aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/keyringer/functions22
1 files changed, 13 insertions, 9 deletions
diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index dc1ce0f..9fea828 100644
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -368,15 +368,19 @@ function keyringer_check_recipients {
echo "Fatal: please set the full GPG signature hash for key ID $recipient:"
cat <<-EOF
-Recipients file can't have 32-bit keyids (e.g. DEADBEEF or DECAF123). These
-are trivial to spoof. With a few gigs of disk space and a day of time on
-cheap, readily-available hardware, it's possible to build keys to match every
-possible 32-bit keyid. The search space just isn't big enough.
-
-If you're going to specify keys by keyid, they should be specified by full
-160-bit OpenPGP fingerprint. It would be very bad if someone spoofed a keyID
-and caused another participant in a keyringer instance to reencrypt a secret
-store to the spoofed key in addition to your own.
+Please provide a full OpenPGP fingerprint, for example:
+
+ john@doe.com ABCD1234ABCD12345678ABCD1234ABCD12345678
+
+Short key ids (for example, DEADBEEF or DECAF123) are not allowed in
+recipient files because they are easy to spoof. Researchers have proven
+that it is possible to build fake keys to match any possible short key
+id by using a few gigabytes of disk space, and a day of computation on
+common hardware.
+
+Otherwise, the encryption can be broken, if someone spoofs a short key
+id, and causes a participant in a keyringer repository to encrypt
+secrets to a fake key.
EOF
exit 1
else