You are not logged in.
Pages: 1
Any attempt to load keys with 'pacman-key --refresh-keys --keyserver xxx' (xxx being various servers in the format: hkp://pgp.mit.edu:80 or hkps://domain:443) results in "Server indicated a failure". I tried ports 80,443, various servers, nothing works. Help.
Last edited by abc12345 (2022-04-16 20:57:54)
Offline
"Server indicated a failure" (assuming that's the *only* message you get) isn't too helpful, but you could just "pacman -S archlinux-keyring"?
Online
I tried to reinstall it but it is now erroring out because I init'ed pacman-key?
I did a quick spot check of the output of 'pacman-key --list-keys' with what's on https://archlinux.org/master-keys/ and some keys match and some don't.
Offline
I can't say what or why "is now erroring out", but you can install archlinux-keyring offline, from the iso w/ "pacman --sysroot /mnt -Syu archlinux-keyring" (don't forget to mount /mnt/boot if you've a separate boot partition)
Online
I found a good archlinux-keyring. So it's imperative to watch your archlinux-keyring at this point to avoid working off of a tainted keyring? How would I end up using a tainted keyring file? An MTM attack? A tainted mirror?
Offline
Actually I'm still finding that the archlinux-keyring keys are different for some keys. This keyring was downloaded off of an official arch mirror. What am I doing wrong? How do I fix it and avoid getting wrong keys?
Offline
I found a good archlinux-keyring.
Could you provide details of how you achieved that?
So it's imperative to watch your archlinux-keyring at this point to avoid working off of a tainted keyring? How would I end up using a tainted keyring file? An MTM attack? A tainted mirror?
What do you mean by a tainted keyring?
Edit:
Actually I'm still finding that the archlinux-keyring keys are different for some keys.
Please provide an example including the commands used.
Last edited by loqs (2022-04-16 22:26:43)
Offline
Could you provide details of how you achieved that?
Umm, I downloaded it off of one of the official archlinux mirrors. Are you saying this algorithm is no longer safe?
What do you mean by a tainted keyring?
Umm, a tainted keyring is when one of the keys on the keyring has been altered and differs from what we can see on archlinux.org website (if that has not been altered, too).
Please provide an example including the commands used.
Umm, I just list the keys with 'pacman-key --list-keys' and manually crosscheck the keys with information on archlinux.org website.
Offline
Umm, I just list the keys with 'pacman-key --list-keys' and manually crosscheck the keys with information on archlinux.org website.
Please provide the output of `pacman-key --list-sigs` for a key that you find differing.
Offline
pub rsa4096 2013-03-22 [SC] [expires: 2023-10-31]
0E87D6C3F9AF7FDED0C8588D22E3B67B4A86FDE7
uid [ full ] Dan Printzell <me@vild.io>
sig 3 22E3B67B4A86FDE7 2021-10-31 Dan Printzell <me@vild.io>
sig BA1DFB64FFF979E7 2018-10-04 Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig 9B729B06A680C281 2017-09-04 Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig 3348882F6AC6A4C2 2017-08-15 Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig A88E23E377514E00 2017-08-12 Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
uid [marginal] Dan Printzell <arch@vild.io>
sig 3 22E3B67B4A86FDE7 2021-10-31 Dan Printzell <me@vild.io>
sig BA1DFB64FFF979E7 2018-10-04 Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig 9B729B06A680C281 2017-09-04 Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig 3348882F6AC6A4C2 2017-08-15 Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
uid [ unknown] Dan Printzell <dan@mutate.se>
sig 3 22E3B67B4A86FDE7 2021-10-31 Dan Printzell <me@vild.io>
uid [marginal] Dan Printzell <xwildn00bx@gmail.com>
sig 3 22E3B67B4A86FDE7 2021-10-31 Dan Printzell <me@vild.io>
sig BA1DFB64FFF979E7 2018-10-04 Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig 9B729B06A680C281 2017-09-04 Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig A88E23E377514E00 2017-08-12 Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sub rsa4096 2017-03-09 [ S]pub rsa4096 2013-03-22 [SC] [expires: 2023-10-31]
0E87D6C3F9AF7FDED0C8588D22E3B67B4A86FDE7
uid [ full ] Dan Printzell <me@vild.io>
sig 3 22E3B67B4A86FDE7 2021-10-31 Dan Printzell <me@vild.io>
sig BA1DFB64FFF979E7 2018-10-04 Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig 9B729B06A680C281 2017-09-04 Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig 3348882F6AC6A4C2 2017-08-15 Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig A88E23E377514E00 2017-08-12 Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
uid [marginal] Dan Printzell <arch@vild.io>
sig 3 22E3B67B4A86FDE7 2021-10-31 Dan Printzell <me@vild.io>
sig BA1DFB64FFF979E7 2018-10-04 Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig 9B729B06A680C281 2017-09-04 Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig 3348882F6AC6A4C2 2017-08-15 Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
uid [ unknown] Dan Printzell <dan@mutate.se>
sig 3 22E3B67B4A86FDE7 2021-10-31 Dan Printzell <me@vild.io>
uid [marginal] Dan Printzell <xwildn00bx@gmail.com>
sig 3 22E3B67B4A86FDE7 2021-10-31 Dan Printzell <me@vild.io>
sig BA1DFB64FFF979E7 2018-10-04 Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig 9B729B06A680C281 2017-09-04 Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig A88E23E377514E00 2017-08-12 Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sub rsa4096 2017-03-09 [ S] [expires: 2023-10-31]
sig 22E3B67B4A86FDE7 2021-10-31 Dan Printzell <me@vild.io>
sub rsa4096 2013-03-22 [E] [expires: 2023-10-31]
sig 22E3B67B4A86FDE7 2021-10-31 Dan Printzell <me@vild.io>
[expires: 2023-10-31]
sig 22E3B67B4A86FDE7 2021-10-31 Dan Printzell <me@vild.io>
sub rsa4096 2013-03-22 [E] [expires: 2023-10-31]
sig 22E3B67B4A86FDE7 2021-10-31 Dan Printzell <me@vild.io>
Offline
It's different algorithm than what is shown on archlinux.org (eddsa263 on the website and rsa4096 in the keyring). It is also a different issue date.
Last edited by abc12345 (2022-04-16 22:51:16)
Offline
And this is what I get on the website linked from https://archlinux.org/master-keys/: (https://keyserver.ubuntu.com/pks/lookup … C5F2DF9BC5)
Search results for '0x60939E55F6D5ABF7EE419F08B1A1D3C5F2DF9BC5'
Type bits/keyID cr. time exp time key expir
pub eddsa263/60939e55f6d5abf7ee419f08b1a1d3c5f2df9bc5 2021-10-31T00:48:09Z
Hash=862468ce869c17813da594cda6e0201d
uid Dan Printzell <me@vild.io>
sig sig b1a1d3c5f2df9bc5 2021-10-31T03:18:08Z 2023-10-31T00:48:09Z ____________________ [selfsig]
sig sig b1a1d3c5f2df9bc5 2021-10-31T00:48:09Z 2023-10-31T00:48:09Z ____________________ [selfsig]
sig sig 22e3b67b4a86fde7 2021-10-31T03:16:28Z ____________________ ____________________ 22e3b67b4a86fde7
uid Dan Printzell <dan@mutate.se>
sig sig b1a1d3c5f2df9bc5 2021-10-31T01:13:40Z 2023-10-31T00:48:09Z ____________________ [selfsig]
sig sig 22e3b67b4a86fde7 2021-10-31T03:16:28Z ____________________ ____________________ 22e3b67b4a86fde7
uid Dan Printzell <arch@vild.io>
sig sig b1a1d3c5f2df9bc5 2021-10-31T01:13:25Z 2023-10-31T00:48:09Z ____________________ [selfsig]
sig sig 22e3b67b4a86fde7 2021-10-31T03:16:28Z ____________________ ____________________ 22e3b67b4a86fde7
uid Dan Printzell <wild@archlinux.org>
sig sig b1a1d3c5f2df9bc5 2021-10-31T01:13:06Z 2023-10-31T00:48:09Z ____________________ [selfsig]
sig sig 22e3b67b4a86fde7 2021-10-31T03:16:28Z ____________________ ____________________ 22e3b67b4a86fde7
sig sig 4dc95b6d7be9892e 2021-10-31T17:11:39Z ____________________ ____________________ 4dc95b6d7be9892e
sig sig 3348882f6ac6a4c2 2021-11-07T09:36:43Z ____________________ ____________________ 3348882f6ac6a4c2
sig sig a88e23e377514e00 2021-11-07T09:45:59Z ____________________ ____________________ a88e23e377514e00
uid Dan Printzell <xwildn00bx@gmail.com>
sig sig b1a1d3c5f2df9bc5 2021-10-31T01:12:28Z 2023-10-31T00:48:09Z ____________________ [selfsig]
sig sig 22e3b67b4a86fde7 2021-10-31T03:16:28Z ____________________ ____________________ 22e3b67b4a86fde7
sub eddsa263/35f7937f08f19fffc4f2b34d3472c03b45282822 2021-10-31T00:50:23Z
sig sbind b1a1d3c5f2df9bc5 2021-10-31T00:50:23Z ____________________ 2023-10-31T00:50:23Z []
sub ecdh263/3691821effe6e28bdc159f4a2ea27dc91ddec5bd 2021-10-31T00:48:09Z
sig sbind b1a1d3c5f2df9bc5 2021-10-31T00:48:09Z ____________________ 2023-10-31T00:48:09Z []
Last edited by abc12345 (2022-04-16 23:06:30)
Offline
If your is the last post in a thread please edit it rather than creating a new post. Also please use code tags.
Are both keys not in pacman's keyring?
pacman-key --list-sigs 0E87D6C3F9AF7FDED0C8588D22E3B67B4A86FDE7 60939E55F6D5ABF7EE419F08B1A1D3C5F2DF9BC5Offline
Yes, they both are in pacman's keyring.
Offline
Which matches https://gitlab.archlinux.org/archlinux/ … kager/wild while the website only shows one key. Possibly a limitation of the website?
Offline
Why would there be two valid as of this date official keys?
Offline
Compatibility?
ed25519 might be the "better™" algo, but not as widely supported as RSA, so there rsa4096 for those cases.
The important aspect is the WOT, both keys are signed by three arch master keys, so if you trust those keys, you trust both of Dan's keys.
Online
Pages: 1