[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Storage of Public Keys with LDAP



> Antonin Novak wrote:
> >
> > Does anyone know whether it is possible to store Public keys in LDAP.
>
> Which kind of public keys?
> ...
> PGP:
> IMHO there's also a RFC for storing PGP keys on LDAP servers. But I'm
> not sure if there are implementations for that...

I have done some experiments to use OpenLDAP as store for PGP keys (many public PGP key servers do that), but system never work well.

PGP key manager (I tested v 6.x) bind to LDAP server and search for a entry like:

dn: CN=PGPSERVERINFO
software: PGP Certificate Server (Unix)
basekeyspacedn: OU=ACTIVE,O=PGP KEYSPACE,C=US
basependingdn: OU=PENDING,O=PGP KEYSPACE,C=US
version: 2.5

DN must be CN=PGPSERVERINFO, so a specific database is require. This entry say to PGP client where to find public keys with field basekeyspacedn (in this example, under OU=ACTIVE,O=PGP KEYSPACE,C=US).
Under this root, PGP certificate look like:

dn: PGPCERTID=<16 chars>, OU=ACTIVE,O=PGP KEYSPACE,C=US
objectclass: pgpCertificate
version: 2.5
pgpkey: -----BEGIN PGP PUBLIC KEY BLOCK-----
<pgp key>
-----END PGP PUBLIC KEY BLOCK-----

Information about key's owner is a entry like:

dn: pgpUserID=Mickey Mouse, PGPCERTID=<16 chars>, OU=ACTIVE,
O=PGP KEYSPACE,C=US
objectclass: pgpUserID
pgprevoked: 0
pgpkeytype: DSS/DH
pgpsignerid: FCEBEE34********
pgpkeyid: 1ABC****
pgpkeycreatetime: 19990722144627Z
pgpuserid: Mickey Mouse
pgpcertid: <16 chars>
pgpsubkeyid: 5341FE6F********
pgpdisabled: 0
pgpkeysize: 02048


If someone has other information, will be appreciate.
-------------------------------------------------------- Marco Ferrante (ferrante@unige.it) CSITA (Centro Servizi Informatici e Telematici d'Ateneo) Università degli Studi di Genova - Italy Viale Brigata Salerno - 16147 Genova tel (+39) 0103532621 (interno tel. 2621) --------------------------------------------------------