[Top] [All Lists]

Re: [openpgp] New fingerprint: to v5 or not to v5

2015-10-08 10:52:18
Werner Koch <wk(_at_)gnupg(_dot_)org> writes:

You mean the binding signatures verify okay but the key is different? If that
is the case you found a bug in the software.  You can't change the creation
date, the key material, the user id or the hashed signature subpackets
without invalidating the corresponding self-signature.

There's no bug in the software, someone took the key (that's the key data, not
a complete copy of the original keyring packets with their signatures) and
wrote it out to a new keyring with a new date.  Same key, same userID,
different date (because it was written at a different time than before), new
signatures covering everything.  There are no bugs and no corruption, but the
implicitly-calculated key ID has changed because the datestamp has changed.


openpgp mailing list