struggling with potential keyid conflicts

[David Shaw]

On Tue, Jan 27, 2004 at 09:01:15AM -0500, Jim Hurd wrote:

> But is this a reasonable way to proceed? Am I missing some part of
> the design idea here? I am writing documentation for GPG use for a
> group of organizations where it makes some sense to use keyservers
> to distribute keys, but the threat of forged keyid's is a concern.

The part you are missing is that key IDs are not 32 bits long - they
are 64 bits long.  GnuPG displays only the 8 character (32 bit) key ID
for convenience, but internally it uses all 64 bits.  If you happen to
have a 32 bit collision, use the full 64 bits.

$ gpg --list-keys 0xdeadbeef
pub   1024D/DEADBEEF 2001-01-21 Preston Wilson <pres at palmjunkie.com>
uid                             Imad R. Faiad
sub   2048g/27D72110 2001-06-24
 
pub   2048R/DEADBEEF 1999-08-03 Imad R. Faiad
 
pub   1024R/DEADBEEF 1995-09-28 Prime Rib Lovers

Three keys with the same keyids?  Nope:

$ gpg --list-keys 0xF87A2B53DEADBEEF
pub   1024D/F87A2B53DEADBEEF 2001-01-21
uid                          Preston Wilson <pres at palmjunkie.com>
uid                          Imad R. Faiad
sub   2048g/A9452D5227D72110 2001-06-24

$ gpg --list-keys 0xA2061199DEADBEEF
pub   2048R/A2061199DEADBEEF 1999-08-03
uid                          Imad R. Faiad

$ gpg --list-keys 0xA69AB99CDEADBEEF 
pub   1024R/A69AB99CDEADBEEF 1995-09-28
uid                          Prime Rib Lovers

It is "difficult" (i.e. nearly impossible) to create a 64-bit keyid
collision with OpenPGP keys.  If the impossible happens, and there is
a 64-bit keyid collision, use the whole fingerprint:

gpg --list-keys 0x5BD18B6A42B9247EF79214B7F87A2B53DEADBEEF

Note that all this applies to OpenPGP (v4) keys.  The old PGP 2.x (v3)
keys have trivially forgeable keyids and fingerprints.  There is no
way to really secure against that, as it is inherent in the key
format.  Don't use them.

David