SDB:GPGoffle: Checking GPG Keys Automatically Without Connecting to the Internet
İçindekiler
Concern
You want to have GPG signatures checked automatically. This represents no problem, but since a public key server needs to be queried, a connection to your Internet provider should be established for every query. This is both annoying and expensive.
This does not constitute a problem if you have a flat rate and that case, the following solution is rather irrelevant for you.
Nevertheless, it is a fine example of the modular structure typical of UNIX, showing how individual tools can be combined to handle a complex task.
We thank Christian Boltz, who developed the solution (presented virtually as it is in this article) and published it (in German) on his home page:
http://www.cboltz.de/de/linux/gpgoffle
Procedure
GPG can also fetch the keys over a proxy. In connection with wwwoffle
, the keys can be automatically ordered in advance while reading the mail (this is done as the mail program checks the key) and downloaded in one go from the key server with wwwoffle -fetch
in the file /etc/ppp/ip-up.local
. The next time, GPG can load them from wwwoffle cache and include it in the keyring.
It does not matter which mail program you use, since the keys are requested automatically by GPG whenever an unknown key needs to be checked.
Configuring GPG
A number of entries are needed in the GPG configuration. Up to GPG version 1.1.91, these entries must be inserted in ~/.gnupg/options
, while in newer versions, they must be entered in ~/.gnupg/gpg.conf
. If a newer GPG does not have such a file, it uses ~/.gnupg/options
.
Of course, the key server specified here can be replaced with any other key server.
For GPG <= 1.0.6:
honor-http-proxy keyserver wwwkeys.de.pgp.net
For GPG >=1.0.7 ans <=1.3.4
keyserver-options honor-http-proxy auto-key-retrieve keyserver wwwkeys.de.pgp.net
For GPG >=1.3.5
keyserver-options http-proxy=http://localhost:8080 auto-key-retrieve keyserver wwwkeys.de.pgp.net
By means of these settings, GPG is configured to use the proxy specified in the environment variable $http_proxy
. For example, this variable can be mapped to the wwwoffle server in ~/.profile
. (Starting with version 1.3.5 of GPG, setting $http_proxy
in ~/.profile
is not needed anymore.)
http_proxy=http://localhost:8080 export http_proxy
Moreover, auto-key-retrieve
prompts GPG to automatically request all unknown keys. This seems to be the default setting up to version 1.0.6. Therefore, it is not explicity specified in those versions.
Starting wwwoffle
If wwwoffle
is not running, it must be activated as a service and started for the first time.
insserv wwwoffle rcwwwoffle start
Configuring wwwoffle
In fact, wwwoffle
does not need to be configured, since it is preconfigured to enable pages requested off-line to be loaded into the cache the next time it is started with wwwoffle -fetch
. If you do not want any orders in advance except for the GPG keys, you can configure wwwoffle
in such a way that only allows requests to the key server to be saved as orders. To do this, the following settings are needed in the file /etc/wwwoffle.conf
:
OfflineOptions { # [...] <http://wwwkeys.de.pgp.net:11371/*> confirm-requests = no <*://*/*> confirm-requests = yes <http://wwwkeys.de.pgp.net:11371/*> dont-request = no
Attention: wwwoffle
searches for the first matching line. Therefore, <*://*/*>
must always be the last entry for the respective option!
In order for changes in /etc/wwwoffle.conf
to take effect, you will have to inform the wwwoffle
service about the changed configuration file:
rcwwwoffle reload
ip-up and ip-down
To automatically set wwwoffle
to the on-line mode when a dial-in connection is established, the following entries are necessary in the file /etc/ppp/ip-up.local
:
/usr/bin/wwwoffle -online /usr/bin/wwwoffle -fetch &
Moreover, wwwoffle
should be set to the off-line mode in the file /etc/ppp/ip-down.local
:
/usr/bin/wwwoffle -offline
The files /etc/ppp/ip-{up,down}.local
must be executable. This can be done with the following command:
chmod 755 /etc/ppp/ip-{up,down}.local
Done!
With these settings, you can automatically order the GPG keys in advance while reading the mail and request them with wwwoffle
the next time a dial-in connection is established.
<keyword>GPG,wwwoffle,gpgoffle,key</keyword>