You are not logged in.

#1 2019-10-14 15:27:57

yuntan_t
Member
Registered: 2019-10-14
Posts: 3

[SOLVED] Cannot import Torvalds's GPG key

I cannnot import Linus Torvalds's GPG key by

gpg --search-keys ABAF11C65A2970B130ABE3C479BE3E4300411886

althought I can import Greg Kroah-Hartman's key by

gpg --search-keys 647F28654894E3BD457199BE38DBBDC86092693E

logs:

$ gpg --search-keys ABAF11C65A2970B130ABE3C479BE3E4300411886
gpg: data source: http://51.38.91.189:11371
(1)     Linus Torvalds <torvalds@kernel.org>
Linus Torvalds <torvalds@linux-foundation.org>
2048 bit RSA key 79BE3E4300411886, 作成: 2011-09-20
Keys 1-1 of 1 for "ABAF11C65A2970B130ABE3C479BE3E4300411886".  番号(s)、N)次、またはQ)中止を入力してください >1

And it hangs.

Last edited by yuntan_t (2019-10-16 06:47:27)

Offline

#2 2019-10-14 15:57:40

progandy
Member
Registered: 2012-05-17
Posts: 3,822

Re: [SOLVED] Cannot import Torvalds's GPG key

There is probably an idiot out there gloating about poisoning this key. The Web of Trust won't work anymore with this key, you could get a clean version from https://keys.openpgp.org/, though.

https://gist.github.com/rjhansen/67ab92 … 8d6955275f

https://blogs.gentoo.org/mgorny/2019/07 … solutions/

Last edited by progandy (2019-10-14 15:58:52)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#3 2019-10-14 17:40:49

loqs
Member
Registered: 2014-03-06
Posts: 11,694

Re: [SOLVED] Cannot import Torvalds's GPG key

It did complete on this sytem but wastes a lot of cpu time.

gpg --search-keys ABAF11C65A2970B130ABE3C479BE3E4300411886
gpg: directory '/home/testuser/.gnupg' created
gpg: keybox '/home/testuser/.gnupg/pubring.kbx' created
gpg: data source: https://209.244.105.201:443
(1)	Linus Torvalds <torvalds@kernel.org>
	Linus Torvalds <torvalds@linux-foundation.org>
	  2048 bit RSA key 79BE3E4300411886, created: 2011-09-20
Keys 1-1 of 1 for "ABAF11C65A2970B130ABE3C479BE3E4300411886".  Enter number(s), N)ext, or Q)uit > 1
gpg: key 79BE3E4300411886: 150216 signatures not checked due to missing keys
gpg: error writing keyring '/home/testuser/.gnupg/pubring.kbx': Provided object is too large
gpg: key 79BE3E4300411886: keyblock too large, retrying with self-sigs-only
gpg: /home/testuser/.gnupg/trustdb.gpg: trustdb created
gpg: key 79BE3E4300411886: public key "Linus Torvalds <torvalds@kernel.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1

As kernel.org provides WKD

gpg --locate-keys torvalds@kernel.org
gpg: directory '/home/testuser/.gnupg' created
gpg: keybox '/home/testuser/.gnupg/pubring.kbx' created
gpg: /home/testuser/.gnupg/trustdb.gpg: trustdb created
gpg: key 79BE3E4300411886: public key "Linus Torvalds <torvalds@kernel.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
pub   rsa2048 2011-09-20 [SC]
      ABAF11C65A2970B130ABE3C479BE3E4300411886
uid           [ unknown] Linus Torvalds <torvalds@kernel.org>
sub   rsa2048 2011-09-20 [E]

Offline

#4 2019-10-14 17:54:07

progandy
Member
Registered: 2012-05-17
Posts: 3,822

Re: [SOLVED] Cannot import Torvalds's GPG key

gpg: error writing keyring '/home/testuser/.gnupg/pubring.kbx': Provided object is too large
gpg: key 79BE3E4300411886: keyblock too large, retrying with self-sigs-only

Here is the mitigation against poisoned keys at work.


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#5 2019-10-16 06:40:13

yuntan_t
Member
Registered: 2019-10-14
Posts: 3

Re: [SOLVED] Cannot import Torvalds's GPG key

Thank you folks, gpg had successfully imported Torvalds's key while I was sleeping.

Offline

#6 2019-10-17 20:48:19

progandy
Member
Registered: 2012-05-17
Posts: 3,822

Re: [SOLVED] Cannot import Torvalds's GPG key

As a final note I'll add that the kernel web of trust with trust paths to Linus lives in a git repository for now:

https://lore.kernel.org/lkml/2019083014 … .i7.local/

https://git.kernel.org/pub/scm/docs/kernel/pgpkeys.git


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

Board footer

Powered by FluxBB