security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpg: Lookup a missing public key of the current card via LDAP.

Browse source 
* g10/getkey.c (get_seckey_default_or_card): Lookup a missing public
key from the current card via LDAP.
* g10/call-dirmngr.c: Include keyserver-intetnal.h.
(gpg_dirmngr_ks_get): Rename arg quick into flags.  Take care of the
new LDAP flag.
* g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New.
Replace the use of the value 1 for the former quick arg.
(KEYSERVER_IMPORT_FLAG_LDAP): New.
* g10/keyserver.c (keyserver_get_chunk): Increase the reserved line
length.
* dirmngr/ks-action.c (ks_action_get): Add arg ldap_only.
* dirmngr/server.c (cmd_ks_get): Add option --ldap.
--

This change makes it easy to start working with gnupg: Just insert the
smartcard or token provided to you and the first time you sign a
message the public key associated with the current card will be
imported and everything is set without any configuration.

This works only with an LDAP directory because it can be expected that
the public key has been put into the LDAP during card personalization.
Of course an LDAP server needs to be configured; in a Windows AD
domain this can be a mere "keyserver ldap:///" in dirmngr.conf.  Other
configured keyservers are ignored.

Requirements for the card driver: The $SIGNKEYID attribute must exists
and a query for the KEY-FPR attribute needs to return the OpenPGP
fingerprint for that key.  This is currently supported for OpenPGP
cards and certain PKCS#15 cards.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2021-04-16 20:21:23 +02:00
parent 30f90fc857
commit d7e707170f
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
11 changed files with 89 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

2
dirmngr/ks-action.h
View file

@ -26,7 +26,7 @@ gpg_error_t ks_action_resolve (ctrl_t ctrl, uri_item_t keyservers);
gpg_error_t ks_action_search (ctrl_t ctrl, uri_item_t keyservers,
strlist_t patterns, estream_t outfp);
gpg_error_t ks_action_get (ctrl_t ctrl, uri_item_t keyservers,
strlist_t patterns, estream_t outfp);
strlist_t patterns, int ldap_only, estream_t outfp);
gpg_error_t ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp);
gpg_error_t ks_action_put (ctrl_t ctrl, uri_item_t keyservers,
void *data, size_t datalen,