querying multiple keyservers
David Shaw
dshaw@jabberwocky.com
Wed Apr 23 23:07:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Apr 23, 2003 at 03:32:23PM -0400, darren chamberlain wrote:
> * Neil Williams <linux at codehelp.co.uk> [2003-04-23 15:07]:
> > I was thinking of the same thing for my own LUG. Darren, I looked at
> > your idea myself but only if the sync was uni-directional. If the
> > smaller keyserver sends keys to the main keyservers, the functionality
> > of removing keys is lost.
>
> Hm, good point.
>
> > Is a keyserver just a public ring with extra software added?
>
> This seems like a simple, straightforward way to implement it, but I've
> never looked at any keyserver code. A simple script that (basically)
> calls gpg --list-keys on it's input could qualify as a keyserver I
> suppose:
>
> #!/usr/bin/perl -w
>
> use strict;
> my $gpg = "/usr/local/bin/gpg";
>
> use CGI;
> my $q = CGI->new;
> my $fpr = $q->param("fpr");
>
> print $q->header("text/plain");
>
> open KEY, "$gpg --list-keys --with-colons $fpr |";
>
> while (<KEY>) {
> next unless /^pub/;
> my @Key = split /:/ => $_;
>
> print `$gpg --export --armor $Key[4]`;
> }
See http://www.ietf.org/internet-drafts/draft-shaw-openpgp-hkp-00.txt
for the spec that GnuPG follows when making keyserver requests. It is
fairly easy to implement in a similar manner to the script you have
here.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc2 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc
iD8DBQE+pwC74mZch0nhy8kRAjoHAKDAEJyKzyJumzbZXwjJHwmpKv6lggCfYrqc
bJrVGWrqQEN7aE4p42Msb48=
=YK2i
-----END PGP SIGNATURE-----