Size of main key...

Peter Lebbing peter at digitalbrains.com
Mon Feb 24 13:32:34 CET 2014


On 23/02/14 23:09, arne renkema-padmos wrote:
> While what you say is true, what you can do is create a key that has an
> equal keyID to your previous one.

However, if I see two keys:
0xCFAF704C Laurent Jumet
	created 2000-03-24
0xCFAF704C Laurent Jumet
	created 2014-02-24

Where the short ID and the UID matches but obviously the fingerprint does not,
I'm going to be mightily suspicious and think twice before signing either of
those. It looks like an attempt to subvert people into signing an attacker's key
(although the attacker seems to have forgotten to spoof the creation date :).
So you might not do yourself a service by creating this "convenient" key that
matches your old one.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list