* [PGG] Any way to download keys automatically? @ 2003-04-17 1:43 Zack Weinberg 2003-04-17 1:51 ` Kirk Strauser 0 siblings, 1 reply; 7+ messages in thread From: Zack Weinberg @ 2003-04-17 1:43 UTC (permalink / raw) Is there any way to tell PGG that, when GPG fails to verify a signature because it doesn't have the relevant public key in its keyring, it should automatically download the key from the keyservers and try again? (gpg --recv-keys <keyID> does the download.) zw ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PGG] Any way to download keys automatically? 2003-04-17 1:43 [PGG] Any way to download keys automatically? Zack Weinberg @ 2003-04-17 1:51 ` Kirk Strauser 2003-04-17 2:31 ` Marshall T. Vandegrift 2003-04-17 2:38 ` Zack Weinberg 0 siblings, 2 replies; 7+ messages in thread From: Kirk Strauser @ 2003-04-17 1:51 UTC (permalink / raw) [-- Attachment #1: Type: text/plain, Size: 457 bytes --] At 2003-04-17T01:43:59Z, Zack Weinberg <zack@codesourcery.com> writes: > Is there any way to tell PGG that, when GPG fails to verify a > signature because it doesn't have the relevant public key in its > keyring, it should automatically download the key from the keyservers > and try again? (gpg --recv-keys <keyID> does the download.) Edit your ~/.gnupg/options. Add: keyserver-options auto-key-retrieve That's it! -- Kirk Strauser [-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PGG] Any way to download keys automatically? 2003-04-17 1:51 ` Kirk Strauser @ 2003-04-17 2:31 ` Marshall T. Vandegrift 2003-04-17 10:10 ` [PATCH] PGG retrieving keys itself (was: [PGG] Any way to download keys automatically?) Michael Teichgräber 2003-04-17 10:50 ` [PGG] Any way to download keys automatically? Simon Josefsson 2003-04-17 2:38 ` Zack Weinberg 1 sibling, 2 replies; 7+ messages in thread From: Marshall T. Vandegrift @ 2003-04-17 2:31 UTC (permalink / raw) [-- Attachment #1: Type: text/plain, Size: 805 bytes --] Kirk Strauser <kirk@strauser.com> writes: > Edit your ~/.gnupg/options. Add: > > keyserver-options auto-key-retrieve It's `~/.gnupg/gpg.conf' these days (as of version 1.1.92), but yes. However, PGG does also include support to retrieve keys itself: ,----[ C-h v pgg-query-keyserver ] | pgg-query-keyserver's value is nil | | Documentation: | Whether PGG queries keyservers for missing keys when verifying messages. `---- Does this exist for OpenPGP implementations which do not support automated key-retrieval, or is there some good reason to have PGG do it instead of the OpenPGP tool? -- Marshall T. Vandegrift <vandem2@rpi.edu> They were all, one might say, nonexistent, but each non-existed in an entirely different way. -- Stanislaw Lem, /The Cyberiad/ [-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] PGG retrieving keys itself (was: [PGG] Any way to download keys automatically?) 2003-04-17 2:31 ` Marshall T. Vandegrift @ 2003-04-17 10:10 ` Michael Teichgräber 2003-04-17 10:50 ` [PGG] Any way to download keys automatically? Simon Josefsson 1 sibling, 0 replies; 7+ messages in thread From: Michael Teichgräber @ 2003-04-17 10:10 UTC (permalink / raw) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Marshall T. Vandegrift" <vandem2@rpi.edu> writes: > However, PGG does also include support to retrieve keys itself: PGG uses pgg-decode-armor-region to get the key ID of the message's signing key, but only if there is a detached (PGP/MIME) signature. With clear-signed messages it seems not to work. This patch adds some code to pgg-verify-region, that checks for the existence of a clear signed message and feeds the signature region to pgg-decode-armor-region the same way as it is done for detached signatures. Is this how it could be done? (I do not have much practice on Lisp programming yet): - ------------------------------------------------------------>8---------- Index: pgg.el =================================================================== RCS file: /usr/local/cvsroot/gnus/lisp/pgg.el,v retrieving revision 6.15 diff -u -p -r6.15 pgg.el - --- pgg.el 16 Apr 2003 16:28:19 -0000 6.15 +++ pgg.el 17 Apr 2003 10:04:04 -0000 @@ -243,21 +243,29 @@ and the the output is displayed." status)) ;;;###autoload - -(defun pgg-verify-region (start end &optional signature fetch) +(defun pgg-verify-region (start end &optional detached-sig fetch) "Verify the current region between START and END. - -If the optional 3rd argument SIGNATURE is non-nil, it is treated as +If the optional 3rd argument DETACHED-SIG is non-nil, it is treated as the detached signature of the current region. If the optional 4th argument FETCH is non-nil, we attempt to fetch the signer's public key from `pgg-default-keyserver-address'." (interactive "r") - - (let* ((packet - - (if (null signature) nil + (let* ((clear-sig + (unless detached-sig + (save-excursion + (goto-char start) + (if (re-search-forward "^-+BEGIN PGP SIGNATURE" end t) + (buffer-substring (match-beginning 0) end))))) + (packet + (when (or detached-sig clear-sig) (with-temp-buffer (buffer-disable-undo) (if (fboundp 'set-buffer-multibyte) (set-buffer-multibyte nil)) - - (insert-file-contents signature) + (if detached-sig + (insert-file-contents detached-sig) + (insert clear-sig)) (cdr (assq 2 (pgg-decode-armor-region (point-min)(point-max))))))) (key (cdr (assq 'key-identifier packet))) @@ -275,7 +283,7 @@ signer's public key from `pgg-default-ke (setq status (pgg-save-coding-system start end (pgg-invoke "verify-region" (or pgg-scheme pgg-default-scheme) - - (point-min) (point-max) signature))) + (point-min) (point-max) detached-sig))) (when (interactive-p) (let ((temp-buffer-show-function (function pgg-temp-buffer-show-function))) - ----------8<------------------------------------------------------------ > Does this exist for OpenPGP implementations which do not support > automated key-retrieval, or is there some good reason to have PGG do > it instead of the OpenPGP tool? - From what its manpage says, there is no function at least in PGP 2.6.3 to automatically retrieve keys. A good reason is IMHO, if you work at a dialup host, that you have a chance to connect to the the network before the signature is checked, since PGG will prompt you if it could not find the public key. - -- Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+nn21Pw209BGCgAARAshsAKDr3OkjlJI3h1bG1gsZPFWy+hKozACggZ2V 6jnZxBiakrft0Mdv5Bc8oPs= =S37T -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PGG] Any way to download keys automatically? 2003-04-17 2:31 ` Marshall T. Vandegrift 2003-04-17 10:10 ` [PATCH] PGG retrieving keys itself (was: [PGG] Any way to download keys automatically?) Michael Teichgräber @ 2003-04-17 10:50 ` Simon Josefsson 1 sibling, 0 replies; 7+ messages in thread From: Simon Josefsson @ 2003-04-17 10:50 UTC (permalink / raw) Cc: ding "Marshall T. Vandegrift" <vandem2@rpi.edu> writes: > ,----[ C-h v pgg-query-keyserver ] > | pgg-query-keyserver's value is nil > | > | Documentation: > | Whether PGG queries keyservers for missing keys when verifying messages. > `---- > > Does this exist for OpenPGP implementations which do not support > automated key-retrieval Yes. > or is there some good reason to have PGG do it instead of the > OpenPGP tool? If the OpenPGP tool isn't configured to fetch keys, instead of configuring it to do so it may be easier to configure PGG to do so. OTOH, if you use the tool without PGG, it is probably better to make the OpenPGP tool do it. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PGG] Any way to download keys automatically? 2003-04-17 1:51 ` Kirk Strauser 2003-04-17 2:31 ` Marshall T. Vandegrift @ 2003-04-17 2:38 ` Zack Weinberg 2003-04-17 15:49 ` Kirk Strauser 1 sibling, 1 reply; 7+ messages in thread From: Zack Weinberg @ 2003-04-17 2:38 UTC (permalink / raw) Cc: ding Kirk Strauser <kirk@strauser.com> writes: > At 2003-04-17T01:43:59Z, Zack Weinberg <zack@codesourcery.com> writes: > >> Is there any way to tell PGG that, when GPG fails to verify a >> signature because it doesn't have the relevant public key in its >> keyring, it should automatically download the key from the keyservers >> and try again? (gpg --recv-keys <keyID> does the download.) > > Edit your ~/.gnupg/options. Add: > > keyserver-options auto-key-retrieve Thanks! It didn't even occur to me to check for this feature in GPG. I feel silly now. zw ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PGG] Any way to download keys automatically? 2003-04-17 2:38 ` Zack Weinberg @ 2003-04-17 15:49 ` Kirk Strauser 0 siblings, 0 replies; 7+ messages in thread From: Kirk Strauser @ 2003-04-17 15:49 UTC (permalink / raw) Cc: ding [-- Attachment #1: Type: text/plain, Size: 248 bytes --] At 2003-04-17T02:38:47Z, Zack Weinberg <zack@codesourcery.com> writes: > Thanks! It didn't even occur to me to check for this feature in GPG. I > feel silly now. Please don't ask how I found out about the feature. :) -- Kirk Strauser [-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2003-04-17 15:49 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2003-04-17 1:43 [PGG] Any way to download keys automatically? Zack Weinberg 2003-04-17 1:51 ` Kirk Strauser 2003-04-17 2:31 ` Marshall T. Vandegrift 2003-04-17 10:10 ` [PATCH] PGG retrieving keys itself (was: [PGG] Any way to download keys automatically?) Michael Teichgräber 2003-04-17 10:50 ` [PGG] Any way to download keys automatically? Simon Josefsson 2003-04-17 2:38 ` Zack Weinberg 2003-04-17 15:49 ` Kirk Strauser
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).