Newbie Question

David Shaw dshaw at jabberwocky.com
Tue Jul 29 03:33:28 CEST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Jul 27, 2003 at 11:02:32PM -0500, Divya Sundaram wrote:
> Hi all,
> 
> Perhaps this is not the correct place to ask, but I'd like to
> give it a shot anyways.
> 
> At my work, we have a large LDAP Directory deployed and we'd like
> to work at integrating the PGP/GnuPG keystore with the LDAP Directory.
> 
> Two questions come to mind:
> 
> (1) What are my options if I wished to run an open-source PGP/GnuPG 
>     Key store?

Only one that I would recommend, called SKS.  You can get it from
http://sks.sourceforge.net

There are others, but they are either not finished yet (cks), or don't
work with modern keys (pks).

> (2) How do I integrate it with the LDAP Directory?

These programs use a different backend database than LDAP.  You could
modify them to use LDAP if you liked.

> (3) Is there any way to use the LDAP Server as a Key Store itself?

Yes and no.  There is a PGP product which is a LDAP keyserver.  It it
not a true LDAP server, but rather a keyserver that happens to speak
LDAP.  You can't use it to store non-key data.

The latest version of PGP (8) also supports using a regular LDAP
server as a key store.  GnuPG does not yet support this, but will
probably support it in version 1.4.  The disadvantage to this is that
the server operator needs to have some authentication scheme on the
LDAP server to prevent people from replacing keys that do not belong
to them.  The authentication system for this type of setup is LDAP
itself, and is external to PGP or GnuPG.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iEYEARECAAYFAj8lgwcACgkQ4mZch0nhy8kvEwCgg8XCSQ+MPLY2QyPOcL6bqyJm
J58An1lK6jbTbEuAdhYjwwF493NTz8C9
=CyDb
-----END PGP SIGNATURE-----




More information about the Gnupg-devel mailing list