Checking key server response against the request parameters

John Clizbe John at enigmail.net
Mon Sep 16 00:29:13 CEST 2013


Stefan Tomanek wrote:
> Dies schrieb Stefan Tomanek (tomanek at internet-sicherheit.de):
> 
>> While working with the gnupg source code, I noticed that gnupg does not take
>> the query itself into consideration when retrieving key data from a server
>> (--search-key, --recv-key); regardless of the query issued, gnupg will happily
>> import anything returned.
> 
> I just noticed that gnupg will even import secret keys from any keyserver
> response if the key data is prefixed with "BEGIN PGP PUBLIC KEY DATA".
> My newly submitted patch (v2) fixes this issue as well.
> 
> Any feedback is welcome :-)

It looks like you are working from a solution back to a problem instead of
from a problem to a solution.

Before you need this solution, you need to be able to fetch a secret key from
a keyserver, and before you can do that, you need a keyserver that will accept
and store a secret key. None that I know of will (PKS, CKS, ONAK, OpenPKSd,
SKS, LDAP implementations).

-- 
John P. Clizbe                      Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP                  or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 475 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130915/7cd3bf38/attachment.sig>


More information about the Gnupg-devel mailing list