PGP Lookup

Prompt

Individuals use PGP to securely encrypt their emails, can you find out more about the following PGP keys?

Walk-Through

This challenge involves conducting a lookup on a PGP (Pretty Good Privacy) database. PGP utilizes public-key cryptography wherein a public/private key pair is used to encrypt, decrypt, and sign messages.

If you are unfamiliar with PGP and public-key cryptography, the following articles may be helpful to read before preceding with the challenge:

Wikipedia Article

Varonis Blog Post

PGP cryptography allows a message to be encrypted so that it can only be decrypted by its intended recipient. To achieve this, the sender will use the recipient’s public key to encrypt the message so that only the recipient’s private key can decrypt the message.

Alice requires Bob’s public key in order to encrypt a message so that only his private key may read it
Alice requires Bob’s public key in order to encrypt a message so that only his private key may read it

The premise behind this challenge is that there are public databases that store records of public keys and their owners so that a sender may obtain their recipient’s public key to encrypt a message for them. Solving this challenge requires querying these databases to obtain this information. Some popular PGP lookup databases include, keyserver.ubuntu.com, keys.openpgp.org, and pgp.mit.edu.

There is no one single authoritative source keeping records of public keys, so it is important to compare the results across multiple different databases.

Below is a query using the keyserver.ubuntu.com database

Query results for “security@cpanel.net” on
Query results for “7A39A”… on
Query results for “7A39A”… on keyserver.ubuntu.com

Questions

What is the key fingerprint for security@cpanel.net?

There are two possible options. The fingerprint is the hexadecimal string that follows the rsa4096/ from the screenshot above.

What email address is associated with the key fingerprint 7A39A56B73D1E097D57435CFCDE2DE1DCB2077F2?

The email address is to the right of uid in search results from the screenshot above.

On what date does the above key expire (in UTC)?

The expiry date is indicated with the “key expir” column from the screenshot above. Make sure not to confuse “cr. time” (creation time) with “key expir” (expiry time).

©️ 2024 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.