IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [key-server]

28 questions
22
votes
1 answer

Sending the GPG key to keyserver

Today I started learning how to work with GPG keys. I successfully generated a pair for me, and imported some other keys, encrypted some files and successfully decrypted them. I want to send my GPG key to the keyserver, but I cannot seem to be able…
Ionică Bizău
  • 813
  • 2
  • 10
  • 15
11
votes
1 answer

How long before a key is visible on a key server?

I am playing with GPGTools on a Mac and quite liking it so far, the GUI makes it nice to handle keys. I am using the default hkps://hkps.pool.sks-keyservers.net key server, to which I have uploaded my public key. However after a day, if I look for…
user1301428
  • 1,927
  • 1
  • 23
  • 28
8
votes
1 answer

How is HSM access gated?

On the backend if I use a HSM (or even have the master key on a physical server), I need to do operations using that key. That means the app server is going to call into the HSM (or keyserver). What is the usual practice of authenticating calls to…
user220201
  • 893
  • 9
  • 22
6
votes
2 answers

Comparing allegedly identical OpenPGP keys published through different channels

tldr version: When I try to compare public keys that are supposed to be for the same entity the versions I get through different channels are NOT the same and the ones that I download as a file like somekey.sig.asc are smaller files. I'm trying to…
Lew Rockwell Fan
  • 63
  • 5
5
votes
1 answer

Is `gpg --refresh-keys` secure and where is this documented?

From the gpg manual: --refresh-keys Request updates from a keyserver for keys that already exist on the local keyring. This is useful for updating a key with the latest signatures, user IDs, etc. Calling this with no arguments will refresh the…
Tino
  • 191
  • 6
4
votes
1 answer

Which tool/key manager to manage people's public keys in organization?

I'm not really an expert on different key types but here it goes. My company never really managed keys. We have an SKS server that was set up to manage GPG keys for a couple of users sending encrypted documents. Now a new requirement has come up:…
JoeSlav
  • 61
  • 5
4
votes
1 answer

What would happen if a public key server is compromised?

What would happen if in someway a public key server, let's say the MIT PGP key server, was compromised and some keys would be edited to an attacker's public key? Is this even possible? Would that be detected quickly? What course of action would be…
woutar
  • 43
  • 4
3
votes
1 answer

How do I check who a public PGP/RSA key belongs to?

I am new to public key cryptography. I see from keyservers it's possible to do a look up for public keys associated with an email address. Is there a reverse function available to check what email/domain a public key relates to. I have several of…
user1561108
  • 133
  • 1
  • 5
2
votes
1 answer

Encryption Engine vs Key Server

What is the difference (if any) between a Key Server and an Encryption Engine? Is a Key Server also the same as a Key Manager? I've seen the terms Encryption Engine, Key Server and Key Manager used interchangeably and now I'm very confused. Are…
tattie-scone
  • 21
  • 2
1
vote
1 answer

How does one publish UID revocations in the age of Hagrid?

I have published my gpg key on keys.openpgp.org, keyserver.ubuntu.com, and my own WKDs corresponding to each of the two email addresses on my own domains. Another user updated my public key from my WKD (per my instruction using gpg --auto-key-locate…
Murch
  • 111
  • 4
1
vote
1 answer

Can I change expiration date of a gpg key I've already sent to a key server?

ArchLinux wiki page on GnuPG reads Once a key has been submitted to a keyserver, it cannot be deleted from the server. Does that mean that also the expiration date with which I published the key via gpg --send-keys key-id cannot be changed?
Enlico
  • 153
  • 7
1
vote
0 answers

Best Practices to Store Sensitive Information in Desktop Application (Electron)

I'm working in a desktop application using Electron.js with React.js and I have to store some sensitive information like API keys and database credentials. So I started digging and decided to encrypt the database credentials in a JSON file with an…
gasscoelho
  • 111
  • 1
1
vote
1 answer

Implementing key vault and key rotation for a non-cloud application

I have a desktop application written in Python. The application is connects with an external SAP HANA service and pulls data. There are couple of configuration files where several connection string are stored unencrypted as of now. I want to encrypt…
RPK
  • 195
  • 1
  • 1
  • 7
1
vote
0 answers

How does a GPG Keyserver deal with conflicting signatures?

Part of the web of trust of GPG is the use of Keyservers to publish/distribute versions of public keys. It's encouraged of course to sign public keys you trust so the the web may grow. How does a Keyserver deal with the following scenario: I sign a…
Woodstock
  • 679
  • 6
  • 20
1
vote
0 answers

How do I check if my key is updated in a keyserver after I resend it with new signatures?

I'm working in a task for class where I need to sign my public key with 3 signatures. After I got them, I need to send my key back to the keyserver with these 3 new signatures. The thing is that when I search for my key, I just get an output that…
Adrián Jaramillo
  • 111
  • 2
1
2