Re: [Sks-devel] Another Poison Key?

[Kim Minh Kaplan]

PM brent s. wrote:

> well, that's the issue - hkp won't pull it, gpg won't pull it either.
>
> anyone know of a way to dump/extract a specific key from the SKS DB?
> i'd imagine there'd be a bdb way to do it but i'm not that old.

I've just wrote a short snippet to pull out data directly from Berkley
DB (https://www.kim-minh.com/src/misc/bdb-get.c).


For example if I want to pull out the key by ID, use the last 8
characters as the short keyid. For example the short keyid for
748231EBCBD808A14F5E85D28C004C2F93481F6B is 93481F6B.

    $ cc bdb-get.c -ldb
    $ key_id=93481F6B
    $ key_hash=$(./a.out /var/lib/sks-tmp/DB keyid "$key_id" | hexdump
-e '/1 "%02x"')
    $ ./a.out /var/lib/sks-tmp/DB key "$key_hash" | dd bs=1 count=1 | hexdump

The first byte of the key tells how it is stored (keydb.ml, function
skey_of_string). A 0 (zero) means the payload is the key. A 1 or a 2
means that the payload is a pointer into the *.pgp files (that's when
you used fastbuild).

As I do not use fastbuild all my keys are stored with type 0. I can
then get the key itself by just skipping the first (zero) byte.

    $ ./a.out /var/lib/sks-tmp/DB key "$key_hash" | dd bs=1 skip=1
>/tmp/$key_id.pgp

The key_hash is what appears in the recon log.

Hope this can help your troubleshooting.
-- 
Kim Minh.