1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00

gpg: Add experimental AKL method "wkd" and option --with-wkd-hash.

* g10/getkey.c (parse_auto_key_locate): Add method "wkd".
(get_pubkey_byname): Implement that method.  Also rename a variable.
* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New.
* g10/keyserver.c (keyserver_import_wkd): New.
* g10/test-stubs.c (keyserver_import_wkd): Add stub.
* g10/gpgv.c (keyserver_import_wkd): Ditto.
* g10/options.h (opt):  Add field 'with_wkd_hash'.
(AKL_WKD): New.

* g10/gpg.c (oWithWKDHash): New.
(opts): Add option --with-wkd-hash.
(main): Set that option.
* g10/keylist.c (list_keyblock_print): Implement that option.
--

The Web Key Directory is an experimental feature to retrieve a key via
https.  It is similar to OpenPGP DANE but also uses an encryption to
reveal less information about a key lookup.

For example the URI to lookup the key for Joe.Doe@Example.ORG is:

    https://example.org/.well-known/openpgpkey/
    hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q

(line has been wrapped for rendering purposes).  The hash is a
z-Base-32 encoded SHA-1 hash of the mail address' local-part.  The
address wk@gnupg.org can be used for testing.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-04-27 08:34:29 +02:00
parent c83c6f212e
commit 87de9e19ed
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
12 changed files with 187 additions and 22 deletions

View file

@ -1116,6 +1116,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr,
if (node->pkt->pkttype == PKT_USER_ID)
{
PKT_user_id *uid = node->pkt->pkt.user_id;
int indent;
if ((uid->is_expired || uid->is_revoked)
&& !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
@ -1133,25 +1134,46 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr,
|| (opt.list_options & LIST_SHOW_UID_VALIDITY))
{
const char *validity;
int indent;
validity = uid_trust_string_fixed (pk, uid);
indent =
(keystrlen () + (opt.legacy_list_mode? 9:11)) -
atoi (uid_trust_string_fixed (NULL, NULL));
indent = ((keystrlen () + (opt.legacy_list_mode? 9:11))
- atoi (uid_trust_string_fixed (NULL, NULL)));
if (indent < 0 || indent > 40)
indent = 0;
es_fprintf (es_stdout, "uid%*s%s ", indent, "", validity);
}
else
es_fprintf (es_stdout, "uid%*s",
(int) keystrlen () + (opt.legacy_list_mode? 10:12), "");
{
indent = keystrlen () + (opt.legacy_list_mode? 10:12);
es_fprintf (es_stdout, "uid%*s", indent, "");
}
print_utf8_buffer (es_stdout, uid->name, uid->len);
es_putc ('\n', es_stdout);
if (opt.with_wkd_hash)
{
char *mbox, *hash, *p;
char hashbuf[32];
mbox = mailbox_from_userid (uid->name);
if (mbox && (p = strchr (mbox, '@')))
{
*p++ = 0;
gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf,
mbox, strlen (mbox));
hash = zb32_encode (hashbuf, 8*20);
if (hash)
{
es_fprintf (es_stdout, " %*s%s@%s\n",
indent, "", hash, p);
xfree (hash);
}
}
xfree (mbox);
}
if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
show_photos (uid->attribs, uid->numattribs, pk, uid);
}