import of external certificates via command line

Werner Koch wk at
Wed Jan 2 18:19:15 CET 2008

On Wed,  2 Jan 2008 18:01, bernhard at said:

> But when my external search is working, why can't I get those certificates 
> right away?

Because certificates are so often broken and will mess up the
certificates you already have.  Importing all certifcates available is a
bad idea and only needed if the PKI is broken - if it is broken tehre is
a good chance that everything gets messed up.

> In Germany I know the Bavarian one which responds to ldap searches.
> There will always be keys that I do not have in my personal keybox
> but I can find by other means. 

I usually have to resort to a general LDAP browser to locate a specific
certificate, The automatic mode works only with proper administered LDAP
directies (like the one you are running).

> You sound like locally saved keys were a bad design idea.

I did not say this.

> However this is not the point. There are directory services you can ask by 
> LDAP which have reserved attributes for public keys. Gpgsm needs to be able 

Tell me this attribute!  There is no standard for it and thus everyone
is using a different one.  See also "retrieving a certificate by serial
number and issuer name" (which is not possible).



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-devel mailing list