Preferred keyservers part II

David Shaw dshaw at jabberwocky.com
Tue Jun 1 02:43:49 CEST 2004


On Sun, May 30, 2004 at 09:38:02PM -0400, David Shaw wrote:
> So now that 1.3.6 is out and people are playing with it, here's some
> info on preferred keyservers.  There are actually two uses for
> preferred keyservers, but I'll cover the second use in a later mail.

Here's part II.  The first mail covered how to put a preferred
keyserver on your key.  Since this is located on the key, it doesn't
help anyone get the key for the first time (it's a chicken-and-the-egg
problem).

You're probably all familiar with the auto-key-retrieve feature which
automatically fetches the appropriate key when GnuPG verifies a
signature from a key it does not currently have in the keyring.  This
is similar, except that the person making the signature gets to say
where to get the key from.

Way back in 1.3.3, the option --sig-preferred-keyserver was added.
This is an alternative to the common "x-pgp" mail headers that people
use to indicate where their key is.  It allows you to specify a URL to
your key which is then embedded in any signature you make.  If the
person verifying the signature does not have your key, a message pops
up telling them the URL so they can go get the key.  As of 1.3.6,
retrieval of the key can happen automatically.  In 1.2.x, the message
appears.

To use it, just set the keyserver-option "auto-key-retrieve" and
"honor-keyserver-url".  Note that honor-keyserver-url is on by default
in 1.3.6.

To add keyservers to your own signatures, use "sig-keyserver-url".
The keyserver URL can point to a keyserver:

 sig-keyserver-url hkp://subkeys.pgp.net
 sig-keyserver-url ldap://keyserver.pgp.com

or it can be a HTTP URL (this is what I use):

 sig-keyserver-url http://www.jabberwocky.com/key.asc

You can even point to CGIs on places like Biglumber:
 
 sig-keyserver-url http://www.biglumber.com/x/web?pk=8B93F0C84A9E88B2CAB478DAA6112E1D14B0A058

David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 250 bytes
Desc: not available
Url : /pipermail/attachments/20040531/119a74d4/attachment-0001.bin


More information about the Gnupg-devel mailing list