Problem with GnuPG 1.2.1 generated Key (Broken Key or Keyserver Problem)

David Shaw dshaw@jabberwocky.com
Wed Feb 19 18:09:01 2003


On Wed, Feb 19, 2003 at 04:41:53PM +0100, Bjoern Buerger wrote:
> Hi, 
> I recently generated a new sign-only Key, 2048bit RSA with gpg 1.2.1
> 
> gpg (GnuPG) 1.2.1
> Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
> Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
> Hash: MD5, SHA1, RIPEMD160
> Compress: Uncompressed, ZIP, ZLIB
> 
> but after uploading this key to pgp.mit.edu, strange things happened.
> 
> - The Key ID was altered in way I don't really understand
>   (You must request 0x818F8F41 on some servers to get 0x8838FD94)
>   
> - People can sign this key, send it to the Key-server (all with the
>   "old" Key ID), but they told me they could only receive the Key 
>   from the Server via that strange new ID. On their System, the 
>   Key-ID was the old one again 8-[
> 
> I'd like to know: Is the Key invalid / broken and should be revoked, 
> or is it up to the Keyserver Network  ?

The key is fine.  The pksd keyserver on pgp.mit.edu has a known bug
that causes the keyid to appear incorrectly.  This is only cosmetic,
but it is annoying.  I submitted a fix for this bug in the latest
version of pksd (0.9.6), and I'm sure that the operators of pksd
keyservers will be upgrading at some point.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson