Problem with GnuPG 1.2.1 generated Key (Broken Key or Keyserver Problem)
David Shaw
dshaw@jabberwocky.com
Wed Feb 19 18:09:01 2003
On Wed, Feb 19, 2003 at 04:41:53PM +0100, Bjoern Buerger wrote:
> Hi,
> I recently generated a new sign-only Key, 2048bit RSA with gpg 1.2.1
>
> gpg (GnuPG) 1.2.1
> Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
> Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
> Hash: MD5, SHA1, RIPEMD160
> Compress: Uncompressed, ZIP, ZLIB
>
> but after uploading this key to pgp.mit.edu, strange things happened.
>
> - The Key ID was altered in way I don't really understand
> (You must request 0x818F8F41 on some servers to get 0x8838FD94)
>
> - People can sign this key, send it to the Key-server (all with the
> "old" Key ID), but they told me they could only receive the Key
> from the Server via that strange new ID. On their System, the
> Key-ID was the old one again 8-[
>
> I'd like to know: Is the Key invalid / broken and should be revoked,
> or is it up to the Keyserver Network ?
The key is fine. The pksd keyserver on pgp.mit.edu has a known bug
that causes the keyid to appear incorrectly. This is only cosmetic,
but it is annoying. I submitted a fix for this bug in the latest
version of pksd (0.9.6), and I'm sure that the operators of pksd
keyservers will be upgrading at some point.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson