Cover V06, I07
Article
Sidebar 1
Sidebar 2
Sidebar 3

jul97.tar

Sidebar 2 : Automated Email PGP Server Help Documents

There are PGP public email key servers that allow you to exchange public keys running using the Internet and UUCP mail systems. Those capable of accessing the WWW might prefer to use the WWW interface available via http://www.pgp.net/pgp/www-key.html, and managers of sites that make frequent lookups may want to copy the full keyring from the ftp server at: ftp.pgp.net:pub/pgp/.

This service exists only to help transfer keys between PGP users. It does NOT attempt to guarantee that a key is a valid key; use the signatures on a key for that kind of security.

Each keyserver processes requests in the form of mail messages. The commands for the server are entered on the subject line. Note that they should NOT be included in the body of the message.

To: pgp-public-keys@keys.pgp.net

From: johndoe@some.site.edu

Subject: help

Sending your key to ONE server is enough. After it processes your key, it will forward your add request to other servers automagically.

For example, to add your key to the keyserver, or to update your key if it is already there, send a message similar to the following to any server:

To: pgp-public-keys@keys.pgp.net

From: johndoe@some.site.edu

Subject: add

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: 2.6

<blah blah blah>

----END PGP PUBLIC KEY BLOCK-----

Comprised Keys: Create a Key Revocation Certificate (read the PGP docs on how to do that) and mail your key to the server once again, with the ADD command.

Valid commands are:

Command Message body contains

ADD Your PGP public key (key to add is body of msg)

INDEX List all PGP keys the server knows about (-kv)

VERBOSE INDEX List all PGP keys, verbose format (-kvv)

GET Get the whole public key ring (split)

GET userid Get just that one key

MGET regexp Get all keys which match /regexp/

regexp must be at least two characters long LAST days Get the keys updated in the last 'days' days

Examples for the MGET command:

MGET michael Gets all keys which have "michael" in them

MGET iastate All keys which contain "iastate"

MGET E8F605A5|5F3E38F5 Those two keyids

One word about regexps: These are not the same as the wildcards that UNIX shells and MS-DOS use. An asterisk (*) doesn't mean "match anything," it means "match zero or more of the previous character or meta character," such as: a* matches anything beginning with an a; ab*c matches ac, abc, abbc, etc.

Just try not to use "MGET .*" - use "GET" instead.

Note on the "GET" command: If at all possible, ftp the keyring from a server such as ftp.pgp.net:pub/pgp/keys rather than using the "GET" command to return the whole ring. Currently, this ring comes out to be over 50 files of 300 K each. This is a lot of files, and a lot of bother to get in the right order to run through PGP.

Users should normally use the email address pgp-public-keys@keys.pgp.net or your national servers using one of the following for the email interface, and ftp.pgp.net:pub/pgp/ for ftp access:

pgp-public-keys@keys.de.pgp.net

pgp-public-keys@keys.es.pgp.net

pgp-public-keys@keys.fi.pgp.net

pgp-public-keys@keys.nl.pgp.net

pgp-public-keys@keys.no.pgp.net

pgp-public-keys@keys.uk.pgp.net

pgp-public-keys@keys.us.pgp.net

Users are recommended to use the *.pgp.et addresses above, as these are stable and reliable.
 

© 2002 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com