Adding new UID problems.
Jason Harris
jharris@widomaker.com
Wed Jun 4 20:36:02 2003
--J2SCkAp4GZ/dPZZf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Jun 04, 2003 at 05:38:40PM +0100, Stewart V. Wright wrote:
> I'm still having problems.
=20
> gpg: key B3334559: invalid subkey binding
=20
> I tried resubmitting my key to hkp://keyserver.kjsl.com and then
> getting it again still the same problems.
> Looking at the output on one of the web interfaces I've noticed the
> following binding on my sub keys...
>=20
> sub 1024/246383E6 2003-05-14 =20
> sig sbind B3334559 2003-05-14 __________ 2005-05-13 []
> =20
> sub 1024/35DB7472 2003-05-14 =20
> sig sbind B3334559 2003-05-14 __________ 2005-05-13 []
> sig sbind B3334559 2003-05-14 __________ 2005-05-13 []
> =20
> sub 2048/A11D9315 2003-05-14 =20
> sig sbind B3334559 2003-05-14 __________ 2005-05-13 []
> sig sbind B3334559 2003-05-14 __________ 2005-05-13 []
Looking at _my_ output:
sub 2048g/A11D9315 2003-05-14
Key fingerprint =3D 7721 26B8 CC7F C9B6 4F59 D937 F91F 8F9A A11D 9315
sig 0x18 B3334559 2003-05-14 [keybind, hash: type 2, 1c 8d]
sig 0x18 B3334559 2003-05-14 [keybind, hash: type 2, 4b 82]
sub 1024D/246383E6 2003-05-14
Key fingerprint =3D 6E87 53CF 85CE E16B 2AD1 401A 5596 D843 2463 83E6=
=20
sig 0x18 B3334559 2003-05-14 [keybind, hash: type 2, 1c 8d]
sub 1024D/35DB7472 2003-05-14
Key fingerprint =3D 9DEC 2F72 259C 59DA 6ACA 6C7E 681A 9FCD 35DB 7472
sig 0x18 B3334559 2003-05-14 [keybind, hash: type 2, a1 f8]
sig 0x18 B3334559 2003-05-14 [keybind, hash: type 2, 4b 82]
the "1c 8d" packet appears twice and the "4b 82" packet appears twice.
The "a1 f8" packet appears only once.
After importing your key, I get all three subkeys:
sub 2048g/A11D9315 2003-05-14 [expires: 2005-05-13]
sig! B3334559 2003-05-14 Stewart V. Wright <svwright@liv.ac.uk>
sub 1024D/246383E6 2003-05-14 [expires: 2005-05-13]
sig! B3334559 2003-05-14 Stewart V. Wright <svwright@liv.ac.uk>
sub 1024D/35DB7472 2003-05-14 [expires: 2005-05-13]
sig! B3334559 2003-05-14 Stewart V. Wright <svwright@liv.ac.uk>
Feeding that into my private keyserver yields:
sub 2048g/A11D9315 2003-05-14=20
sig 0x18 B3334559 2003-05-14 [keybind, hash: type 2, 4b 82]
sub 1024D/246383E6 2003-05-14=20
sig 0x18 B3334559 2003-05-14 [keybind, hash: type 2, 1c 8d]
sub 1024D/35DB7472 2003-05-14=20
sig 0x18 B3334559 2003-05-14 [keybind, hash: type 2, a1 f8]
Sending that back to keyserver.kjsl.com yields no change. That is because
each subkey on your key has a valid signature. However, some signatures
have also apparently been "mixed" onto the wrong subkeys.
Dearmoring the key into a "keyring" without importing it yields:
sub 2048g/A11D9315 2003-05-14 [expires: 2005-05-13]
sig- B3334559 2003-05-14 Stewart V. Wright <svwright@liv.ac.uk>
sig! B3334559 2003-05-14 Stewart V. Wright <svwright@liv.ac.uk>
sub 1024D/246383E6 2003-05-14 [expires: 2005-05-13]
sig! B3334559 2003-05-14 Stewart V. Wright <svwright@liv.ac.uk>
sub 1024D/35DB7472 2003-05-14 [expires: 2005-05-13]
sig! B3334559 2003-05-14 Stewart V. Wright <svwright@liv.ac.uk>
sig- B3334559 2003-05-14 Stewart V. Wright <svwright@liv.ac.uk>
So, while there are indeed invalid subkey bindings, they are not
harming your key. An attacker could upload invalid subkey bindings
and cause the same confusion, but they couldn't invalidate your subkeys.
--=20
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris@widomaker.com | web: http://jharris.cjb.net/
--J2SCkAp4GZ/dPZZf
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE+3jwuSypIl9OdoOMRAi9SAJwMm/pY0I/x9JcRy9UOIkH6+Yp71ACeKISO
A0Ys2Xlb/bRL4CQZ9fgVIhk=
=U5yr
-----END PGP SIGNATURE-----
--J2SCkAp4GZ/dPZZf--