Werner Koch <wk(_at_)gnupg(_dot_)org> writes:
You mean the binding signatures verify okay but the key is different? If that
is the case you found a bug in the software. You can't change the creation
date, the key material, the user id or the hashed signature subpackets
without invalidating the corresponding self-signature.
There's no bug in the software, someone took the key (that's the key data, not
a complete copy of the original keyring packets with their signatures) and
wrote it out to a new keyring with a new date. Same key, same userID,
different date (because it was written at a different time than before), new
signatures covering everything. There are no bugs and no corruption, but the
implicitly-calculated key ID has changed because the datestamp has changed.
openpgp mailing list