Add support to HTTP Basic Auth for Keyservers
Open, NormalPublic


It's currently not possible to authenticate with a keyserver by using the URI format grot://username:pwd@URL.

It looks like ks-engine-hkp.c has to be adjusted to first receive the authentication info and then use it in its http_open call. The authentication information could currently be read from the ctrl object, by checking ctrl->server_local->keyservers->parsed_uri->auth


lukele created this task.Jan 11 2018, 1:36 AM
lukele updated the task description. (Show Details)
werner added a subscriber: werner.Jan 11 2018, 9:16 AM

Why do you need this for a keyserver? Keys are public and in-house keyservers should be at a local address and there need to be strict provisions not to upload to a public keyserver. Maybe LDAP or the kDNS thing (which is currently disabled) would be better for such use cases.

I absolutely agree this support doesn't particularly make sense. A user of GPG Suite reported the issue, since their internal keyserver requires basic auth. They couldn't exactly explain why, and I told them that it doesn't make much sense.

What I found intriguing however, that after looking at the code to see if basic auth was already supported, I noticed that in fact almost all pieces are there already and I began wondering if there was a reason why this was no longer working (since it looks that at one point it did)

This diff should include all the changes necessary to add support:

werner triaged this task as Normal priority.Jan 11 2018, 12:29 PM
werner edited projects, added Feature Request, gnupg (gpg22); removed Bug Report.

Thanks for the patch. The "fixme" indicates that I probably was just too lazy to add and test support.

Thanks for having a look :)

steve added a subscriber: steve.Mar 22 2018, 2:37 PM

Hi Werner. Did you by any chance already find the time to look into the changes?

werner edited projects, added gnupg (gpg23); removed gnupg (gpg22).Nov 5 2018, 10:17 AM