Bogus Key on Keyservers

Neil Williams linux at
Thu Oct 13 22:12:11 CEST 2005

On Thursday 13 October 2005 7:26 pm, Tad Marko wrote:
> If someone creates a key that LOOKS like I created it (my name and
> email address) and uploads it to the keyservers, how can I either get
> rid of it

You can't. You need to rely on the fingerprint - that is the only unique 
identifier for any key.

It's quite unlikely that they would generate a key with the same userid and 
the same short key ID (8 characters) and most email clients now will display 
the 16 character ID which makes it even less likely. There are duplicates out 
there of the last 8 characters (0xDEADBEEF is the most common) but not of the 
longer 16 character ID.

(short keyID is the last 8 characters of the fingerprint, longer the last 16 

> or somehow flag my own key in such a way that it is clear 
> which is the real one?

Any change you make to your key could be mirrored by whoever created the other 
key. Use the fingerprint, that's what it is for.


Neil Williams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20051013/f9da24fe/attachment.pgp

More information about the Gnupg-users mailing list