Re: keyserver.insect.com GDRP takedown request

Ced Fri, 27 May 2022 03:01:26 -0700

On Fri, 27 May 2022 06:48:21 +0200
Alexandre Dulaunoy <adu...@foo.be> wrote:


> Hi All,
> 
> Hockeypuck supports blacklists (from version 2.1.0) when you can list
> all the fingerprint keys you want to avoid being synced.
> 
> In addition, you can delete the keys from Hockeypuck (PostgreSQL
> database).
> 
> A key can be deleted from the SQL database in the following way:
> 
> - Query the pks interface for the offending key, get the hash
> fingerprint from Hockeypuck;
> 
> - Connect to Postgresql via psql
> 
> -select rfingerprint from keys where md5 in (<HASHFINGERPRINT>);
> 
> - The returned rfingerprint can be used to delete  to delete the
> subkeys
> 
> delete from subkeys where rfingerprint in (<RFINGERPRINT>);
> 
> - When all subkeys are deleted.
> 
> - delete from keys where md5 in (<HASHFINGERPRINT>)
> 
> Don't forget to add the key in blacklist:
> 
> [hockeypuck.openpgp]
> blacklist=[
>   "KEYFINGERPRINT"]
> 
> I hope this helps.
> 
> 
> Blacklists -> https://github.com/hockeypuck/hockeypuck/releases

Hi Alexandre,

You made my day! I somehow missed this new blacklist feature introduced
in 2.1.0. This is exactly what I was looking/hoping for.

Here are the keys I've been asked to delete in case anyone needs an easy
copy-and-paste:

> diff --git i/hockeypuck.conf w/hockeypuck.conf
> --- i/hockeypuck.conf
> +++ w/hockeypuck.conf
> 
> +[hockeypuck.openpgp]
> +blacklist=[
> +  "4ee0ea407647ce7f893b4d4cd55a56ed08155aa7",
> +  "e706e6e2b0062d68e00ad3a71b4e586917d2d55f",
> +  "90034cca442a325fedeb2e0302f6eb3d3523062f",
> +  "39762a49f4f92358ba98d0897e4cd9873ead04e5",
> +  "22dd2374f7c072b064731b84042ef61f3f2951c3",
> +  "9c002fd129aab3daaf4886c11bacfff4421c6f24",
> +  "c50c58c6a45c7f10332119c31ec6e78556894cf2",
> +  "33c251792b7ad4efa60f3b6f854b81325727766a",
> +  "c7a23d987c0a2f4a8c2c406595d3c5c466c16f5c",
> +  "cd30dadcde54b62476ed5dbdaac27ada79fa32f4",
> +  "10659e93de8ed69f47a8e6a4752e6011a7cec081",
> +  "fe1753d8f4cbfc8913c71a73461bb523e2468f79",
> +  "27b5000e1b27a03dd45e63fdd1c937f64b790fe5",
> +  "4a3c31edb549e934faa31cf18a4ed56c1b7d70f8",
> +  "11d33e66c37371dce4429a9d8be6e0081569fec9",
> +  "2e2ebc681e19ff06574b7f22ae5453a45153bd1f",
> +]

That is 16 keys however only 12 keys were present in Postgresql in my
case:

> hkp=> select rfingerprint from keys where md5 in
> ('db72376c0d739cfe9c0dfad593b146fe',
> '8c48c609644ff786d76ec0f42d3c653b',
> 'fc27c75c60fc832873d8be8b4cd33443',
> 'd4ef3e8ac56e54b6d5eb00dca43e756d',
> '2b8337e73c153e2395d982778638b223',
> 'd89a48fe2d8989824cb643aa2c4efb5a',
> '0531a90ff608dce3a08bdc534df82af8',
> '657d6a3b3eb0b37cc4b76336e698f21e',
> '68cb4a91f5e3d65ae6cd97d70951f41e',
> '4b7f8a95463b513b1b39b9fff7073e8d',
> '8f0207a20e6c3a8f8bcb8a85dbd5bccf',
> 'a875563073af91fce3e44ad3a3c9141a');
> rfingerprint
> ------------------------------------------
> 9cef9651800e6eb8d9a9244ecd17373c66e33d11
> 7aa55180de65a55dc4d4b398f7ec746704ae0ee4
> f55d2d719685e4b17a3da00e86d2600b2e6e607e
> a66772752318b458f6b3f06afe4da7b297152c33
> c5f61c664c5c3d595604c2c8a4f2a0c789d32a7c
> 42f6c1244fffcab11c6884faad3baa921df200c9
> f2603253d3be6f2030e2bedef523a244acc43009
> f1db35154a3545ea22f7b47560ff91e186cbe2e2
> 5ef097b46f739c1ddf36e54dd30a72b1e0005b72
> 8f07d7b1c65de4a81fc13aaf439e945bde13c3a4
> 2fc49865587e6ce13c91123301f7c54a6c85c05c
> 5e40dae3789dc4e7980d89ab85329f4f94a26793
> (12 rows)
> 
> hkp=> delete from subkeys where rfingerprint in (select rfingerprint
> from keys where md5 in ('db72376c0d739cfe9c0dfad593b146fe',
> '8c48c609644ff786d76ec0f42d3c653b',
> 'fc27c75c60fc832873d8be8b4cd33443',
> 'd4ef3e8ac56e54b6d5eb00dca43e756d',
> '2b8337e73c153e2395d982778638b223',
> 'd89a48fe2d8989824cb643aa2c4efb5a',
> '0531a90ff608dce3a08bdc534df82af8',
> '657d6a3b3eb0b37cc4b76336e698f21e',
> '68cb4a91f5e3d65ae6cd97d70951f41e',
> '4b7f8a95463b513b1b39b9fff7073e8d',
> '8f0207a20e6c3a8f8bcb8a85dbd5bccf',
> 'a875563073af91fce3e44ad3a3c9141a'));
> DELETE 12

> hkp=> delete from
> keys where md5 in ('db72376c0d739cfe9c0dfad593b146fe',
> '8c48c609644ff786d76ec0f42d3c653b',
> 'fc27c75c60fc832873d8be8b4cd33443',
> 'd4ef3e8ac56e54b6d5eb00dca43e756d',
> '2b8337e73c153e2395d982778638b223',
> 'd89a48fe2d8989824cb643aa2c4efb5a',
> '0531a90ff608dce3a08bdc534df82af8',
> '657d6a3b3eb0b37cc4b76336e698f21e',
> '68cb4a91f5e3d65ae6cd97d70951f41e',
> '4b7f8a95463b513b1b39b9fff7073e8d',
> '8f0207a20e6c3a8f8bcb8a85dbd5bccf',
> 'a875563073af91fce3e44ad3a3c9141a');
> DELETE 12

Thank you again Alexandre!

Cheers,
Ced

pgpskZ9zK9lHN.pgp
Description: OpenPGP digital signature

Re: keyserver.insect.com GDRP takedown request

Reply via email to