National Cyber Security Centre - Ministry of Security and Justice

Duplicate PGP Keys

Last change :
17-08-2016
First publication:
10-08-2016
Version:
1.1
Type:
Factsheet

Recently it was noticed that many duplicate PGP keys have been submitted to the keyservers. These keys have the same ‘user-ID’ (e-mail address) and `key-ID’. The ‘key-ID’ is formed by the last 32 bits of a key. When searching for an e-mail address or short`key-ID’, it is possible that the duplicate key is retrieved. This method has been published in 2014 as the Evil32 attack.

The researchers of the Evil32 attack have created a large set of duplicate keys in 2014. SURFcert and NCSC have determined that this set has been submitted to the keyservers last June.

Update 17/08: As per August 16, 2016 the authors of Evil32 have noticed that the duplicate keys are revoked. This will help to eliminate any confusion regarding the duplicate keys.

 

Impact

The duplicate PGP keys only have the last 32 bits in common. The duplicate keys cannot be used to decrypt existing messages.

A key for a new or unknown recipient is usually downloaded from the keyservers. Senders are expected to verify a key after retrieving it. If only the ‘key-ID’ is checked, it is possible that a duplicate key will be used for encrypting messages.

If a message is encrypted using a duplicated PGP key rather than the original PGP key, the intended recipient will not be able to read the message. The available collection of duplicate PGP keys contains no secret keys. These keys cannot be used directly by attackers to decrypt messages. The software that is used to generate the set of keys set is freely available. Others can also use this software to generate other duplicate keys where the secret key is still available.

Perspective for action

Some characteristics of duplicate keys are described below that can be used to recognize them. By recognizing them, a user can avoid using them. The NCSC recommends that when adding new keys, users always check the entire fingerprint, for example by verifying with the owner by phone.

 

Identifying duplicate key

A generated duplicate key can, among other ways, be recognized by the lack of “subkeys”. By searching by name or short 'key ID' on the PGP key server, a user can check their own PGP key. In this manner, it can be established whether there is a duplicate key has been published. If a duplicate key is found, verify with your contacts that they are indeed using the correct key.

 

Identify and mitigate the use of duplicate keys

If a duplicate key is in circulation, third parties may have used them. As a result, e-mail messages may be unreadable because decrypting with the original key does not work. Ask the sender to make the duplicate key to their keyring unusable by setting it to “disable”.

Consider generating a new PGP key if a duplicate key is in circulation for your email address. Share the new fingerprint with your contacts.

CSAN 2016

CSAN 2015