On Mon, 4 May 2009 12:16, nicholas.c...@gmail.com said: > How does GPG cope if two keys on the keyring have the same FP? AFAICS > that would make things very difficult for most of the front-ends,
I don't know, because I am not able to create such keys ;-). It is not different from looking up the keys using the long keyid. We would need to iterate over all matching keys until we can verify/decrypt a message. The only real crypto use in the protocol is with the revocation key (designated revoker) which uses a 20 byte fingerprint to specify the key. However I cannot see where there is a threat. There are some internal uses of SHA-1 and RIPE-MD-160 in GPG: Mainly to identify keys in the trustdb. You will likely run into problems adding another key with the same fingerprint. The forthcoming new keyring format will cope with that by not allowing a second key with the same fingerprint. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
