我公司的防火墙阻止了端口 80 上的密钥服务器,并且我希望支持的一些发行版尚不支持通过 TLS 获取的 HKPS。
是否有密钥服务器可以通过 HTTPS 提供给定密钥的简单下载?例如,我可以获取位于密钥库上的我自己的个人密钥https://keybase.io/naftulikay/pgp_keys.asc
是否有资源可以在不使用密钥服务器协议的情况下通过 HTTPS 获取密钥?我正在编写 Ansible,因此通过 HTTPS 获取内容很容易。
答案1
openpgp.org
有设施https。刚刚通过指纹导入了一些钥匙。该路径是可预测的,您只需替换${KEY_FINGERPRINT}
为要导入的密钥的指纹即可。当然必须已经上传到https://keys.openpgp.org
:
curl --sSL https://keys.openpgp.org/vks/v1/by-fingerprint/${KEY_FINGERPRINT} | \
gpg --import
Ubuntu 密钥服务器还有一个 HTTP(S) API,通过它可以获取 ASCII 格式的密钥:
curl -sSL https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x${KEY_FINGERPRINT} | \
gpg --import
请注意| gpg --import
管道,它用于将密钥数据导入到 GnuPG 密钥环中。
通过 HTTPS 自动导入 GPG/PGP 密钥:
由于路径https://keys.openpgp.org
是可预测的,并且仅根据服务器上存储的密钥指纹而变化,因此我们可以自动导入由其指纹识别的密钥列表。下面经过测试,知道可以正常工作
要使脚本适合您自己的使用,只需将我的 (3) 个样本密钥指纹替换为您要导入的密钥指纹,当然,将变量设置PATHSCRIPTS
为您所需的路径:
#!/bin/bash
PATHSCRIPTS='/home/pi'
# Create text file using a Here-Doc containing Key Fingerprints of keys to import into keyring:
cat <<EOF> $PATHSCRIPTS/Key-fingerprints-list.txt
AEB042FFD73BAA7545EDA021343A2DF613C5E7F8
7AFAF20259E69236E43EEF521F45D0F6E89F27A6
704FCD2556C40AF8F2FBD8E2E5A1DE67F98FA66F
EOF
# Read the text file we created into an array
readarray arrayKeyFingerprints < $PATHSCRIPTS/Key-fingerprints-list.txt
# Loop through the array adding each key in turn by its fingerprint from keys.openpgp.org:
for i in ${arrayKeyFingerprints[@]}; do
curl https://keys.openpgp.org/vks/v1/by-fingerprint/$i | gpg --import
done
上述脚本的结果(保存test.sh
并在 Raspberry Pi 上运行)如下所示:
pi@pi4-ap1:~ $ ./test.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3212 100 3212 0 0 7629 0 --:--:-- --:--:-- --:--:-- 7629
gpg: /home/pi/.gnupg/trustdb.gpg: trustdb created
gpg: key 343A2DF613C5E7F8: public key "Terrence Houlahan (I'm the former NYPD cop living in the UK. This is my only *personal* key. Trust no others.) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3220 100 3220 0 0 18720 0 --:--:-- --:--:-- --:--:-- 18612
gpg: key 1F45D0F6E89F27A6: public key "Terrence Houlahan (Terrence Houlahan Linux & Network Engineer) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3252 100 3252 0 0 19473 0 --:--:-- --:--:-- --:--:-- 19473
gpg: key E5A1DE67F98FA66F: public key "Terrence Houlahan (Open-IPcamera Project Developer Key Terrence Houlahan) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
我们创建一个密钥列表,其中有 (3) 个导入的密钥:
pi@pi4-ap1:~ $ gpg --list-keys
/home/pi/.gnupg/pubring.kbx
---------------------------
pub rsa4096 2011-03-13 [SC]
AEB042FFD73BAA7545EDA021343A2DF613C5E7F8
uid [ unknown] Terrence Houlahan (I'm the former NYPD cop living in the UK. This is my only *personal* key. Trust no others.) <[email protected]>
sub rsa4096 2011-03-13 [E]
pub rsa4096 2019-02-06 [SC] [expires: 2029-01-31]
7AFAF20259E69236E43EEF521F45D0F6E89F27A6
uid [ unknown] Terrence Houlahan (Terrence Houlahan Linux & Network Engineer) <[email protected]>
sub rsa4096 2019-02-06 [E] [expires: 2029-01-31]
pub rsa4096 2019-02-06 [SC] [expires: ????-??-??]
704FCD2556C40AF8F2FBD8E2E5A1DE67F98FA66F
uid [ unknown] Terrence Houlahan (Open-IPcamera Project Developer Key Terrence Houlahan) <[email protected]>
sub rsa4096 2019-02-06 [E] [expires: ????-??-??]