PyGPGME and Keyservers? Any way to use a callback?

[Pie System]

Is there any way to have a callback invoked when PyGPGME needs a key?

I was under the impression I could use LDAP as a keyserver, and
configure dirmngr to use it so that when I needed a key (in this
case to verify a signature) it would contact the LDAP server,
fetch the key.

Instead, it's just saying

123abc: No public key

It's not even trying to contact LDAP (I can see from the logs
nothing is connecting to LDAP)

I desgined the entire application to use LDAP because I knew I'd need
some way to store keys, and apparently, PyGPGME doesn't use it?

dirmngr.conf is configured correctly. It's able to send keys, and store
them on the LDAP server via gpg --send-keys

But even if I explicitly tell it:
ctx = gpg.Context(offline=False)

It doesn't contact LDAP.

Is there some way to at least find out which key it needs so I can
manually fetch the key? Or specify a callback?

I'd really like to do away with gpg's keychain nonsense altogether
and use callbacks so that I can manage the data store on my own,
if possible.

Thanks in advance.

[David E. Ross]

On 7/17/2022 9:34 AM, Pie System wrote [in part]:
> Is there any way to have a callback invoked when PyGPGME needs a key?
>
> I was under the impression I could use LDAP as a keyserver, and
> configure dirmngr to use it so that when I needed a key (in this
> case to verify a signature) it would contact the LDAP server,
> fetch the key.

Fetching a public key is not sufficient for verifying a signature. You
must also establish trust in that key, which is not a simple procedure.

--
David E. Ross
"A Message to Those Who Are Not Vaccinated"
See my <http://www.rossde.com/index.html#vaccine>.

[Pie System]

David E. Ross <nob...@notme.invalid> wrote:
> On 7/17/2022 9:34 AM, Pie System wrote [in part]:
>> Is there any way to have a callback invoked when PyGPGME needs a key?
>>
>> I was under the impression I could use LDAP as a keyserver, and
>> configure dirmngr to use it so that when I needed a key (in this
>> case to verify a signature) it would contact the LDAP server,
>> fetch the key.
>
> Fetching a public key is not sufficient for verifying a signature. You
> must also establish trust in that key, which is not a simple procedure.

So that's a "No"?

I'm not asking if I can trust the key, just "PGP needs a key, let my
program find it".

[David E. Ross]

You should be able to fetch a public key by specifying either an E-mail
address, key ID, or key fingerprint. However, you should not be able to
fetch a public key and automatically use it to verify a signature. You
need first to mark the key as trusted. That is, only trusted public
keys can be used for any verification tasks. Otherwise, the purpose of
OpenPGP is defeated.

[Pie System]

David E. Ross <nob...@notme.invalid> wrote:
> You should be able to fetch a public key by specifying either an E-mail
> address, key ID, or key fingerprint. However, you should not be able to
> fetch a public key and automatically use it to verify a signature. You
> need first to mark the key as trusted. That is, only trusted public
> keys can be used for any verification tasks. Otherwise, the purpose of
> OpenPGP is defeated.

When I said "I'm not asking whether or not I can trust the key" I
meant it. I just didn't think anyone would want to read about my boring
application that's trying to use LDAP as a keyring of public keys.

Since I control the key server, I would know which keys are trusted.
Only employees allowed in the keyserver, so if a key is present there,
it would have been trusted. End of story. Not trusted? Not allowed on
LDAP server. GPGME configured to ONLY use this LDAP server for a
keyring.

My problem was, a satellite application without the full keyring
verifying a signature of a record, which doesn't have an email address
associated wasn't possible. I'm not using email, I'm using records from
another application. (they're text files that follow a proprietary
format, and that format does not include an email address)

I could, I suppose, require the bogus email address of every single
record to be associated with the data, but that would force me to wrap
these documents in a container format of some sort so I'd have a place
to stick the email address and generally make a big mess of the rest of
the program. (I guess I'd have to insert it at the beginning of the
document, verify the signature and then strip that out along with the
clear signature itself. Doable, but yuck.)

Since the email address or identifying information *should* be in the
signature anyway (afterall, GPG needs it so it knows which key to look
for in its own keyring -- it *must* be there some place), it seems
redundant, violates DRY, and it would make a mess of my data structuring.

I would, apparently, have to parse the signature block some-how to
determine the signer and then manually fetch the key into the local
keyring. This is kind of a deal breaker. I really *want* to be able
to use the entire LDAP server more or less as a keyring, except that
secret keys are never kept there.

Part of the reason I planned to use PGP was because it (GPG) supposedly
has support for a keyserver that could handle that. Looks like I was
wrong, and I made a big design error. I wish I had known this before
putting together the design. I have a weeks worth of code to throw away
because of this.

What I want to do, is not possible. GPG doesn't really support a
keyserver. It does NOT use the keyserver to automatically fetch keys.
(sure would have been nice to have known that)

I wanted to use PGP because the encryption is trusted and anything I
write, such as an openssl solution or something, is likely to have bugs.
I'm not a cryptographer.

I'm looking into rolling my own, because I wonder how many other
"surprises" it has.

Thanks for your time, I hope others don't make the mistake of actually
believing GPG uses a key server, It's more like "PGP incorporates an
HTTP/LDAP client that lets you manually download known keys in advance".