Problem with GnuPG 1.2.1 generated Key (Broken Key or Keyserver Problem)
Bjoern Buerger
b.buerger@penguin.de
Wed Feb 19 16:42:02 2003
Hi,=20
I recently generated a new sign-only Key, 2048bit RSA with gpg 1.2.1
gpg (GnuPG) 1.2.1
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160
Compress: Uncompressed, ZIP, ZLIB
but after uploading this key to pgp.mit.edu, strange things happened.
- The Key ID was altered in way I don't really understand
(You must request 0x818F8F41 on some servers to get 0x8838FD94)
=20
- People can sign this key, send it to the Key-server (all with the
"old" Key ID), but they told me they could only receive the Key=20
from the Server via that strange new ID. On their System, the=20
Key-ID was the old one again 8-[
I'd like to know: Is the Key invalid / broken and should be revoked,=20
or is it up to the Keyserver Network ?
The Key (as I see it on my System):
bb@susie:~$ gpg --list-sigs S1
pub 2048R/8838FD94 2003-02-18 Bjoern Buerger (SIGNING KEY - CERTIFICATIO=
N ONLY S1/unlimited) <b.buerger@penguin.de>
sig 3 8838FD94 2003-02-18 Bjoern Buerger (SIGNING KEY - CERTIFICA=
TION ONLY S1/unlimited) <b.buerger@penguin.de>
[...some other sigs ...]
uid Bj=F8rn B=FCrger (Contact Info: http://www=
.penguin.de/~bb/contact/) <b.buerger@penguin.de>
sig 3 8838FD94 2003-02-18 Bjoern Buerger (SIGNING KEY - CERTIFICA=
TION ONLY S1/unlimited) <b.buerger@penguin.de>
[... some other sigs ...]
The Output of the wwwkeys.pgp.net Keyserver Webinterface was something
like this:
pub 2048R/818F8F41 2003-02-18 Bjoern Buerger (SIGNING KEY - CERTIFICATIO=
N ONLY S1/unlimited) <b.buerger@penguin.de>
sig 3 8838FD94 2003-02-18 unknown signator
[...some other sigs ...]
[... same for second uid ...]
Note the different Key-IDs for Key and Self-Signature.=20
I tried to download the Key again, because some people told me it was=20
up- but not downloadeable and this happened:
bb@susie:~$ gpg --recv-key 818F8F41
gpg: Schl=FCssel 8838FD94: "Bjoern Buerger (SIGNING KEY [...]
Note the different Key ID's again :-(
What's that supposed to be ?
Today I tried all Keyservers from wwwkeys.pgp.net:
wolfgang@wormwood:~/.gnupg$ host wwwkeys.pgp.net=20
wwwkeys.pgp.net A 166.88.5.10
wwwkeys.pgp.net A 193.174.13.72
wwwkeys.pgp.net A 194.171.167.2
wwwkeys.pgp.net A 209.54.75.71
wwwkeys.pgp.net A 212.55.198.213
wwwkeys.pgp.net A 64.71.163.210
wolfgang@wormwood:~/.gnupg$ gpg --keyserver 166.88.5.10 --recv-key 8838FD=
94
gpg: requesting key 8838FD94 from 166.88.5.10 ...
gpg: key 8838FD94: not changed
gpg: Total number processed: 1
gpg: unchanged: 1
wolfgang@wormwood:~/.gnupg$ gpg --keyserver 209.54.75.71 --recv-key 8838F=
D94
gpg: requesting key 8838FD94 from 209.54.75.71 ...
gpg: key 8838FD94: not changed
gpg: Total number processed: 1
gpg: unchanged: 1
wolfgang@wormwood:~/.gnupg$ gpg --keyserver 212.55.198.213 --recv-key 883=
8FD94
gpg: requesting key 8838FD94 from 212.55.198.213 ...
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
wolfgang@wormwood:~/.gnupg$ gpg --keyserver 212.55.198.213 --recv-key 818=
F8F41
gpg: requesting key 818F8F41 from 212.55.198.213 ...
gpg: key 8838FD94: not changed
gpg: Total number processed: 1
gpg: unchanged: 1
wolfgang@wormwood:~/.gnupg$ gpg --keyserver 64.71.163.210 --recv-key 8838=
FD94
gpg: requesting key 8838FD94 from 64.71.163.210 ...
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
wolfgang@wormwood:~/.gnupg$ gpg --keyserver 64.71.163.210 --recv-key 818F=
8F41
gpg: requesting key 818F8F41 from 64.71.163.210 ...
gpg: key 8838FD94: not changed
gpg: Total number processed: 1
gpg: unchanged: 1
wolfgang@wormwood:~/.gnupg$ gpg --keyserver 193.174.13.72 --recv-key 8838=
FD94
gpg: requesting key 8838FD94 from 193.174.13.72 ...
gpg: can't get key from keyserver: Connection refused
=20
So, 212.55.198.213 and 64.71.163.210 seem to have problems with this
key. But why ?
Any suggestions or RTMF/FAQ appreciated.
Bj=F8rn
BCCed to dtype@dtype.org as maintainer of the 64.71.163.210 Keyserver.=20