Https
具有通過 HTTPS 下載功能的 PGP 密鑰伺服器?
我公司的防火牆阻止了埠 80 上的密鑰伺服器,而我希望支持的一些發行版還沒有使用 HKPS 來通過 TLS 獲取。
是否有密鑰伺服器可以通過 HTTPS 提供給定密鑰的簡單下載?例如,我可以在https://keybase.io/naftulikay/pgp_keys.asc的 keybase 上獲取我自己的個人密鑰
是否有資源可以在不使用密鑰伺服器協議的情況下通過 HTTPS 獲取密鑰?我正在編寫 Ansible,因此很容易通過 HTTPS 獲取內容。
openpgp.org
有一個https的設施。只是通過他們的指紋導入了幾個鍵。路徑是可預測的,您只需替換${KEY_FINGERPRINT}
為要導入的密鑰的指紋即可。當然必須已經上傳到https://keys.openpgp.org
:curl --sSL https://keys.openpgp.org/vks/v1/by-fingerprint/${KEY_FINGERPRINT} | \ gpg --import
Ubuntu 密鑰伺服器還有一個 HTTP(S) API,通過它可以獲取 ASCII 格式的密鑰:
curl -sSL https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x${KEY_FINGERPRINT} | \ gpg --import
請注意
| gpg --import
用於將密鑰數據導入 GnuPG 密鑰環的管道。通過 HTTPS 自動導入 GPG/PGP 密鑰:
由於路徑
https://keys.openpgp.org
是可預測的,並且僅因儲存在伺服器上的密鑰指紋而異,因此我們可以自動導入由指紋辨識的密鑰列表。下面經過測試,知道可以正常工作要使腳本適應您自己的使用,只需將我的 (3) 樣本鍵指紋替換為您要導入的鍵的指紋,當然還可以將變數設置
PATHSCRIPTS
為您想要的路徑:#!/bin/bash PATHSCRIPTS='/home/pi' # Create text file using a Here-Doc containing Key Fingerprints of keys to import into keyring: cat <<EOF> $PATHSCRIPTS/Key-fingerprints-list.txt AEB042FFD73BAA7545EDA021343A2DF613C5E7F8 7AFAF20259E69236E43EEF521F45D0F6E89F27A6 704FCD2556C40AF8F2FBD8E2E5A1DE67F98FA66F EOF # Read the text file we created into an array readarray arrayKeyFingerprints < $PATHSCRIPTS/Key-fingerprints-list.txt # Loop through the array adding each key in turn by its fingerprint from keys.openpgp.org: for i in ${arrayKeyFingerprints[@]}; do curl https://keys.openpgp.org/vks/v1/by-fingerprint/$i | gpg --import done
上述腳本(保存為
test.sh
並在 Raspberry Pi 上執行)的結果如下所示:pi@pi4-ap1:~ $ ./test.sh % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 3212 100 3212 0 0 7629 0 --:--:-- --:--:-- --:--:-- 7629 gpg: /home/pi/.gnupg/trustdb.gpg: trustdb created gpg: key 343A2DF613C5E7F8: public key "Terrence Houlahan (I'm the former NYPD cop living in the UK. This is my only *personal* key. Trust no others.) <terrence@houlahan.co.uk>" imported gpg: Total number processed: 1 gpg: imported: 1 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 3220 100 3220 0 0 18720 0 --:--:-- --:--:-- --:--:-- 18612 gpg: key 1F45D0F6E89F27A6: public key "Terrence Houlahan (Terrence Houlahan Linux & Network Engineer) <houlahan@F1Linux.com>" imported gpg: Total number processed: 1 gpg: imported: 1 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 3252 100 3252 0 0 19473 0 --:--:-- --:--:-- --:--:-- 19473 gpg: key E5A1DE67F98FA66F: public key "Terrence Houlahan (Open-IPcamera Project Developer Key Terrence Houlahan) <terrence.houlahan@open-ipcamera.net>" imported gpg: Total number processed: 1 gpg: imported: 1
我們做了一個密鑰列表,有我們的 (3) 個導入的密鑰:
pi@pi4-ap1:~ $ gpg --list-keys /home/pi/.gnupg/pubring.kbx --------------------------- pub rsa4096 2011-03-13 [SC] AEB042FFD73BAA7545EDA021343A2DF613C5E7F8 uid [ unknown] Terrence Houlahan (I'm the former NYPD cop living in the UK. This is my only *personal* key. Trust no others.) <terrence@houlahan.co.uk> sub rsa4096 2011-03-13 [E] pub rsa4096 2019-02-06 [SC] [expires: 2029-01-31] 7AFAF20259E69236E43EEF521F45D0F6E89F27A6 uid [ unknown] Terrence Houlahan (Terrence Houlahan Linux & Network Engineer) <houlahan@F1Linux.com> sub rsa4096 2019-02-06 [E] [expires: 2029-01-31] pub rsa4096 2019-02-06 [SC] [expires: ????-??-??] 704FCD2556C40AF8F2FBD8E2E5A1DE67F98FA66F uid [ unknown] Terrence Houlahan (Open-IPcamera Project Developer Key Terrence Houlahan) <terrence.houlahan@open-ipcamera.net> sub rsa4096 2019-02-06 [E] [expires: ????-??-??]