sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: keyserver.insect.com GDRP takedown request

From: Marcel Waldvogel
Subject: Re: keyserver.insect.com GDRP takedown request
Date: Fri, 27 May 2022 12:38:04 +0200
User-agent: Evolution 3.44.0-1ubuntu1
Thank you for the procedure.

For this specific user, he was helpful enough to include the keyids, so it is somewhat easier:

- Run the following command to get the keyIds for the blacklist to add:
cat < fingerprints.txt | tr A-Z a-z | sed -e "s/^/'/" -e 's/$'"/'/" | tr \\012 ,; echo

- Add them to the blacklist first (so they will not be resynced later)

- Restart the hockeypuck server to reread the config file

- Write the keyids to a file, "fingerprints.txt"

- Run the following command to get the rfingerprints
rev < fingerprints.txt | tr A-Z a-z | sed -e "s/^/'/" -e 's/$'"/'/" | tr \\012 , | sed 's/.$//'; echo

- Run the following to SQL commands with <OUTPUT> replaced by the output of the above script
delete from subkeys where rfingerprint in (<OUTPUT>);
delete from keys where rfingerprint in (<OUTPUT>);

The SQL command for this user (including his keyIDs) will be available for 30 days at https://onice.ch/s/46SJq9ELM9fnHgw . (Not included here, as I do not want to be responsible for his personal information to be archived by the list.)

-Marcel

Am Freitag, dem 27.05.2022 um 06:48 +0200 schrieb Alexandre Dulaunoy:
Hi All,

Hockeypuck supports blacklists (from version 2.1.0) when you can list all the fingerprint keys you want to avoid being synced.

In addition, you can delete the keys from Hockeypuck (PostgreSQL database). 

A key can be deleted from the SQL database in the following way:

- Query the pks interface for the offending key, get the hash fingerprint from Hockeypuck;

- Connect to Postgresql via psql

-select rfingerprint from keys where md5 in (<HASHFINGERPRINT>);

- The returned rfingerprint can be used to delete  to delete the subkeys

delete from subkeys where rfingerprint in (<RFINGERPRINT>);

- When all subkeys are deleted.

delete from keys where md5 in (<HASHFINGERPRINT>)

Don't forget to add the key in blacklist:

[hockeypuck.openpgp]
blacklist=[
  "KEYFINGERPRINT"]
I hope this helps.

Blacklists -> https://github.com/hockeypuck/hockeypuck/releases

On Fri, May 27, 2022 at 6:09 AM Allen Zhong <allen@atr.me> wrote:
Maybe it would be possible for the server to maintain some sort of a
"block list" and reject to receive those keys in the list and also not
returning them to the client? I think that's possible but as it requires
changes of the server software (hockeypuck and sks-server, etc.) it's
not likely to be a quick one.

On 2022/5/27 11:01, Ced wrote:
> If anyone has an idea to prevent the collapse of the few remaining SKS
> keyservers, please let us know otherwise we'll have to take down our
> server too pretty soon :(


reply via email to
[Prev in Thread] Current Thread [Next in Thread]