howto secure older keys after the recent attacks

Philippe Cerfon philcerf at
Thu Sep 10 23:43:00 CEST 2009

Hello Daniel.

On Thu, Sep 10, 2009 at 6:22 PM, Daniel Kahn Gillmor
<dkg at> wrote:
> The Key ID is a substring (either the last 8 or 16 hex chars) of the Key
> Fingerprint (which is 40 hex chars).  The Key ID is used nowhere in the
> internals of the OpenPGP specification, from what i can tell.

I think I've messed up the terms fingerprint and key ID, sorry :-(

> The fingerprint itself is used only in the designated revocation key
> [0], which is an acknowledged weakness of the cryptosystem [1].  It's
> not used anywhere else that i can tell.

Ok,.. I'm confused now.
David said,.. the community would probably have to create a new key
type or version at some point.
But this sounds more, that if I simply don't use designated revocation
keys,... I don't use SHA1 at all,.. and would be fine to simply swtich
to another algorithm.


More information about the Gnupg-users mailing list