#3695: OpenPGP: use fingerprint instead of key ID
-------------------------------------------------+-------------------------
Reporter: ilf | Owner: mutt-dev
Type: defect | Status: new
Priority: major | Milestone:
Component: crypto | Version: 1.5.23
Keywords: OpenPGP, PGP, GnuPG, fingerprint, |
keyid |
-------------------------------------------------+-------------------------
From [https://help.riseup.net/en/security/message-security/openpgp/gpg-
best-practices OpenPGP Best Practices]:
[https://help.riseup.net/en/security/message-security/openpgp/gpg-best-
practices#dont-rely-on-the-keyid Don’t rely on the keyid.]
Short OpenPGP keyids, for example 0×2861A790, are 32 bits long. They
have been [http://www.asheesh.org/note/debian/short-key-ids-are-bad-news
shown] to be easily spoofed by another key with the same keyid. Long
OpenPGP keyids (for example 0xA1E6148633874A3D) are 64 bits long. They are
[http://thread.gmane.org/gmane.ietf.openpgp/7413 trivially collidable],
which is [https://www.debian-administration.org/users/dkg/weblog/105 also
a potentially serious problem].
If you want to deal with a cryptographically-strong identifier for a
key, you should use the full fingerprint. You should never rely on the
short, or even long, keyID.
I have not dug deep into mutt code, but it seems that everywhere the user
is presented with key identifiers, the GnuPG default keyid-format 0xshort
is used, f.e. in the "PGP keys matching" menu.
I propose that mutt transitions away from keyid to the full fingerprint
everywhere for adressing keys: internal calls, interaction with external
pgp_* programs, and presentation to the user.
Thanks, and keep up the good work!
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3695>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
