Re: Error after secret key list.
Hi. Am Freitag, den 23.11.2018, 20:36 +0100 schrieb Werner Koch: > On Fri, 23 Nov 2018 18:56, dirk.gottschalk1...@googlemail.com said: > > > I saw the Listing in the debugging log. I tried this also. > > gpg -k does not show this message, but two messages regarding two > > keys, > > Hmmm, not easy to debug by mail. > > > gpg: bad data signature from key 2894CD20EE47166D: Wrong key usage > > (0x19, 0x2) > > That is bug we introduced in 2.2.10 or so which was fixed in > 2.2.11. It > is just wrong diagnostic. > > > Could this be the reason for this error message? > > No. Thanks to all for your help. Just to update you: I solved the problem by exporting the public keyring into a file, deleting pubring.kbx and re-importing the entire keyring. Not to mention that the problem fixed itself automagically. GnuPG reported one key less as imported than the keyring contained and the "dead bird" has been gone. Regards, Dirk -- Dirk Gottschalk Paulusstrasse 6-8 52064 Aachen, Germany GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838 Keybase.io: https://keybase.io/dgottschalk GitHub: https://github.com/Dirk1980ac signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
On Thu, 6 Dec 2018 14:05, stefan.cl...@posteo.de said: > Understood. Please check this example, a key with with plenty of data, > which only needs to be extracted. > > https://pgp.circl.lu/pks/lookup?op=get=0x73253A1F090C53B6 Surely you can put arbitrary data into into a user-id. > That's right, but my thought is / was someone can (ab)use key servers > as data storage / retrieval system and then only provides the key id As it has been commeted, there are easier ways to do that. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpR5tMZgDIbo.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
On Thu, 6 Dec 2018 14:05:37 +0100, Stefan Claas wrote: > On Thu, 06 Dec 2018 11:42:32 +0100, Werner Koch wrote: > > On Thu, 6 Dec 2018 10:22, stefan.cl...@posteo.de said: > > > > > As long as we have the option to add additional UID's to a key > > > my > > > > You can't add an UID to a key without having a signature from the > > primary key. If the keyservers accept that any OpenPGP > > implementation will simply skip such an UID. > > Understood. Please check this example, a key with with plenty of data, > which only needs to be extracted. > > https://pgp.circl.lu/pks/lookup?op=get=0x73253A1F090C53B6 O.k. curious how i am, i extracted the data and it shows an image of Kristian, size 1178x1439 pixels, 96 dpi.. :-D Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas pgp2q5EV9yyd4.pgp Description: Digitale Signatur von OpenPGP ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
On Thu, 06 Dec 2018 11:42:32 +0100, Werner Koch wrote: > On Thu, 6 Dec 2018 10:22, stefan.cl...@posteo.de said: > > > As long as we have the option to add additional UID's to a key my > > You can't add an UID to a key without having a signature from the > primary key. If the keyservers accept that any OpenPGP implementation > will simply skip such an UID. Understood. Please check this example, a key with with plenty of data, which only needs to be extracted. https://pgp.circl.lu/pks/lookup?op=get=0x73253A1F090C53B6 > > People then would only need a little program to dearmor and > > extract the data from that key UID's. > > But they can't search for it on public servers. Thus there is no gain > here. If you require a dedicated program anyway, that program can > anyway consult one of the Tor hidden servers. But no search engine > will show it. That's right, but my thought is / was someone can (ab)use key servers as data storage / retrieval system and then only provides the key id in a link. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas pgpkE2MhpQjUR.pgp Description: Digitale Signatur von OpenPGP ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
On Thu, 6 Dec 2018 11:09:04 +0100, Wiktor Kwapisiewicz wrote: > >> But that "little program" would have to download the entire dump > >> and provide search feature itself, making it non-trivial for most > >> users. > > I don't think so... > > > > https://github.com/yakamok/keyserver-fs > > Yes: > > > WARNING: this may break easily and is intended for use only on > > linux > > > *Notice:* This Program is very slow to add data to the gpg pubkey > > so dont plan > on super large files. > > I don't think a lot of users use this or would use this. It's more > convenient and easier to store data somewhere else (pastebins?). At least the cat is out of the bag and i could imagine if only one person would misuse this technique operators could face problems in the future. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas pgpEcRx7EPmxx.pgp Description: Digitale Signatur von OpenPGP ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
>> But that "little program" would have to download the entire dump and >> provide search feature itself, making it non-trivial for most users. > I don't think so... > > https://github.com/yakamok/keyserver-fs Yes: > WARNING: this may break easily and is intended for use only on linux > *Notice:* This Program is very slow to add data to the gpg pubkey so dont plan on super large files. I don't think a lot of users use this or would use this. It's more convenient and easier to store data somewhere else (pastebins?). Also, storing blobs is not a unique problem of keyservers, one can store it in Certificate Transparency logs by issuing certs from Let's Encrypt or in Bitcoin blockchain or even X.509 timestamping services. It would be slow and inefficient, that's why practically no-one misuses it. Kind regards, Wiktor -- https://metacode.biz/@wiktor ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
On Thu, 6 Dec 2018 10:39:24 +0100, Wiktor Kwapisiewicz wrote: Hi Wiktor, > On 06.12.2018 10:24, Stefan Claas wrote: > > As long as we have the option to add additional UID's to a key my > > thinking was, after reading the links from Yegor, that one appends > > arbitrary data to a key and provides a link, at some other place, to > > that key, in the form of URL://keyserver/keyid_or_fp. > > > > People then would only need a little program to dearmor and > > extract the data from that key UID's. > > But that "little program" would have to download the entire dump and > provide search feature itself, making it non-trivial for most users. I don't think so... https://github.com/yakamok/keyserver-fs Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas pgpDBFg6FO94n.pgp Description: Digitale Signatur von OpenPGP ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
On 06.12.2018 10:24, Stefan Claas wrote: > As long as we have the option to add additional UID's to a key my > thinking was, after reading the links from Yegor, that one appends > arbitrary data to a key and provides a link, at some other place, to > that key, in the form of URL://keyserver/keyid_or_fp. > > People then would only need a little program to dearmor and > extract the data from that key UID's. But that "little program" would have to download the entire dump and provide search feature itself, making it non-trivial for most users. Sometimes raising a bar a little would solve most of the problem. (And then there are talks about removing UIDs from key servers, but that's a different matter). Kind regards, Wiktor -- https://metacode.biz/@wiktor ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
On Thu, 06 Dec 2018 09:03:32 +0100, Werner Koch wrote: > On Wed, 5 Dec 2018 19:56, stefan.cl...@posteo.de said: > > > Well, my understanding would be that a least one (search) criteria > > would be needed to fetch a key, right? And if so i could also > > imagine > > Right, the fingerprint. And maybe the long keyid for a transitional > period because not all software already includes the fingerprint in > the signature. O.k. > > that this one criteria could be abused as well, in form of a given > > link to that resource, as long as it can be fetched via the web. > > Being able to search for a fingerprint does not allow you to search > for the latest blockbuster movie to get a torrent link. Thus there > is no incentive to use the keyservers as an index and running a > keyserver will be safer for most operators. Well, i am not familiar how the current warez etc. scene works, but my assumption was the following (o.k. i am no programmer...): As long as we have the option to add additional UID's to a key my thinking was, after reading the links from Yegor, that one appends arbitrary data to a key and provides a link, at some other place, to that key, in the form of URL://keyserver/keyid_or_fp. People then would only need a little program to dearmor and extract the data from that key UID's. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas pgpaJFRDsGbGS.pgp Description: Digitale Signatur von OpenPGP ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
On Wed, 5 Dec 2018 19:56, stefan.cl...@posteo.de said: > Well, my understanding would be that a least one (search) criteria > would be needed to fetch a key, right? And if so i could also imagine Right, the fingerprint. And maybe the long keyid for a transitional period because not all software already includes the fingerprint in the signature. > that this one criteria could be abused as well, in form of a given > link to that resource, as long as it can be fetched via the web. Being able to search for a fingerprint does not allow you to search for the latest blockbuster movie to get a torrent link. Thus there is no incentive to use the keyservers as an index and running a keyserver will be safer for most operators. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgplc6tga88Hi.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
