Garbled data in keyservers
Stefan Claas
stefan.claas at posteo.de
Mon Dec 10 17:32:36 CET 2018
On Mon, 10 Dec 2018 14:25:08 +0100, Wiktor Kwapisiewicz wrote:
Hi Wiktor,
> That's an interesting idea, it seems GnuPG has some support for sending keys via
> e-mail.
> By the way validation of keys sent from e-mail would require DKIM as it's easy
> to spoof "From" (that's why most solutions send verification e-mails to the
> e-mail address instead of receiving it).
Yes, it seems it would be a good start. However, if unwanted data can then be still
submitted remains to bee seen, because what if anonymous email services would use
DKIM too?
As per Werner's suggestion to make only the fingerprint available for (Web/API) searches,
is also a thing, because like i previously said a list of fingerprints for example can still be
generated and uploaded with a description of a file name, so that users only need to use
a one line like that:
fp=0x1E2CE500D7C6ACD8D41DABAB73253A1F090C53B6
gpg --recv-key $fp | gpg --export $fp > key.asc && gpg --list-packets key.asc |\
grep -e '^:user ID packet: "[[:digit:]]'|sed -e 's/^:user ID packet: "//' |\
sort -n | sed -e 's/^[^@]*@//'| tr -d '"\015\012' | fold -w 76 | base64 -d > Kristian.jpg
And i tried also a modified version of the github program (uploading disabled) and it is
pretty fast imho for generating jpg image content keys. For other binary stuff it is slow.
Regards
Stefan
--
https://www.behance.net/futagoza
https://keybase.io/stefan_claas
More information about the Gnupg-users
mailing list