Key server

A key server or key server provides access to public keys used in asymmetric cryptosystems are used to a person encrypted messages - for example, via e-mail - to verify their signatures send. In particular, a keyserver offers a convenient, albeit not always cryptographically secured, option for updating keys, which is necessary if a check is to be made to determine whether a key is still valid or has been withdrawn.

Many of these servers are publicly accessible, since the information stored on the server represents the public component of the key pair and, with normal keys, the fastest possible and widespread dissemination is desirable. However, key servers are public not only for reading but also for writing. They only pass on data, but usually do not authenticate them (an exception is the checking of email addresses with the PGP keyserver). The keys have to be authenticated in a different way; this problem does not exist with updates.

On a key server, each user registered there is assigned at least one public key , which usually also contains one or more e-mail addresses and the name of the user. Such a server can be searched for names, email addresses and key IDs.

Well-known programs that use such asymmetrical encryption are the free GnuPG and the proprietary PGP . A well-known server software is the SKS keyserver. In the meantime (2018) there are over 5 million keys in the SKS pool.

Alleged problem

Inexperienced users often criticize the fact that it is not possible with practically all key servers or key server networks to delete a key or parts of it once they have been published.

Forgotten passwords for the private key are a common motivation for this. But this is a misunderstanding, because a public key does not require any distribution control. You can hand this over to attackers without any security risks. A publication of public keys means in any case the loss of control of the distribution. Whether with or without a key server does not matter, because at the latest on the local key rings in which the keys end up, no influence is possible.

A forgotten password for the private key only means that no new messages can be signed / decrypted. In addition, it is not possible to generate new revocation signatures (which invalidate the entire key), which can be a security problem under certain circumstances, especially with keys whose validity does not expire. If you get a new pair of keys, you make it easy for all communication partners to get the new public keys by copying them to a key server. The continued existence of the old public keys is not a problem; on the contrary, it is even necessary, because these older public keys are required to verify the signatures of messages that have already been received.

If it were possible to delete individual keys or parts of them, an attacker could remove unpleasant parts (e.g. revocation certificates), which would have a significant impact on security and would practically destroy the encryption system (see public key infrastructure ).

Issues and data protection

Key servers can be misused as a source of email addresses, for example for sending spam .

Furthermore, attached signatures (see Web of Trust ) can be analyzed and thus the participation of the key holder in social networks can be identified.

Many web servers allow for example the addition of image information according to the standard. This allows a link to be established between the published data, which restricts data protection .

To make matters worse, there is a great risk of misplaced or misused certificates. Abuses cannot be reversed under any circumstances, so that informational self-determination can be violated here.

Another privacy problem is that it is currently not possible to control which signatures are added to a key on a keyserver because the keyservers accept all signatures. In general, this is not a problem, but it is conceivable that someone only wants to publish very specific signatures in a targeted manner, for example in order not to endanger the anonymity of a key. A DoS attack is also possible if someone adds a huge number of signatures to a key and thus makes it unusable. The OpenPGP standard already supports the formal possibility of solving this problem with the key server no-modify flag . However, this has so far been of no consequence, as the majority of keyservers ignore this flag, because the cryptographic check would be associated with a comparatively high level of computing power. In addition, the keyservers live from their mutual synchronization, which would be associated with serious problems if only some of the servers within a network observed this flag.

Web links

Keyserver

SKS Keyserver Association - public, worldwide key server association (English)
PGP Global Directory - public, worldwide keyserver, with the security disadvantage and data protection advantage that keys can be deleted (see under Alleged problem ), not connected to the SKS keyserver network
MIT PGP Public Key Server (English), participant in the SKS Keyserver network
keys.openpgp.org - public, worldwide keyserver, not connected to the SKS keyserver network, publishes identity information only after verification of the email address

software

Synchronizing Key Server (SKS) - a key server software package for OpenPGP (English)

Individual evidence

↑ SKS Keyserver statistics and status
↑ Report on the implementation of DoS attacks on SKS Keyserver. Retrieved December 22, 2019 .
↑ Discussion on the GnuPG mailing list (2012-01-28). Retrieved July 12, 2012 .
↑ Discussion on the GnuPG mailing list (2012-01-28). Retrieved July 12, 2012 .

[1] SKS Keyserver statistics and status

[2] Report on the implementation of DoS attacks on SKS Keyserver. Retrieved December 22, 2019 .

[3] Discussion on the GnuPG mailing list (2012-01-28). Retrieved July 12, 2012 .

[4] Discussion on the GnuPG mailing list (2012-01-28). Retrieved July 12, 2012 .