LDAP Keyserver Support in v2.1

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Tue Mar 24 22:53:02 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 03/23/2015 08:14 PM, Neal H. Walfield wrote:
> Hi,
> 
> I've spent the past few weeks forward porting and rewriting the
> LDAP Keyserver support for GnuPG 2.1.  I've just pushed it to
> master.
> 
> To test it, you can run the following:
> 

Thanks, this now works when specifying keyserver in gpg.conf and
restarting dirmngr.

> $ gpg2 --keyserver ldap://keys.eika.no --search-keys kf at eika.no $
> gpg2 --keyserver ldap://keys.eika.no --send-key 664D7444 $ gpg2
> --keyserver ldap://keys.eika.no --recv-key 664D7444
> 
> (keys.eika.no is a publically available LDAP keyserver.  If you
> want to set up your own, you can try following [1].)

Yup, there is also
gpg --keyserver ldap://keys.sumptuouscapital.com --search
kf at sumptuouscapital.com that is an OpenLDAP frontend for a HKP
keyservers (in this case using SKS as backend hosting my personal keys).

> 
> I'm interested in both problems you may have as well as success.
> 

The issue that has been discussed earlier still applies regarding
specifying a keyserver for a single operation, so
gpg --keyserver ldap://keys.eika.no --search kf at eika.no

gpg: data source: http://keys2.kfwebs.net:11371
(which is the keyserver I normally use in gpg.conf, don't mind the
non-hkp part, the host entry ensure it is only accessible over a VPN
to my LAN)

Would it be possible to get a fix in for --keyserver in 2.1? Also,
does it make sense to introduce a way to specify a mapping file to set
a preferred keyserver for a key from the client side (I normally
disable honoring preferred keyserver for keys, but I would like to
enable it for some lookups, in particular on a per key/domain basis)

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Dura necessitas
Necessity is harsh
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJVEdy2AAoJEP7VAChXwav6oFwH/2Lp1SF2uyubsqe4p2PZDOGJ
plaGtx4+2a1EZMJ4CS9efxRHL4h/tnT4UkBOpdq724+VNGL8n24/iKcRhw2yXyW/
DHIwlqrAAze4J3dWGFtH9Eat/Si15RTy68tGcYW6VU1tIFPETU3DPCiiveTHvv3x
ruzkRirYOckfU9CssrxHLv55JvJMWh/E2ZvkZPa4i1cKDPKONeb8Bvvs22yU+VX4
agDiySHNmx6BCSZJHQbg0Sbq+sKRNO6S3U5J6YYvjtQzy5HiezI7R6wA1DupbVVf
GGEnxA5xA20BxeLfhD3PstmQuPxT0wi3Sz7xSE4TjcrwFuUzAzBlhSyI4DkV8co=
=5I0w
-----END PGP SIGNATURE-----



More information about the Gnupg-devel mailing list