Debugging a corrupted key

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Debugging a corrupted key

Jim Popovitch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello!

What are some investigative techniques to determine how my GPG key was
corrupted.

gpg --keyserver pool.sks-keyservers.net --recv-key
0x3F1C1EF2E6019EAC646CE45227155EB4C45A2705
gpg: packet(13) too large
gpg: read_block: read error: Invalid packet
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

tia,

- -Jim P.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEECPbAhaBWEfiXj/kxdRlcPb+1fkUFAlx/3/YACgkQdRlcPb+1
fkXQJxAAtCw2RhLou6SW5FGBn2CmTTiuHkV0+kXS5122Zs6nZBMfTXHP7O5m+nGD
GjolSfBLeBZzGOPbyS+jEqIGucULY/K2EvThgafh0oNDOXbCIWQr7cxsMIQuLDyf
J42wvi4Hgtqq6EEQSlcGhJ9uxmNGjFmccmeXXQ9liEGAN89h3pVdXwImnUW2zWkP
6sfjECfrA5+iZxJmUgfMbfvrAEuKQPPw4yzAmLrd4vkinUWipwFZzmQ3kwpNzAtd
CXO4bggNs4GLeFzV9Fy/QkzsFMS3hZa/iOHNQ0FcHYzDUye8n8/62cFLGCI5eyV3
aSGew3c+IavVgXs57Z4uGaAgSL1OIQ6uV3ZKBZhG73EwikL3L1mdZoUvziC2fB1+
Csm72n2FndHBSeUQDP0IzPQh1XXWhMewoWvj6sorLbtQNEPhauJK14BXfHaycbgc
0aa1SZA0N70KB/2VLowYWuN+bfM4cvcX3qTZBYXGhAIdpwv5EQUoBibM6hE3/Hnj
gyNk7yF3x5ts9NcYH/zqeiiJTxnRxtOsU+kVVfo4kTNnBP4tfDIY3/vEIG23p9IX
P57ehAtl6Newg2w3Lm3rXkZ+oqTeg+QTBtsrARhGx8WT9YA5ULsOQrDkNbcohVfT
4Vt2Tr0La3G0319/sA6GV86bGtSloZUDOP2UyCCyX/i14S1LjB0=
=nNNM
-----END PGP SIGNATURE-----


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Debugging a corrupted key

Jason Harris
On Wed, Mar 06, 2019 at 09:57:58AM -0500, Jim Popovitch wrote:

> Hello!
>
> What are some investigative techniques to determine how my GPG key was
> corrupted.
>
> gpg --keyserver pool.sks-keyservers.net --recv-key
> 0x3F1C1EF2E6019EAC646CE45227155EB4C45A2705
> gpg: packet(13) too large
> gpg: read_block: read error: Invalid packet
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0
Look at all the bad userids that need to be filtered out:

  http://keyserver.timlukas.de:11371/pks/lookup?op=index&search=0x3F1C1EF2E6019EAC646CE45227155EB4C45A2705

Get and save the key for analysis:

  http://keyserver.timlukas.de:11371/pks/lookup?op=get&search=0x3F1C1EF2E6019EAC646CE45227155EB4C45A2705

Then:

  %pgpdump lookup | less

and/or:

  %gpg --dearmor lookup
  %mutt_pgpring -S -f -k lookup.gpg | less

--
Jason Harris           |  PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ Got photons? (TM), (C) 2004

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (289 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Debugging a corrupted key

Jim Popovitch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Wed, 2019-03-06 at 11:44 -0400, Jason Harris wrote:

> On Wed, Mar 06, 2019 at 09:57:58AM -0500, Jim Popovitch wrote:
> > Hello!
> >
> > What are some investigative techniques to determine how my GPG key was
> > corrupted.
> >
> > gpg --keyserver pool.sks-keyservers.net --recv-key
> > 0x3F1C1EF2E6019EAC646CE45227155EB4C45A2705
> > gpg: packet(13) too large
> > gpg: read_block: read error: Invalid packet
> > gpg: no valid OpenPGP data found.
> > gpg: Total number processed: 0
>
> Look at all the bad userids that need to be filtered out:
>
>   http://keyserver.timlukas.de:11371/pks/lookup?op=index&search=0x3F1C1EF2E6019EAC646CE45227155EB4C45A2705
>
> Get and save the key for analysis:
>
>   http://keyserver.timlukas.de:11371/pks/lookup?op=get&search=0x3F1C1EF2E6019EAC646CE45227155EB4C45A2705
>
> Then:
>
>   %pgpdump lookup | less


OK, now what. :-)

Ideally what I'm looking for is where did that bad key come from, what was the
source of entry into the pool?

- -Jim P.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEECPbAhaBWEfiXj/kxdRlcPb+1fkUFAlx//OYACgkQdRlcPb+1
fkUMjw//ceuXz9Tx2wF78qmOJlJ6+t21seoknevi52Hnn/ePugq/za+PrZfUjmts
XrTDgEZDUdfeQN9Wf6Bg2Ew6FmA3GWVNDYl0xrLvVZDYaRA9BiRopi+UvEpSCw32
y/eOFuj5hquwt2g4QtSqEVvG0fVwLQi9BwieL1FWnoy8XIQY8aQd5HX/bqVv4VEZ
qai2zydRoFn3lWFhhU3IX7TWv2X8emTN9t6Hj1tagHyGNBhiPu69bvQRm/KbQB9z
+pfxVT62+WOxdys8ZCWdD68ROCzDe+HUIRGYmzLTso0LNmNhYbuzkFmbF7TCVYux
oH3ob96bIFjyPZzjEaRCQEleZpbyzFNt7IfdYsnPge27/KaZ3UEmODfV6Elb0ZW6
yUzw1418ZacyINuIlxtPuhgs0m1eDxMdIUkLp2gk4IRs3qzs2OEmR+6HsBusSO4I
L6f+5viWoL0EETATlR9OoQct1zdiVw2zYT0mNGxashGuR5ZVdKrjZsRU+XfAb3r1
qcQd5J6mMHwVeRyuqJ0Zhnte/lYxCjqI/vLct3YgbyACOw4UfXHW0DPj6sAfIymj
E0271b30KbStwuuRbhfw7FkZhozR2qlunV4mnv2Ua6fHVyNlCgALZxG8fbPTVT6a
M7JZJQBFBg6Lh5zEs7aHxSoU2X4dhBW6sH95Blkgs0r40IXqnZ8=
=syu2
-----END PGP SIGNATURE-----


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Debugging a corrupted key

Jeremy T. Bouse

On 3/6/2019 12:01 PM, Jim Popovitch wrote:

> On Wed, 2019-03-06 at 11:44 -0400, Jason Harris wrote:
> > On Wed, Mar 06, 2019 at 09:57:58AM -0500, Jim Popovitch wrote:
> >> Hello!
> >>
> >> What are some investigative techniques to determine how my GPG key was
> >> corrupted.
> >>
> >> gpg --keyserver pool.sks-keyservers.net --recv-key
> >> 0x3F1C1EF2E6019EAC646CE45227155EB4C45A2705
> >> gpg: packet(13) too large
> >> gpg: read_block: read error: Invalid packet
> >> gpg: no valid OpenPGP data found.
> >> gpg: Total number processed: 0
>
> > Look at all the bad userids that need to be filtered out:
>
> >  
> http://keyserver.timlukas.de:11371/pks/lookup?op=index&search=0x3F1C1EF2E6019EAC646CE45227155EB4C45A2705
>
> > Get and save the key for analysis:
>
> >  
> http://keyserver.timlukas.de:11371/pks/lookup?op=get&search=0x3F1C1EF2E6019EAC646CE45227155EB4C45A2705
>
> > Then:
>
> >   %pgpdump lookup | less
>
>
> OK, now what. :-)
>
> Ideally what I'm looking for is where did that bad key come from, what
> was the
> source of entry into the pool?
>
> -Jim P.
>
I've also been taking a look and it appears to have occurred on more
keys at least from what I can find... I've even found a uid on
Kristian's 0x16e0cf8d6b0b9508 key that appears to have been corrupted as
well but I didn't see it on the
0x94CBAFDD30345109561835AA0B7F8B60E3EDFAE3 key listed for
server_contact. Quickest way to see it is when doing a keyserver search
is with a vindex op call. I'm not sure if simply re-uploading a clean
copy of the key will fix it or if it's essentially a key that's
permanently corrupted in the network.


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Debugging a corrupted key

Jim Popovitch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Wed, 2019-03-06 at 16:29 -0500, Jeremy T. Bouse wrote:

> On 3/6/2019 12:01 PM, Jim Popovitch wrote:
> > On Wed, 2019-03-06 at 11:44 -0400, Jason Harris wrote:
> > > On Wed, Mar 06, 2019 at 09:57:58AM -0500, Jim Popovitch wrote:
> > > > Hello!
> > > >
> > > > What are some investigative techniques to determine how my GPG key was
> > > > corrupted.
> > > >
> > > > gpg --keyserver pool.sks-keyservers.net --recv-key
> > > > 0x3F1C1EF2E6019EAC646CE45227155EB4C45A2705
> > > > gpg: packet(13) too large
> > > > gpg: read_block: read error: Invalid packet
> > > > gpg: no valid OpenPGP data found.
> > > > gpg: Total number processed: 0
> > > Look at all the bad userids that need to be filtered out:
> > >   
> >
> > http://keyserver.timlukas.de:11371/pks/lookup?op=index&search=0x3F1C1EF2E6019EAC646CE45227155EB4C45A2705
> >
> > > Get and save the key for analysis:
> > >   
> >
> > http://keyserver.timlukas.de:11371/pks/lookup?op=get&search=0x3F1C1EF2E6019EAC646CE45227155EB4C45A2705
> >
> > > Then:
> > >    %pgpdump lookup | less
> >
> >
> > OK, now what. :-)
> >
> > Ideally what I'm looking for is where did that bad key come from, what
> > was the
> > source of entry into the pool?
> >
> > -Jim P.
> >
>
> I've also been taking a look and it appears to have occurred on more
> keys at least from what I can find... I've even found a uid on
> Kristian's 0x16e0cf8d6b0b9508 key that appears to have been corrupted as
> well but I didn't see it on the
> 0x94CBAFDD30345109561835AA0B7F8B60E3EDFAE3 key listed for
> server_contact. Quickest way to see it is when doing a keyserver search
> is with a vindex op call. I'm not sure if simply re-uploading a clean
> copy of the key will fix it or if it's essentially a key that's
> permanently corrupted in the network.

FWIW, I tried, and was unable, to drop and re-upload a clean copy of my key.
The drop logged as if the key was removed, but a search found the corrupted
key remained.  I rebuild the DB and my key is presently clean, but I do find
others ([hidden email] is one of them)

- -Jim P.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEECPbAhaBWEfiXj/kxdRlcPb+1fkUFAlyAPqwACgkQdRlcPb+1
fkXx2RAAihqT0BA5BVG7v/oD2xiQWPBtg5P8DQwqiJvrtdeCV7YZivezYNjM69Jx
EtRwwD9wayZVCAYum45B9K7dbO5c1LKeXAcKkgLz/VZrgEClIwhwwPL+Dn4K6/Ns
+xigZVykN4ofGCNpbA+AiYp5epe4sr5qVOl9YZ+t0yy5NjmcAGTTCPDu49toehPv
XN3jgHszz8wyfg8skLl8mluHL4aiaKjXuVUhU2cGiblwrJCBqLeBzl2xke3kyIr+
Cj5jyKdqbNk9ClSaOLVuU86HOzoxbed5k7SFIIGMFDGCCMk+GHfX6aE8U6OfGD/T
GT8icafAPWJufbMcgSmuglXwbaeq+qI2lHZuBlZuNdFuDxtTTKE+tKK38Ax5xAm0
Z7LIMS9MczxswNFizuEkY7gf5cv4Wr+gp/NyeHs1kDEiw8gfbhdSVeukrbjuCzrr
9UTFUghlBrcr0gcQGodF9PEsUsHmW7NPpxN7LXkUWbH4wFnpRaEnHuo3g3kNouS2
i0W3l7mYq/VJSn0ZFIQQf4ONzm6+sgIb9FR0f7R6W38nQtvTBj4NE5znStzi9N+C
MUT5vmt3O0PtbQw8utRh3cUftjVfDtEF7m3EnsrBHeb3H9zWKwhYBdggW/8f6AyI
TO5mAbNp7s8tRMyPGgYd+9jiZ9O/QEEVKtEDv1iyWa7SSoGbVmk=
=i3kN
-----END PGP SIGNATURE-----


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Debugging a corrupted key

Todd Fleisher
If I understand your statement, if you are trying to remove bad data from a key that’s already in the network that is not possible. Once it’s in the network you can only append new attributes to the key, you cannot remove existing data from it. It’s basically a one-way street.

-T

> On Mar 6, 2019, at 1:42 PM, Jim Popovitch <[hidden email]> wrote:
>
> FWIW, I tried, and was unable, to drop and re-upload a clean copy of my key.
> The drop logged as if the key was removed, but a search found the corrupted
> key remained.  I rebuild the DB and my key is presently clean, but I do find
> others ([hidden email] is one of them)
>
> -Jim P.



_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Debugging a corrupted key

Jim Popovitch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Wed, 2019-03-06 at 22:33 -0800, Todd Fleisher wrote:
> If I understand your statement, if you are trying to remove bad data from a key that’s already in the network that is not possible. Once it’s in the network you can only append new attributes to the key, you cannot remove existing data from it. It’s basically a one-way street.
>

I understand the bad data from a key issue, but I believe this is different
than that historical discussion.  What I'm seeing is bogus key data, that
serves no key purpose, and corrupts the sks output.   If the bogus key data
can't be removed, than at a minimum sks shouldn't choke on it.

- -Jim P.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEECPbAhaBWEfiXj/kxdRlcPb+1fkUFAlyBEkgACgkQdRlcPb+1
fkXw8A//ewp8wvDAGcUqY2s0CNRPJkX+H+2rVISrfmMcRtSn4oIGL1ojuFbPEt8X
S4lcRT36cvhRTWqAH6p2LKcEEnkyJ2lc4VGY36u4+qXrY+E8ovU/MF5kAOVbBKM5
PHFwQXCdk+cM9enfkwN7Ws0dxqHbtXn6AZKoRp9pzKmE4rI6ROjz6gKPfYvvuDwa
14YVEfQyVfO+dtY3Yr0/YfSxiEy6qxUHwruF1f6EXk2t4W1iTMzG+3QHgjTHoeSS
T8PvbcBhHCzYY5qrJYIUzr32i2nM0VpNAalJrHTNTW9G5SbgLSdVPaQbyKH01AhG
M98qzYAxcoRpbqFDYfim+KPNa9zo9ftcaYELKSQ0ItxT80YcYX3c1Afx91KY+6Go
TzEK3Eth9YAG+cphP56pMdRQMNXZMV97rjLA1XqvArH0EfglwySp4XQkkPxDfX63
oVRf22c0QDsOZfhjkSkoX6qfhXWwzqgG+XNRTwbiPL0z6ADK2bOvWTEAnVvs4HJO
Zx50OF0t+l9ido/1+h7LPovts7gfogn4ORQoDUrmuQRcZlAe0lE7Xfn1vH1Mv05g
iqQJt7Njz50vyr15pJVK+/Y/692T0lxjv5u4DYaE1LlSwXi2LNK+YTNZYlkOJ/7g
K63Bd+9JOFRPMg0li9GphyG5FcuX63R4HWjXE8fMW/AgENpAjBs=
=ASn0
-----END PGP SIGNATURE-----


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel