dshaw at jabberwocky.com
Sat Feb 7 20:37:05 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, Feb 08, 2004 at 12:03:44AM +0000, Nick Boalch wrote:
> I'm trying to work with a correspondent's key (apparently generated by the
> CryptoEx package) but it seems... weird.
> It's on the keyservers under the ID 3A546EC2, but the ID actually appears to
> be 7EDB7A47. However, the UIDs on that key are signed with 3A546EC2, a key
> that apparently doesn't exist. In short, I'm confused. ;-)
> I don't really know enough about the structure of keys to understand exactly
> what's going on here, so I'd appreciate any explanation?
Something is fairly broken here, and I'm not quite sure what yet. The
key is pretty certainly 7EDB7A47, but for some reason the keyserver
indexed it as 3A546EC2. It seems possible, or even likely that the
keyid was 3A546EC2 at one point as the three self-sigs and the subkey
binding sig are from 3A546EC2.
All in all, I'm guessing corruption of the key, which can pretty
easily change the keyid to something else. It could be a bug in
CryptoEx, but I'd think a bug that changes keyids would have been
noticed before now. What does your correspondent say his keyid is?
None of this explains how the keyservers managed to index it correctly
as 3A546EC2, but serve up a key that hashes to 7EDB7A47. I've cc'd
one of the keyserver development lists. Yaron, any ideas?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.5-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
-----END PGP SIGNATURE-----
More information about the Gnupg-users