mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
gpg: Lookup a missing public key of the current card via LDAP.
* g10/getkey.c (get_seckey_default_or_card): Lookup a missing public key from the current card via LDAP. * g10/call-dirmngr.c: Include keyserver-intetnal.h. (gpg_dirmngr_ks_get): Rename arg quick into flags. Take care of the new LDAP flag. * g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New. Replace the use of the value 1 for the former quick arg. (KEYSERVER_IMPORT_FLAG_LDAP): New. * g10/keyserver.c (keyserver_get_chunk): Increase the reserved line length. * dirmngr/ks-action.c (ks_action_get): Add arg ldap_only. * dirmngr/server.c (cmd_ks_get): Add option --ldap. -- This change makes it easy to start working with gnupg: Just insert the smartcard or token provided to you and the first time you sign a message the public key associated with the current card will be imported and everything is set without any configuration. This works only with an LDAP directory because it can be expected that the public key has been put into the LDAP during card personalization. Of course an LDAP server needs to be configured; in a Windows AD domain this can be a mere "keyserver ldap:///" in dirmngr.conf. Other configured keyservers are ignored. Requirements for the card driver: The $SIGNKEYID attribute must exists and a query for the KEY-FPR attribute needs to return the OpenPGP fingerprint for that key. This is currently supported for OpenPGP cards and certain PKCS#15 cards. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch
parent
30f90fc857
commit
d7e707170f
11 changed files with 89 additions and 41 deletions
12
g10/gpgv.c
12
g10/gpgv.c
|
|
@ -423,23 +423,23 @@ keyserver_any_configured (ctrl_t ctrl)
|
|||
}
|
||||
|
||||
int
|
||||
keyserver_import_keyid (u32 *keyid, void *dummy, int quick)
|
||||
keyserver_import_keyid (u32 *keyid, void *dummy, unsigned int flags)
|
||||
{
|
||||
(void)keyid;
|
||||
(void)dummy;
|
||||
(void)quick;
|
||||
(void)flags;
|
||||
return -1;
|
||||
}
|
||||
|
||||
int
|
||||
keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
|
||||
struct keyserver_spec *keyserver, int quick)
|
||||
struct keyserver_spec *keyserver, unsigned int flags)
|
||||
{
|
||||
(void)ctrl;
|
||||
(void)fprint;
|
||||
(void)fprint_len;
|
||||
(void)keyserver;
|
||||
(void)quick;
|
||||
(void)flags;
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
@ -451,12 +451,12 @@ keyserver_import_cert (const char *name)
|
|||
}
|
||||
|
||||
gpg_error_t
|
||||
keyserver_import_wkd (ctrl_t ctrl, const char *name, int quick,
|
||||
keyserver_import_wkd (ctrl_t ctrl, const char *name, unsigned int flags,
|
||||
unsigned char **fpr, size_t *fpr_len)
|
||||
{
|
||||
(void)ctrl;
|
||||
(void)name;
|
||||
(void)quick;
|
||||
(void)flags;
|
||||
(void)fpr;
|
||||
(void)fpr_len;
|
||||
return GPG_ERR_BUG;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue