Multiple key signatures

Multiple key signatures

Post by Gamma300 » Fri, 18 Jul 2003 00:58:41



I've just created a new name on my key.

I uploaded it to http://the.earth.li:11371, http://pgpkeys.mit.edu:11371,
ldap://keyserver.pgp.com and ldap://europe.keys.pgp.com:11370.

I then downloaded it from each of these to ensure that the upload worked.

ldap://keyserver.pgp.com worked fine.

ldap://europe.keys.pgp.com:11370 has on the old name, two of my signatures,
one created the day that I created the key originally, one created the day
that I created the new name.

Both the http servers have two signatures on the old name as above, but on
the new name have two signatures that are apparently identical, both created
on the day I created the new name.

What is causing this, and is there any way to prevent it?

My key is a DH/DSS key, size 4096/1024, Key ID 0x0BBB1CAC, fingerprint AA83
8369 D79F BFCB EA05  0145 5C4A EC48 0BBB 1CAC

 
 
 

Multiple key signatures

Post by Igorx Iwano » Fri, 18 Jul 2003 19:34:56


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gamma3000 D???:

Quote:> I've just created a new name on my key.

> I uploaded it to http://the.earth.li:11371, http://pgpkeys.mit.edu:11371,
> ldap://keyserver.pgp.com and ldap://europe.keys.pgp.com:11370.

> I then downloaded it from each of these to ensure that the upload worked.

> ldap://keyserver.pgp.com worked fine.

> ldap://europe.keys.pgp.com:11370 has on the old name, two of my signatures,
> one created the day that I created the key originally, one created the day
> that I created the new name.

> Both the http servers have two signatures on the old name as above, but on
> the new name have two signatures that are apparently identical, both created
> on the day I created the new name.

> What is causing this, and is there any way to prevent it?

> My key is a DH/DSS key, size 4096/1024, Key ID 0x0BBB1CAC, fingerprint AA83
> 8369 D79F BFCB EA05  0145 5C4A EC48 0BBB 1CAC

If you want your old name to disappear, just revoke your signature on it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQE/FnvGZsrx6aBPZiwRAg4nAJ9YGcsaOUvwGJf8XnaaCJ/Knj29fQCfZIaY
bwnwK1mXHZ/jEQn7cIHqAmw=
=bhHt
-----END PGP SIGNATURE-----

 
 
 

1. Multiple keys on keyserver, no revocation keys, what to do

Sigh.  This is one of those times that procrastination bites me in the
proverbial butt, big time.

I have toyed w/ PGP for several years.  Never really used it beyond
generating a set of keys, since most of the people I would care to send a
signed/encrypted message to seem to be doing good to figure out how to turn
their box on and off ;)  Talk about encryption and their eyes glaze over
quick like.

So now, I decided to look around on a public keyserver
 http://www.openpgp.net/pgpsrv.html ) and searched for my username, and
found several (like 6 or 7) separate key listings, all most likely
legitimate, from times when I was at different email addresses over the last
however long.

If I had revocation keys for these addresses, it would be (I presume)
relatively simple to get these identities/keys scrubbed from existance.  But
I don't (I know, I know.  Coulda, woulda, shoulda, _didn't_).   So how do I
go about cleaning house so that I can establish a new _legitimate_ public
key so people aren't confused as heck should they ever try to look up my
public key?

Thanks,

Monte

2. Philips - unfriendly or what?

3. How to associate a primary key with multiple instance of secondary keys?

4. Running 32-bit software under a 16-bit kernel

5. PDF Public-Key Digital Signature Spec, where?

6. Floating toolbars in 4.0

7. Removing DH/DSS signature on RSA key pair

8. Have an idea - useable ???

9. Key Expiration and Signatures

10. Message: This key is not vertified with a trusted signature...

11. Why does setup.exe signature check show : [Invalid Key]?

12. Length of signature keys in PGP

13. Key Compromise Signature Packet in PGP2.6