import of external certificates via command line

Werner Koch wk at gnupg.org
Wed Jan 2 16:56:25 CET 2008


On Wed,  2 Jan 2008 16:20, bernhard at intevation.de said:

> somehow I feel you are weaseling around the problem...

No.  Before you can even run an external search you need to configure
the dirmngr to *your* local environment.

   There is no universal way to find X.509 certificates - it highly
   depends on the concrete PKI!

This is very different from PGP where it is common to store keys on the
synced network of keyservers.  All real world X.509 PKIs provide a
custom way to lookup certificates - in general you need to use this
custom method.

Further, there is never a need to lookup certificates *if* the PKI is
proper working.  gpgsm will do this for you then.  If we start to
document how to get certifcates from certain PKIs we will soon end up
with a large howto on how the PKIs all over the world are misconfigured
and how to solve each of the problems.  This is not the job of a general
purpose software.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-devel mailing list