Receiving keys from keyserver via qubes-gpg-client-wrapper
56 views
Skip to first unread message
Boris Prüßmann
Apr 6, 2016, 3:32:15 AM4/6/16
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I've been using split-gpg with Enigmail and grew a little frustrated
by the fact that I cannot properly import unknown keys by just
clicking the "Import Key" button.
I believe there is an easy way to solve this issue, but before
spending too much time on it, I wanted to run the idea by the
community to see if there are any particular concerns.
So here's the idea: qubes-gpg-client-wrapper already does some
preprocessing of command line arguments, so it should be pretty
straightforward to have it detect if there is e.g. a --recv-keys
argument. If that is found, it would use the "local" gpg version to
download the requested key(s) into a temporary folder, then exporting
them so that they can be passed to qubes-gpg-import-key.
Any reason why that would not work? And more importantly, are there
any security related reasons why implementing it in such a way would
not be a good idea?
- -Boris
- --
Fingerprint B7BC 2B4D 181F 0C51 E639 7CDC 0FA7 672B 7615 5554
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXBLt1AAoJEITiocFWJe4uLv4P/0xvwy4A1Gj8GCxzgRJwf7fj
2/QgYn4lt7K7Dqw/yCRyWjq7w9OSAfbr6yt9m2lgHz+b37rP70bUFW5TtV6mawgt
XV1aeY9lTXhaxbc3wyOdQn9Xr2qNbnmImtrGPugmyuovw0EyXZoviMhDM6pE+zP1
juBM6zXmrW4Ts9p9vqULPk9C5RDORXDCro4CoFrHyrdWQDwqq6lNzkDD4xuGVpOI
p/7V6cZbNsNK+YSZlr0q42gpGboY/RTR9llyTbjMOtql3Q6JE7x7FBiWSA8AS/do
pMBBJmS+gQmfxv40v9k0+H+wV51sjLP9L/8aY1O2yQYaLhjpa0SFzpXN9ftltXA2
yGND5YwePnnDpEBzDjzraerGAS2y7vfD/sek7hFH13y2XPcqnFTKOwaSoBG4RWQ/
EdwdYz2JZJrJdJjJ64NBik7gheVunLI63NvgGgGcapied4eZ+k/2okZfmkB4DHMy
qf+iQ8iCJEWCtHL88qUlRwMRLYFjijLkkatC3gvPbM9Mx04ZVnB9tU6rE7AOffdP
LhN7JhP5rAGemYnZSEoDi+FDyGE0zat+e322iuOc9XRbyvaDFmQhJUgWe6ZnmlSe
sLYJpMg8IlPPrXT3f3YAUOG8nkKti4HFAyzsHUISVBupqCMAqeLF+Vc1BNf/EnPF
FEBY1NoB/lrXcUYlPxh1
=uV0f
-----END PGP SIGNATURE-----
Hash: SHA256
I've been using split-gpg with Enigmail and grew a little frustrated
by the fact that I cannot properly import unknown keys by just
clicking the "Import Key" button.
I believe there is an easy way to solve this issue, but before
spending too much time on it, I wanted to run the idea by the
community to see if there are any particular concerns.
So here's the idea: qubes-gpg-client-wrapper already does some
preprocessing of command line arguments, so it should be pretty
straightforward to have it detect if there is e.g. a --recv-keys
argument. If that is found, it would use the "local" gpg version to
download the requested key(s) into a temporary folder, then exporting
them so that they can be passed to qubes-gpg-import-key.
Any reason why that would not work? And more importantly, are there
any security related reasons why implementing it in such a way would
not be a good idea?
- -Boris
- --
Fingerprint B7BC 2B4D 181F 0C51 E639 7CDC 0FA7 672B 7615 5554
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXBLt1AAoJEITiocFWJe4uLv4P/0xvwy4A1Gj8GCxzgRJwf7fj
2/QgYn4lt7K7Dqw/yCRyWjq7w9OSAfbr6yt9m2lgHz+b37rP70bUFW5TtV6mawgt
XV1aeY9lTXhaxbc3wyOdQn9Xr2qNbnmImtrGPugmyuovw0EyXZoviMhDM6pE+zP1
juBM6zXmrW4Ts9p9vqULPk9C5RDORXDCro4CoFrHyrdWQDwqq6lNzkDD4xuGVpOI
p/7V6cZbNsNK+YSZlr0q42gpGboY/RTR9llyTbjMOtql3Q6JE7x7FBiWSA8AS/do
pMBBJmS+gQmfxv40v9k0+H+wV51sjLP9L/8aY1O2yQYaLhjpa0SFzpXN9ftltXA2
yGND5YwePnnDpEBzDjzraerGAS2y7vfD/sek7hFH13y2XPcqnFTKOwaSoBG4RWQ/
EdwdYz2JZJrJdJjJ64NBik7gheVunLI63NvgGgGcapied4eZ+k/2okZfmkB4DHMy
qf+iQ8iCJEWCtHL88qUlRwMRLYFjijLkkatC3gvPbM9Mx04ZVnB9tU6rE7AOffdP
LhN7JhP5rAGemYnZSEoDi+FDyGE0zat+e322iuOc9XRbyvaDFmQhJUgWe6ZnmlSe
sLYJpMg8IlPPrXT3f3YAUOG8nkKti4HFAyzsHUISVBupqCMAqeLF+Vc1BNf/EnPF
FEBY1NoB/lrXcUYlPxh1
=uV0f
-----END PGP SIGNATURE-----
Manuel Amador (Rudd-O)
Oct 12, 2016, 1:36:27 PM10/12/16
to qubes...@googlegroups.com
On 04/06/2016 07:32 AM, Boris Prüßmann wrote:
>
> I've been using split-gpg with Enigmail and grew a little frustrated
> by the fact that I cannot properly import unknown keys by just
> clicking the "Import Key" button.
>
> I believe there is an easy way to solve this issue, but before
> spending too much time on it, I wanted to run the idea by the
> community to see if there are any particular concerns.
>
> So here's the idea: qubes-gpg-client-wrapper already does some
> preprocessing of command line arguments, so it should be pretty
> straightforward to have it detect if there is e.g. a --recv-keys
> argument. If that is found, it would use the "local" gpg version to
> download the requested key(s) into a temporary folder, then exporting
> them so that they can be passed to qubes-gpg-import-key.
>
> Any reason why that would not work? And more importantly, are there
> any security related reasons why implementing it in such a way would
> not be a good idea?
>
Can you file this as a feature request in github/QubesOS/qubes-issues ?
>
> I've been using split-gpg with Enigmail and grew a little frustrated
> by the fact that I cannot properly import unknown keys by just
> clicking the "Import Key" button.
>
> I believe there is an easy way to solve this issue, but before
> spending too much time on it, I wanted to run the idea by the
> community to see if there are any particular concerns.
>
> So here's the idea: qubes-gpg-client-wrapper already does some
> preprocessing of command line arguments, so it should be pretty
> straightforward to have it detect if there is e.g. a --recv-keys
> argument. If that is found, it would use the "local" gpg version to
> download the requested key(s) into a temporary folder, then exporting
> them so that they can be passed to qubes-gpg-import-key.
>
> Any reason why that would not work? And more importantly, are there
> any security related reasons why implementing it in such a way would
> not be a good idea?
>
> -Boris
>
>
--
Rudd-O
http://rudd-o.com/
Reply all
Reply to author
Forward
0 new messages