OpenPGP plugin uses key IDs prone to collisions

[Snawoot]

I've noticed Psi+ stores bindings of PGP keys to contact accounts as 64-bit "long key ID" in profile config file:

   <pgp-key-bindings>
    <m0>
     <key type="QString">[email protected]</key>
     <data type="QString">07DBD32F30841281</data>
    </m0>
    <m1>
     <key type="QString">[email protected]</key>
     <data type="QString">F6C5633BE5DE7127</data>
    </m1>

In case if there is a collision between keys in gpg keyring, wrong encryption key may be picked, causing serious security failure. gpg picks first key in it's database which matches recipient key ID.

From standards point of view

As per RFC 4880 key ID should not be assumed to be unique. It's perfectly valid to have two or more public keys in keychain with same long key ID.

From practical point of view

Currently it'll take about few months to find collision for a specific key on a cluster of hundred inexpensive desktop GPUs:

• Scallion

Despite it's not much useful, birthday collision of two random keys can be found in a few hours on general purpose CPU:

• The Long Key ID Collider
• OpenPGPv4 long keyid collision test cases

Other sources

• https://debian-administration.org/users/dkg/weblog/105 - emphasis on both short and long key IDS forgable.
• https://cybersecurity.att.com/blogs/security-essentials/explain-pgp-encryption-an-operational-introduction - pay attention to "Identifying Fingerprints & Key IDs" section

Suggested solution

Use full fingerprint in place of key ID.