On Thursday 30 July 2015 08:04:28 Viktor Dick wrote: > Now that I think about it - if I search for the original author of the > c't article (j...@ct.de), who complained about getting mails that were > encrypted to some fake key, I would assume that the keys 38EA4970 and > E1374764 are both genuine, because they both have not only selfsigs. > BTW, they are both signed by different keys with the UID > 'pg...@ct.heise.de', so they already have a similar service in place - > of course I had to do a websearch to find if these keys are genuine, > which should probably be easier. I guess ideally the UID would contain a > weblink to a page that has the fingerprint and describes the service > shortly.
I'm sorry to tell you that you have fallen into the trap. There is only one genuine pg...@ct.heise.de key the fingerprint of which is printed in each issue of the c't magazine. The other one is a fake. And the fact that the fake key with the author's email address is signed by different keys only means that a lot of people have signed this fake key without following the proper procedure of key validation (or that the trolls created even more fake keys to sign the author's fake key to make it look more credible). Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
