News

The PGP Ecosystem is Under Attack by Certificate Spammers

By Bill Toulas / July 4, 2019

PGP’s (Pretty Good Privacy) net server network is currently under attack, and it seems to be bad, consistent, persistent, and non-solvable. The attackers are unknown, and the targets are R.J. Hansen and D.K. Gillmor, both developers of the OpenPGP protocol. OpenPGP is a standard for encrypted and private email communications, supported by a multitude of clients such as the Thunderbird, Outlook, Evolution, Apple Mail, MailDroid, and many more. The ongoing “flooding” of the PGP certificates and signatures with tens of thousands of items makes it impossible for the PGP system to serve anyone and verify the authenticity of communications, rendering the associated software useless and even causing it to break.

Due to the decentralized nature of how the synchronizing key server works, the lack of code overhauling on the codebase for many years now, and the fact that the keyserver system was written on an obscure programming language called OCaml, the known vulnerabilities were never fixed. This means that the certificate spamming attack was something that the associated people acknowledged as a possibility for years, but couldn’t do much to prevent it other than wishing no one decides to go for it seriously. Apparently, someone did exactly that, and the situation is now a hopeless mess.

The problem isn’t only concerning email communications, as many Linux distributions, for example, use PGP to verify the updates that come from its repositories, so this is something affecting a vast userbase right now. One of the developers of the protocol says the way to go now is to take the synchronizing key server out of the PGP. Until that happens, users are advised to delete the poisoned certificates, run “gpg –refresh-keys” again and hope for the best. If that doesn’t work, open “gpg.conf” in a text editor and remove any lines that start with “keyserver”, and then try refreshing again. If your GnuPGP is still working, try to postpone the refreshing of the keys for as long as possible.

High-risk individuals are advised to stop using the keyserver network immediately, as it cannot be trusted anymore. Clearly, the attackers decided to target the two developers in order to make a statement, so for now, they are not after email clients and Linux distributions. If they wanted to cause a truly disruptive and much more widespread outage, they could target the keys of others, getting the poisoned keys distributed much faster everywhere. Still, since poisoned certificates cannot be deleted from the keyserver network as per the design intentions, the number of the nasty certificates will inevitably grow over time.

Have something to say about the above? Feel free to leave your comments in the section down below, or join the discussion on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: