Revoking Old Keys... my problem

Neil Williams linux at
Fri Apr 30 17:58:43 CEST 2004

On Friday 30 April 2004 3:51, Jerry Windrel wrote:
> 4) Using the binary edtior, alter the User ID, i.e. your real name
> "John Smith <john at>" (or 1 of them, if there are many... DO
> NOT change more than one!), to say something like, "Bad Key, use
> 0x1234ABCD".  Unfortunately, you will have to be brief, as you cannot
> use more characters than were in the original User ID.  You will be
> somewhat lucky if your name is long :) If you're lucky enough to have
> more than enough room, replace the unused characters at the end with
> spaces.  Technically, there may be a way to make it longer, but that
> would require really getting into the binary format of export files.
> Don't forget to save the binary file.
> 5) Import your lobotomized binary export file.

Why would GnuPG allow a forged key to be imported? It must break the self-sig 
on the key or it could be used to add a false UID to a genuine key!

from man gpg:
                 Allow  the import and use of keys with user IDs which are not 
self-signed.  This is not recommended, as a non self-signed user ID is 
trivial to forge.  --no-allow-non-selfsigned-uid disables.

> 6) You should be able to see the new "User ID" in place of the old
> one.

I'd hope not!


Neil Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20040430/aa0a73e2/attachment.bin

More information about the Gnupg-users mailing list