E95 as 
> shown below.
> How do I resolve this problem?

This is a bug in the pks keyserver software that runs on

Basically, it assumes if your key is RSA (as your second key is) then
it must be a v3 key.  Key IDs are calculated differently for v3 (PGP
2-ish) and v4 (OpenPGP) keys.  The bug is that the server is
calculating key IDs for v4 RSA as if they were v3 RSA, causing the
weird key ID change that you saw.

Luckily, this does not harm the key in any way.  The key is stored
properly on the keyserver and is not damaged, but you just can't find
it using the keyID.

There is a workaround in GnuPG for this problem, but since GnuPG needs
to already have the key to calculate what the bogus key ID is, it only
works when doing a --refresh-keys.  To enable the workaround, add
"refresh-add-fake-v3-keyids" to your keyserver-options in your options
file.  Hopefully that option can go away at some point.

If you use one of the other keyserver types (try, you should not have this problem.
Unfortunately, --search-keys does not work yet on the


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson