Question about fingerprints and keys uploaded to keyservers
David Shaw
dshaw at jabberwocky.com
Sat Feb 21 14:52:01 CET 2004
On Sat, Feb 21, 2004 at 02:34:32PM -0500, gabriel rosenkoetter wrote:
> On Sat, Feb 21, 2004 at 01:15:32PM -0600, Newton Hammet wrote:
> > 785F DFF3 7029 3FBD 45CE 747C 93CA E808 136F C036
>
> I'm not sure you're reading the right fingerprint:
>
> uriel:~% gpg --recv-key 136FC036
> gpg: requesting key 136FC036 from subkeys.pgp.net
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0
>
> > But www.keyserver.net reports the following finger print:
> >
> > BAC5 85A2 3322 71A9 E817 D2B4 CF2E B411 7E07
>
> Something's very wrong here. That's 32 bytes too short for a
> fingerprint. Are you sure you reproduced it correctly?
> > My guess is that the fingerprint constructed by the keyserver uses
> > a different algorithm than the one used by gnupg-1.2.4, or it
> > takes its fingerprint from something different than does gnupg-1.2.4
>
> Probably not. You said "here's an RSA key in OpenPGP format", if the
> keyserver were using "a different algorithm" than something would be
> horribly broken about and we'd have noticed that by now.
We did. keyserver.net is, in fact, horribly broken in many ways (this
particular problem is just the tip of the iceberg). It's never worked
properly. I mailed them about fixing it a few years ago, but all the
mail disappeared into a black hole, so I gave up.
What happens here, if you're curious, is that the broken software on
keyserver.net sees "V4 RSA" and calculates the fingerprint for "V3
RSA". That's why it's 32 bits short (and wrong).
As always, the answer is subkeys.pgp.net. It Just Works(tm).
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 330 bytes
Desc: not available
Url : /pipermail/attachments/20040221/e50a3bf9/attachment.bin
More information about the Gnupg-users
mailing list