Vandalizing keyserver UID's
David Stults
gnupg-users at 3bdr.com
Fri Apr 25 05:52:12 CEST 2008
Greetings,
This evening I've been working on stamping old public keys (long
since lost the secret key) with a bogus UID to inspire people to
avoid trying to use them. I'm curious as to how I can tell the UID
is fake. For example, here is the GPG output of --list-keys for one
of the keys I branded:
pub 1024D/DF71515D 2000-02-21
uid David Stults <dstults at integratelecom.com>
sig DF71515D 2000-02-21 David Stults <dstults at integratelecom.com>
uid DO NOT USE THIS KEY!
sig DF71515D 2000-02-21 David Stults <dstults at integratelecom.com>
sub 2048g/78B9A888 2000-02-21
sig DF71515D 2000-02-21 David Stults <dstults at integratelecom.com>
That seems to imply that even the bogus UID (the second one, as you
may have guessed ;-)) is in fact signed.
The keyserver displays it differently, but seems to make the same
assertion:
uid DO NOT USE THIS KEY!
sig sig DF71515D 2000-02-21 __________ __________ [selfsig]
uid David Stults <dstults at integratelecom.com>
sig sig DF71515D 2000-02-21 __________ __________ [selfsig]
sub 2048g/78B9A888 2000-02-21
sig sbind DF71515D 2000-02-21 __________ __________ []
Forgive me I've just been obtuse. It isn't making sense to me, and
I'd like it to. I want to be able to look at a public key and
determine if any bogus UID's have been added to it. The only thing
I've noticed is that my newer keys say "sig 3", while the older ones
don't have a certification level given.
Thanks!
Dave
---
David Stults
PGP Key 0x97715d12
http://subkeys.pgp.net:11371/pks/lookup?op=get&search=0x97715D12
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080424/71a6ed54/attachment-0001.htm>
More information about the Gnupg-users
mailing list