[wiktor-k]

Key IDs are based on fingerprints and fingerprints are calculated by SHA-1 hashing the primary key's public key and the creation timestamp. A computationally easy way to influence the fingerprint is to tweak the creation timestamp which is a 32 bit Unix epoch value. Of course it needs to be in the past so the range is limited but it's faster to do it this way instead of recomputing the cryptographic key.

[yjftsjthsd-h]

> the creation timestamp which is a 32 bit Unix epoch value.

GPG keys aren't 2038-safe?

[dijit]

PGP is pretty old at this point, and kinda jank.

RFC 1991 only gives them 4 bytes (32bit); not sure if there have been any later additions to rectify this but I don’t think so since even the latest RFC (9580) has them listed as 4 bytes…

https://datatracker.ietf.org/doc/html/rfc1991

https://www.rfc-editor.org/rfc/rfc9580#section-3.5

[dpwm]

It's a 32-bit unsigned integer, so that should give us until Feb 2106.

> A time field is an unsigned 4-octet number containing the number of seconds elapsed since midnight, 1 January 1970 UTC.