SDB:GPGoffle: Checking GPG Keys Automatically Without Connecting to the Internet

Şuraya atla: kullan, ara


Concern

You want to have GPG signatures checked automatically. This represents no problem, but since a public key server needs to be queried, a connection to your Internet provider should be established for every query. This is both annoying and expensive.

This does not constitute a problem if you have a flat rate and that case, the following solution is rather irrelevant for you.

Nevertheless, it is a fine example of the modular structure typical of UNIX, showing how individual tools can be combined to handle a complex task.

We thank Christian Boltz, who developed the solution (presented virtually as it is in this article) and published it (in German) on his home page: 

  http://www.cboltz.de/de/linux/gpgoffle

Procedure

GPG can also fetch the keys over a proxy. In connection with wwwoffle, the keys can be automatically ordered in advance while reading the mail (this is done as the mail program checks the key) and downloaded in one go from the key server with wwwoffle -fetch in the file /etc/ppp/ip-up.local. The next time, GPG can load them from wwwoffle cache and include it in the keyring.

It does not matter which mail program you use, since the keys are requested automatically by GPG whenever an unknown key needs to be checked.

Configuring GPG

A number of entries are needed in the GPG configuration. Up to GPG version 1.1.91, these entries must be inserted in ~/.gnupg/options, while in newer versions, they must be entered in ~/.gnupg/gpg.conf. If a newer GPG does not have such a file, it uses ~/.gnupg/options.

Of course, the key server specified here can be replaced with any other key server.

For GPG <= 1.0.6: 

  honor-http-proxy
  keyserver wwwkeys.de.pgp.net

For GPG >=1.0.7 ans <=1.3.4 

  keyserver-options honor-http-proxy auto-key-retrieve
  keyserver wwwkeys.de.pgp.net

For GPG >=1.3.5 

  keyserver-options http-proxy=http://localhost:8080 auto-key-retrieve
  keyserver wwwkeys.de.pgp.net

By means of these settings, GPG is configured to use the proxy specified in the environment variable $http_proxy. For example, this variable can be mapped to the wwwoffle server in ~/.profile. (Starting with version 1.3.5 of GPG, setting $http_proxy in ~/.profile is not needed anymore.) 

  http_proxy=http://localhost:8080
  export http_proxy

Moreover, auto-key-retrieve prompts GPG to automatically request all unknown keys. This seems to be the default setting up to version 1.0.6. Therefore, it is not explicity specified in those versions.

Starting wwwoffle

If wwwoffle is not running, it must be activated as a service and started for the first time. 

  insserv wwwoffle
  rcwwwoffle start

Configuring wwwoffle

In fact, wwwoffle does not need to be configured, since it is preconfigured to enable pages requested off-line to be loaded into the cache the next time it is started with wwwoffle -fetch. If you do not want any orders in advance except for the GPG keys, you can configure wwwoffle in such a way that only allows requests to the key server to be saved as orders. To do this, the following settings are needed in the file /etc/wwwoffle.conf: 

  OfflineOptions
  {
  # [...]
  <http://wwwkeys.de.pgp.net:11371/*> confirm-requests = no
  <*://*/*> confirm-requests = yes
  <http://wwwkeys.de.pgp.net:11371/*> dont-request = no

Attention: wwwoffle searches for the first matching line. Therefore, <*://*/*> must always be the last entry for the respective option!

In order for changes in /etc/wwwoffle.conf to take effect, you will have to inform the wwwoffle service about the changed configuration file: 

  rcwwwoffle reload

ip-up and ip-down

To automatically set wwwoffle to the on-line mode when a dial-in connection is established, the following entries are necessary in the file /etc/ppp/ip-up.local: 

  /usr/bin/wwwoffle -online
  /usr/bin/wwwoffle -fetch &

Moreover, wwwoffle should be set to the off-line mode in the file /etc/ppp/ip-down.local: 

  /usr/bin/wwwoffle -offline

The files /etc/ppp/ip-{up,down}.local must be executable. This can be done with the following command: 

  chmod 755 /etc/ppp/ip-{up,down}.local

Done!

With these settings, you can automatically order the GPG keys in advance while reading the mail and request them with wwwoffle the next time a dial-in connection is established. <keyword>GPG,wwwoffle,gpgoffle,key</keyword>

"https://tr.opensuse.org/index.php?title=SDB:GPGoffle:_Checking_GPG_Keys_Automatically_Without_Connecting_to_the_Internet&oldid=3502" adresinden alındı.