• No results found

Working with Keyservers

In document PGP Command Line User's Guide (Page 101-109)

Verifying Keys

8 Working with Keyservers

88

Commands

--keyserver-disable

Disables a key on a keyserver. This command only works with the legacy PGP Keyserver product.

Requests for disabling a key must be signed. If no signer is supplied, the default signing key is used. Key disable requires an exact match on the key to be removed.

If a keyserver is specified on the command line, any keyservers listed in the PGP Command Line configuration file will not be used.

The usage format is:

pgp --keyserver-disable <input> [--keyserver <ks1> ...]

[--signer <signer>] [--passphrase <pass>] [options]

Where:

<input> is the user ID, portion of the user ID, or key ID of the key you want disabled on the keyserver. Key disable requires an exact match on the key to be disabled.

<ks> is the name of the keyserver where the key to be disabled is located.

You can enter more than one keyserver, separated by a space.

[options] let you modify the command. Options are:

--signer the user ID of the signer.

--passphrase the passphrase of the signer.

--keyserver-timeout sets the number of seconds until the keyserver operation times out. The default setting is 120 seconds.

--halt-on-error stops if an error occurs, if more than one keyserver is specified, or the operation stops.

Example:

pgp --keyserver-disable 0x12345678 --keyserver

ldap://keyserver.example.com --signer "Alice Cameron

<[email protected]>" --passphrase 'Bilbo*Baggins' The specified key is disabled on the specified keyserver.

89

--keyserver-recv

Finds keys on a keyserver and imports them onto your keyring. Keyservers are searched in the order provided on the command line. As soon as a match is made on a keyserver, the operation will finish and all other keyservers on the list will be ignored.

If a keyserver is specified on the command line, any keyservers listed in the PGP Command Line configuration file will not be used. Preferred keyservers are not used. Note that you cannot search for disabled or pending keys.

The usage format is:

pgp --keyserver-recv <input> [<input2> ...] --keyserver

<ks> [--keyserver <ks2> ...] [options]

Where:

<input> is the user ID, portion of the user ID, or key ID of the key you want to get onto your keyring.

To get a specific key, use the key ID. To get one or more keys, use the user ID or portion of the user ID.

<ks> is the name of the keyserver you want to search.

You can enter more than one keyserver to search, separated by a space.

Only results from the first keyserver where there is a match will be returned.

[options] let you modify the command. Options are:

--keyserver-timeout sets the number of seconds until the keyserver operation times out. The default setting is 120 seconds.

--halt-on-error stops if an error occurs, if more than one keyserver is specified, or the operation stops.

Examples:

1 pgp --keyserver-recv 0xABCD1234 --keyserver ldap://keyserver.pgp.com

The key with the key ID shown would be imported if it were on the specified keyserver.

2 pgp --keyserver-recv Jim --keyserver http://keyserver.pgp.com All keys that have "Jim" in their user IDs would be found and imported.

90

--keyserver-remove

Removes a key from a keyserver. This command only works with the legacy PGP Keyserver product.

Requests for removal must be signed. If no signer is supplied, the default signing key is used. Key removal requires an exact match on the key to be removed.

If a keyserver is specified on the command line, any keyservers listed in the PGP Command Line configuration file will not be used.

The usage format is:

pgp --keyserver-remove <input> [--keyserver <ks1> ...]

[--signer <signer>] [--passphrase <pass>] [options]

Where:

<input> is the user ID, portion of the user ID, or key ID of the key you want removed from the keyserver. Key removal requires an exact match on the key to be removed.

<ks> is the name of the keyserver from which you want the key removed.

You can enter more than one keyserver, separated by a space.

[options] let you modify the command. Options are:

--signer the user ID of the signer.

--passphrase the passphrase of the signer.

--keyserver-timeout sets the number of seconds until the keyserver operation times out. The default setting is 120 seconds.

--halt-on-error stops if an error occurs, if more than one keyserver is specified, or the operation stops.

Example:

pgp --keyserver-remove 0x12345678 --keyserver

ldap://keyserver.pgp.com --signer "[email protected]"

--passphrase 'B0bsm1t4'

Removes the specified key from the specified keyserver.

--keyserver-search

Searches a keyserver for keys and lists those that it finds that match the criteria;

it does not import them.

Keyservers are searched in the order provided on the command line. As soon as a match is made on a keyserver, the operation finishes; all other keyservers in the list after the one that made the match will be ignored.

91

If a keyserver is specified on the command line, any keyservers listed in the PGP Command Line configuration file will not be used. Preferred keyservers are not used. You cannot search for disabled or pending keys.

The usage format is:

pgp keyserver-search <input> [<input2> ...] --keyserver <ks> [----keyserver <ks2> ...] [options]

Where:

<input> is the user ID, portion of the user ID, or key ID of the key for which you are searching.

To find a specific key, use the key ID. To find one or more keys, use the user ID or portion of the user ID.

<ks> is the name of the keyserver you want to search.

You can enter more than one keyserver to search, separated by a space.

Only results from the first keyserver where there is a match will be returned.

[options] let you modify the command. Options are:

--keyserver-timeout sets the number of seconds until the keyserver operation times out. The default setting is 120 seconds.

--halt-on-error stops if an error occurs, if more than one keyserver is specified, or the operation stops.

Example:

pgp --keyserver-search example.com --keyserver ldap://keyserver.pgp.com

This search would return keys that have example.com in the user ID and are on keyserver.pgp.com, a public keyserver.

--keyserver-send

Posts a public key to a keyserver. If multiple keyservers are specified, in most cases only the first keyserver specified will be used. If a keyserver is specified on the command line, any keyservers listed in the PGP Command Line

configuration file will not be used. Preferred keyservers are not used.

The usage format is:

pgp --keyserver-send <input> [<input2> ...] --keyserver

<ks> [--keyserver <ks2> ...] [options]

Where:

<input> is the user ID, portion of the user ID, or key ID of the public key you are posting. You can list one or more users, with their names/IDs separated by a space.

<ks> is the name of the keyserver to which you are posting.

92

[options] let you modify the command. Options are:

--keyserver-timeout sets the number of seconds until the keyserver operation times out. The default setting is 120 seconds.

--halt-on-error moves to the next keyserver if an error occurs, if more than one keyserver is specified, or the operation stops.

Examples:

1 pgp --keyserver-send [email protected] --keyserver ldap://keyserver.example.com

If there are multiple keys on the keyring with user IDs that match the input, all of them will be posted. To make sure only a specific key is posted, use the key ID as the input.

2 pgp --keyserver-send 0x12345678 --keyserver ldap://keyserver.pgp.com

Only the specified key (if it is on the keyring) will be posted to ldap://keyserver.pgp.com, a public keyserver.

--keyserver-update

Updates keys that have already been uploaded to a keyserver. This ensures that the most up-to-date versions of the keys are on the keyserver.

An update consists of finding the key on the keyserver; merging that key onto the local keyring; and sending the merged key back to the keyserver on which it was found. A key must be on the local keyring to be updated.

If no keys are specified on the command line, all of the keys on the local keyring are updated, one at a time. When multiple keys are specified, they are updated one key at a time.

If a key has a preferred keyserver established, that keyserver is used for the update (only RSA and DH/DSS v4 keys can have a preferred keyserver);

keyservers specified on the command line or in the configuration file are ignored. If the key being updated is not found, it is sent to the preferred keyserver; if it is found, it is updated.

If a key does not have a valid preferred keyserver established, PGP Command Line will search the keyserver specified on the command line, followed by keyservers specified in the configuration file. If the key cannot be found, an error is returned; if it is found, it is updated.

The usage format is:

pgp --keyserver-update <input> [<input2> ...]

[--keyserver <ks1> ...] [options]

93 Where:

<input> is the user ID, portion of the user ID, or key ID of the key for which you are searching. To find a specific key, use the key ID. To find one or more keys, use the user ID or portion of the user ID.

<ks> is the name of the keyserver you want to search. You can enter more than one keyserver to search, separated by a space. Only results from the first keyserver where there is a match will be returned.

--keyserver-timeout sets the number of seconds until the keyserver operation times out. The default setting is 120 seconds.

--halt-on-error stops if an error occurs, if more than one keyserver is specified, or the operation stops.

Examples:

1 pgp --keyserver-update 0x12345678 --keyserver ldap://keyserver.pgp.com

Updates the key with key ID 0x12345678 on keyserver.pgp.com if that key is on the local keyring and has already been uploaded to the keyserver.

If either is not true, the operation returns with an error.

2 pgp --keyserver-update 0x12345678

Key 0x12345678 has a preferred keyserver set, and that keyserver is used for the update.

95

This chapter describes those commands used to manage keys with PGP Command Line. These commands are:

ƒ --add-adk, which adds an ADK to a key.

ƒ --add-photoid, which adds a photo ID to a key.

ƒ --add-preferred-cipher, which adds the preferred cipher to a key.

ƒ --add-preferred-compression-algorithm, which adds the preferred compression algorithms to a key.

ƒ --add-preferred-email-encoding, which adds a preferred email encoding to a key.

ƒ --add-preferred-hash, which adds the preferred hash encryption algorithm to a key.

ƒ --add-revoker, which adds a revoker to a key.

ƒ --add-userid, which adds a user ID to a key.

ƒ --cache-passphrase, which specifically caches a passphrase.

ƒ --change-passphrase, which changes the passphrase.

ƒ --clear-key-flag, which clears one of the preferences flags.

ƒ --disable, which disables a key.

ƒ --enable, which enables a key.

ƒ --export and --export-key-pair, which export keys or key pairs.

ƒ --export-photoid, which exports a photo ID to a file.

ƒ --gen-key, which generates a new key pair.

ƒ --gen-revocation, which generates a revoked version of a key without actually revoking the key. The revoked version of the key is stored securely in the event the passphrase is lost, so the key can still be revoked.

ƒ --gen-subkey, which generates a subkey.

ƒ --import, which imports keys.

ƒ --join-key, which reconstitutes a split key.

ƒ --join-key-cache-only, which temporarily joins a key on the local machine.

ƒ --key-recon-send, which sends PGP key reconstruction data to a PGP Universal Server

In document PGP Command Line User's Guide (Page 101-109)
Download now "PGP Command Line User'..."

Outline

Related documents