Question about fingerprints and keys uploaded to keyservers

David Shaw dshaw at jabberwocky.com
Sat Feb 21 23:49:27 CET 2004


On Sat, Feb 21, 2004 at 10:28:09PM -0600, Newton Hammet wrote:
> 
> Hello everyone again and thanks to gabriel, David and others who
> responded.  I think for me the mystery might be solved.
> 
> keyserver.net appears "broken", at least with respect to fingerprint.
> 
> subkeys.pgp.net appears to be OK, with respect to fingerprint in that
> the fingerprint it reports for my new key is identical to the finger
> print that gpg-1.2.4 reports. (actually I have compiled gpg-1.2.4 from
> source and have made a single change, allowing for a maximum RSA key
> size of up to 8192 bits... a very simple coding change).
> 
> But it appears you can download my public key from keyserver.net and
> that key works just fine too, since someone used my key downloaded from
> that keyserver to send me an encrypted email.

Yes.  Back in the day when nearly all keyservers had this bug, I
actually added a little feature to GnuPG to help deal with it.  The
code is still in there, so if you want, add
   keyserver-options refresh-add-fake-v3-keyids
to your gpg.conf file.

Then, when you do a --refresh-keys, it tries both the real and bogus
keyids.

I wonder if the fact that PKS and the keyserver.net server have
several identical bugs says something about the genealogy of
keyserver.net.  PKS has been somewhat fixed at this point, but
keyserver.net hasn't.  I think(?) the PKS licence allows for this, but
it's interesting anyway.

David



More information about the Gnupg-users mailing list