[Users] [Bug 3910] New: Displaying of problematic short key IDs for GPG messages
noreply at thewildbeast.co.uk
noreply at thewildbeast.co.uk
Tue Nov 7 09:52:08 CET 2017
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3910
Bug ID: 3910
Summary: Displaying of problematic short key IDs for GPG
messages
Classification: Unclassified
Product: Claws Mail
Version: other
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P3
Component: Plugins/Privacy/PGP
Assignee: users at lists.claws-mail.org
Reporter: hanno at hboeck.de
The PGP plugin of claws displays key ids in some situations, e.g. when one
tries to verify a signature where the key is not on the system it'll display:
"Key 0xFFFFFFFF not available to verify this signature"
The short 8 digit key ids are problematic and should be deprecated. The reason
is that it's easy to create collision keys with an identical key id. There are
already a bunch of duplicate key ids on the public key servers (however mostly
revoked ones, they come from an experiment from the evil32 project [1]).
This can cause confusion and in the worst case can cause people to get a wrong
key.
Later versions of GnuPG have moved to use the full fingerprint as a long key id
instead, which is unique. E.g. my key id looks like:
FE73757FA60E4E21B937579FA5880072BBB51E42
I think it would be good to use this long key id form everywhere where a key id
is displayed.
[1] https://evil32.com/
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Users
mailing list