You are here

Just a heads up for users of GnuPG

1 post / 0 new
Freehunter
Offline
Last seen: 3 weeks 6 days ago
Joined: 2014-06-26 10:21
Just a heads up for users of GnuPG

I'm not an expert, just passing this along as a word of caution.

This is probably not a problem for causal users of GnuGP. Temporarily it would be advisable NOT to refresh certificates from the SKS keyserver network. Particularly if your keyring has GnuPG contributors Robert J. Hansen (rjh) or Daniel Kahn Gillmor (dkg) who were victims of a certificate spamming attack.

Multiple 10s of thousands of certificates were added to possibly three prominant people's public certificates, that causes gnupg to slow down or grind to a halt as it attemps to load or verify a certificate with this many attached certificates.

You can continue to use GnuPG and Enigmail, just don't refesh certificates from the SKS keyserver network.

If you do not have a recent backup of GnuPG and your keyring, trustdb, and other files it would be a good time to make one.

More information at:

SKS Keyserver Network Under Attack · GitHub https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

dkg's blog - OpenPGP Certificate Flooding https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html

Note, mention was made of switching to https://keys.openpgp.org/about/news#2019-06-12-launch , my impression is that it may not yet be fully compatible with GnuPG or Enigmail.

Moved - mod GC