linux at codehelp.co.uk
Mon Sep 5 01:40:55 CEST 2005
On Sunday 04 September 2005 11:31 pm, Cameron Metzke wrote:
> Basically what im trying to do is build a php frontend to gnupg which
> can act like a keyserver.
But then keyservers don't delete keys - expired or not.
Think about it, when I use a keyserver, I still want to be able to retrieve an
expired key - so that I can KNOW it's expired!
It's even more important with revoked - simply saying the key isn't listed
does NOT protect me from an attacker using a compromised (and revoked) key!
There are established protocols and packages for running keyservers - expired
and revoked keys should be retained.
If you really just mean, as I've done, that you want a PHP/Perl web interface
to a small group of users' keys then use gnupg and don't set any keys to
ultimate trust - then there is never any trust to check. Put some other
authentication in the web site and you could consider using a trust always
model that allows you to encrypt to any key in the local keyring. Use gnupg
on the box and something like GnuPG::Interface in Perl to handle the key
selection and updates and take your updates from *public* keyservers that can
be relied upon to give you complete and up to date information.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050905/b3f3dd78/attachment.pgp
More information about the Gnupg-users