Re: GPGTools: short introduction
Hi, thanks for explaining the project. I looked at your packes and found no reason not to include it. In particular the quick links to the license files were helpful for checking that this is indeed all about free software. I added GPGTools to the related software section and also featured it on the frontpage next to Gpg4win. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do I import an X.509 Certificate onto an OpenPGP smartcard?
On Sun, 13 Feb 2011 01:41, k...@grant-olson.net said: Firstly, can I actually import a certificate like this onto the card? Or do I simply misunderstand the specs? Yes. Secondly, is there a command somewhere in gpg/gpgsm/gpg* to do this, or is it specified and implemented on the OpenPGP card only at this point in time? There are two hidden commands in the --card-edit sub-menu: readcert 3 foo.crt and obviously: writecert 3 foo.crt Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Scute keys (was: How do I import an X.509 Certificate onto an OpenPGP smartcard?)
On Sun, 13 Feb 2011 01:41, k...@grant-olson.net said: Thirdly, the SCUTE docs start by generating a certificate request from your OpenPGP authentication key. In this scenario, are you just using the Same RSA key for both your OpenPGP and X509 certificates? Does the Yes, it is possible to create a CSR from an existing key. If you run gpgsm --gen-key you see Please select what kind of key you want: (1) RSA (2) Existing key (3) Existing key from card Your selection? 2 Enter the keygrip: With GnuPG 2.1 you may now easily use any existing key, run gpg[sm] --with-keygrip -K to get the keygrip. The keygrip is also used as the name of the file holding the key at private-keys-v1.d/. IIRC, Scute does exactly this. I have not looked at Scute for a long time thus you better check yourself. certificate imported into gpgsm just contain the public key and the CA's signature and somehow defer operations to the card? Yes, you have to run gpgsm --learn-card first so that the agent knows what public keys are stored on the card. The certificates on the cards are in general not necessary. If the card contains X.509 certificates, gpgsm --learn-card will import them for future use. Scute usually fetches the certificates via gpgsm but will also take care of the certificates stored on the card. This clearly needs more documentation. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: SSH authentication using OpenPGP 2.0 smartcard
On Thu, 27 Jan 2011 16:01, pat...@debian.org said: I've got 2 readers: OmniKey CardMan 3121 (USB device) OmniKey CardMan 4040 (PCMCIA device) All Omnikey based readers don't work with 2k keys. There is a hack in scdaemon which sometimes helps, but in general they are not supported; neither with the internal ccid driver nor by pcsc-lite. They work under Windows because the proprietary driver there is able to use an undocumented feature of the readers. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPG (MingW32) defaults to revoked key/uid
Forgive me if this is a terribly common problem/issue, but I've had a lengthy search both of this list and the web generally (as well as trawling at great length through the GPG man) and have found nothing on it. Being a recent convert to PGP/GPG I have been playing around a bit to get used to it before really deploying it in active use. I recently revoked my first key, and created another, for reasons of convenience I won't go into. By accident I rendered this second key unusable and ended up with a third, did something similar to that one and am now on a fourth (which I will hopefully treat much more sensibly!). Because of this I have three revoked keys (all have been successfully revoked) and one non- revoked key, all with at least one uid identical. Now, when I use gpg to look up a key by any part of a uid (for example when using --edit- key), it automatically selects the first-created _revoked_ key, not the sole non-revoked one. I have tried revoking and deleting specific uids from the revoked keys, but this makes no difference. Obviously this causes grave problems as maybe encrypting and signing will also default to a revoked key - though I haven't tested really yet - but at very least it's annoying as I have to do --edit-key etc for the newest, active key via the hexadecimal identifier rather than uid. Any help on sorting out this issue would be much appreciated. Using GPG 1.4.11 (MingW32), Win XP SP3. Thanks, Mark Henry. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to store the public keys in a db?
On Tue, Feb 15, 2011 at 3:33 AM, Werner Koch w...@gnupg.org wrote: I won't promise anything, though. Salam-Shalom, Werner Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Would there be a way to have gpg use a database for keys without it being a particular database? -- There's a box? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail
Okay thanks for the help though I'm still somewhat confused...I understand that they key id is the entire keypair, but then how do I found out what is just my public key, and just my secret key, the reason Im asking is that if I want to give my public key to someone, then I apparently give the entire keyid since that has my secret key too..or am I wrong on that and I can give them the entire keyid? Thanks again and have a nice day. -- View this message in context: http://old.nabble.com/Help-with-OpenPGP-plugin-in-Mozilla-Thunderbird-and-Claws-Mail-tp30913160p30930916.html Sent from the GnuPG - User mailing list archive at Nabble.com. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail
On 2/15/11 8:38 AM, AgoristTeen1994 wrote: Okay thanks for the help though I'm still somewhat confused...I understand that they key id is the entire keypair, but then how do I found out what is just my public key, and just my secret key, the reason Im asking is that if I want to give my public key to someone, then I apparently give the entire keyid since that has my secret key too..or am I wrong on that and I can give them the entire keyid? Thanks again and have a nice day. In my opinion, the easiest way is to: 1) Send your key to a keyserver like pool.sks-keyservers.net. Rest assured this only sends the public part of your key. (In Thunderbird/Enigmail you do this by going to OpenPGP - Key Management - Right clicking on your key - Upload public keys to keyservers) 2) Send a signed email to the person you want to correspond with. That person can then import the key and verify the signature. And once they have your key they can encrypt to you. If you don't want to send your keys to the keyserver, you can email them a copy of the key. (In Enigmail you do this by going to OpenPGP - Key Management - Right clicking on your key - Send public keys by email.) If you want to test everything out, there is a robot email address at adele...@gnupp.de . If you try to send that your public key, it well tell you if you did everything right or not, and suggest some next steps to continue testing. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to store the public keys in a db?
Just my idea. I tried to understand the dispatcher code and keyring.c Werner was referring to, but I would not know how to implement it. Save each chunk as a seperate relational tuple? By the way: Because of database design, even SQLite would probably be faster for reading, but not for writing. But yes, a connection to mysql/postgresql would be interesting for key servers. So, yes, please keep the interface as generic as possible. I'm very interested in it. Regards, Ben 2011/2/15 Scott Lambdin lop...@gmail.com: On Tue, Feb 15, 2011 at 3:33 AM, Werner Koch w...@gnupg.org wrote: I won't promise anything, though. Salam-Shalom, Werner Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Would there be a way to have gpg use a database for keys without it being a particular database? -- There's a box? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Default algorithm and gpgme questions
Hey, I noticed that when I use a symetric cipher, the default algorithm is CAST5 which allways gives me this warning when decrypting: gpg: WARNING: message was not integrity protected So, is there a way to change the default algorithm to AES or TWOFISH without having to specify it as a command-line option every time? I also noticed that GPGME always uses /usr/bin/gpg even though I have a later version installed at /usr/local/bin/gpg can I get GPGME to use the newer version, and if yes, how? Thanks, Hans ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Default algorithm and gpgme questions
On Tue, 15 Feb 2011 19:11:24 +0100 Hans Alves alves@gmail.com articulated: Hey, I noticed that when I use a symetric cipher, the default algorithm is CAST5 which allways gives me this warning when decrypting: gpg: WARNING: message was not integrity protected So, is there a way to change the default algorithm to AES or TWOFISH without having to specify it as a command-line option every time? I also noticed that GPGME always uses /usr/bin/gpg even though I have a later version installed at /usr/local/bin/gpg can I get GPGME to use the newer version, and if yes, how? Why can't you just link them? -- Jerry ✌ gnupg.u...@seibercom.net _ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory
Hi, Can someone help me out why i am facing this problem. OS - Unix. I have set the LD_LIBRARY_PATH=/usr/sfw/lib:/lib:/usr/lib:/usr/local/lib:/lib/64:/usr/lib/64 But when i run this command: gpg --list-keys i am getting this error: *ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory Killed* Please help me its very urgent. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Default algorithm and gpgme questions
El Tue, 15-02-2011 a las 15:15 -0500, Jerry escribió: On Tue, 15 Feb 2011 19:11:24 +0100 Hans Alves alves@gmail.com articulated: Hey, I noticed that when I use a symetric cipher, the default algorithm is CAST5 which allways gives me this warning when decrypting: gpg: WARNING: message was not integrity protected So, is there a way to change the default algorithm to AES or TWOFISH without having to specify it as a command-line option every time? I also noticed that GPGME always uses /usr/bin/gpg even though I have a later version installed at /usr/local/bin/gpg can I get GPGME to use the newer version, and if yes, how? Why can't you just link them? Yes, I should have thought of that. Thanks. Just wondering though, /usr/local/bin/gpg is the first one in the path, if I just run gpg from a terminal that one is used. So why does gpgme use the other one? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory
On 2/15/11 4:16 PM, hare krishna wrote: Can someone help me out why i am facing this problem. OS - Unix. There is no UNIX operating system. I am guessing that you're running some version of x86_64 Solaris, but am uncertain of this. We'll have a much easier time helping if you answer these questions: (a) What OS are you running? (b) Which version? (c) From where did you acquire GnuPG? (d) Where is GnuPG located? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory
This is the output of ldd /gpg/gpg1.4.9/bin/gpg libresolv.so.2 = /lib/libresolv.so.2 libz.so.1 = /usr/lib/libz.so.1 libbz2.so.1 = /usr/lib/libbz2.so.1 libsocket.so.1 = /lib/libsocket.so.1 libnsl.so.1 = /lib/libnsl.so.1 libusb.so.1 = /usr/sfw/lib/libusb.so.1 libc.so.1 = /lib/libc.so.1 libmp.so.2 = /lib/libmp.so.2 libmd.so.1 = /lib/libmd.so.1 libscf.so.1 = /lib/libscf.so.1 libdl.so.1 = /lib/libdl.so.1 libdoor.so.1 = /lib/libdoor.so.1 libuutil.so.1 = /lib/libuutil.so.1 libgen.so.1 = /lib/libgen.so.1 libm.so.2 = /lib/libm.so.2 /platform/SUNW,Sun-Fire-V490/lib/libc_psr.so.1 /platform/SUNW,Sun-Fire-V490/lib/libmd_psr.so.1 On Tue, Feb 15, 2011 at 2:14 PM, Robert J. Hansen r...@sixdemonbag.orgwrote: On 2/15/11 4:16 PM, hare krishna wrote: Can someone help me out why i am facing this problem. OS - Unix. There is no UNIX operating system. I am guessing that you're running some version of x86_64 Solaris, but am uncertain of this. We'll have a much easier time helping if you answer these questions: (a) What OS are you running? (b) Which version? (c) From where did you acquire GnuPG? (d) Where is GnuPG located? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory
(a) What OS are you running? - UNIX (b) Which version? - platform/SUNW,Sun-Fire-V490 (c) From where did you acquire GnuPG? i dont remember exactly (d) Where is GnuPG located? - /opt/app/test1/gpg/gpg1.4.9/bin/gpg On Tue, Feb 15, 2011 at 2:30 PM, Robert J. Hansen r...@sixdemonbag.orgwrote: On 2/15/11 5:25 PM, hare krishna wrote: This is the output of ldd /gpg/gpg1.4.9/bin/gpg Which does not answer any of my four questions, and does not help me solve your problem. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory
On 2/15/11 5:40 PM, hare krishna wrote: (a) What OS are you running? - UNIX Once again, there is no UNIX operating system. There are many different vendors who provide operating systems that conform to varying levels of the UNIX specifications. For instance, my Macbook Pro conforms to the UNIX specifications, but I wouldn't say my operating system is UNIX: I'd say it was Mac OS X. The reason why I'm asking is because different operating systems handle things differently. It *looks* like you're using Solaris: but so far I don't have much confirmation of this, nor do I know which version of Solaris. (c) From where did you acquire GnuPG? i dont remember exactly Then that might be your problem. Get a GnuPG package for your version of Solaris, either from the Oracle open-source download page or from Blastwave, install that, and see if it works better for you. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory
On Feb 15, 2011, at 4:16 PM, hare krishna wrote: Hi, Can someone help me out why i am facing this problem. OS - Unix. I have set the LD_LIBRARY_PATH=/usr/sfw/lib:/lib:/usr/lib:/usr/local/lib:/lib/64:/usr/lib/64 But when i run this command: gpg --list-keys i am getting this error: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory Killed That's an error from your loader. It can't run gpg, because the gpg binary is built with USB smartcard reader support via libusb, but your system doesn't have libusb available within your LD_LIBRARY_PATH. This isn't a gpg error - gpg never even got executed here. The fix is to either figure out where you have libusb and include that in your path, to get libusb, or rebuild gpg to not require libusb. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail
On Tue, Feb 15, 2011 at 05:38:47AM -0800 Also sprach AgoristTeen1994: Okay thanks for the help though I'm still somewhat confused...I understand that they key id is the entire keypair, but then how do I found out what is just my public key, and just my secret key, the reason Im asking is that if I want to give my public key to someone, then I apparently give the entire keyid since that has my secret key too..or am I wrong on that and I can give them the entire keyid? Thanks again and have a nice day. -- There is a distinction I believe you are missing; please feel free to admonish me if I am oversimplifying things, however: The Key ID is not the entire key pair; it merely represents the key pair. It is a unique name for your key pair, if you would like to think of it that way. When you give someone your Key ID, you are not literally giving them any part of your Secret or Public key--you are merely giving them a convenient way to reference it. The actual public key can be quite long, and inconvenient to read out to someone, or jot down on the back of a cocktail napkin, so we have these Key IDs to use as short-hand. If you have your public key published somewhere, such as on a key server, the Key ID is a way for other people to unambiguously look up the full key. If you have more than one key pair (e.g. one for personal use, and one for work), the Key ID of each key pair (which will be unique to each) is a way to tell them apart on such a key server, or within your own keychain. Note, however, that only giving someone your Key ID does not help them to encrypt messages to you, or verify your signature, if they do not have someplace to access the actual key (like a public key server). It just helps them look up your individual key if it is in such a place. Generally speaking, good OpenPGP implementations (like GnuPG) will require that you explicitly state you want to export your _Secret_ key before they will ever spit it out (e.g. gpg --export-secret-keys is pretty obvious). Under all other circumstances, when you issue a command to export a key, it will release only the public part of the key pair. Hope this helps, Kevin -- Le hasard favorise l'esprit préparé. --Louis Pasteur signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: on possible ambiguity in Key IDs [was: Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail]
On 2/15/11 11:35 PM, Daniel Kahn Gillmor wrote: Long-form keyIDs (of the form 0xDECAFBADDEADBEEF) are significantly harder to spoof, but easily within reach of a well-funded organization. IIRC, Jon Callas says an accidental long-ID collision has occurred. I don't recall the details. Still, the point is that collisions don't just happen by deliberate attack. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory
Thanks david.. it got worked.. gr8 On Tue, Feb 15, 2011 at 9:02 PM, David Shaw ds...@jabberwocky.com wrote: On Feb 15, 2011, at 11:25 PM, Jason Harris wrote: On Tue, Feb 15, 2011 at 05:50:11PM -0500, David Shaw wrote: I have set the LD_LIBRARY_PATH=/usr/sfw/lib:/lib:/usr/lib:/usr/local/lib:/lib/64:/usr/lib/64 But when i run this command: gpg --list-keys i am getting this error: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory Killed That's an error from your loader. It can't run gpg, because the gpg binary is built with USB smartcard reader support via libusb, but your system doesn't have libusb available within your LD_LIBRARY_PATH. This isn't a gpg error - gpg never even got executed here. The fix is to either figure out where you have libusb and include that in your path, to get libusb, or rebuild gpg to not require libusb. Geez, doesn't anybody READ anymore?! Even _I_ just managed to read: [ldd output quoted to whatever level] libusb.so.1 = /usr/sfw/lib/libusb.so.1 So, it is in the LD_LIBRARY_PATH quoted above, and therefore IT IS ON THE SYSTEM, right? In future I will always ensure to use my time machine when replying, since clearly people replying to a message from 4:26 should know the information revealed in a completely different message from one hour later at 5:25. Really, it's just a shame we don't all have your amazing skills for reading messages that haven't been sent yet. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory
On Tue, Feb 15, 2011 at 05:50:11PM -0500, David Shaw wrote: I have set the LD_LIBRARY_PATH=/usr/sfw/lib:/lib:/usr/lib:/usr/local/lib:/lib/64:/usr/lib/64 But when i run this command: gpg --list-keys i am getting this error: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory Killed That's an error from your loader. It can't run gpg, because the gpg binary is built with USB smartcard reader support via libusb, but your system doesn't have libusb available within your LD_LIBRARY_PATH. This isn't a gpg error - gpg never even got executed here. The fix is to either figure out where you have libusb and include that in your path, to get libusb, or rebuild gpg to not require libusb. Geez, doesn't anybody READ anymore?! Even _I_ just managed to read: [ldd output quoted to whatever level] libusb.so.1 = /usr/sfw/lib/libusb.so.1 So, it is in the LD_LIBRARY_PATH quoted above, and therefore IT IS ON THE SYSTEM, right? If I were to guess, LD_LIBRARY_PATH is being ignored/reset... -- Jason Harris | PGP: This _is_ PGP-signed, isn't it? jhar...@widomaker.com _|_ Got photons? (TM), (C) 2004 pgp3I91RiXIEp.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory
On 2/15/11 11:25 PM, Jason Harris wrote: Geez, doesn't anybody READ anymore?! Even _I_ just managed to read: Some of us read quite well: others less so. David was responding to the information he had available. The message you're quoting was sent *after* David sent his. So, it is in the LD_LIBRARY_PATH quoted above, and therefore IT IS ON THE SYSTEM, right? When a system isn't working, it pays to be very cautious about making assumptions about what's broken and what's working. There's a big difference between saying it might be this, and here's a test we can do to see if it is, and saying IT IS ON THE SYSTEM! -- unless you've done more checking, you really shouldn't say it this confidently. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: on possible ambiguity in Key IDs [was: Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail]
On Feb 15, 2011, at 11:44 PM, Robert J. Hansen wrote: On 2/15/11 11:35 PM, Daniel Kahn Gillmor wrote: Long-form keyIDs (of the form 0xDECAFBADDEADBEEF) are significantly harder to spoof, but easily within reach of a well-funded organization. IIRC, Jon Callas says an accidental long-ID collision has occurred. I don't recall the details. Still, the point is that collisions don't just happen by deliberate attack. One of the engineers working on PGP had generated a key and the keyserver had rejected it as non-unique. Unfortunately, the engineer chucked the key and made a new one... http://www.mailinglistarchive.com/html/ietf-open...@imc.org/2011-01/msg00027.html David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: on possible ambiguity in Key IDs [was: Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail]
On Feb 15, 2011, at 11:35 PM, Daniel Kahn Gillmor wrote: On 02/15/2011 09:22 PM, lists.gn...@mephisto.fastmail.net wrote: If you have your public key published somewhere, such as on a key server, the Key ID is a way for other people to unambiguously look up the full key. You're quite correct that the key ID provides a handle that references the actual public key, and is not the public key itself. However, the key ID is not guaranteed to be unique. In fact, short key IDs (of the form 0xDEADBEEF) are trivial to find collisions for -- there just aren't enough of them, so the search space is small enough to exhaust with very commonplace hardware. Here's a fun example: https://webtru.st/pks/lookup?search=0x001FA1ADop=vindex Compare his last name to his key ID :) Way back when, there was actually a tool (Abattoir) that you could give a chosen (short) key ID to and it would just generate keys over and over until it hit it. Given the improvements in CPU speed since then, this should be even easier now. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
