PGP 密钥服务器具有通过 HTTPS 下载的功能吗?

PGP 密钥服务器具有通过 HTTPS 下载的功能吗?

我公司的防火墙阻止了端口 80 上的密钥服务器,并且我希望支持的一些发行版尚不支持通过 TLS 获取的 HKPS。

是否有密钥服务器可以通过 HTTPS 提供给定密钥的简单下载?例如,我可以获取位于密钥库上的我自己的个人密钥https://keybase.io/naftulikay/pgp_keys.asc

是否有资源可以在不使用密钥服务器协议的情况下通过 HTTPS 获取密钥?我正在编写 Ansible,因此通过 HTTPS 获取内容很容易。

答案1

openpgp.org有设施https。刚刚通过指纹导入了一些钥匙。该路径是可预测的,您只需替换${KEY_FINGERPRINT}为要导入的密钥的指纹即可。当然必须已经上传到https://keys.openpgp.org

curl --sSL https://keys.openpgp.org/vks/v1/by-fingerprint/${KEY_FINGERPRINT} | \
  gpg --import

Ubuntu 密钥服务器还有一个 HTTP(S) API,通过它可以获取 ASCII 格式的密钥:

curl -sSL https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x${KEY_FINGERPRINT} | \
  gpg --import

请注意| gpg --import管道,它用于将密钥数据导入到 GnuPG 密钥环中。

通过 HTTPS 自动导入 GPG/PGP 密钥:

由于路径https://keys.openpgp.org是可预测的,并且仅根据服务器上存储的密钥指纹而变化,因此我们可以自动导入由其指纹识别的密钥列表。下面经过测试,知道可以正常工作

要使脚本适合您自己的使用,只需将我的 (3) 个样本密钥指纹替换为您要导入的密钥指纹,当然,将变量设置PATHSCRIPTS为您所需的路径:

#!/bin/bash

PATHSCRIPTS='/home/pi'

# Create text file using a Here-Doc containing Key Fingerprints of keys to import into keyring:

cat <<EOF> $PATHSCRIPTS/Key-fingerprints-list.txt
AEB042FFD73BAA7545EDA021343A2DF613C5E7F8
7AFAF20259E69236E43EEF521F45D0F6E89F27A6
704FCD2556C40AF8F2FBD8E2E5A1DE67F98FA66F
EOF

# Read the text file we created into an array
readarray arrayKeyFingerprints < $PATHSCRIPTS/Key-fingerprints-list.txt

# Loop through the array adding each key in turn by its fingerprint from keys.openpgp.org:
for i in ${arrayKeyFingerprints[@]}; do
    curl https://keys.openpgp.org/vks/v1/by-fingerprint/$i | gpg --import
done

上述脚本的结果(保存test.sh并在 Raspberry Pi 上运行)如下所示:

pi@pi4-ap1:~ $ ./test.sh 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
100  3212  100  3212    0     0   7629      0 --:--:-- --:--:-- --:--:--  7629
gpg: /home/pi/.gnupg/trustdb.gpg: trustdb created
gpg: key 343A2DF613C5E7F8: public key "Terrence Houlahan (I'm the former NYPD cop living in the UK.  This is my only *personal* key.  Trust no others.) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
100  3220  100  3220    0     0  18720      0 --:--:-- --:--:-- --:--:-- 18612
gpg: key 1F45D0F6E89F27A6: public key "Terrence Houlahan (Terrence Houlahan Linux & Network Engineer) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
100  3252  100  3252    0     0  19473      0 --:--:-- --:--:-- --:--:-- 19473
gpg: key E5A1DE67F98FA66F: public key "Terrence Houlahan (Open-IPcamera Project Developer Key Terrence Houlahan) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1

我们创建一个密钥列表,其中有 (3) 个导入的密钥:

pi@pi4-ap1:~ $ gpg --list-keys
/home/pi/.gnupg/pubring.kbx
---------------------------
pub   rsa4096 2011-03-13 [SC]
  AEB042FFD73BAA7545EDA021343A2DF613C5E7F8
uid           [ unknown] Terrence Houlahan (I'm the former NYPD cop living in the UK.  This is my only *personal* key.  Trust no others.) <[email protected]>
sub   rsa4096 2011-03-13 [E]

pub   rsa4096 2019-02-06 [SC] [expires: 2029-01-31]
  7AFAF20259E69236E43EEF521F45D0F6E89F27A6
uid           [ unknown] Terrence Houlahan (Terrence Houlahan Linux & Network Engineer) <[email protected]>
sub   rsa4096 2019-02-06 [E] [expires: 2029-01-31]

pub   rsa4096 2019-02-06 [SC] [expires: ????-??-??]
  704FCD2556C40AF8F2FBD8E2E5A1DE67F98FA66F
uid           [ unknown] Terrence Houlahan (Open-IPcamera Project Developer Key Terrence Houlahan) <[email protected]>
sub   rsa4096 2019-02-06 [E] [expires: ????-??-??]

相关内容