diff options
| author | Werner Koch <[email protected]> | 2016-04-27 06:34:29 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2016-04-27 06:34:29 +0000 |
| commit | 87de9e19edf0311ca0342e15ef44ebe40e32861e (patch) | |
| tree | 20f8f2c384040344ece6e00c64036c666dd4a843 /doc | |
| parent | dirmngr: Add experimental command WKD_GET. (diff) | |
| download | gnupg-87de9e19edf0311ca0342e15ef44ebe40e32861e.tar.gz gnupg-87de9e19edf0311ca0342e15ef44ebe40e32861e.zip | |
gpg: Add experimental AKL method "wkd" and option --with-wkd-hash.
* g10/getkey.c (parse_auto_key_locate): Add method "wkd".
(get_pubkey_byname): Implement that method. Also rename a variable.
* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New.
* g10/keyserver.c (keyserver_import_wkd): New.
* g10/test-stubs.c (keyserver_import_wkd): Add stub.
* g10/gpgv.c (keyserver_import_wkd): Ditto.
* g10/options.h (opt): Add field 'with_wkd_hash'.
(AKL_WKD): New.
* g10/gpg.c (oWithWKDHash): New.
(opts): Add option --with-wkd-hash.
(main): Set that option.
* g10/keylist.c (list_keyblock_print): Implement that option.
--
The Web Key Directory is an experimental feature to retrieve a key via
https. It is similar to OpenPGP DANE but also uses an encryption to
reveal less information about a key lookup.
For example the URI to lookup the key for [email protected] is:
https://example.org/.well-known/openpgpkey/
hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q
(line has been wrapped for rendering purposes). The hash is a
z-Base-32 encoded SHA-1 hash of the mail address' local-part. The
address [email protected] can be used for testing.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/gpg.texi | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index 0c43c55bd..c10678bbd 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1600,6 +1600,10 @@ mechanisms, in the order they are to be tried: Locate a key using DANE, as specified in draft-ietf-dane-openpgpkey-05.txt. + @item wkd + Locate a key using the Web Key Directory protocol. + This is an experimental method and semantics may change. + @item ldap Using DNS Service Discovery, check the domain in question for any LDAP keyservers to use. If this fails, attempt to locate the key using the @@ -2235,6 +2239,11 @@ Print the ICAO spelling of the fingerprint in addition to the hex digits. @opindex with-keygrip Include the keygrip in the key listings. +@item --with-wkd-hash +@opindex with-wkd-hash +Print a Web Key Directory indentifier along with each user ID in key +listings. This is an experimental feature and semantics may change. + @item --with-secret @opindex with-secret Include info about the presence of a secret key in public key listings |