[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Another Poison Key?

From: Kim Minh Kaplan
Subject: Re: [Sks-devel] Another Poison Key?
Date: Sat, 19 Jan 2019 10:47:38 +0000

PM brent s. wrote:

> well, that's the issue - hkp won't pull it, gpg won't pull it either.
> anyone know of a way to dump/extract a specific key from the SKS DB?
> i'd imagine there'd be a bdb way to do it but i'm not that old.

I've just wrote a short snippet to pull out data directly from Berkley
DB (

For example if I want to pull out the key by ID, use the last 8
characters as the short keyid. For example the short keyid for
748231EBCBD808A14F5E85D28C004C2F93481F6B is 93481F6B.

    $ cc bdb-get.c -ldb
    $ key_id=93481F6B
    $ key_hash=$(./a.out /var/lib/sks-tmp/DB keyid "$key_id" | hexdump
-e '/1 "%02x"')
    $ ./a.out /var/lib/sks-tmp/DB key "$key_hash" | dd bs=1 count=1 | hexdump

The first byte of the key tells how it is stored (, function
skey_of_string). A 0 (zero) means the payload is the key. A 1 or a 2
means that the payload is a pointer into the *.pgp files (that's when
you used fastbuild).

As I do not use fastbuild all my keys are stored with type 0. I can
then get the key itself by just skipping the first (zero) byte.

    $ ./a.out /var/lib/sks-tmp/DB key "$key_hash" | dd bs=1 skip=1

The key_hash is what appears in the recon log.

Hope this can help your troubleshooting.
Kim Minh.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]