Automatic resyncing of keys?

Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
Sat May 4 22:42:02 2002

David Shaw <> writes:

>> --refresh-keys seems to import new keys with the same user ID as
>> present keys, BTW.
> Are you using 1.0.6e?  Can you show me an example?

It happens with 1.0.7a-cvs, too.

> I don't doubt you, but it's hard to imagine how this could be since
> the keyservers work on numerical key ids, and GnuPG naturally couldn't
> know the keyid of a key that wasn't already in its keyring.

Key IDs can collide (especially 32 bit ones). :-/

> Is it possible what you saw what a new user ID showing up on an
> existing key?

No, the summary at the end clearly shows 'Imported: 1', and the
additional key shows up in the key ring.

If you want to experiment, you can use the 0xdeadbeef keys (but you
have to specify --allow-non-selfsigned-uid because two of them lack a
proper self-signature).

There's even a web page with further candidates for experiments:

Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898