我公司的防火墙阻止了端口 80 上的密钥服务器,我希望支持的一些发行版还不具备 HKPS 功能以通过 TLS 获取。
是否有提供通过 HTTPS 简单下载给定密钥的密钥服务器?例如,我可以在https://keybase.io/naftulikay/pgp_keys.asc上获取我自己的个人密钥,该密钥位于密钥库中
是否有资源可以在不使用密钥服务器协议的情况下通过 HTTPS 获取密钥?我正在编写 Ansible,因此通过 HTTPS 获取内容很容易。
openpgp.org有https的设施。只是通过他们的指纹导入了几个密钥。路径是可预测的,您只需要用${KEY_FINGERPRINT}要导入的密钥的指纹替换即可。当然必须已经上传到https://keys.openpgp.org:
curl --sSL https://keys.openpgp.org/vks/v1/by-fingerprint/${KEY_FINGERPRINT} | \
gpg --import
Ubuntu 密钥服务器还有一个 HTTP(S) API,通过它可以获取 ASCII 格式的密钥:
curl -sSL https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x${KEY_FINGERPRINT} | \
gpg --import
注意| gpg --import管道,它用于将密钥数据导入 GnuPG 密钥环。
由于路径https://keys.openpgp.org是可预测的,并且仅因存储在服务器上的密钥指纹而异,因此我们可以自动导入由指纹识别的密钥列表。下面经过测试并知道可以正常工作
要使脚本适合您自己的使用,只需将我的 (3) 个样本密钥指纹替换为您要导入的密钥指纹,当然还可以将变量设置PATHSCRIPTS为您想要的路径:
#!/bin/bash
PATHSCRIPTS='/home/pi'
# Create text file using a Here-Doc containing Key Fingerprints of keys to import into keyring:
cat <<EOF> $PATHSCRIPTS/Key-fingerprints-list.txt
AEB042FFD73BAA7545EDA021343A2DF613C5E7F8
7AFAF20259E69236E43EEF521F45D0F6E89F27A6
704FCD2556C40AF8F2FBD8E2E5A1DE67F98FA66F
EOF
# Read the text file we created into an array
readarray arrayKeyFingerprints < $PATHSCRIPTS/Key-fingerprints-list.txt
# Loop through the array adding each key in turn by its fingerprint from keys.openpgp.org:
for i in ${arrayKeyFingerprints[@]}; do
curl https://keys.openpgp.org/vks/v1/by-fingerprint/$i | gpg --import
done
上述脚本的结果 - 保存为test.sh并在 Raspberry Pi 上运行 - 如下所示:
pi@pi4-ap1:~ $ ./test.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3212 100 3212 0 0 7629 0 --:--:-- --:--:-- --:--:-- 7629
gpg: /home/pi/.gnupg/trustdb.gpg: trustdb created
gpg: key 343A2DF613C5E7F8: public key "Terrence Houlahan (I'm the former NYPD cop living in the UK. This is my only *personal* key. Trust no others.) <terrence@houlahan.co.uk>" imported
gpg: Total number processed: 1
gpg: imported: 1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3220 100 3220 0 0 18720 0 --:--:-- --:--:-- --:--:-- 18612
gpg: key 1F45D0F6E89F27A6: public key "Terrence Houlahan (Terrence Houlahan Linux & Network Engineer) <houlahan@F1Linux.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3252 100 3252 0 0 19473 0 --:--:-- --:--:-- --:--:-- 19473
gpg: key E5A1DE67F98FA66F: public key "Terrence Houlahan (Open-IPcamera Project Developer Key Terrence Houlahan) <terrence.houlahan@open-ipcamera.net>" imported
gpg: Total number processed: 1
gpg: imported: 1
我们做了一个密钥列表,有我们的 (3) 个导入的密钥:
pi@pi4-ap1:~ $ gpg --list-keys
/home/pi/.gnupg/pubring.kbx
---------------------------
pub rsa4096 2011-03-13 [SC]
AEB042FFD73BAA7545EDA021343A2DF613C5E7F8
uid [ unknown] Terrence Houlahan (I'm the former NYPD cop living in the UK. This is my only *personal* key. Trust no others.) <terrence@houlahan.co.uk>
sub rsa4096 2011-03-13 [E]
pub rsa4096 2019-02-06 [SC] [expires: 2029-01-31]
7AFAF20259E69236E43EEF521F45D0F6E89F27A6
uid [ unknown] Terrence Houlahan (Terrence Houlahan Linux & Network Engineer) <houlahan@F1Linux.com>
sub rsa4096 2019-02-06 [E] [expires: 2029-01-31]
pub rsa4096 2019-02-06 [SC] [expires: ????-??-??]
704FCD2556C40AF8F2FBD8E2E5A1DE67F98FA66F
uid [ unknown] Terrence Houlahan (Open-IPcamera Project Developer Key Terrence Houlahan) <terrence.houlahan@open-ipcamera.net>
sub rsa4096 2019-02-06 [E] [expires: ????-??-??]
| 归档时间: |
|
| 查看次数: |
540 次 |
| 最近记录: |