Mailing List Archive

GPGME: looking for keys with respect to user settings
Hello,

I'm trying to replicate `gpg --locate-keys $EMAIL` using GPGME and have
one question.

I'm using `gpgme_op_keylist_ext_start` for starting the search and want
to search using whatever is configured in gpg.conf or defaults.

`gpgme_set_keylist_mode` [0] seems to take several flags such as
GPGME_KEYLIST_MODE_LOCATE but it's a combination of LOCAL and EXTERN
search (in case of e-mail address that would be WKD).

If I don't specify mode it looks like it's always using LOCAL even if I
explicitly set "auto-key-locate local,wkd" in .gnupg/gpg.conf

Is this by design that keylist_mode is not set to what is used by
--locate-key? (that is GPGME is not using settings used by gpg)

A little bit of context: I'm trying to add WKD search in mutt (in case
someone enables explicitly encryption and doesn't have the key locally)
but a valid question was raised, why isn't GPGME already using what the
user has configured in their gpg.conf.

Thanks in advance for help!

Kind regards,
Wiktor

[0]: https://www.gnupg.org/documentation/manuals/gpgme/Key-Listing-Mode.html

For the record I'm using this sample code for testing:

#include <gpgme.h>
#include <locale.h>

int main() {
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_key_t key;
gpgme_keylist_result_t result;

setlocale (LC_ALL, "");
gpgme_set_locale (NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL));
gpgme_check_version(NULL);

gpgme_new (&ctx);

const char* pattern[] = { "wiktor@metacode.biz", 0 };
printf("locating\n");
// uncommenting will explicitly enable WKD
// commented out like that will always use LOCAL
// gpgme_set_keylist_mode(ctx, GPGME_KEYLIST_MODE_LOCAL |
GPGME_KEYLIST_MODE_EXTERN);
gpgme_op_keylist_ext_start (ctx, pattern, 0, 0);

while (!(err = gpgme_op_keylist_next (ctx, &key))) {
fprintf(stdout, "Key ID: %s\n", key->subkeys->keyid);
gpgme_key_unref (key);
}

gpgme_release(ctx);

return 0;
}

--
https://metacode.biz/@wiktor

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: GPGME: looking for keys with respect to user settings [ In reply to ]
Hi,

On Friday, July 6, 2018 9:49:56 PM CEST Wiktor Kwapisiewicz via Gnupg-devel
wrote:
> I'm trying to replicate `gpg --locate-keys $EMAIL` using GPGME and have
> one question.
>
> I'm using `gpgme_op_keylist_ext_start` for starting the search and want
> to search using whatever is configured in gpg.conf or defaults.

You do it right. GPGME_KEYLIST_MODE_LOCATE (or an or of local and extern) uses
what is configured in auto-key-locate options. ( Be aware that since 2.1.23 WKD
is used by default)

> `gpgme_set_keylist_mode` [0] seems to take several flags such as
> GPGME_KEYLIST_MODE_LOCATE but it's a combination of LOCAL and EXTERN
> search (in case of e-mail address that would be WKD).

Right.

> If I don't specify mode it looks like it's always using LOCAL even if I
> explicitly set "auto-key-locate local,wkd" in .gnupg/gpg.conf

Yes. LOCAL is default. So if you don't specify a mode it just does a local
keylist.

To clarify:
LOCAL means "--list-keys"
EXTERN means "--search"
EXTERN | LOCAL means "--locate-key"

> Is this by design that keylist_mode is not set to what is used by
> --locate-key? (that is GPGME is not using settings used by gpg)

No, I think it's a misunderstanding. To better understand what is going on I
recommend:

export GPGME_DEBUG=9:/tmp/gpgme.log

when testing. Then you can see exactly which calls are made to GnuPG by GPGME.

> A little bit of context: I'm trying to add WKD search in mutt (in case
> someone enables explicitly encryption and doesn't have the key locally)
> but a valid question was raised, why isn't GPGME already using what the
> user has configured in their gpg.conf.

As stated above, it is. The next Version will be the first with which you can
specify "auto-key-locate" options in GPGME ( https://dev.gnupg.org/D463 )
currently GPGME does not touch auto-key-locate at all.

Best Regards,
Andre

--
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Re: GPGME: looking for keys with respect to user settings [ In reply to ]
Hi Andre,

You answer, as usual, is exactly what I needed! :)

And this table is excellent:

> To clarify:
> LOCAL means "--list-keys"
> EXTERN means "--search"
> EXTERN | LOCAL means "--locate-key"

I noticed that LOCATE is described as equivalent to --locate-key in the
docs:
https://www.gnupg.org/documentation/manuals/gpgme/Key-Listing-Mode.html
but I didn't think other options work like that. Maybe because I'm
thinking in gpg options this translation table really speaks to me.

Would it be too much detail if the documentation of keylist_mode also
included --list-keys and --search in description of LOCAL and EXTERN?

(I didn't have LOCATE define on Ubuntu 18 packages but LOCAL|EXTERN work
fine, just like you described).

Thanks for the debugging tip and have a nice day!

Kind regards,
Wiktor

--
https://metacode.biz/@wiktor
Re: GPGME: looking for keys with respect to user settings [ In reply to ]
Hi,

On Monday, July 9, 2018 10:13:26 AM CEST Wiktor Kwapisiewicz wrote:
> You answer, as usual, is exactly what I needed! :)

You are welcome. I very much appreciate that you work on adding WKD to other
software. ;-)

> And this table is excellent:
>
> > To clarify:
> > LOCAL means "--list-keys"
> > EXTERN means "--search"
> > EXTERN | LOCAL means "--locate-key"
>
> I noticed that LOCATE is described as equivalent to --locate-key in the
> docs:
> https://www.gnupg.org/documentation/manuals/gpgme/Key-Listing-Mode.html
> but I didn't think other options work like that. Maybe because I'm
> thinking in gpg options this translation table really speaks to me.
>
> Would it be too much detail if the documentation of keylist_mode also
> included --list-keys and --search in description of LOCAL and EXTERN?

I think it makes sense. Such things were ommited because GPGME tries to
abstract such things away. e.g. you can also use that with gpgsm and there
EXTERN does not mean --search and in theory.

I've added it now as I agree that making it more explicit makes it easier for
new users to understand it.

Best Regards,
Andre

--
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner