diff options
| author | Werner Koch <[email protected]> | 2016-04-27 06:34:29 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2016-04-27 06:34:29 +0000 |
| commit | 87de9e19edf0311ca0342e15ef44ebe40e32861e (patch) | |
| tree | 20f8f2c384040344ece6e00c64036c666dd4a843 /g10/keyserver.c | |
| parent | dirmngr: Add experimental command WKD_GET. (diff) | |
| download | gnupg-87de9e19edf0311ca0342e15ef44ebe40e32861e.tar.gz gnupg-87de9e19edf0311ca0342e15ef44ebe40e32861e.zip | |
gpg: Add experimental AKL method "wkd" and option --with-wkd-hash.
* g10/getkey.c (parse_auto_key_locate): Add method "wkd".
(get_pubkey_byname): Implement that method. Also rename a variable.
* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New.
* g10/keyserver.c (keyserver_import_wkd): New.
* g10/test-stubs.c (keyserver_import_wkd): Add stub.
* g10/gpgv.c (keyserver_import_wkd): Ditto.
* g10/options.h (opt): Add field 'with_wkd_hash'.
(AKL_WKD): New.
* g10/gpg.c (oWithWKDHash): New.
(opts): Add option --with-wkd-hash.
(main): Set that option.
* g10/keylist.c (list_keyblock_print): Implement that option.
--
The Web Key Directory is an experimental feature to retrieve a key via
https. It is similar to OpenPGP DANE but also uses an encryption to
reveal less information about a key lookup.
For example the URI to lookup the key for [email protected] is:
https://example.org/.well-known/openpgpkey/
hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q
(line has been wrapped for rendering purposes). The hash is a
z-Base-32 encoded SHA-1 hash of the mail address' local-part. The
address [email protected] can be used for testing.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/keyserver.c')
| -rw-r--r-- | g10/keyserver.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/g10/keyserver.c b/g10/keyserver.c index e9ccb5893..95ef441ef 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -2004,6 +2004,39 @@ keyserver_import_pka (ctrl_t ctrl, const char *name, } +/* Import a key using the Web Key Directory protocol. */ +gpg_error_t +keyserver_import_wkd (ctrl_t ctrl, const char *name, + unsigned char **fpr, size_t *fpr_len) +{ + gpg_error_t err; + estream_t key; + + err = gpg_dirmngr_wkd_get (ctrl, name, &key); + if (err) + ; + else if (key) + { + int armor_status = opt.no_armor; + + /* Keys returned via WKD are in binary format. */ + opt.no_armor = 1; + + err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len, + (opt.keyserver_options.import_options + | IMPORT_NO_SECKEY), + NULL, NULL); + + opt.no_armor = armor_status; + + es_fclose (key); + key = NULL; + } + + return err; +} + + /* Import a key by name using LDAP */ int keyserver_import_ldap (ctrl_t ctrl, |