HKP Server Question
Patrick Brunschwig
patrick.brunschwig at gmx.net
Wed Jun 9 19:48:34 CEST 2004
>>>I'm looking into the HKP protocol to find out how I could best
>>>implement a key searching function in Enigmail. My main reasons are
>>>that the frontend offered by gpg would need an unnecessarily
>>>complex implementation from my side, and that Mozilla obviously can
>>>easily use HTTP, and can also traverse proxies where you need user
>>>authentication.
>>>
>>>I have found some drafts of a proposed HKP standard by David, and I
>>>have tried a couple of keyservers to see their output. It seems to
>>>me that even though many keyservers support the "options=mr" flag,
>>>the output can be quite different (e.g. concerning revoked keys).
>>
>>This should not be. Can you give me an example?
>
>
> Compare the "mr" outputs for your own address at pgp.mit.edu with
> keyserver.sks.penguin.de
>
> The sks server does not seem to provide the revoked flag (or maybe I
> don't know how to interpret the output), whereas pgp.mit.edu doesn't
> have the info line, and provides less info about uid's.
>
>
>>>My question now is: does gpg parse the human readable code and try
>>>to interpret it, or does it use the machine readable format? And is
>>> there some documentation available on how gpg interprets the
>>>output? I would like to implement this as simliarly as possible.
>>
>>The best thing you could do is look at the gpgkeys_hkp.c file in the
>>GnuPG 1.3.x release.
>>
>>However, the LDAP servers are becoming more important these days (as
>>"PGP Universal" has one built in). Rather than just implement HKP,
>>since you know that anyone using Enigmail has GnuPG installed, why not
>>call the gpgkeys_xxxx programs directly? That way you get support for
>>all keyserver types, current and future.
>
>
> Indeed you're right, although an LDAP implementation is available for
> Mozilla as well. Thanks for the hint, I wasn't really aware of gpgkeys
> :-( I have studied the code a bit and I tried to use it, but I don't
> seem to be able to search for a key. This is my script, is there
> anything I'm missing?
>
> HOST keyserver.sks.penguin.de
> PORT 11371
> COMMAND search
> patrick.brunschwig<AT>gmx.net
OK, I found the problem with my script.
I think I'll do both: use gpgkeys_xxx programs by default, and implement
the http stuff from within Mozilla as fallback solution (because it's
quite easy and I already have quite a good prototype).
-Patrick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 257 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20040609/d757f1c3/signature.bin
More information about the Gnupg-devel
mailing list