wkd: New option --add-revocs and some fixes.

* tools/gpg-wks.h (opt): Add add_revocs. * tools/wks-util.c (wks_get_key): Add arg 'binary'. (wks_armor_key): New. (wks_find_add_revocs): New. (wks_cmd_install_key): Get key in binary mode and add revocations if enabled. * tools/gpg-wks-client.c (oAddRevocs): New. (opts): Add --add-revocs. (parse_arguments): Set option, (command_send): Get key in binary mode, add revocations if enabled, and explictly armor key. Remove kludge to skip the Content-type line in no_encrypt mode. (mirror_one_keys_userid): Always filter the key to get rid of the armor as received from dirmngr. Add revocations from the local keyring. -- Note that this also fixes an oddity of the new mirror command which used to store the keys armored as received from dirmngr.
2025-07-03 22:56:33 +02:00 · 2022-11-29 16:47:44 +01:00 · 2022-11-29 16:47:44 +01:00 · c3f9f2d497
commit c3f9f2d497
parent fbc52f5501
4 changed files with 232 additions and 37 deletions
--- a/doc/wks.texi
+++ b/doc/wks.texi
@ -213,6 +213,14 @@ operation.  The format of @var{file} is one mail address (just the
 addrspec, e.g. "postel@@isi.edu") per line.  Empty lines and lines
 starting with a '#' are ignored.

+@item --add-revocs
+@opindex add-revocs
+If enabled append revocation certificates for the same addrspec as
+used in the WKD to the key.  Modern gpg version are able to import and
+apply them for existing keys.  Note that when used with the
+@option{--mirror} command the revocation are searched in the local
+keyring and not in an LDAP directory.
+
@item --verbose
@opindex verbose
 Enable extra informational output.