Jan-Philipp Litza

GPG attacks 27. August 2017

While communicating with the CCC office, I was informed that they couldn’t send me GPG encrypted mails because of the error “GPGME: Ambiguous name”. Of course there is more than one key if you search for my mail address (I had other keys in the past), but they also quoted my correct key ID.

Well, turns out the GPG key ID collisions that were in the news last year also caught my key. While the key with id 0xB17F2106D8CCEC27 really is mine (as I also state on my keys page), the fake one with long ID 0x5AAD3FC3D8CCEC27 (notice the identical last eigth characters) has many of the correct parameters that are mentioned in the article:

However, it also lacks some details:

All in all, I guess I should be proud that apparently, I’m part of the GPG strong set (as suggested by the article) and surprised that the CCC office considers revoked keys.