[PGG] Any way to download keys automatically?

[PGG] Any way to download keys automatically?

[Zack Weinberg]

Is there any way to tell PGG that, when GPG fails to verify a
signature because it doesn't have the relevant public key in its
keyring, it should automatically download the key from the keyservers
and try again?  (gpg --recv-keys <keyID> does the download.)

zw

Re: [PGG] Any way to download keys automatically?

[Kirk Strauser]

[-- Attachment #1: Type: text/plain, Size: 457 bytes --]

At 2003-04-17T01:43:59Z, Zack Weinberg <zack@codesourcery.com> writes:

> Is there any way to tell PGG that, when GPG fails to verify a
> signature because it doesn't have the relevant public key in its
> keyring, it should automatically download the key from the keyservers
> and try again?  (gpg --recv-keys <keyID> does the download.)

Edit your ~/.gnupg/options.  Add:

   keyserver-options auto-key-retrieve

That's it!
-- 
Kirk Strauser

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]

Re: [PGG] Any way to download keys automatically?

[Marshall T. Vandegrift]

[-- Attachment #1: Type: text/plain, Size: 805 bytes --]

Kirk Strauser <kirk@strauser.com> writes:

> Edit your ~/.gnupg/options.  Add:
>
>    keyserver-options auto-key-retrieve

It's `~/.gnupg/gpg.conf' these days (as of version 1.1.92), but yes.
However, PGG does also include support to retrieve keys itself:

,----[ C-h v pgg-query-keyserver ]
| pgg-query-keyserver's value is nil
| 
| Documentation:
| Whether PGG queries keyservers for missing keys when verifying messages.
`----

Does this exist for OpenPGP implementations which do not support
automated key-retrieval, or is there some good reason to have PGG do
it instead of the OpenPGP tool?

-- 
Marshall T. Vandegrift <vandem2@rpi.edu>

They were all, one might say, nonexistent, but each
non-existed in an entirely different way.
        -- Stanislaw Lem, /The Cyberiad/

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]

Re: [PGG] Any way to download keys automatically?

[Zack Weinberg]

Kirk Strauser <kirk@strauser.com> writes:

> At 2003-04-17T01:43:59Z, Zack Weinberg <zack@codesourcery.com> writes:
>
>> Is there any way to tell PGG that, when GPG fails to verify a
>> signature because it doesn't have the relevant public key in its
>> keyring, it should automatically download the key from the keyservers
>> and try again?  (gpg --recv-keys <keyID> does the download.)
>
> Edit your ~/.gnupg/options.  Add:
>
>    keyserver-options auto-key-retrieve

Thanks!  It didn't even occur to me to check for this feature in GPG.
I feel silly now.

zw

[PATCH] PGG retrieving keys itself (was: [PGG] Any way to download keys automatically?)

[Michael Teichgräber]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Marshall T. Vandegrift" <vandem2@rpi.edu> writes:

> However, PGG does also include support to retrieve keys itself:

PGG uses pgg-decode-armor-region to get the key ID of the message's
signing key, but only if there is a detached (PGP/MIME)
signature. With clear-signed messages it seems not to work.

This patch adds some code to pgg-verify-region, that checks for the
existence of a clear signed message and feeds the signature region to
pgg-decode-armor-region the same way as it is done for detached
signatures.

Is this how it could be done? (I do not have much practice on Lisp
programming yet):

- ------------------------------------------------------------>8----------
Index: pgg.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/pgg.el,v
retrieving revision 6.15
diff -u -p -r6.15 pgg.el
- --- pgg.el	16 Apr 2003 16:28:19 -0000	6.15
+++ pgg.el	17 Apr 2003 10:04:04 -0000
@@ -243,21 +243,29 @@ and the the output is displayed."
     status))
   
 ;;;###autoload
- -(defun pgg-verify-region (start end &optional signature fetch)
+(defun pgg-verify-region (start end &optional detached-sig fetch)
   "Verify the current region between START and END.
- -If the optional 3rd argument SIGNATURE is non-nil, it is treated as
+If the optional 3rd argument DETACHED-SIG is non-nil, it is treated as
 the detached signature of the current region.
 
 If the optional 4th argument FETCH is non-nil, we attempt to fetch the
 signer's public key from `pgg-default-keyserver-address'."
   (interactive "r")
- -  (let* ((packet
- -	  (if (null signature) nil
+  (let* ((clear-sig 
+	  (unless detached-sig
+	    (save-excursion 
+	      (goto-char start)
+	      (if (re-search-forward "^-+BEGIN PGP SIGNATURE" end t)
+		  (buffer-substring (match-beginning 0) end)))))
+	 (packet
+	  (when (or detached-sig clear-sig)
 	    (with-temp-buffer
 	      (buffer-disable-undo)
 	      (if (fboundp 'set-buffer-multibyte)
 		  (set-buffer-multibyte nil))
- -	      (insert-file-contents signature)
+	      (if detached-sig 
+		  (insert-file-contents detached-sig)
+		(insert clear-sig))
 	      (cdr (assq 2 (pgg-decode-armor-region
 			    (point-min)(point-max)))))))
 	 (key (cdr (assq 'key-identifier packet)))
@@ -275,7 +283,7 @@ signer's public key from `pgg-default-ke
     (setq status 
 	  (pgg-save-coding-system start end
 	    (pgg-invoke "verify-region" (or pgg-scheme pgg-default-scheme)
- -			(point-min) (point-max) signature)))
+			(point-min) (point-max) detached-sig)))
     (when (interactive-p)
       (let ((temp-buffer-show-function
 	     (function pgg-temp-buffer-show-function)))
- ----------8<------------------------------------------------------------


> Does this exist for OpenPGP implementations which do not support
> automated key-retrieval, or is there some good reason to have PGG do
> it instead of the OpenPGP tool?

- From what its manpage says, there is no function at least in PGP 2.6.3
to automatically retrieve keys. A good reason is IMHO, if you work at
a dialup host, that you have a chance to connect to the the network
before the signature is checked, since PGG will prompt you if it could
not find the public key.

- -- 
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+nn21Pw209BGCgAARAshsAKDr3OkjlJI3h1bG1gsZPFWy+hKozACggZ2V
6jnZxBiakrft0Mdv5Bc8oPs=
=S37T
-----END PGP SIGNATURE-----

Re: [PGG] Any way to download keys automatically?

[Simon Josefsson]

"Marshall T. Vandegrift" <vandem2@rpi.edu> writes:

> ,----[ C-h v pgg-query-keyserver ]
> | pgg-query-keyserver's value is nil
> | 
> | Documentation:
> | Whether PGG queries keyservers for missing keys when verifying messages.
> `----
>
> Does this exist for OpenPGP implementations which do not support
> automated key-retrieval

Yes.

> or is there some good reason to have PGG do it instead of the
> OpenPGP tool?

If the OpenPGP tool isn't configured to fetch keys, instead of
configuring it to do so it may be easier to configure PGG to do so.
OTOH, if you use the tool without PGG, it is probably better to make
the OpenPGP tool do it.

Re: [PGG] Any way to download keys automatically?

[Kirk Strauser]

[-- Attachment #1: Type: text/plain, Size: 248 bytes --]

At 2003-04-17T02:38:47Z, Zack Weinberg <zack@codesourcery.com> writes:

> Thanks!  It didn't even occur to me to check for this feature in GPG.  I
> feel silly now.

Please don't ask how I found out about the feature.  :)
-- 
Kirk Strauser

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]