Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to remove keys from Hockeypuck OpenPGP key server

How to remove keys from Hockeypuck OpenPGP key server

  • First find the Hockeypuck hash of the key(s) to be removed via the web search of your key server instance;
  • On the index, copy the hash value (Hash=HASHVALUE) (it's the hex representation of MD5);
  • Connect to the PostgreSQL interface of your Hockeypuck server;
    • psql hkp
    • Find the corresponding keys from their hash value;
    • select rfingerprint from keys where md5 in ('HASHVALUE');
    • This will return the corresponding fingerprints;
    • Then delete the associated sub-keys;
    • delete from subkeys where rfingerprint in ('RFINGERPRINT');
    • Then delete the main keys;
    • delete from keys where md5 in ('HASHVALUE');
  • Then add the fingerprints in the Hockeypuck server blacklist to avoid reconciliation of the removed keys from other servers;
  • The black-list feature was introduced in Hockeypuck 2.1.0 release;

Blacklist example for hockeypuck

[hockeypuck.openpgp]
blacklist=[
  "2790943722612cf8d9c2db9213de25eed1bb5151",
  "a490d0f4d311a4153e2bb7cadbb802b258acd84f",
  "5c738727ee58786a777c4f1db5aa3fa3486ed7ad",
  "33d51b5621953173ab74b521bdca9f8e3a6c1785",
  "B4530375102C9EB270909C9C006694EB",
  "A73FAA9CF3B7D3864C01BA38C32C7BF3",
  "2E2EBC681E19FF06574B7F22AE5453A45153BD1F",
  "11D33E66C37371DCE4429A9D8BE6E0081569FEC9",
  "4A3C31EDB549E934FAA31CF18A4ED56C1B7D70F8",
  "27B5000E1B27A03DD45E63FDD1C937F64B790FE5",
  "FE1753D8F4CBFC8913C71A73461BB523E2468F79",
  "10659E93DE8ED69F47A8E6A4752E6011A7CEC081",
  "CD30DADCDE54B62476ED5DBDAAC27ADA79FA32F4",
  "C7A23D987C0A2F4A8C2C406595D3C5C466C16F5C",
  "33C251792B7AD4EFA60F3B6F854B81325727766A",
  "C50C58C6A45C7F10332119C31EC6E78556894CF2",
  "9C002FD129AAB3DAAF4886C11BACFFF4421C6F24",
  "22DD2374F7C072B064731B84042EF61F3F2951C3",
  "39762A49F4F92358BA98D0897E4CD9873EAD04E5",
  "90034CCA442A325FEDEB2E0302F6EB3D3523062F",
  "E706E6E2B0062D68E00AD3A71B4E586917D2D55F",
  "4EE0EA407647CE7F893B4D4CD55A56ED08155AA7"
]

Can a user remove their own keys in Hockeypuck? or someone in possession of the private keys?

Yes. It's documented in HIP-1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment