1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-05 12:31:50 +01:00
gnupg/common/t-pka.c
Werner Koch 2fc27c8696
gpg: Switch to a hash and CERT record based PKA system.
* common/dns-cert.c (get_dns_cert): Make r_key optional.
* common/pka.c: Rewrite for the new hash based lookup.
* common/t-pka.c: New.
* configure.ac: Remove option --disable-dns-pka.
(USE_DNS_PKA): Remove ac_define.
* g10/getkey.c (parse_auto_key_locate): Always include PKA.

--

Note that although PKA is now always build, it will only work if
support for looking up via DNS has not been disabled.

The new PKA only works with the IPGP DNS certtype and shall be used
only to retrieve the fingerprint and optional the key for the first
time.  Due to the security problems with DNSSEC the former assumption
to validate the key using DNSSEC is not anymore justified.  Instead an
additional layer (e.g. Trust-On-First-Use) needs to be implemented to
track change to the key.  Having a solid way of getting a key matching
a mail address is however a must have.

More work needs to go into a redefinition of the --verify-options
pka-lookups and pka-trust-increase.  The auto-key-locate mechanism
should also be able to continue key fetching with another methods once
the fingerprint has been retrieved with PKA.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-25 16:34:19 +01:00

73 lines
1.5 KiB
C

/* t-pak.c - Module test for pka.c
* Copyright (C) 2015 Werner Koch
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
#include "util.h"
#include "pka.h"
int
main (int argc, char **argv)
{
unsigned char fpr[20];
char *url;
char const *name;
int i;
if (argc)
{
argc--;
argv++;
}
if (!argc)
name = "wk@gnupg.org";
else if (argc == 1)
name = *argv;
else
{
fputs ("usage: t-pka [userid]\n", stderr);
return 1;
}
printf ("User id ...: %s\n", name);
url = get_pka_info (name, fpr, sizeof fpr);
printf ("Fingerprint: ");
if (url)
{
for (i = 0; i < sizeof fpr; i++)
printf ("%02X", fpr[i]);
}
else
printf ("[not found]");
putchar ('\n');
printf ("URL .......: %s\n", (url && *url)? url : "[none]");
xfree (url);
return 0;
}