LDAP Keyserver Support in v2.1

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Tue Mar 24 22:53:02 CET 2015

Hash: SHA512

On 03/23/2015 08:14 PM, Neal H. Walfield wrote:
> Hi,
> I've spent the past few weeks forward porting and rewriting the
> LDAP Keyserver support for GnuPG 2.1.  I've just pushed it to
> master.
> To test it, you can run the following:

Thanks, this now works when specifying keyserver in gpg.conf and
restarting dirmngr.

> $ gpg2 --keyserver ldap://keys.eika.no --search-keys kf at eika.no $
> gpg2 --keyserver ldap://keys.eika.no --send-key 664D7444 $ gpg2
> --keyserver ldap://keys.eika.no --recv-key 664D7444
> (keys.eika.no is a publically available LDAP keyserver.  If you
> want to set up your own, you can try following [1].)

Yup, there is also
gpg --keyserver ldap://keys.sumptuouscapital.com --search
kf at sumptuouscapital.com that is an OpenLDAP frontend for a HKP
keyservers (in this case using SKS as backend hosting my personal keys).

> I'm interested in both problems you may have as well as success.

The issue that has been discussed earlier still applies regarding
specifying a keyserver for a single operation, so
gpg --keyserver ldap://keys.eika.no --search kf at eika.no

gpg: data source: http://keys2.kfwebs.net:11371
(which is the keyserver I normally use in gpg.conf, don't mind the
non-hkp part, the host entry ensure it is only accessible over a VPN
to my LAN)

Would it be possible to get a fix in for --keyserver in 2.1? Also,
does it make sense to introduce a way to specify a mapping file to set
a preferred keyserver for a key from the client side (I normally
disable honoring preferred keyserver for keys, but I would like to
enable it for some lookups, in particular on a per key/domain basis)

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Dura necessitas
Necessity is harsh


More information about the Gnupg-devel mailing list