pgp

I was targeted by an attack on GnuPG/PGP

Update: Might not actually be targeted. See Evil 32. Thanks to Ximin Luo for giving me more peace of mind!

Update: I’m not the only one hit by this. Here’s a conversation on GNU social with more people hit - though no one else reported yet having two keys faked and cross-signed.

Update: At the very least you should do this: echo keyid-format long >> ~/.gnupg/gpg.conf

On the 29th of August a colleague asked me “which key should I use to encrypt to you?” I was confused, because I only have one key for that email address. So he showed me the keys he saw:

$ gpg2 --list-keys --fingerprint arne.babenhauserheide
-------------------------------
pub   2048R/A70DA09E 2011-10-07 [expires: 2016-10-05]
uid                  Arne Babenhauserheide <arne.babenhauserheide@kit.edu>
sub   2048R/39829E5F 2011-10-07 [expires: 2016-10-05]

pub   2048R/A70DA09E 2014-06-16 [revoked: 2016-08-16]
uid                  Arne Babenhauserheide <arne.babenhauserheide@kit.edu>
Inhalt abgleichen
Willkommen im Weltenwald!



Beliebte Inhalte

sn.1w6.org news