There is a many-year-old 1024 DSA key in the public keyservers under my name. Th

Question

There is a many-year-old 1024 DSA key in the public keyservers under my name. There is a 2048 ELG-E subkey for it. I didn't create these keys, they were created for me by a former employer without my consent. I don't have the private key and it apparently has no expiry date. (Just brilliant). I know there is no way to remove them from the servers, but is there perhaps a way to crack them and issue revocation certificates? Is the cipher sufficiently aged/small to reasonably be able to crack them these days? I'm not really much of an encryption head, I only realised this when I started getting incomprehensible emails, so any help is welcome.

Explanation / Answer

The only exploit I can find on 1024 DSA is a traffic sniffing attack via a flawed pRNG, and it's a little unreasonable.

(If you can crack PGP, let the rest of us know so we can run around with our hair on fire :P)

Here's some ways to mark this key as invalid. However, unless you can get your hands on a revocation certificate, those keys are cast into the void.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.