[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild

On Wed, 10 Aug 2016 10:26:09 +0000, Holger Levsen wrote:

> Hi Samuel,
> 
> On Wed, Aug 10, 2016 at 12:47:43AM +0200, Samuel Thibault wrote:
>> As a late follow-up of the gpg key collision thread from debian-private
>> (but posted on debian-devel, there is nothing private here, I prefer to
>> see this information publicized actually):
>> 
>> € gpg --search-key samuel.thibault@gnu.org
>> ...
>> (1) Samuel Thibault <samuel.thibault@gnu.org>
>> 4096 bit RSA key 7D069EE6, created: 2014-06-16
>> (2) Samuel Thibault <samuel.thibault@gnu.org>
>> 4096 bit RSA key 7D069EE6, created: 2010-09-14
>> 
>> So somebody *does* try to fake my gpg key too...
>> 
>> For the reminder,
>> https://gwolf.org/node/4070
> 
> I'm somewhat surprised by this mail… or rather by you appearantly
> knowing about the issue but still you seem to not have acted as advised,
> so let me repeat: everybody, please put "keyid-format long" into your
> ~/.gnupg/gpg.conf!
> 
> then, the output will look like this:
> 
> $ grep keyid-format .gnupg/gpg.conf 
> keyid-format long
> $ gpg --search-key samuel.thibault@gnu.org
> ...
> (1)     Samuel Thibault <samuel.thibault@gnu.org>
>           4096 bit RSA key E2992EA47D069EE6, created: 2014-06-16
> (2)     Samuel Thibault <sthibault@debian.org>
>         Samuel Thibault <samuel.thibault@gnu.org>
>         Samuel Thibault <samuel.thibault@inria.fr>
>         Samuel Thibault <samuel.thibault@labri.fr>
>         Samuel Thibault <samuel.thibault@ens-lyon.org>
>           4096 bit RSA key D0178C767D069EE6, created: 2010-09-14
> 
> 
> voila.

FYI, --search-key looks like this by default in 2.1. And when listing 
keys and in other operations, the output is even more verbose:

$ gpg2 -k sam@robots
pub   rsa4096 2014-04-08 [SC] [expires: 2019-04-07]
      CAAAAA1ACA69A83A892B1855D20B42025CDA27B9
uid           [ultimate] Sam Morris <sam@robots.org.uk>
sub   rsa4096 2014-04-08 [E] [expires: 2019-04-07]

pub   dsa1024 2003-12-01 [SC] [expired: 2014-11-21]
      3412EA181277354B991BC869B2197FDB5EA01078
uid           [ expired] Sam Morris <sam@robots.org.uk>

IMO this should be made consistent and the full fingerprint should be 
used for --search-key as it is with other operations, by default.

-- 
Sam Morris
https://robots.org.uk/
 
PGP: rsa4096/5CDA27B9
CAAA AA1A CA69 A83A 892B  1855 D20B 4202 5CDA 27B9
Reply to: