Feature Request: MS Exchange Server IDs
Jan-Benedict Glaw
jbglaw at lug-owl.de
Wed Feb 14 21:05:58 CET 2007
On Wed, 2007-02-14 11:24:24 -0800, Crosland, Jerel <Jerel.Crosland at 21st.com> wrote:
> > -----Original Message-----
> > From: gnupg-devel-bounces at gnupg.org
> > [mailto:gnupg-devel-bounces at gnupg.org]On Behalf Of David Shaw
> > Sent: Tuesday, February 13, 2007 7:41 PM
> > To: gnupg-devel at gnupg.org
> > Subject: Re: Feature Request: MS Exchange Server IDs
> > On Tue, Feb 13, 2007 at 01:53:08PM -0800, Crosland, Jerel wrote:
> > > I need to be able to add my MS Exchange Server ID to the list of user
> > > ids in my public key so that GPGol/gpg will be able to find it when
> > > another user in my Exchange environment who is also using GPGol tries to
> > > encrypt a message to me. Gnupg will not allow me to do so because it is
> > > considered an invalid email address. The ID which GPGol is using to try
> > > and find the public key looks like this:
> > >
> > > /O=20TH CENTURY/OU=TWENTIETHHQ/CN=RECIPIENTS/CN=Jerel.Crosland
> > GPGol does not need to be configured for this and can find any user
> > ID. The --allow-freeform-uid option is used when creating the key or
> > when adding the new user ID to the key.
> Apparently not. Whenever I am sending an email using Outlook to
> another user within my local network/domain I must always manually
> select which key to encrypt to. It is not finding the external
> email address but only the internal, Exchange version of the ID,
> which is that long form I have listed.
See this example:
jbglaw at bixie:~$ gpg --gen-key --allow-freeform-uid
gpg (GnuPG) 1.4.6; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection?
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh at duesseldorf.de>"
Real name: Jan-Benedict Glaw TEST KEY ONLY
Email address: /O=20TH CENTURY/OU=TWENTIETHHQ/CN=RECIPIENTS/CN=Jerel.Crosland
Comment:
You selected this USER-ID:
"Jan-Benedict Glaw TEST KEY ONLY </O=20TH CENTURY/OU=TWENTIETHHQ/CN=RECIPIENTS/CN=Jerel.Crosland>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
You don't want a passphrase - this is probably a *bad* idea!
I will do it anyway. You can change your passphrase at any time,
using this program with the option "--edit-key".
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
++++++++++.+++++.++++++++++.++++++++++++++++++++.+++++++++++++++.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.................... ............>+++++...+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++..+++++.+++++++++++++++.+++++......+++++++++++++++..++++++++++++++++++++++++++++++.+++++.+++++.+++++.+++++++++++++++++++++++++++++++++++++++++++++.+++++..+++++>..+++++.+++++>+++++>+++++...............................<.+++++...+++++^^^
gpg: key 576B8B6B marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024D/576B8B6B 2007-02-14
Key fingerprint = 4C96 D2FF DE8E 1BCF F968 FC6C 1EF2 9C58 576B 8B6B
uid Jan-Benedict Glaw TEST KEY ONLY </O=20TH CENTURY/OU=TWENTIE
THHQ/CN=RECIPIENTS/CN=Jerel.Crosland>
sub 2048g/8C68F224 2007-02-14
jbglaw at bixie:~$ gpg --list-keys '/O=20TH CENTURY/OU=TWENTIE
> THHQ/CN=RECIPIENTS/CN=Jerel.Crosland
jbglaw at bixie:~$ gpg --list-keys '/O=20TH CENTURY/OU=TWENTIETHHQ/CN=RECIPIENTS/CN=Jerel.Crosland'
pub 1024D/576B8B6B 2007-02-14
uid Jan-Benedict Glaw TEST KEY ONLY </O=20TH CENTURY/OU=TWENTIETHHQ/CN=RECIPIENTS/CN=Jerel.Crosland>
sub 2048g/8C68F224 2007-02-14
See? I can create a key with such an "email" address and I can search
for it.
jbglaw at bixie:~$ gpg --allow-freeform-uid --edit 0x576B8B6B
gpg (GnuPG) 1.4.6; Copyright (C) 2006 Free Software Foundation, Inc.
[...]
This also works as expected. Could you please *exactly* describe the
problem you're facing? Are you missing success generating a UID in
certificate form? Or does it fail to find it? It would probably help
if you'd describe step-by-step what you're doing, like I did in the
example above.
MfG, JBG
--
Jan-Benedict Glaw jbglaw at lug-owl.de +49-172-7608481
Signature of: "really soon now": an unspecified period of time, likly to
the second : be greater than any reasonable definition
of "soon".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20070214/23e0fda7/attachment-0001.pgp
More information about the Gnupg-devel
mailing list