(my) E-mail address not found by 'https://keys.openpgp.org'
Hubert Lombard
contact at hubert-lombard.website
Wed Mar 16 19:39:35 CET 2022
Hi Henning!
> On Wed, Mar 16, 2022 at 01:13:00PM +0100, Hubert Lombard wrote:
> > Hello !
> >
> > I recently started to get interested in GPG. Last week, during my
> > first
> > tests, I sent my first key to 'keys.gnupg.net'
> > but I understood only yesterday that this server could have been
> > compromised since 2019. When I tried to revoke the key permanently,
> > it
> > was not found.
> > So I deleted the key from my computer with Seahorse, and immediately
> > after, still with Seahorse, I generated a new key pair using the
> > same
> > email address and choosing the key server 'keys.openpgp.org'
>
> Why? The integrity of your privat key will not be affected by the
> keyserver you put your public key on.
>
Oh, I didn't know, I was advised yesterday on another irc channel
(#debian-facile) to change my key server:
"They were ('keys.gnupg.net' and others) all flooded with fake keys
mid-2019
this is the reason why debian, among others, uses keys.openpgp.org as a
keyserver
see also CVE-2019-13050 (SKS servers poisoning)"
>
> >
> > When creating this new key pair, instead of going directly to the
> > revocation step, I sent my public key.
> > After that, I performed the revocation step.
>
> That again does not make any sense. Why would you create a key pair
> just to revoke this immediately?
>
In fact, while following some instructions for use, I have just tried
to generate the revocation certificates.
As English is not my native language, there may have been an ambiguity
in the form of my question.
I mistakenly used the term "performed", when I simply tried to generate
the certificates,
just to have them on hand...
hubert at gnu ~$ gpg --gen-revoke 185B13B0 > .gnupg/openpgp-
revocs.d/E67C43563F94C4756557A483B2A8FF57185B13B0.rev
sec rsa2048/B2A8FF57185B13B0 2022-03-15 Hubert Lombard
<contact at hubert-lombard.website>
Faut-il créer un certificat de révocation pour cette clef ? (o/N)
I have left "N'
I was afraid that by choosing 'o', the key would be permanently
revoked.
I will have to clarify this question.
Otherwise, in my question to the list, I thought I had done the steps
out of order :/
But I just realized on https://emailselfdefense.fsf.org/en/ that I
followed the steps correctly.
> >
> > Could the inversion of these 2 steps have had an impact on the fact
> > that 'https://keys.openpgp.org/' does not find my e-mail address?
> > On the other hand, it does find my
> > E67C43563F94C4756557A483B2A8FF57185B13B0 key
> >
> > I'm wondering at this point if there is an error I could fix or if
> > it's
> > better to revoke/delete this current key-pair.
>
> Maybe you want to read the GNU Privacy Handbook
> https://gnupg.org/gph/en/manual.html
> It is not a perfect beginners guide but it may give you a better
> understanding how things are working.
>
The link looks like precious infos.
In my bookmarks right now!
Thank you for your answer.
Regards
>
--
Hubert Lombard <contact at hubert-lombard.website>
More information about the Gnupg-users
mailing list