gpg: Remove support for PKA.

* g10/gpg.c (oPrintPKARecords): Remove. (opts): Remove --print-pka-records. (main): Remove "pka-lookups","pka-trust-increase" and other PKA stuff. * g10/options.h (EXPORT_DANE_FORMAT): Remove. (VERIFY_PKA_LOOKUPS, VERIFY_PKA_TRUST_INCREASE): Remove. (KEYSERVER_HONOR_PKA_RECORD): Remove. * g10/packet.h (pka_info_t): Remove. (PKT_signature): Remove flags.pka_tried and pka_info. * g10/parse-packet.c (register_known_notation): Remove "pka-address@gnupg.org". * g10/pkclist.c (check_signatures_trust): Remove PKA stuff. * g10/call-dirmngr.c (gpg_dirmngr_get_pka): Remove. * g10/export.c (parse_export_options): Remove "export-pka". (do_export): Adjust for this. (write_keyblock_to_output): Ditto. (do_export_stream): Ditto. (print_pka_or_dane_records): Rename to ... (print_dane_records): this and remove two args. Remove PKA printing. * g10/free-packet.c (free_seckey_enc, cp_pka_info): Adjust for removed pka_info field. * g10/getkey.c (get_pubkey_byname): Make AKL_PKA a dummy. * g10/keyserver.c: Remove "honor-pka-record". (keyserver_import_pka): Remove. * g10/mainproc.c (get_pka_address): Remove. (pka_uri_from_sig): Remove. (check_sig_and_print): Remove code for PKA. -- PKA (Public Key Association) was a DNS based key discovery method which looked up fingerprint by mail addresses in the DNS. This goes back to the conference where DKIM was suggested to show that we already had a better method for this available with PGP/MIME. PKA was was later superseded by an experimental DANE method and is today not anymore relevant. It is anyway doubtful whether PKA was ever widely used. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2021-02-02 19:53:21 +01:00 · 2021-02-02 19:53:21 +01:00 · 7f3ce66ec5
commit 7f3ce66ec5
parent fde7d83357
17 changed files with 35 additions and 464 deletions
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@ -99,8 +99,6 @@ static struct parse_options keyserver_opts[]=
     N_("automatically retrieve keys when verifying signatures")},
    {"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL,
     N_("honor the preferred keyserver URL set on the key")},
-    {"honor-pka-record",KEYSERVER_HONOR_PKA_RECORD,NULL,
-     N_("honor the PKA record set on a key when retrieving keys")},
    {NULL,0,NULL,NULL}
  };

@ -2021,39 +2019,6 @@ keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
  return err;
 }

-/* Import key pointed to by a PKA record. Return the requested
-   fingerprint in fpr. */
-gpg_error_t
-keyserver_import_pka (ctrl_t ctrl, const char *name,
-                      unsigned char **fpr, size_t *fpr_len)
-{
-  gpg_error_t err;
-  char *url;
-
-  err = gpg_dirmngr_get_pka (ctrl, name, fpr, fpr_len, &url);
-  if (url && *url && fpr && fpr_len)
-    {
-      /* An URL is available.  Lookup the key. */
-      struct keyserver_spec *spec;
-      spec = parse_keyserver_uri (url, 1);
-      if (spec)
-	{
-	  err = keyserver_import_fprint (ctrl, *fpr, *fpr_len, spec, 0);
-	  free_keyserver_spec (spec);
-	}
-    }
-  xfree (url);
-
-  if (err)
-    {
-      xfree(*fpr);
-      *fpr = NULL;
-      *fpr_len = 0;
-    }
-
-  return err;
-}
-

 /* Import a key using the Web Key Directory protocol.  */
 gpg_error_t