how to store the public keys in a db?

Ingo Krabbe ikrabbe.ask at gmail.com
Sun Feb 13 13:34:49 CET 2011


On Wed, Feb 09, 2011 at 04:41:27PM +0100, christian.rehbein at dfs.de wrote:
> 
> Hey Guys,
> 
> at first i´m descripe my situation:
> 
> At the moment i use a postfix(sles 11 sp1) as the mta for my email
> infrastructure. My goal is to encrypt all outgoing emails with gnupg.
> The encryption on the server side still works with a content_filter
> and a shellscript which pipe the incoming email through the gpg
> command and deliver it encrypt to the intended recipient. gpg uses the
> /home/filter/.gnupg directory to store the keys. My problem is that
> the requirements says that ive to store the keys in a database like
> postges or mysql. At the end i wanna check: "if the recipient is in
> the database; do encrypt the mail with gpg and the intended key and
> send it; else send an error message back to the sender." 
> 
> Ive already heard about the sks keyserver, but i do not know how it
> works on sles 11 sp1? 

Hi Chris,

as you want to use gnupg anyway to encrypt your mails, I don't think you
should care about storage of public keys in a database as you don't gain
anything from using a database to store the keys.

Actually gnupg uses its own database to store keys.  I don't know how
optimized that database is storing several thousands of keys, but I
don't think that it will result into a bottleneck before reaching
10^6-10^12 keys (I didn't prove this statement!).

Getting keys you don't have yet is quite easy using public keyservers
too.  GnuPG and any other pgp should come with a simple set of commands
to import from these public keyservers.

But in the end gnupg will always work with keys, that has been imported
into the keyring.  So if you still plan to keep keys in some database
you will have a redundant set of keys in the keyring unless you don't
cleanup the keyring regularly (which doesn't make much sense to me and
will likely be the most expensive operation you can do (this statement
a pure guess too!)).

But you can use gnupg anytime to export public keys and store these text
blobs in a database.  I just can't figure out any use for such
operations.

bye ingo



More information about the Gnupg-users mailing list