struggling with potential keyid conflicts
jimh at datagrove.com
Tue Jan 27 09:01:15 CET 2004
GPG seems to handle keyid conflicts very awkwardly.
I was playing a bit with the 0xDEADBEEF id (famously conflicted keyid).
recv-keys downloads multiple keys with the same key id, but gpg only uses the "first" one (I don't know the definition of first, maybe it is date?). The only way to access the second (assume for the moment that user id's are identical, or also conflicted in a different way) seems to be to delete the one I don't want, then sign the one I do want.
But is this a reasonable way to proceed? Am I missing some part of the design idea here? I am writing documentation for GPG use for a group of organizations where it makes some sense to use keyservers to distribute keys, but the threat of forged keyid's is a concern.
More information about the Gnupg-users