[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Another Poison Key?

From: DevPGSV Pablo
Subject: Re: [Sks-devel] Another Poison Key?
Date: Tue, 22 Jan 2019 07:26:57 +0100

I am receiving lots of request for key: 0x69D2EAD9

And, as it turns out, when I have an error and I clic on the browser on "View page source", I can see part of the key text is:

Do not use SKS keyserver sites (no validity checks)<> ;P;w S Ӗy*7|]Ln ,k 35ZfqEi2`2b j;Ymp;uG_M"$1X__}ΏbHBt; Lo)$r D::p(Br M0(S5(eXv 4 Dӽ4 8( ;ġ]]ӉT#O ~XyjI2ܗ27; d> !Xk @]GoY4fk % !Oquot;Jy P P;E Ϲ 3;

Then a lot of giberish. This seems like an attack against SKS software.
I wasn't able to get the hash of that key.

I know it is not a solution, but... is there any way to blacklist keys?
If there was a way, at least I could blacklist manually these attacks, even if I have to check every day.

Some other keys I found from FreePBX:
  • 0x69D2EAD9
  • 0xB33B4659

My keyserver is completely unusable until this issue is resolved. If I can't resolve this, then there would be no point in keeping the keyserver active.

Thanks you,

El sáb., 19 ene. 2019 a las 11:48, Kim Minh Kaplan (<address@hidden>) escribió:
PM brent s. wrote:

> well, that's the issue - hkp won't pull it, gpg won't pull it either.
> anyone know of a way to dump/extract a specific key from the SKS DB?
> i'd imagine there'd be a bdb way to do it but i'm not that old.

I've just wrote a short snippet to pull out data directly from Berkley
DB (

For example if I want to pull out the key by ID, use the last 8
characters as the short keyid. For example the short keyid for
748231EBCBD808A14F5E85D28C004C2F93481F6B is 93481F6B.

    $ cc bdb-get.c -ldb
    $ key_id=93481F6B
    $ key_hash=$(./a.out /var/lib/sks-tmp/DB keyid "$key_id" | hexdump
-e '/1 "%02x"')
    $ ./a.out /var/lib/sks-tmp/DB key "$key_hash" | dd bs=1 count=1 | hexdump

The first byte of the key tells how it is stored (, function
skey_of_string). A 0 (zero) means the payload is the key. A 1 or a 2
means that the payload is a pointer into the *.pgp files (that's when
you used fastbuild).

As I do not use fastbuild all my keys are stored with type 0. I can
then get the key itself by just skipping the first (zero) byte.

    $ ./a.out /var/lib/sks-tmp/DB key "$key_hash" | dd bs=1 skip=1

The key_hash is what appears in the recon log.

Hope this can help your troubleshooting.
Kim Minh.

Sks-devel mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]