getting an encrypted file to show what public key was used

Robert J. Hansen rjh at
Tue May 29 17:28:36 CEST 2012

On 5/29/12 11:17 AM, Hauke Laging wrote:
> What can you see that from?

Can't, but it seems to be the most likely option.

The most likely cause of this seems to be --

	1.  His correspondent said "use certificate 0xF1940956."
	2.  He did a gpg --recv-key 0xF1940956.
	3.  Quaero Corporation already has a certificate with the
	    short ID of 0xF1940956 on the keyservers, created
	4.  He imported Quaero Corporation's certificate
	5.  He believes he's using the correct certificate for his
	    correspondent, since he's using the short ID they
	6.  He's actually using Quaero Corporation's certificate
	7.  And his correspondents can't read the traffic, since
	    he's using the wrong certificate.

I could be wrong, of course, but that's where I'd place my bets.

This goes to underline the importance of proper certificate validation.
If I have the sequence of events correct, then it could have been
avoided entirely if there had been a Step 4.5, "validate the certificate
he just received."

More information about the Gnupg-users mailing list