On Sat, 21 Apr 2001 20:43:41 +0200 nomad creaktop <[EMAIL PROTECTED]>
writes:
> Hey there.
>
> I know this should probably be aimed at the devel list, but i'm not
>
> subscribed, and i suspect that most people on the devel list also
> subscribe
> this one.
>
> Is it possible that there is a vulnerability with the submission of
> private
> keys to in-freenet keyindeces while inserting the data for that
> key.
>
> OK, that probably wasn't that clear, here is an example:
>
> If I enter:
>
> finsert -keyIndex snarfoo -htl 40 SSK@(priv-key)/image.jpg
> c:\images\image.jpg
>
> then there is output at the end of the process that my key has been
> added
> to snarfoo under KSK@snarfoo1 (or a similar key)
> this key can be retrieved by anyone
> and i have downloaded such a key which subsequently gives the key:
I believe that the -keyIndex command on the freenet CLI is only for
putting keys onto a keyserver, not for inserting files into freenet. So
you basicaly told freenet to insert your private key into that keyserver.
Your mistake, not freenet's. You should have put in your public key,
not private key. finsert -keyIndex snarfoo SSK@(pub-key)/image.jpg is
the proper way to insert a key into a keyserver. Since you already
compromised the security of that subspace you will need to create a new
subspace.
The key listed on the keyserver is the key you put in at the comand line,
period. I don't know if you can insert a key into a keyserver on the
same line that you insert a file on freenet, but it would be nice if you
could. :)
________________________________________________________________
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today! For your FREE software, visit:
http://dl.www.juno.com/get/tagj.
_______________________________________________
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat
