[dev] Providing keys through Web Key Directory protocol
Ralf Lang
lang at b1-systems.de
Tue Oct 16 13:03:58 UTC 2018
Zitat von Wiktor Kwapisiewicz <wiktor at metacode.biz>:
> Hello Horde Dev,
>
> I would like to add support for providing user's PGP keys in Horde
> through Web Key Directory protocol.
>
> Relevant ticket: https://bugs.horde.org/ticket/14465
>
> A quick explanation what WKD does: modern GnuPG allows looking up PGP
> keys by e-mail addresses by converting e-mails to HTTPS URLs that are
> used to fetch the key (more info at https://wiki.gnupg.org/WKD ).
>
> For example, using "gpg --locate-key torvalds at kernel.org" fetches the
> key from
> https://kernel.org/.well-known/openpgpkey/hu/pf113mfnx1f3eb1yiwhsipa91xfc7o4x
>
> (the local part is SHA1-ed and encoded using ZBase32)
>
> Horde could store the encoded username hash in database, have an
> endpoint that would catch "/.well-known/openpgpkey/hu" calls, retrieve
> user's pgpPublicKey and return the binary key (or 404 if the key doesn't
> exist).
>
> I think storing additional attribute - encoded localpart is needed
> because it's not possible to easily reverse the hash to username. I've
> checked the Pgp component and it seems Horde_Pgp_Element_PublicKeys have
> to_bytes() method that can be used to return binary encoded OpenPGP key.
>
> Could you check if this reasoning is sound? I would appreciate any tips
> in development of this feature as the sheer size of the code base is a
> little bit intimidating :)
>
> Currently I've got a small problem with horde-git-tools (in attachment)
> but I'll try some alternative methods to get the source.
>
> Thank you for your time!
>
> Kind regards,
> Wiktor
>
> --
> https://metacode.biz/@wiktor
Hi Wiktor,
sounds basically reasonable. We just need to ensure not to tie it to
the user but to the identity - a user can have multiple identities,
user names etc.
Ralf
--
Ralf Lang
Linux Consultant & Developer
Tel: +49 170 63 8 15 63
Mail: lang at b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
More information about the dev
mailing list