Keys replaced without authorization during update
Who is Alexandru Rosianu Bintray and why is he showing up on my machine? And where are my keys!?!?!
After updating a Linux Mint box I could not use gpg --list-keys without getting a permission denied error. It was now owned by root. After changing the permissions of my ~/.gnupg back to me (using sudo chown -R gdeward.gdeward ~/.gnupg), the gpg --list-keys command works but my keys have been replaced with one key from this Alexandru guy! See for yourself:
gdeward@devwks01: ~/
$ gpg --list-keys
/home/gdeward/
-------
pub 4096R/xxxxxxxx 2016-01-29 [expires: 2020-01-29]
uid Alexandru Rosianu Bintray <<email address hidden>>
sub 4096R/xxxxxxxx 2016-01-29 [expires: 2020-01-29]
(I masked the key IDs, that were actually shown, from the snippet above.)
Important:
I originally built this machine using dotfiles tweaked from Catalin Maris, available here on GitHub. That install caused me to create new keys on GitHub. They were listed here prior to me doing an apt-get upgrade.
Searching for a list of GPG packages shows:
gdeward@devwks01: ~
$ apt list --installed | grep gpg
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
gpgv/xenial-
libgpg-
libgpgme11/
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu gnupg Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask Greg Deward for more information if necessary.