Any (easy) way to find out the version of a given key?
2014-04-19 15:46 GMT+01:00 Nicholas Cole <nicholas.c...@gmail.com>: > On Sat, Apr 19, 2014 at 3:35 PM, One Jsim <one.j...@gmail.com> wrote: > > > > from: > > > > > > > http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-keys.html#key-public-key-forgery > > > > > > at 2014-04-19T14:49+1 > > > > > > I retrieve > > > > > > "Yes, it is possible to create a public key with the same fingerprint as > an > > existing one, thanks to a design misfeature in PGP 2.x when signing RSA > > keys. The fake key will not be of the same length, so it should be easy > to > > detect. Usually such keys have odd key lengths" > > > > > > How percentage of PGP (or GPG?) users, do you think, know that checking > > fingerprint only is not an assurance against fake signatures? Did you > know? > > > I *thought* [citation?] that this problem was fixed with version 4 keys. > > N. >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users