LDAP - GPG interface

Shaun Savage ssavage@infomatec.de
Thu, 19 Oct 2000 17:50:17 +0200


Werner Koch wrote:

Hi folks

I have gotten my first key exported to a LDAP server from gnupg. The
problem I have is I don't have a pgpserver so I had to use openldap as
my server and write the code for the server.   The people at openldap
don't like the existing pgp-LDAP interface, so now I am writing my own
interface.  The search will work from all systems but adding new keys
can only work with the new interface.  

overview of changes
added a void* private to the iobuf structure.
added a file server.c and server.h to chain hkp.c hkp.h code
in g10.c replace hkp_export and hkp_import with server_export and 		
server_import
in export.c I save the first signature id in out->private.

all changes use the dn seq=9999,id=XXXXXXXXXXXXXXXX,$(basekeymaint)
the seq is just a unique number and the id is the first signature id.

The reason for these changes are I need a unique DN for each key
maintance packet and all changes require a signature.

gpg <---> LDAP <--- Directory.oc1 <--- LDAP <---> KeyMaintApp
            |-----> Directory.oc2 ----->|

the maintance request come in and are stored in oc2.  the KeyMaintApp
read the data checks validity and then update oc1.

all key searchs use oc1 as where to search.

I worked on key uploading into oc2 first. now I am going to work on
search for oc1.  then KeyMaintApp, the finally other key maintance
actions.
the problem here is when someone uploads a key or changes a key they
will not know the result immediately.  the will have to be email send
back from the KeyMaintApp.

Shaun savage