ietf-openpgp
[Top] [All Lists]

[openpgp] OpenPGPv4 long keyid collision test cases?

2013-12-13 11:13:15
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


I recently needed a pair of OpenPGPv4 keys that collided on long key id. So far 
as I could tell, there aren't any test-cases around. (Maybe I'm missing 
something somewhere?)


In any event, I thought that developers of OpenPGPv4-implementing software 
might find these useful as test-cases for correct behavior in the presence of 
64-bit key id collisions. (It's not clear to me, for example, that GnuPG's 
current behavior is correct, or its output particularly useful when faced with 
such a collision.)


(These have valid self-certifications of a UID, and so should be importable 
even by GnuPG.)




Fingerprint: 9E669861368BCA0BE42DAF7D *DDA252EBB8EBE1AF*


- -----BEGIN PGP PUBLIC KEY BLOCK-----


mQINBFJtd/UBEACpw/psXoGNM8RHczviD7FnGdjMQPEJQ+nuWQ2AEGYouulg5hFv
0ChuSQVLiqQht2k5K2liyW1MeXoJ8tr9nSn/Zi9nttc0Wo6K7pvrDD40r2HNg305
qLCzItr5st3x8cq2cIXvN4LOm2rqpBLZ/sqMmNiW2Y7/aAQqV1xtR35joHqamWHD
UPOmzBMs07YSUjXgC1EMx8kWQSV6cuARj93kxWj8R6eoYHHfrWCEGR313wov6QST
zIfVU7FqQqOmdLW3LaPHxcrI/TjsnkUN99qdlpjJH/YW925LDPJHAkliqPP5AvhU
F9KbY2F8mcIZBCDd8TH+xXynuN3BbIU4kCwVbdx/tcpO1npuJcKB1Go/udyow/Ei
Z3nHzJsCVkezvopek77wnwPaP0nAb7f4iIY3gJCoGirOx6N075TgF6MBe00q9oFE
y4rvnUnU9/QzOOes95eUMhM+9eK1cuLFEV5t47DfxRdq+fQip3FJ2l6v19sZvQ0G
j06pjYqg0of273rG8oXcDrFjb1Zqhj8x1mLl6u7d/ide5wTm9HylBWcYKQjIJJAi
WIScxEPIOINDJKgsKTuKtoyNvISJ3xUeS1yzxiIb3YGLIyPgFFx0vFyqJfbkXq70
m1n2xnJlkTidfzbZvc6EA7vRGSDYK6FqqhlGhc7UypUEVW8FM/jZNAOS6QARAUGt
tCg5RTY2OTg2MTM2OEJDQTBCRTQyREFGN0REREEyNTJFQkI4RUJFMUFGiQI3BBMB
CgAhBQJSg/uTAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEN2iUuu46+Gv
+Z0P+wQhkLwm+WGcEsS98Lei9O7hit/k4g/VkLUUQV7BOR3n8uRZIFkdOtpvrFU3
aKf246uCy6GM48Oh+1U2cv5InX/WEuKaFo5uF6t79wyt18BUn1weDcU+DQdOSG4f
fSnNa55wkN0l0svW4fGIthjmDTz6HZFntYD+9A20wZAqpPIs+vyG9Jp+e9E9Y/W/
EFQbNlxHHb9+BMT2+DtNP+HSl3MPFlQPKOLZxyLAU5uzT0Sa0LxhrQy5FgkW6Jog
sbAJVM9z0pZw+grzGPciM66ZW1rxeICvbYsdWLytRjqxpY8GS8XudyseUGd+dZim
ptarsrE5yfSMg2gW5Z1PTc0tEMXJLUwtpyzQjpFpbb7dPuo2TUp09LgZKX63WCbS
Nb1RTaGfkeYudOTo2rh4Jfg+Tb/JRpO6clo0rxAq8nPH2WmG+9TB8Zbb7YRzGWuV
/e5SeVNR+zY8tXZKnmUIH1HIprc+BtT6Bupdvd0CT14Mg9MmsFvUXofwHLa4gahr
8/iG9y3uHSA6Rhz++yOpyOmNvO1LDxsYNaRCIXQJbqgNwF5YNYlMPsEeY/CG7FOb
Afv7rHiYtRRQfz2P4OF900DJO7QL9gdNXJ1+Hajy/5Lvvl7qwqMG4GvVQEsgFc5O
jjFCUhE2i20j2kEMxvA5RLBH/fOoGARn87tiKSfb+pqLNZQb
=fDJ8
- -----END PGP PUBLIC KEY BLOCK-----


Fingerprint: A55120427374F3F7AA5F1166 *DDA252EBB8EBE1AF*


- -----BEGIN PGP PUBLIC KEY BLOCK-----


mQINBFKD+38BEADSv5l4xOx9hCRJVcybq6yK5hTpGSFf3xo1bkhoMvyC62ehb4jD
MDLwwNRyzCBEWQJLbq/LLizPFN2qXFJpXJcsuqsHNYRtDqDBEjtriRQwSqHnqTXt
c0K46FYHldCJQ4/tBXxPI+WwtXjcNRWaV7n2BvR/Jk+B5e4Zz3LPnN0C4w5vORHs
hN1jil8A3Hs/F+OmlQYrU8ZtNwTpSo2EXxe2fVgSDCsKRyNsPZj++OyujPzW+yaN
lJ9I/q6s9gvX9o9o7nwZbqBETipWsdRK6RfBdTKpnyLNordbWwWTk6GxN8T5Ppit
P6a3UlQ71VuflcswCTmEQ1pEfZrlRFKa9psBOW+cZLNxT9h0jGFMh6/B3w48Sag+
cFcPBFWParC+cAXBIURDxT9G6bzNLogg7YKoaPsyiXnLDH2VJUCXs27D2wPJL24Q
S7npvsg63MPPssWgG5cauLznmNR4y5pQi6oH/C10v0zrUJy6FPJzQhYRhWOvhtz6
j88RGMrFNNCdB2VACtn699D+ixu3nRlXHIKCT+xLSfgslVYifmJOCNljBLGHOQ1e
FJxQuNVpmmxjvk/8kqK+pHLB9Qn6M1ZYzip7OyUL3OAWabCabgEw2bQmUhiBWD3u
buv0WAVOJEAFvBCAeYNQzrQMY+Rc3RnvynG4pI6Tbo8wC6/IJcDOw516JwARASB3
tChBNTUxMjA0MjczNzRGM0Y3QUE1RjExNjZEREEyNTJFQkI4RUJFMUFGiQI3BBMB
CgAhBQJSg/uTAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEN2iUuu46+Gv
9L0P/3tFu0LOZ/dAPjUNfKJCZqcIuVnD5xShMTsUbVx+QoXMy7rt4iRLD7ofGi/I
vTAZehxk3sk/Slx5nbews+3NItyw6mcaP9HlmwKNr6k7BC2kJHcCxH4DNzhmIx1H
3T/CggtHX42JBYKlGf22y+M8jAbvsPOUfTznx96mYNrOY6s1dJyn0kRleqJ8+tGj
/5+0y90iZnGCa0FtacQkKUPkXwVodeZVxk8z5OEipShYKc+8dl+5WsvOzHqLC/KY
xCGRb4JaqEMwouLNg8dTNAXXUvFGqJNDX4+andggogmI1hdD9xExfSU9cAGegg2t
vvveC4S+CCHd+zt88iK5ze6F61RxwYhhNbkuFGjdgNGCpHtG/BQhKnYJuKEbq3oi
mgNyxJERlfgaWXveiMG0AmACXN+jCkTtqZjQnsg2N2QDL3tjY7usmuiwRL1aVOFG
Kw5/Cc+2nDeANS3Xi1403Ni269b1c6kNSoLe4zd0WsbO3Kouds8F8EQfeheXQe97
ZxuvBOMsR9wHC3f0sl/vfxCGdUC+khmKk5taKnUeUFJmVmh5ghlVy8FySHGB0QHO
zd8GUl59rFpQJNpNFQW2YKDhrcjxIr2AeJrdoDI6NsQ02+Qtep/bbq53hqtAD4jF
t3S8vBbTXtRk6g2qn4ojF4SOIc8SAiZcURgVFuSJX8ngFbO4
=OEw/
- -----END PGP PUBLIC KEY BLOCK-----


The keys, in binary form, will shortly be available at 
https://github.com/coruus/cooperpair


(Another few colliding pairs, somewhat less lovely, will also be available 
there eventually with the private key parameters, in case anyone would like to 
generate more complex test-cases; 64-bit issuer ids are used so commonly that I 
suspect it would be useful to test some edge cases that arise as a result.)


Apologies if this is otious and I am missing some obvious source of examples of 
these. (I noted many comments online that generating 32-bit preimages was 
'embarassingly easy'; but no one seems to have bothered to make the time/space 
tradeoff.)


Cheers,


dlg


(Based on current AWS spot prices for a system similar to the one these were 
generated on, it costs << 0.05USD to generate 64-bit key id collisions. I 
arrived at the strategy used to generate these independently, but dkg suggested 
it in an earlier message on this list. Props, as the young folk today say.)
-----BEGIN PGP SIGNATURE-----


iQIcBAEBCAAGBQJSqyKgAAoJELU0F64QAAAArqoP/jaJX11UEcCG+mrVzyWHrX19RLdKbyWCsR65
FudC9mltMXDN9aZQmqOnfjbX3lAncyzpG8rbMJsh7d5D+sKEVdbeU7vVKbf5KlZLO061Bl54g6ee
1gKBBwOu2WeFHBX0AJgLeBMdvZWEZnOu+VkGcmbn2NYVk4ZXmQP0HtZcd7Iu3W2JBnJyrJSZUB9t
vGamu5YYJccsbsRwtoiQepS6VALFNtgSk+z39ySxCGGL3pUOGZExhPzW+3/TLmPwZCZfFKJG1H5p
rR/4kt4VVuRo8IZ30D9A5qwP5wlbHJhwH+iwJjh/vgKxnG0EWl9fnuEX3hF2fBXoD82zIWQjGIgK
IYARJVAk3rf2zJRLf0TPdx5X9XvyG0n1dc9DtSMfYD9RSHF2EIq40N1UxslDaKOhjbkm1tqFqalV
Gs2I6goJrRMDe79cHRZFYA4mSX96ElZXS3IyB+VG/VQQLJDGP5Z+q/NjqY/L27R0ltFSAasbWuMp
pCouHdXuQqfRD03FhllSlwRvF/rop58PqLec02/vRHZLAsb6wwzEGKyxh+cD0Bemt63FuGhBN4Se
WOCcDVUx9luIt90iKkIZvqZc7Wh74GPyqh76N6Y+88X2xefh+zoOdYd8pC2mzaZYW2wnansH4pX8
NtxsgVo092D9TXn4dbCsNy427CGiz/ah/y84zFHq
=m8t9


-----END PGP SIGNATURE-----



—
Sent from Mailbox for iPad
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
<Prev in Thread] Current Thread [Next in Thread>