Ubuntu
gnupg package

only the last eight chars of the key id are used

Bug #52451 reported by Tobias G. Pfeiffer
4
Affects Status Importance Assigned to Milestone
gnupg (Ubuntu)
Invalid
Medium
Unassigned

Bug Description

Binary package hint: kgpg

Hi!

Short description of the problem: There exists a person at the other end of the world whose key id has the same last eight chars as mine (8ABCAEF5). Now when I ask kgpg to reload all keys from the keyserver, this person's key is imported and then the trouble begins. Kgpg seems to give no respect to anything but the last eight chars of the key id, so I get shown that I own this person's private key and I get shown that this person owns my user ids and so on.
I think it would be a good thing if kgpg used (at least internally) all 16 chars of the key id, so there would be no confusion any more.

Bye
Tobias

Revision history for this message
Rastloser (rastloser) wrote :

How does gpg handle this?

Revision history for this message
Jérôme Guelfucci (jerome-guelfucci-deactivatedaccount) wrote :

Thank you for your bug report. Do you still have this issue with the latest release of Ubuntu ?

Changed in kdeutils:
importance: Undecided → Medium
status: Unconfirmed → Needs Info
Revision history for this message
Jérôme Guelfucci (jerome-guelfucci-deactivatedaccount) wrote :

Any news on this ?

Revision history for this message
Tobias G. Pfeiffer (tgpfeiffer) wrote : Re: [Bug 52451] Re: only the last eight chars of the key id are used

Hi!

Am Sonntag, 24. Juni 2007, 19:46 schrieb Jérôme Guelfucci:
> Any news on this ?

Both kgpg 1.2.2 and gpg 2.0.4 (with --refresh-key myname) still get that other
person's key from the keyserver. However, even when I provide the full 16
characters to gpg --refresh-key, I get two keys. It *might* be this is a
problem in the keyserver implementation.

Bye
Tobias

Revision history for this message
Jérôme Guelfucci (jerome-guelfucci-deactivatedaccount) wrote :

Ok thank you, I'm leaving this as new until we have more information.

Changed in kdeutils:
status: Incomplete → New
Revision history for this message
Rich Johnson (nixternal) wrote :

This sounds more like a gnupg issue than it does a KGPG issue. KGPG is nothing more than a fancy frontend for the gnupg application. With that said, is this problem still occurring? I don't think I have ever heard of anyone having this issue or experiencing anything like it. For some reason I was told that this type of incident wasn't possible at a recent security event, interesting :) thanks!

Changed in kdeutils:
status: New → Incomplete
Revision history for this message
Jonathan Thomas (echidnaman) wrote :

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

Changed in gnupg:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.