Why do I receive keys I wouldn't expect

Andy Bennett andyjpb at ashurst.eu.org
Sun Oct 16 16:30:50 CEST 2011


> My question now is: Why is the key for "me at inetz.com" imported? My
> key has only been signed by me and has no other user IDs than mine.
> The output from
> http://pool.sks-keyservers.net:11371/pks/lookup?op=vindex&fingerprint=on&search=0xB073838BD870A352
> shows this.

It looks like the public key E66B2314 has a sub key, D870A352, with the
same ID as yours.

Naturally, the actual fingerprints are different which is why it's
always important to verify the entire fingerprint when signing.

It's entirely possible for two keys to end up with the same ID due to
the stochastic nature of their generation.

$ gpg --keyserver sks-keyservers.net --recv-keys D870A352
gpg: requesting key D870A352 from hkp server sks-keyservers.net
gpg: key D870A352: "Martin Jachs (Regular email address)
<m.jachs at gmx.net>" not changed
gpg: key E66B2314: "Forest Jordan <me at inetz.com>" not changed
gpg: Total number processed: 2
gpg:              unchanged: 2

$ gpg -k D870A352
pub   4096R/D870A352 2011-09-19 [expires: 2013-09-19]
      Key fingerprint = F389 AC69 1DE4 B9EA D3AD  E63D B073 838B D870 A352
uid                  Martin Jachs (Regular email address) <m.jachs at gmx.net>
sub   4096R/610E7AE1 2011-09-19

pub   1024D/E66B2314 1997-10-09
      Key fingerprint = 667B 363B AB7A FDC5 79FA  8AF4 7B99 4420 E66B 2314
uid                  Forest Jordan <me at inetz.com>
sub   2048g/D870A352 1997-10-09


andyjpb at ashurst.eu.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20111016/bc7180ee/attachment.pgp>

More information about the Gnupg-users mailing list