Expired Keys

Cameron Metzke cmetzke at gmail.com
Mon Sep 5 02:12:47 CEST 2005

Hash: SHA1

Neil Williams wrote:
> On Sunday 04 September 2005 11:31 pm, Cameron Metzke wrote:
>>Basically what im trying to do is build a php frontend to gnupg which
>>can act like a keyserver.
> But then keyservers don't delete keys - expired or not.
> Think about it, when I use a keyserver, I still want to be able to retrieve an 
> expired key - so that I can KNOW it's expired!
> It's even more important with revoked - simply saying the key isn't listed 
> does NOT protect me from an attacker using a compromised (and revoked) key!
> There are established protocols and packages for running keyservers - expired 
> and revoked keys should be retained.
> If you really just mean, as I've done, that you want a PHP/Perl web interface 
> to a small group of users' keys then use gnupg and don't set any keys to 
> ultimate trust - then there is never any trust to check. Put some other 
> authentication in the web site and you could consider using a trust always 
> model that allows you to encrypt to any key in the local keyring. Use gnupg 
> on the box and something like GnuPG::Interface in Perl to handle the key 
> selection and updates and take your updates from *public* keyservers that can 
> be relied upon to give you complete and up to date information.

Yep your dead right,
In essence the frontend im scripting up, is for my own learning curve.
It has allowed me to pull apart many aspects of gpg that i would not
normally touch on. I doubt there will ever be a production version of
it, as it would be like reinventing the wheel. But it does allow me to
learn exactly how to incorporate gpg into regular php applications that
 i would like to have this feature.
Thanks for all your input, it has been a great help :)
Version: GnuPG v1.4.2 (MingW32)


More information about the Gnupg-users mailing list