import of external certificates via command line
wk at gnupg.org
Wed Jan 2 18:19:15 CET 2008
On Wed, 2 Jan 2008 18:01, bernhard at intevation.de said:
> But when my external search is working, why can't I get those certificates
> right away?
Because certificates are so often broken and will mess up the
certificates you already have. Importing all certifcates available is a
bad idea and only needed if the PKI is broken - if it is broken tehre is
a good chance that everything gets messed up.
> In Germany I know the Bavarian one which responds to ldap searches.
> There will always be keys that I do not have in my personal keybox
> but I can find by other means.
I usually have to resort to a general LDAP browser to locate a specific
certificate, The automatic mode works only with proper administered LDAP
directies (like the one you are running).
> You sound like locally saved keys were a bad design idea.
I did not say this.
> However this is not the point. There are directory services you can ask by
> LDAP which have reserved attributes for public keys. Gpgsm needs to be able
Tell me this attribute! There is no standard for it and thus everyone
is using a different one. See also "retrieving a certificate by serial
number and issuer name" (which is not possible).
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-devel