The two pgp key tools allow to create pgp keys with a specified key-id, that are the lowest 32 bits of the fingerprint. The main motiviation to write such a program was to have a key-id with some personal touch and that is easy to remember. The tools do not contain any sophisticated numbertheoretical algorithms to find a given fingerprint. The program tries to reduce the the number of computational expensive long-number operations (modular exponentiation) by varying the creation timestamp, that is also included in the fingerprint.

Since the program is only fast enough to create keys where some of the fingerprint bits, e.g. the lowest 32 ones, are fixed, it does not affect pgp security as such. Nonetheless, there are some scenarios, where a human user could be tricked to accept a key with a similar fingerprint:

• Users sometimes do not check the fingerprint carefully. Someone might publish a key with the same key-id or with a fingerprint where only the first and last few bits are equal.
• When an user attempts to download a pgp key by key-ID from a keyserver, he might have typos in the key-ID. Someone might create keys with a key-IDs, that are the result of a single off-by-one keyboard stroke or that contains B with 8 replacements.
• Someone might create a parallel web of trust with the same key-IDs by creating a key for every key from the official web of trust. When this data is submitted to the official servers, it is impossible for someone outside the original web of trust, to distinguish the original web of trust from the fake web just using key-IDs.

Instructions for use:

• Download KeyGenDSA.java.
• Adjust some settings inside code (search for FIXMEs) and compile it.
• Create a new key using standard pgp software and export the private key as template for the keygenerator application, e.g.

  gpg --homedir . --gen-key gpg --homedir . --export-options export-clean,export-minimal --export-secret-keys > private

• Run the program to create a modified private using the template.

  java -classpath . org.halfdog.crypttools.pgp.KeyGenDSA private "you <mail@domain>"

• Download KeyGenElgamal.java