Impact of SKS Keyserver Poisoning on Gentoo(gentoo.org) |
Impact of SKS Keyserver Poisoning on Gentoo(gentoo.org) |
> If you are looking for them, you may try keys.openpgp.org keyserver that is not vulnerable to the attack, at the cost of stripping all signatures and unverified UIDs.
I have also been unable to get keys.openpgp.org to work For example:
gpg --keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion --recv-keys 0x4E2C6E8793298290
gpg: key 0x4E2C6E8793298290: no user ID
gpg: Total number processed: 1
They talk about that here:https://keys.openpgp.org/about/faq#older-gnupg
I'm on Archlinux, my gnupg is 2.2.16, libgcrypt 1.8.4 which are currently the the latest https://gnupg.org/download/index.html