On Thu, Jan 31, 2019 at 11:47:09PM +0000, Matthew Finkel wrote:
Someone reported difficulty with retrieving 0xEE8CBC9E886DDD89 from the key servers. It seems this is only affecting some of the keyservers (but I don't know which ones because load-balancing).
I was able to reproduce it, but not consistently.
$ gpg --recv-key A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 gpg: packet(13) too large gpg: read_block: read error: Invalid packet gpg: no valid OpenPGP data found. gpg: Total number processed: 0
This error seems suspiciously similar to this sks-keyserver bug[0].
Yes, it seems like it's the the same issue. Someone made an extremely huge key (about 2 MiB in size) with he id 0x4F3F50786C401DCE that has a whole bunch of binary data as its uid.
As a workaround in the meantime until this is fixed, if someone needs the package signing key right now, I uploaded a backup to my website:
https://www.parckwart.de/files/nuclear_waste/tor_deb_archive_signing_key.asc http://45tbhx5prlejzjgn36nqaxqb6qnm73pbohuvqkpxz2zowh57bxqawkid.onion/files/...
Of cource, you shouldn't simply trust the key I give you, but check its validity. It has most of the signatures, like arma's for example, as I downloaded it from an SKS keyserver about a week ago.