1

I recently updated my gpg key and extended its expiration date for another year. Unlike prior years, I decided to 'look myself up' on http://keys.gnupg.net, and was shocked to find my name and email address attached to a (now revoked) key fingerprint that I had NOT created, and whose final four bytes matched those of my legitimate key's fingerprint. The entry on http://keys.gnupg.net indicates only a single date, which I'm not sure is the creation or revocation date, so I don't know the interval for which the key was in effect.

What is the 'best practice' response for my situation?

smudge
  • 11
  • 1

0 Answers0