looking up pgp keys

Tim Prepscius timprepscius at gmail.com
Mon Sep 9 03:53:49 CEST 2013

Actually, I will ask one more question.
It is sort of off topic, well, it *is* off topic, but I think it is
appropriate anyhow.

So I'm writing this secure e-mail web system.
I'm currently integrating pgp for end to end security.

I'm at the point now where I need to look up recipients' public keys.

Here are 3 options:

1.  web mail contacts web server, says, "hey give me tom's public
key," web server contacts pgp-servers/recipient server, sends back key
to web-mail.

2.  web mail contacts pgp-servers directly, says, "hey give me tom's key."

3.  web mail first tries to contact recipient mail server and ask it
(assuming it is running a key server), then resorts to public pgp

So I am tending to like #1 because:
1.  web server will make request, real requester IP of web-mail client
won't be known.
2.  web server will prob be on faster connection than client

But I also like #2 because:
1.  web mail client can talk to many servers and validate it gets same
result from all.


Does anyone have any thoughts on this issue?


On 9/8/13, Tim Prepscius <timprepscius at gmail.com> wrote:
> awesomeness.
> &options=mr it is.
> thanks,
> -tim
> On 9/8/13, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
>> On 09/08/2013 07:29 PM, Tim Prepscius wrote:
>>> I'm looking at the pgp mit server and the
>>> http://pool.sks-keyservers.net.
>>> I do not see a way of forcing the search results format from html into
>>> something more conducive to machine parsing.  (aka json)
>>> I've tried random things like: &format=json, &fmt=json, &plzcanhavjson=1
>>> None have worked.  Parsing the html isn't just a big deal, but ....
>>> Does anyone know a way of doing this?
>> SKS is the dominant implementation of OpenPGP keyserver infrastructure
>> these days.  most of the servers in the pool you're referring to run
>> SKS.  So the best place to ask this kind of question is on the  SKS
>> development list <sks-devel at nongnu.org>.
>> That said, the "machine-parsable" format is of a much older vintage than
>> json :)
>> The spec for HKP suggests that you need to supply the "mr" variable in
>> the query string:
>>   https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-
>> and then read the line-oriented text-based output format:
>>   https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-5
>> hth,
>> 	--dkg

More information about the Gnupg-devel mailing list