Key strangeness

[David Shaw]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Feb 08, 2004 at 12:03:44AM +0000, Nick Boalch wrote:

> I'm trying to work with a correspondent's key (apparently generated by the
> CryptoEx package) but it seems... weird.
> 
> It's on the keyservers under the ID 3A546EC2, but the ID actually appears to
> be 7EDB7A47. However, the UIDs on that key are signed with 3A546EC2, a key
> that apparently doesn't exist. In short, I'm confused. ;-)
> 
> I don't really know enough about the structure of keys to understand exactly
> what's going on here, so I'd appreciate any explanation?

Something is fairly broken here, and I'm not quite sure what yet.  The
key is pretty certainly 7EDB7A47, but for some reason the keyserver
indexed it as 3A546EC2.  It seems possible, or even likely that the
keyid was 3A546EC2 at one point as the three self-sigs and the subkey
binding sig are from 3A546EC2.

All in all, I'm guessing corruption of the key, which can pretty
easily change the keyid to something else.  It could be a bug in
CryptoEx, but I'd think a bug that changes keyids would have been
noticed before now.  What does your correspondent say his keyid is?

None of this explains how the keyservers managed to index it correctly
as 3A546EC2, but serve up a key that hashes to 7EDB7A47.  I've cc'd
one of the keyserver development lists.  Yaron, any ideas?

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.5-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iHEEARECADEFAkAlksAqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk
L2tleXMuYXNjAAoJEOJmXIdJ4cvJQCMAn0j46jZVjDZAm7aqTUDcL1kkCZgyAKDX
Zy0EHT9xm7MewJKE58khhQlHBA==
=7RF1
-----END PGP SIGNATURE-----