HKP Server Question

Patrick Brunschwig patrick.brunschwig at gmx.net
Wed Jun 9 10:04:23 CEST 2004 

>> I'm looking into the HKP protocol to find out how I could best
>> implement a key searching function in Enigmail. My main reasons are
>> that the frontend offered by gpg would need an unnecessarily
>> complex implementation from my side, and that Mozilla obviously can
>> easily use HTTP, and can also traverse proxies where you need user
>> authentication.
>> 
>> I have found some drafts of a proposed HKP standard by David, and I
>> have tried a couple of keyservers to see their output. It seems to
>> me that even though many keyservers support the "options=mr" flag,
>> the output can be quite different (e.g. concerning revoked keys).
> 
> This should not be. Can you give me an example?

Compare the "mr" outputs for your own address at pgp.mit.edu with
keyserver.sks.penguin.de

The sks server does not seem to provide the revoked flag (or maybe I
don't know how to interpret the output), whereas pgp.mit.edu doesn't
have the info line, and provides less info about uid's.

>> My question now is: does gpg parse the human readable code and try 
>> to interpret it, or does it use the machine readable format? And is
>>  there some documentation available on how gpg interprets the
>> output? I would like to implement this as simliarly as possible.
> 
> The best thing you could do is look at the gpgkeys_hkp.c file in the
> GnuPG 1.3.x release.
> 
> However, the LDAP servers are becoming more important these days (as
> "PGP Universal" has one built in).  Rather than just implement HKP,
> since you know that anyone using Enigmail has GnuPG installed, why not
> call the gpgkeys_xxxx programs directly?  That way you get support for
> all keyserver types, current and future.

Indeed you're right, although an LDAP implementation is available for
Mozilla as well. Thanks for the hint, I wasn't really aware of gpgkeys
:-( I have studied the code a bit and I tried to use it, but I don't
seem to be able to search for a key. This is my script, is there
anything I'm missing?

HOST keyserver.sks.penguin.de
PORT 11371
COMMAND search
patrick.brunschwig<AT>gmx.net

In addidion, I just checked my SuSE 8.2 Linux, and it looks like
gpgkeys_xxx for v1.2.2 isn't installed by dfault :-(

-Patrick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 257 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20040609/4070fe23/signature.bin

More information about the Gnupg-devel mailing list