
Recently there was some news about
Duplicate PGP Keys
and I looked up the keys associated with my e-mail address / short PGP id:
koos@greenblatt:~$ gpg --search-key F0D7C263
gpg: searching for "F0D7C263" from hkp server pgp.surfnet.nl
(1) Koos van den Hout <koos@kzdoos.xs4all.nl>
1024 bit RSA key 7BB7472D18B1B64D20BD63E9B81DABE5F0D7C263, created: 2014-06-16 (revoked)
(2) Koos van den Hout <koos@idefix.net>
Koos van den Hout <koos@wu-ftpd.org>
Koos van den Hout <koos@pizza.hvu.nl>
Koos van den Hout <koos@kzdoos.xs4all.nl>
Koos van den Hout (http://idefix.net/) <koos+website@idefix.net>
1024 bit DSA key 1B8F6AA16EF5949871CBE48E2C663B5DF0D7C263, created: 1998-12-17
Keys 1-2 of 2 for "F0D7C263". Enter number(s), N)ext, or Q)uit > q
As visible the "fake" key is already revoked. The NCSC article has a lot
more explanation.
The key I currently use for my private e-mail has:
pub 1024D/0x2C663B5DF0D7C263 1998-12-17
Key fingerprint = 1B8F 6AA1 6EF5 9498 71CB E48E 2C66 3B5D F0D7 C263
uid Koos van den Hout <koos@kzdoos.xs4all.nl>
uid Koos van den Hout <koos@idefix.net>
uid Koos van den Hout (http://idefix.net/) <koos+website@idefix.net>
sub 2048g/0x85019597CD125A2B 1998-12-17
sub 4096g/0xCC166EB91F480E9A 2011-01-11 [expires: 2017-09-14]
sub 2048R/0x8F414665C4B517C1 2015-09-15 [expires: 2017-09-14]
And on
2016-09-05
I decided it was time for a new private e-mail GnuPG/PGP key anyway:
pub 4096R/0x5BA9368BE6F334E4 2016-09-05 [expires: 2021-09-04]
Key fingerprint = 979B CF89 EBBF 9AC9 6A14 F56A 5BA9 368B E6F3 34E4
uid Koos van den Hout <koos@kzdoos.xs4all.nl>
uid Koos van den Hout (http://idefix.net/) <koos+website@idefix.net>
uid [jpeg image of size 11615]
uid Koos van den Hout <koos@idefix.net>
sub 4096R/0x308216DA78517E3D 2016-09-05 [expires: 2021-09-04]
sub 4096R/0x3B17C9ABE4A3C916 2016-09-05 [expires: 2021-09-04]
But if you really want to be sure check in person.
I updated my
.gnupg/gpg.conf with:
keyid-format 0xlong
to always show the longer key ID.