Skip to content

Instantly share code, notes, and snippets.

@adulau

adulau/hockeypuck-key-removed.md

Created May 27, 2022 07:59
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save adulau/e3127df8b3c61e2faacbebd746519408 to your computer and use it in GitHub Desktop.
Save adulau/e3127df8b3c61e2faacbebd746519408 to your computer and use it in GitHub Desktop.
Download ZIP
How to remove keys from Hockeypuck OpenPGP key server
Raw
hockeypuck-key-removed.md

How to remove keys from Hockeypuck OpenPGP key server

  • First find the Hockeypuck hash of the key(s) to be removed via the web search of your key server instance;
  • On the index, copy the hash value (Hash=HASHVALUE) (it's the hex representation of MD5);
  • Connect to the PostgreSQL interface of your Hockeypuck server;
    • psql hkp
    • Find the corresponding keys from their hash value;
    • select rfingerprint from keys where md5 in ('HASHVALUE');
    • This will return the corresponding fingerprints;
    • Then delete the associated sub-keys;
    • delete from subkeys where rfingerprint in ('RFINGERPRINT');
    • Then delete the main keys;
    • delete from keys where md5 in ('HASHVALUE');
  • Then add the fingerprints in the Hockeypuck server blacklist to avoid reconciliation of the removed keys from other servers;
  • The black-list feature was introduced in Hockeypuck 2.1.0 release;

Blacklist example for hockeypuck

[hockeypuck.openpgp]
blacklist=[
  "2790943722612cf8d9c2db9213de25eed1bb5151",
  "a490d0f4d311a4153e2bb7cadbb802b258acd84f",
  "5c738727ee58786a777c4f1db5aa3fa3486ed7ad",
  "33d51b5621953173ab74b521bdca9f8e3a6c1785",
  "B4530375102C9EB270909C9C006694EB",
  "A73FAA9CF3B7D3864C01BA38C32C7BF3",
  "2E2EBC681E19FF06574B7F22AE5453A45153BD1F",
  "11D33E66C37371DCE4429A9D8BE6E0081569FEC9",
  "4A3C31EDB549E934FAA31CF18A4ED56C1B7D70F8",
  "27B5000E1B27A03DD45E63FDD1C937F64B790FE5",
  "FE1753D8F4CBFC8913C71A73461BB523E2468F79",
  "10659E93DE8ED69F47A8E6A4752E6011A7CEC081",
  "CD30DADCDE54B62476ED5DBDAAC27ADA79FA32F4",
  "C7A23D987C0A2F4A8C2C406595D3C5C466C16F5C",
  "33C251792B7AD4EFA60F3B6F854B81325727766A",
  "C50C58C6A45C7F10332119C31EC6E78556894CF2",
  "9C002FD129AAB3DAAF4886C11BACFFF4421C6F24",
  "22DD2374F7C072B064731B84042EF61F3F2951C3",
  "39762A49F4F92358BA98D0897E4CD9873EAD04E5",
  "90034CCA442A325FEDEB2E0302F6EB3D3523062F",
  "E706E6E2B0062D68E00AD3A71B4E586917D2D55F",
  "4EE0EA407647CE7F893B4D4CD55A56ED08155AA7"
]

Can a user remove their own keys in Hockeypuck? or someone in possession of the private keys?

Yes. It's documented in HIP-1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment