WKS enabled for gnupg.net and gnupg.org
Werner Koch
wk at gnupg.org
Wed Aug 31 19:21:45 CEST 2016
Hi!
Those of you with a gnupg.org or gnupg.net address may now publish their
key using gpg-wks-client as described in the recent blog post. I copy
the instruction below.
Note that gpg-wks-client might be installed in bin/ and not in libexec/.
Salam-Shalom,
Werner
=====================
An easy way of testing the system exists for [Mutt] and Gnus users: By
adding the two lines
,----
| application/vnd.gnupg.wks; /usr/local/libexec/gpg-wks-client \
| -v --read --send; needsterminal; description=WKS message
`----
to `/etc/mailcap' Mutt will do the decryption job and then call the
wks-client for the protocol handling. It can be expected that Mutt
users have a /usr/lib/sendmail installed which is required here. Note
that `--read' is used which tells the client that the input mail has
already been decrypted.
For all others the protocol can be run by hand. Let’s assume, you
have the key
,----
| sub cv25519 2016-07-15 [E]
| C444189BD549468C97992D7D3C79E8F960C69FCE
| pub ed25519 2016-06-28 [SC]
| 64944BC035493D929EF2A2B9D19D22B06EE78668
| uid [ultimate] dewey at test.gnupg.org
| sub cv25519 2016-06-28 [E]
| B3746B6927FF8021486561D83452DE414E0B5CCD
`----
which in fact is a real key of our own test environment. To publish
that key you send the key to the mail provider:
,----
| $ /usr/local/libexec/gpg-wks-client --create --send \
| > 64944BC035493D929EF2A2B9D19D22B06EE78668 dewey at test.gnupg.org
`----
As already mentioned, `--send' invokes `/usr/lib/sendmail' and sends
out the mail. If that option is not used, the mail is written to
stdout (or to the file given with `--output') and the user is
responsible for feeding this to the mail system. If this all works a
single message will be shown:
,----
| gpg-wks-client: submitting request to 'key-submission at test.gnupg.org'
`----
Now, wait until you receive a mail back from your provider. In this
example that mail was received and stored in the file
`new/1472561079.6352_1.foobar'. We feed this file to the wks-client:
,----
| $ /usr/local/libexec/gpg-wks-client --receive --send \
| > < new/1472561079.6352_1.foobar
`----
which may respond like this:
,----
| gpg-wks-client: gpg: encrypted with 256-bit ECDH key, ID 3452DE414E[...]
| gpg-wks-client: gpg: "dewey at test.gnupg.org"
| gpg-wks-client: new 'application/vnd.gnupg.wks' message part
| gpg-wks-client: gpg: automatically retrieved 'key-submission at test.g[...]
`----
and has sent the confirmation mail back to the provider. Over there
the confirmation mail is matched to the pending key database and the
key is then published.
To check that the key has been published, use this:
,----
| $ gpg -v --auto-key-locate=clear,wkd,local --locate-key dewey at test.gnupg.org
`----
you should see:
,----
| gpg: pub ed25519/D19D22B06EE78668 2016-06-28 dewey at test.gnupg.org
| gpg: key D19D22B06EE78668: "dewey at test.gnupg.org" not changed
| gpg: Total number processed: 1
| gpg: unchanged: 1
| gpg: auto-key-locate found fingerprint 64944BC035493D929EF2A2B9D19D22B06EE78668
| gpg: automatically retrieved 'dewey at test.gnupg.org' via WKD
| pub ed25519 2016-06-28 [SC]
| 64944BC035493D929EF2A2B9D19D22B06EE78668
| uid [ultimate] dewey at test.gnupg.org
| sub cv25519 2016-06-28 [E]
| B3746B6927FF8021486561D83452DE414E0B5CCD
`----
Despite that it tells you that the key did not change (well, you asked
the provider to publish this key), it also tells that the key was
found using the Web Key Directory (WKD).
You may also use this lower level test:
,----
| $ gpg-connect-agent --dirmngr --hex 'wkd_get dewey at test.gnupg.org' /bye
`----
which results in a hex listing of the key
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
/* Join us at OpenPGP.conf <https://openpgp-conf.org> */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 162 bytes
Desc: not available
URL: </pipermail/attachments/20160831/bfa2b586/attachment.sig>
More information about the Gnupg-devel
mailing list