bits 0x46 - Calender Week 12, 2024

public keyservers … am I doxing myself?

One feature of keyservers is, if you upload a certificate, it never goes away.

And in most cases, the certificates are only monotonic incremental, the problem is, you can not remove a subkey or keyid without revoking it, and even if you revoked it, the information together with the revocation cert, stays on the keyserver.

For example, here is my pgp key: here I have 3 keyids and 2 subkeys.

$ gpg --list-secret-keys -------------------------------
sec   rsa4096 2020-06-07 [SC]
uid           [ultimate] shrik3 <>
uid           [ultimate] shrik3 <>
uid           [ultimate] Tianhao Wang (school mail) <>
ssb   rsa4096 2020-06-07 [E] [expires: 2025-12-11]
ssb   rsa4096 2022-11-15 [S] [expires: 2025-12-11]

Once the pubkey is uploaded to a keyserver, there is no going back. If I decided that I shouldn’t associate my name and school email to my legal name, I can only revoke those identities by uploading a revocation cert. It’s impossible to take it down for good1.

As matter of fact I’m already regretting uploading my certificates to the keyservers. Anyways from now on I won’t upload any certificate to keyservers other than openpgp anymore…

Why monoton?
It may sound horrible that your information can’t be deleted from the keyserver, but there are some certain security concerns. For example if the revoked identities and keys are removed from the keyserver together with the revocation cert

  • For people who do not have your old certificates, there is no way to validate a signature created before the revocation.
  • For people who already hold your old certificates, there would be no way to pass the words “hey, xyz is revoked, don’t use them anymore”: They will not invalidate a subkey or identity unless they see a revocation cert

I can imagine a DoS attack on the keyservers…..

Fuck it, I’ll fix it myself

One good thing about open source is that if a program is broken or missing some features, I can


Good Reads

Learn X in Y Minutes
What’s the matter with PGP? - by Matthew Green
GPG And Me
Ligatures in programming fonts: hell no
Inside Yubikey Neo

  1. allows to edit key via web interface, with an authentication email sent to one of the keyid addresses. and does not allow editting at all. ↩︎

[+] click to leave a comment [+]
the comment system on this blog works via email. The button
below will generate a mailto: link based on this page's url 
and invoke your email client - please edit the comment there!

[optional] even better, encrypt the email with my public key

- don't modify the subject field
- specify a nickname, otherwise your comment will be shown as   
- your email address will not be disclosed
- you agree that the comment is to be made public.
- to take down a comment, send the request via email.

[BITS] - the weekly archive -
bits 0x53 - Week 28 ~ ?, 2024 (WIP)
bits 0x52 - Week 17~27, 2024 [VOID]
bits 0x51 - Calender Week 17, 2024
bits 0x50 - Calender Week 16, 2024
bits 0x49 - Calender Week 15, 2024
bits 0x48 - Calender Week 14, 2024
bits 0x47 - Calender Week 13, 2024
bits 0x46 - Calender Week 12, 2024
bits 0x45 - Calender Week 11, 2024
bits 0x44 - Calender Week 10, 2024
bits 0x43 - Calender Week 09, 2024 [VOID]
bits 0x42 - Calender Week 08, 2024 [VA]
bits 0x41 - Calender Week 07, 2024 [VOID]
bits 0x40 - Calender Week 06, 2024 [VOID]
bits 0x39 - Calender Week 05, 2024
bits 0x38 - Calender Week 04, 2024
bits 0x37 - Calender Week 03, 2024
bits 0x36 - Calender Week 02, 2024 [VA]
bits 0x35 - Calender Week 01, 2024
bits 0x34 - Calender Week 52, 2023
bits 0x33 - Calender Week 51, 2023
bits 0x32 - Calender Week 50, 2023 [VOID]
bits 0x31 - Calender Week 49, 2023
bits 0x30 - Calender Week 48, 2023
bits 0x2f - Calender Week 47, 2023
bits 0x2e - Calender Week 46, 2023
bits 0x2d - Calender Week 45, 2023
bits 0x2c - Calender Week 44, 2023
bits 0x2b - Calender Week 43, 2023
bits 0x2a - Calender Week 42, 2023