The "Evil32" attack on PGP keys included me / 2016-08-30

2016-08-30 The "Evil32" attack on PGP keys included me
Attention: this item is more than 5 years old, links can be broken and information can have been updated.
PGP logo Recently there was some news about Duplicate PGP Keys and I looked up the keys associated with my e-mail address / short PGP id:
koos@greenblatt:~$ gpg --search-key F0D7C263
gpg: searching for "F0D7C263" from hkp server pgp.surfnet.nl
(1)     Koos van den Hout <koos@kzdoos.xs4all.nl>
          1024 bit RSA key 7BB7472D18B1B64D20BD63E9B81DABE5F0D7C263, created: 2014-06-16 (revoked)
(2)     Koos van den Hout <koos@idefix.net>
        Koos van den Hout <koos@wu-ftpd.org>
        Koos van den Hout <koos@pizza.hvu.nl>
        Koos van den Hout <koos@kzdoos.xs4all.nl>
        Koos van den Hout (http://idefix.net/) <koos+website@idefix.net>
          1024 bit DSA key 1B8F6AA16EF5949871CBE48E2C663B5DF0D7C263, created: 1998-12-17
Keys 1-2 of 2 for "F0D7C263".  Enter number(s), N)ext, or Q)uit > q
As visible the "fake" key is already revoked. The NCSC article has a lot more explanation.

The key I currently use for my private e-mail has:
pub   1024D/0x2C663B5DF0D7C263 1998-12-17
      Key fingerprint = 1B8F 6AA1 6EF5 9498 71CB  E48E 2C66 3B5D F0D7 C263
uid                            Koos van den Hout <koos@kzdoos.xs4all.nl>
uid                            Koos van den Hout <koos@idefix.net>
uid                            Koos van den Hout (http://idefix.net/) <koos+website@idefix.net>
sub   2048g/0x85019597CD125A2B 1998-12-17
sub   4096g/0xCC166EB91F480E9A 2011-01-11 [expires: 2017-09-14]
sub   2048R/0x8F414665C4B517C1 2015-09-15 [expires: 2017-09-14]
And on 2016-09-05 I decided it was time for a new private e-mail GnuPG/PGP key anyway:
pub   4096R/0x5BA9368BE6F334E4 2016-09-05 [expires: 2021-09-04]
      Key fingerprint = 979B CF89 EBBF 9AC9 6A14  F56A 5BA9 368B E6F3 34E4
uid                            Koos van den Hout <koos@kzdoos.xs4all.nl>
uid                            Koos van den Hout (http://idefix.net/) <koos+website@idefix.net>
uid                            [jpeg image of size 11615]
uid                            Koos van den Hout <koos@idefix.net>
sub   4096R/0x308216DA78517E3D 2016-09-05 [expires: 2021-09-04]
sub   4096R/0x3B17C9ABE4A3C916 2016-09-05 [expires: 2021-09-04]
But if you really want to be sure check in person.

I updated my .gnupg/gpg.conf with:
keyid-format 0xlong
to always show the longer key ID.

Tags: , ,

IPv6 check

Running test...
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites
This page generated by $Id: newsitem.cgi,v 1.62 2023/09/19 14:49:50 koos Exp $ in 0.011033 seconds.