sks-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] recieving/updating Public Keys from SKS keyserver to pub


From: Kim Minh Kaplan
Subject: Re: [Sks-devel] recieving/updating Public Keys from SKS keyserver to pubring.gpg
Date: Wed, 04 Aug 2010 08:59:49 +0000
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux)

Prasanth Thandra writes:

> Hi,
>
>
> i configured gnupg 2.0.15 on RHEL4 to encrytp e-mail messages. Then i 
> installed
> SKS 1.1.1-2 on the same mechine. 
>
>
> now i am able to generate keys #gpg --gen-keys
>
> and export/sent them to SKS     #gpg --keyserver hkp://localhost --send-key
> KEYID
>
> and also recieve them through  #gpg --keyserver hkp://localhost --recv-key
> KEYID
>
>
> and i configured each users e-mail client (EVOLUTION) using their KEYIDes. 
> When
> a user receives an encrypted mail from his peer ... he is able to read the 
> mail
> only after receiving the KEY of sender to his pubring.gpg . But the problem
> here is each user has to receive KEYs of all the other one after
> another....which i dont think is the correct way.

You can setup GPG so that it automatically fetches unknown keys.
Checkout the documentation for "--keyserver-options auto-key-retrieve".

> ??????? is there any way of receiving all the Public-keys that are available
> with the local SKS keyserver ???????

Not readily: SKS is designed with a huge (currently several GB) database
of keys in mind so the export of all the keys is still an administrative
task that requires access to the database files.  See the "sks dump"
command.

> if it is ??
>
>
> how to update users pubring.gpg periodically or  when ever a new KEY is
> received by the KEYSERVER?
>
>
> Please help me.. Thanking you

Reading your mail it seems you are trying to use PGP in a way it was not
designed for: you are trying to enforce a centralized or hierarchical
trust model while PGP's model is a web of trust where each individual
chooses what key to trust.  Have you looked at X.509 certificates, they
may better serve your purpose.
-- 
Kim Minh



reply via email to

[Prev in Thread] Current Thread [Next in Thread]