[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Another Poison Key?
From: |
Kim Minh Kaplan |
Subject: |
Re: [Sks-devel] Another Poison Key? |
Date: |
Sat, 19 Jan 2019 10:47:38 +0000 |
PM brent s. wrote:
> well, that's the issue - hkp won't pull it, gpg won't pull it either.
>
> anyone know of a way to dump/extract a specific key from the SKS DB?
> i'd imagine there'd be a bdb way to do it but i'm not that old.
I've just wrote a short snippet to pull out data directly from Berkley
DB (https://www.kim-minh.com/src/misc/bdb-get.c).
For example if I want to pull out the key by ID, use the last 8
characters as the short keyid. For example the short keyid for
748231EBCBD808A14F5E85D28C004C2F93481F6B is 93481F6B.
$ cc bdb-get.c -ldb
$ key_id=93481F6B
$ key_hash=$(./a.out /var/lib/sks-tmp/DB keyid "$key_id" | hexdump
-e '/1 "%02x"')
$ ./a.out /var/lib/sks-tmp/DB key "$key_hash" | dd bs=1 count=1 | hexdump
The first byte of the key tells how it is stored (keydb.ml, function
skey_of_string). A 0 (zero) means the payload is the key. A 1 or a 2
means that the payload is a pointer into the *.pgp files (that's when
you used fastbuild).
As I do not use fastbuild all my keys are stored with type 0. I can
then get the key itself by just skipping the first (zero) byte.
$ ./a.out /var/lib/sks-tmp/DB key "$key_hash" | dd bs=1 skip=1
>/tmp/$key_id.pgp
The key_hash is what appears in the recon log.
Hope this can help your troubleshooting.
--
Kim Minh.
Re: [Sks-devel] Another Poison Key?, Gabor Kiss, 2019/01/18