port 80 keyserver access, again (was Re: [Sks-devel] SKS and Apache2 :-))

Jason Harris jharris at widomaker.com
Tue May 11 22:18:00 CEST 2004

On Tue, May 11, 2004 at 01:21:48PM -0600, Chris Kuethe wrote:
> On Tue, 11 May 2004, Jan Kesten wrote:

> > I tried out Apache2 and it reverse proxy feature and found something
> > interesting to make sks webqueries work with a restrictive firewall
> > blocking access to port 11371:

> I just use absolute paths, without the server name:
> 	<form action="/pks/lookup" method="get"> 

> That way the browser can figure it out... i'm still running apache 1,
> with this in my httpd.conf:
> <VirtualHost>
>     Options Indexes
>     ProxyPass /
>     ServerName pgp.cns.ualberta.ca
> </VirtualHost>

This can also be done with (a slightly modified version of) the PHP page
floating around, but it does require a change to GPG to fully work.  Add:

    sprintf( request, "Content-type: application/x-www-form-urlencoded\r\n");
    iobuf_writestr( hd.fp_write, request );

just before:

    sprintf( request, "Content-Length: %u\r\n",
                      (unsigned)iobuf_get_temp_length(temp) + 9 );  
    iobuf_writestr( hd.fp_write, request );
    m_free( request );

in hkp.c, then use:

  ./gpg --keyserver hkp://keyserver.kjsl.com:80 -v --send <key>

to send me a key.  --recv works _without_ modifying GPG, since
the PHP doesn't need to access "keytext" from the form/request.

On the Apache side, the trick is to add:

  SetHandler application/x-httpd-php

to your .htaccess in /pks.

Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20040511/fe3dd587/attachment.bin

More information about the Gnupg-users mailing list