Revoking Old Keys... my problem
Neil Williams
linux at codehelp.co.uk
Fri Apr 30 17:58:43 CEST 2004
On Friday 30 April 2004 3:51, Jerry Windrel wrote:
> 4) Using the binary edtior, alter the User ID, i.e. your real name
> "John Smith <john at smith.org>" (or 1 of them, if there are many... DO
> NOT change more than one!), to say something like, "Bad Key, use
> 0x1234ABCD". Unfortunately, you will have to be brief, as you cannot
> use more characters than were in the original User ID. You will be
> somewhat lucky if your name is long :) If you're lucky enough to have
> more than enough room, replace the unused characters at the end with
> spaces. Technically, there may be a way to make it longer, but that
> would require really getting into the binary format of export files.
> Don't forget to save the binary file.
> 5) Import your lobotomized binary export file.
Why would GnuPG allow a forged key to be imported? It must break the self-sig
on the key or it could be used to add a false UID to a genuine key!
from man gpg:
--allow-non-selfsigned-uid
--no-allow-non-selfsigned-uid
Allow the import and use of keys with user IDs which are not
self-signed. This is not recommended, as a non self-signed user ID is
trivial to forge. --no-allow-non-selfsigned-uid disables.
> 6) You should be able to see the new "User ID" in place of the old
> one.
I'd hope not!
--
Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/
http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20040430/aa0a73e2/attachment.bin
More information about the Gnupg-users
mailing list