Direct LDAP access

Wes wespvp at syntegra.com
Tue Jul 12 17:31:48 CEST 2005


I hope this isn't a duplicate question.  I can't believe it hasn't come up
before, but I searched the 70MB archive file and found nothing.

I tweaked (contorted?) our LDAP server to respond to PGP/GPG key retrieval
requests.  However, it appears that GPG can only access the key server for
the purposes of importing a key into (or exporting from) a key ring.  I can
find no way to get GPG to encrypt or decrypt using direct queries to the
directory instead of using a disk file key chain.

We have a requirement to implement a distributed server application where
the keys (probably both public and private) are in an LDAP directory.
Transferring keychain files around is not an option, both from a firewall
perspective and because at any given time each system could have a different
keychain.  Only the application will have access to the entries in LDAP -
users will not have access.  Performance will not be a problem.

We need to be able to do encryption and decryption with GPG directly
accessing LDAP to get the keys.  Additionally, since the directory is
hierarchical and a given key could occur in multiple subtrees, we need to be
able to specify the searchbase instead of relying on the cn=PGPServerInfo
entry.

Am I overlooking something?  Is this possible today?  If not, and we
developed the code, would be it something that could be integrated into GPG
for others to use?

Wes





More information about the Gnupg-users mailing list