import of external certificates via command line
Bernhard Reiter
bernhard at intevation.de
Wed Jan 2 18:01:08 CET 2008
On Wednesday 02 January 2008 16:56, Werner Koch wrote:
> On Wed, 2 Jan 2008 16:20, bernhard at intevation.de said:
> > somehow I feel you are weaseling around the problem...
>
> No. Before you can even run an external search you need to configure
> the dirmngr to *your* local environment.
But when my external search is working, why can't I get those certificates
right away?
> There is no universal way to find X.509 certificates - it highly
> depends on the concrete PKI!
>
> This is very different from PGP where it is common to store keys on the
> synced network of keyservers. All real world X.509 PKIs provide a
> custom way to lookup certificates - in general you need to use this
> custom method.
In Germany I know the Bavarian one which responds to ldap searches.
There will always be keys that I do not have in my personal keybox
but I can find by other means.
All I want is a way to get these keys into my person keybox
when I can already find them.
> Further, there is never a need to lookup certificates *if* the PKI is
> proper working. gpgsm will do this for you then.
You sound like locally saved keys were a bad design idea.
> If we start to
> document how to get certifcates from certain PKIs we will soon end up
> with a large howto on how the PKIs all over the world are misconfigured
> and how to solve each of the problems. This is not the job of a general
> purpose software.
The purpose of a general purpose software is to be practical
and if there a major PKIs which "special" in different ways it might
be practical to support them so that the software is interoperable and useful.
However this is not the point. There are directory services you can ask by
LDAP which have reserved attributes for public keys. Gpgsm needs to be able
to handle LDAP anyway, thus doing external searches for these directory
services seem to be quite sensible to me. So why not import the found keys??
Bernhard
--
Managing Director - Owner: www.intevation.net (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: </pipermail/attachments/20080102/50d1f716/attachment.pgp>
More information about the Gnupg-devel
mailing list