Page MenuHome GnuPG

Kleopatra: Allow queries to list all certificates on the server
Testing, LowPublic

Description

Kleopatra currently requires at least three characters for searching. The whish is to show all certificates on the keyserver, this is for active directory users who are setting up their directory and want to check if all keys are properly uploaded.

I currently do not have a proper test setup with such a server so I cannot check what the result of queries like "gpg --search '*'" would be.

Event Timeline

aheinecke created this task.

Many keyservers return a maximum number of results. I have seen results being capped at 100 keys.

Some tests with gpg:

$ gpg --search '*'
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: data source: https://162.213.33.8:443
gpg: key "*" not found on keyserver
gpg: keyserver search failed: Not found

$ gpg --search a
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: data source: https://162.213.33.8:443
gpg: key "a" not found on keyserver
gpg: keyserver search failed: Not found

$ gpg --search b
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: data source: https://162.213.33.8:443
(1)     Richard B Dervan <rdervan@abraxis.com>
        Richard B Dervan <dilbert@infoam.com>
        Richard B Dervan <rdervan@infoam.com>
         Richard B Dervan <dervari@mindspring.com>
        Richard B Dervan <airman@mindspring.com>
        Richard B Dervan <rdervan@mindspring.com>
          1024 bit DSA key 5CB459A905C3BD20, created: 1997-06-22
(2)     B Ishan A A Mendis <ishan@ishan-mendis.com>
          1024 bit DSA key 85FA659A8E3D1B30, created: 2009-03-10
(3)     Jrgen Brner <j.boerner@deutschland.ms>
          1024 bit DSA key B3C5FDB8044FA050, created: 2004-08-29
(4)       4096 bit RSA key 489C579095C4C870, created: 2011-07-25
(5)     Jan Bhringer <jan@bm-boehringer.de>
          1024 bit DSA key A48373F6386A6B80, created: 2005-09-08
(6)     SAF 13eme B.C.A <saf@bca13.terre.defense.gouv.fr>
          1024 bit DSA key BEC2BB80C2317C90, created: 2000-04-17
(7)     Darryl B. Levi <dlevi@amgen.com>
          1024 bit DSA key 6DB6312ADD3085B0, created: 1998-06-09
(8)     Stefan B <stefan.bathory@turbado.eu>
          3072 bit RSA key A1A47AFBCACFACC0, created: 2018-01-21
(9)     Patrick B?dard <blaise@colba.net>
          1024 bit DSA key 9492ECA61BFB5CD0, created: 1998-01-23
Keys 1-9 of 100 for "b".  Enter number(s), N)ext, or Q)uit >

Don't ask me why searching for 'a' doesn't give any results, but searching for 'b' gives results (capped at 100). In the end it depends on the server how many results are returned. I'm pretty sure that any sensible directory server will return paged results and I have no idea whether dirmngr requests more than one page. Kleopatra will happily crunch any keys dirmngr returns.

ikloecker changed the task status from Open to Testing.Jul 7 2022, 1:50 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a project: Restricted Project.

Lookups can now be started after entering a single character. Wildcards like * do not seem to be supported by OpenPGP key servers.

dirmngr refuses a lookup with an empty search string:

GPGME 20220707T134645 2713  chan_28 -> LISTKEYS 
GPGME 20220707T134645 2713  chan_28 <- ERR 50331693 Invalid argument <GpgSM>

Therefore, I require at least one character.

werner removed a project: Restricted Project.Thu, Sep 22, 10:52 AM