storing gpg keys on a database

David Shaw dshaw at jabberwocky.com
Tue Jan 20 15:56:43 CET 2009


On Mon, Jan 26, 2009 at 03:18:03PM +0100, Ramon Loureiro wrote:

> >> My idea is having these structures to easy see who has signed someone's key
> >>     
> >
> > You can do this in LDAP with something like
> > (&(pgpcertid=long-key-id)(pgpsignerid=other-long-key-id))
> >
> >   
> >> So I "only" need to store the fingerprint, the email and the signatures...
> >>     
> >
> > Hard to say - it's not clear what you're trying to do and why, so
> > we're all sort of feeling around in the dark.  Why don't you say what
> > you're trying to do, and we can help?
> >   
> What I have in mind is to get an easy way to see if I have signed he key
> of the people who has signed mine and viceversa.

You can do this sort of thing with LDAP.

All keys signed by X:

(pgpsignerid=X)

Keys that have signed each other:

(&(pgpcertid=long-key-id)(pgpsignerid=other-long-key-id))

Did key "X" sign key "Y"?:

(&(pgpcertid=Y)(pgpsignerid=X))

All keys not signed by X:

(!pgpsignerid=X)

And so on.

To be sure, LDAP isn't SQL - you can't do all the complex joins and
relations you could do with a true database.  LDAP does have the big
advantage of being already written for you, though.

If you can express the questions you want to ask of your data in LDAP,
then I'd go the LDAP route.  If not, then a true database would
probably work better for you.

David



More information about the Gnupg-users mailing list