[tor-project] Problems fetching Debian package archive signing key (0xEE8CBC9E886DDD89)
mail at parckwart.de
Fri Feb 1 10:00:41 UTC 2019
On Thu, Jan 31, 2019 at 11:47:09PM +0000, Matthew Finkel wrote:
> Someone reported difficulty with retrieving 0xEE8CBC9E886DDD89 from the
> key servers. It seems this is only affecting some of the keyservers
> (but I don't know which ones because load-balancing).
> I was able to reproduce it, but not consistently.
> $ gpg --recv-key A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
> gpg: packet(13) too large
> gpg: read_block: read error: Invalid packet
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0
> This error seems suspiciously similar to this sks-keyserver bug.
Yes, it seems like it's the the same issue. Someone made an extremely huge key
(about 2 MiB in size) with he id 0x4F3F50786C401DCE that has a whole bunch of
binary data as its uid.
As a workaround in the meantime until this is fixed, if someone needs the
package signing key right now, I uploaded a backup to my website:
Of cource, you shouldn't simply trust the key I give you, but check its
validity. It has most of the signatures, like arma's for example, as I
downloaded it from an SKS keyserver about a week ago.
OpenPGP Key: 47BC7DE83D462E8BED18AA861224DBD299A4F5F3
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the tor-project