Keyserver question - key id

David Shaw dshaw@jabberwocky.com
Thu May 2 14:27:02 2002


On Thu, May 02, 2002 at 03:35:45AM -0600, Ivan G. wrote:
> I apologize if this is an ignorant question... I have little knowledge of 
> keyservers  
> 
> I attempted to export 2 gpg keys to the wwwkeys.pgp.net keyserver.
> One of the id's however was changed - I searched the keys online.
> 
> When exported, the key id translates back to the original.
> I thought it's the keyserver's way of handling duplicate id's but I am not 
> sure if that's true.
> 
> The result is: 
> 	 -my signature is marked "unknown signator"
> 	 -any files signed with my public key will fail the automatic key retrieval 
> since there is no such key ...correct id is 1D51605D. Changed to 1AA20E95 as 
> shown below.
>  
> How do I resolve this problem?

This is a bug in the pks keyserver software that runs on pgp.net.

Basically, it assumes if your key is RSA (as your second key is) then
it must be a v3 key.  Key IDs are calculated differently for v3 (PGP
2-ish) and v4 (OpenPGP) keys.  The bug is that the server is
calculating key IDs for v4 RSA as if they were v3 RSA, causing the
weird key ID change that you saw.

Luckily, this does not harm the key in any way.  The key is stored
properly on the keyserver and is not damaged, but you just can't find
it using the keyID.

There is a workaround in GnuPG for this problem, but since GnuPG needs
to already have the key to calculate what the bogus key ID is, it only
works when doing a --refresh-keys.  To enable the workaround, add
"refresh-add-fake-v3-keyids" to your keyserver-options in your options
file.  Hopefully that option can go away at some point.

If you use one of the other keyserver types (try
gnv.us.ks.cryptnet.net), you should not have this problem.
Unfortunately, --search-keys does not work yet on the cryptnet.net
server.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson