Skip to content

Add WKS publishing support

Felix Tiede requested to merge ftiede/kleopatra:support-WKS-publishing into master

Some mail providers offer GnuPG WebKey Service, publishing a user's public PGP key on the provider's WebKey Directory using a well-defined string of mails to verify the submitter is actually the owner of the key and approves of the submission, rectifying some of the shortcomings of public key servers.

The process is defined in https://www.ietf.org/archive/id/draft-koch-openpgp-webkey-service-13.html

Justification: Thunderbird's engimail extension already supports publishing public PGP keys using the same process and KMail is already capable of handling the authorization request and response mails from the provider, at which point Kleopatra is no longer involved, Kleopatra just needs to create and send the initial publication request mail with the key's user id as the sender address, which is a feature this patch adds.

Functional description: This patch adds a context menu entry for PGP keys for which a secret key is in the keyring to "Publish at mail provider". Calling this entry will try to publish the key at the key's first user id's mail provider. Likewise it adds a context menu entry for each such key's user id which provides the option to select which user id should be used to determine the mail provider and sending user in question. Provided the user continues the publishing process after a warning message, gpg-wks-client is called with the selected user id which then figures if the mail provider supports publishing via WKS in the first place and if so, will produce a temporary file with the mail to be sent. If gpg-wks-client is unable to find the necessary submission mail address and PGP key for the user id's mail provider, an error message is shown and the process aborted. Otherwise Kleopatra invokes Akonadi to select the user id's mail transport and will use it to send the previosuly created mail. If no such transport can be found, the process is aborted. When the mail has been handed over to Akonadi mail transport, Kleopatra's part in publishing the PGP key at the mail provider is complete, the rest is handled by the user's mail agent.

Merge request reports