Page MenuHome GnuPG

Add support to HTTP Basic Auth for Keyservers
Open, NormalPublic


It's currently not possible to authenticate with a keyserver by using the URI format grot://username:pwd@URL.

It looks like ks-engine-hkp.c has to be adjusted to first receive the authentication info and then use it in its http_open call. The authentication information could currently be read from the ctrl object, by checking ctrl->server_local->keyservers->parsed_uri->auth



Event Timeline

lukele updated the task description. (Show Details)

Why do you need this for a keyserver? Keys are public and in-house keyservers should be at a local address and there need to be strict provisions not to upload to a public keyserver. Maybe LDAP or the kDNS thing (which is currently disabled) would be better for such use cases.

I absolutely agree this support doesn't particularly make sense. A user of GPG Suite reported the issue, since their internal keyserver requires basic auth. They couldn't exactly explain why, and I told them that it doesn't make much sense.

What I found intriguing however, that after looking at the code to see if basic auth was already supported, I noticed that in fact almost all pieces are there already and I began wondering if there was a reason why this was no longer working (since it looks that at one point it did)

werner edited projects, added Feature Request, gnupg (gpg22); removed Bug Report.

Thanks for the patch. The "fixme" indicates that I probably was just too lazy to add and test support.

Hi Werner. Did you by any chance already find the time to look into the changes?