Checking key server response against the request parameters
John Clizbe
John at enigmail.net
Mon Sep 16 00:29:13 CEST 2013
Stefan Tomanek wrote:
> Dies schrieb Stefan Tomanek (tomanek at internet-sicherheit.de):
>
>> While working with the gnupg source code, I noticed that gnupg does not take
>> the query itself into consideration when retrieving key data from a server
>> (--search-key, --recv-key); regardless of the query issued, gnupg will happily
>> import anything returned.
>
> I just noticed that gnupg will even import secret keys from any keyserver
> response if the key data is prefixed with "BEGIN PGP PUBLIC KEY DATA".
> My newly submitted patch (v2) fixes this issue as well.
>
> Any feedback is welcome :-)
It looks like you are working from a solution back to a problem instead of
from a problem to a solution.
Before you need this solution, you need to be able to fetch a secret key from
a keyserver, and before you can do that, you need a keyserver that will accept
and store a secret key. None that I know of will (PKS, CKS, ONAK, OpenPKSd,
SKS, LDAP implementations).
--
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 475 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130915/7cd3bf38/attachment.sig>
More information about the Gnupg-devel
mailing list