[PATCH] Disable importing V3 public keys from keyservers

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Oct 10 16:05:40 CEST 2014


On 10/10/2014 09:00 AM, David Leon Gil wrote:
> On Fri, Oct 10, 2014 at 2:33 AM, Nicholas Cole <nicholas.cole at gmail.com> wrote:
>> What's the thinking behind this patch?
> 
> There's little point in having a filter for long keyids if GnuPG will
> import V3 keys from a keyserver; V3 long (and short) keyids are
> trivially spoofable. (The 0xdeadbeef "attack".)

full v3 fingerprints are also spoofable …

> V3 keys make up fewer than 3% of the keys in SKS and are mostly very,
> very old. A patch with slightly less impact: Only allow V3 keys if a
> V3 fingerprint is given.

So this proposal won't help either.

I am happy that the MD5 limit will make it impossible to import v3 keys
at all with 2.1.


I just tested this with Ben Laurie's old v3 key (0x1B080C452719AF35),
and it's correct that gpg 2.1 won't import it.  But there was some
non-repeatable problem with gpg2.1 initially *removing* the key for some
reason, so i had to fall back to gpg1 to remove it:

2 dkg at alice:~$ gpg2 --delete-key 0x1B080C452719AF35
gpg: there is a secret key for public key "0x1B080C452719AF35"!
gpg: use option "--delete-secret-keys" to delete it first.
2 dkg at alice:~$ gpg --list-keys 0x1B080C452719AF35
pub   1024R/0x1B080C452719AF35 1995-05-13
      Key fingerprint = 3F D9 FA 49 8B 6D 60 95  5B E3 AD 83 67 7F 9E 69
uid                 [ unknown] Ben Laurie <ben at apache.org>
uid                 [  undef ] Ben Laurie <ben at algroup.co.uk>
uid                 [ unknown] Ben Laurie <ben at links.org>
uid                 [ unknown] Ben Laurie <ben at thebunker.net>

0 dkg at alice:~$ gpg --delete-keys 0x1B080C452719AF35

pub  1024R/0x1B080C452719AF35 1995-05-13 Ben Laurie <ben at apache.org>

Delete this key from the keyring? (y/N) y
0 dkg at alice:~$


weird, eh?  I swear i don't have a copy of ben laurie's secret key! :)

i haven't been able to replicate that error yet either.  But once i did
remove the key, gpg 2.1 doesn't import it:


2 dkg at alice:~$ gpg2 --recv 0x1B080C452719AF35
gpg: Note: signatures using the MD5 algorithm are rejected
gpg: key 0x1B080C452719AF35: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg:           w/o user IDs: 1
2 dkg at alice:~$ gpg2 --list-keys 0x1B080C452719AF35
gpg: error reading key: No public key
2 dkg at alice:~$


However, using the same keyring with gpg1, it will import:

2 dkg at alice:~$ gpg --recv 0x1B080C452719AF35
gpg: WARNING: digest algorithm MD5 is deprecated
gpg: please see http://www.gnupg.org/faq/weak-digest-algos.html for more
information
gpg: key 0x1B080C452719AF35: public key "Ben Laurie <ben at apache.org>"
imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
0 dkg at alice:~$ gpg --list-keys 0x1B080C452719AF35
gpg: please do a --check-trustdb
pub   1024R/0x1B080C452719AF35 1995-05-13
      Key fingerprint = 3F D9 FA 49 8B 6D 60 95  5B E3 AD 83 67 7F 9E 69
uid                 [ unknown] Ben Laurie <ben at apache.org>
uid                 [ unknown] Ben Laurie <ben at links.org>
uid                 [  undef ] Ben Laurie <ben at algroup.co.uk>
uid                 [ unknown] Ben Laurie <ben at thebunker.net>

0 dkg at alice:~$

And then it will be visible to gpg 2.1 again:

0 dkg at alice:~$ gpg2 --list-keys 0x1B080C452719AF35
gpg: please do a --check-trustdb
pub   rsa1024/0x1B080C452719AF35 1995-05-13
      Key fingerprint = 3F D9 FA 49 8B 6D 60 95  5B E3 AD 83 67 7F 9E 69
uid                 [ unknown] Ben Laurie <ben at apache.org>
uid                 [ unknown] Ben Laurie <ben at links.org>
uid                 [  undef ] Ben Laurie <ben at algroup.co.uk>
uid                 [ unknown] Ben Laurie <ben at thebunker.net>

0 dkg at alice:~$

Of course, now it does delete:

0 dkg at alice:~$ gpg2 --delete-keys 0x1B080C452719AF35
pub  rsa1024/0x1B080C452719AF35 1995-05-13 Ben Laurie <ben at apache.org>

Delete this key from the keyring? (y/N) y
0 dkg at alice:~$ gpg2 --list-keys 0x1B080C452719AF35
gpg: please do a --check-trustdb
gpg: error reading key: No public key
2 dkg at alice:~$

weird,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141010/ba0a99c6/attachment-0001.sig>


More information about the Gnupg-devel mailing list