125

I want to upload my PGP public key on a public server. Till the time PGP was an independent organization, I heard a lot about KeyServers, but after Symantec acquired PGP, what is the future of these servers?

Is there any other alternative way to keep my public keys online?

RPK
  • 2,703
  • 7
  • 31
  • 41

4 Answers4

130

Yes, keyservers still exist (though the situation has changed since 2011):

  • The SKS Keyserver Pool (stats) is still online, but just barely. Its participants have dwindled since this post was originally written in 2011, dropping from around a hundred to just ~20.

    (Of those, only 1-2 servers participate in the "HKPS" sub-pool, which is used by GnuPG in the default configuration. If your GnuPG reports "General error" when retrieving keys, that's because the pool has completely drained and you must switch to a non-pool URL.)

    As of 2021, the pool is no longer maintained. This doesn't mean that all of the individually-run keyservers comprising it will disappear, but it does mean that the "pool.sks-keyservers.net" URLs will stop working.

  • Some keyservers, such as Ubuntu keyserver, have replaced SKS with more modern and reliable software such as Hockeypuck. They do however still synchronize with the SKS pool.

  • One of the oldest remaining keyservers is pgp.mit.edu (now running SKS software, previously PKS for a long time). It synchronizes with the SKS Keyserver Pool.

  • The old PGP Global Directory is still online, untouched since 2011. It is not part of the SKS pool and doesn't sync with other servers.

  • New standalone servers are showing up, such as keys.openpgp.org (since 2018). This particular server does not synchronize with others, and requires key owners to opt-in to being published.

The SKS software has been written to accept anything that looks vaguely like a PGP key packet to and store it forever. (Its "gossip" protocol only exchanges new packets, but by design has no way to propagate deletions.) This has caused problems for a long time, but started getting massively abused in 2018–2019, which eventually led to the SKS Keyserver Pool's slow demise. Most new keyservers don't have synchronization partly because they want to figure out how to combine opposing goals.

One of the possible alternatives is GnuPG's "Web Key Directory" (WKD) protocol, which simply allows the keys for addresses under a given @domain.tld to be published through HTTP at the same https://domain.tld/. (This of course only works if you know the email address – it's useless if you're verifying signatures and all you have is the key ID or fingerprint.)

Previously there were attempts to implement key publication through DNS (using CERT and PKA). Those methods haven't achieved broad adoption and are no longer supported by GnuPG.

u1686_grawity
  • 426,297
  • 64
  • 894
  • 966
  • When i publish a key( which contains private+public) , does it also publish a private ??? it must not.... – Royi Namir Dec 23 '12 at 11:33
  • @RoyiNamir: No. First, the `gpg` and PGP programs only send the public part of your key. Second, the keyservers themselves remove all private data before publishing received keys. – u1686_grawity Dec 23 '12 at 14:11
  • do you know if in the pgp file , the original filename is stored ? ( for example john encrpyt 1.txt and send it to me as 1.pgp..... can I know - when decrypt - what was the original filename ? ) – Royi Namir Dec 23 '12 at 14:32
  • @RoyiNamir: http://superuser.com/questions/ask and yes, it is. (Except when it's not.) – u1686_grawity Dec 23 '12 at 18:05
  • I asked. i'll be glad to hear your answer. http://superuser.com/questions/523631/pgp-gnupg-what-was-the-original-file – Royi Namir Dec 24 '12 at 08:14
  • 1
    @grawity I don't use PGP Global Directory anymore due to many of the links moving back to symantec and whois information doesn't return with any results which worries me very much. Also the SSL security for PGP Global Directory is [pretty bad](https://www.ssllabs.com/ssltest/analyze.html?d=keyserver.pgp.com) as well. – meguroyama Mar 13 '14 at 07:00
  • 3
    @meguroyama PGP uses its own "Web of trust" for verifying keys, so SSL support in keyservers is only useful for privacy reasons (to hide what keys you retrieve). Many SKS keyservers still lack SSL completely, and while they're slowly adding it, it's not a security problem. – u1686_grawity Mar 15 '14 at 09:23
  • 1
    As for the WHOIS information – you don't know who runs most SKS keyservers either; and this too doesn't matter. – u1686_grawity Mar 15 '14 at 09:25
  • @grawity ok well if that is the case than I suppose it isn't too much of a problem. – meguroyama Mar 18 '14 at 22:42
  • 2
    @meguroyama: Right – the only problem is that the Global Directory is isolated; it does not exchange keys with anything else. On the other hand, all SKS keyservers sync to each other; if one goes down, two dozen others continue working. – u1686_grawity Mar 19 '14 at 11:30
  • some updates as of 2022: pgp.com & sks-keyservers.net seem to be completely out; keys.openpgp.org seems to be the most popular; pgp.mit.edu is the only 1 i know that does retain attached photo id – morgwai Jan 26 '22 at 14:10
  • The SKS *pool* is out, but many of the individual keyservers that used to be there still function under their direct names. – u1686_grawity Jan 26 '22 at 14:44
  • The SKS network continues to exchange keys over "gossip". It's currently active peers and the network graph are availble at [spider.pgpkeys.eu](https://spider.pgpkeys.eu/). `keyserver.ubuntu.com` does [participate in the network](http://keyserver.ubuntu.com/#about). It is currently the [default in GnuPG](https://unix.stackexchange.com/a/352774/423679). `pgp.mit.edu` has [no gossip peers](http://pgp.mit.edu/pks/lookup?op=stats) and doesn't participate in the network anymore. – Roman Riabenko Aug 27 '23 at 15:18
19

As of mid-Sept 2019 three months following launch keys.openpgp.org news has this to say:

It is now used by default in GPGTools, Enigmail, OpenKeychain, GPGSync, Debian, NixOS, and others.

The adoption rates are impressive. According to the news quoted keys.openpgp.org saw in increase from about 2000 to 70K verified email address in a 3 months span just this year year.

If new keyservers are seeing the kind of reception we've seen with keys.openpgp.org it would be hard to say not only are keyservers surviving, they're growing in popularity.

vhs
  • 286
  • 2
  • 9
9

I was facing the same issue today and found that neither keyserver.pgp.com/ nor sks-keyservers.net/ would reply timely to me.

However, I found that keyserver.ubuntu.com worked.

Murch
  • 192
  • 1
  • 6
  • 1
    You should use the high-availability subset of the pool: ha.pool.sks-keyservers.net -- adding more keyservers can decrease the reliability because less reliable servers get queried – Otto Allmendinger Apr 01 '19 at 12:42
0

UPDATE: in 2017 you might want to consider using Keybase, the Social Approach to Public Key Verification.

"Keybase is a free, open source security app. It's also a public directory of people.

The Keybase app helps you perform cryptographically-secure operations with people you know on the Internet: chatting, file sharing, even publishing public documents."

fixer1234
  • 27,064
  • 61
  • 75
  • 116
Gaia
  • 6,699
  • 7
  • 34
  • 39
  • 25
    But Keybase doesn't abide by the public keyserver system at all, and in fact, requires users to store their private keys on their system. It's like proprietary gpg, which one should not trust, imho! – hopeseekr Feb 03 '18 at 21:40
  • but your private keys should be on your own system. only the public key goes to the net. – Gaia Feb 03 '18 at 23:50
  • 3
    It's a known wont-fix issue... https://github.com/keybase/keybase-issues/issues/160 – hopeseekr Feb 09 '18 at 16:26
  • 6
    It's not labeled won't fix, and sending the PK to keybase is an optional feature. See https://github.com/keybase/keybase-issues/issues/160#issuecomment-37070418 and https://github.com/keybase/keybase-issues/issues/160#issuecomment-343015634 – Gaia Feb 09 '18 at 21:12
  • 2
    furthermore, https://blog.filippo.io/on-keybase-dot-io-and-encrypted-private-key-sharing/ – Gaia Feb 09 '18 at 21:13
  • 1
    @Gaia https://github.com/keybase/keybase-issues/issues/160#issuecomment-209709935 – jordanbtucker Feb 21 '18 at 23:54
  • The beauty of keybase is people don't need web of trust / key signing parties to reasonably confirm somebody's key. I may have never met yout, but if I know, say, your Github & Facebook identities, and you posted keybase proof on these, I can verify that public key really belongs to someone controlling those 2 accounts. – Beni Cherniavsky-Paskin Sep 26 '19 at 22:03
  • 4
    Note that Keybase has since been bought by Zoom, who basically do whatever China tells them to. – Zoe Jul 04 '20 at 13:29
  • 1
    @Zoe Zoom is a US Corporation, not a chinese. – Sebi2020 Jan 22 '21 at 00:23
  • 2
    @Sebi2020 never said they were, but they still do a lot of ethically questionable things because China told them to. Zoom also isn't known for good security. That's essentially why they bought keybase. Google `zoom China` -- you sound like you missed the huge controversy (one of them anyway), as well as the ongoing stuff. Still entirely up to you what you do, but if you're not into the prospect of Keybase being altered by Zoom in a way that makes it less secure where it matters, I wouldn't use it. – Zoe Jan 22 '21 at 09:17