Key IDs are based on fingerprints and fingerprints are calculated by SHA-1 hashing the primary key's public key and the creation timestamp. A computationally easy way to influence the fingerprint is to tweak the creation timestamp which is a 32 bit Unix epoch value. Of course it needs to be in the past so the range is limited but it's faster to do it this way instead of recomputing the cryptographic key.
yjftsjthsd-h|9 months ago
GPG keys aren't 2038-safe?
dijit|9 months ago
RFC 1991 only gives them 4 bytes (32bit); not sure if there have been any later additions to rectify this but I don’t think so since even the latest RFC (9580) has them listed as 4 bytes…
https://datatracker.ietf.org/doc/html/rfc1991
https://www.rfc-editor.org/rfc/rfc9580#section-3.5
dpwm|9 months ago
> A time field is an unsigned 4-octet number containing the number of seconds elapsed since midnight, 1 January 1970 UTC.