keyids in signatures getting corrupted, GPG and/or Debian problem?

Jason Harris jharris at widomaker.com
Wed Mar 31 03:24:00 CEST 2004


I've just noticed some signatures with their keyids changed to
0x0910 in the last two bytes.  Both keys I've noticed this on
so far have been submitted directly to kjsl from different
machines/users, and I believe both users use GPG. The "mangled"
keyids were logged upon reception, which I believe rules out HD
problems with keyserver.kjsl.com, and the recurring 0x0910 pattern
in the same spot feels like more than just a coincidence.

[checks for more anomalies]
Looking for "0910" in my logs, this pattern appears quite
popular on Debian (maintainer) keys, and some keys have
been submitted from other keyservers (including directly
from SKS) as well.

One example is 0xBDBFE83, which came into kjsl via HKP, and
two others are 0xE0442D74 and 0x1CDB0FE3, which came via email
from SKS servers.  The first key I noticed came in via HKP and
the bogus subkey binding signature was hard to miss:  0x12F506C8.

[checks more logs]
Actually, I see this as far back as 2003-10-17 on 0x6A765865
and 0xACDEB0B3, which came in via HKP from auric.debian.org.


NB:  Please followup to at least the gnupg-devel list.  Thanks.

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20040330/5ae6feeb/attachment.bin


More information about the Gnupg-devel mailing list