With DidiSoft OpenPGP Library for Java we can easily store and retrieve keys from OpenPGP LDAP (Lightweight directory access protocol) servers that support the pgp ldap scheme, such as Symantec Encryption Management Server (SEMS, formerly PGP Universal Server) and OpenLDAP/slapd.
The communication functionality is exposed by the class LDAPClient located in com.didisoft.pgp.net. This chapter illustrates its usage:
1 Upload a key into the LDAP server
2 Retrieving keys from the LDAP server
3 Exception handling
Store a key into the LDAP server
The key upload process consists of instantiating the LDAPClient class and invoking its submitKey method. For public key servers like keyserver.pgp.com we don’t need authentication. For private LDAP servers we shall use the LDAPClient constructor that accepts username and password parameters with values that match an LDAP user account with write access.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | import java.io.*; import com.didisoft.pgp.net.LDAPClient; import com.didisoft.pgp.KeyStore; public class DemoLDAP { public static void demo() throws Exception { // connect to LDAP server that supports pgp schema LDAPClient ldap = new LDAPClient("keyserver.pgp.com"); // read the key into a byte array File file = new File("c:\\Test\\public_key.asc"); FileInputStream fIn = new FileInputStream(file); byte[] keyBytes = new byte[(int)file.length()]; fIn.read(keyBytes, 0, keyBytes.length); boolean submitted = ldap.submitKey(keyBytes); } } |
Retrieve a key from the LDAP server
We can retrieve a key from an OpenPGP LDAP server by addressing the key with its User Id (whole or part of it) or its hexadecimal Key Id.
The example below will return the first key that matches part of the provided User Id (by calling setPartialMatchUserIds(true)) :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | import java.io.ByteArrayInputStream; import com.didisoft.pgp.net.LDAPClient; import com.didisoft.pgp.KeyStore; import com.didisoft.pgp.KeyPairInformation; public class DemoLDAP { public static void demo() throws Exception { // connect to LDAP server that supports pgp schema LDAPClient ldap = new LDAPClient("keyserver.pgp.com"); // search by part of the User Id ldap.setPartialMatchUserIds(true); KeyPairInformation key = ldap.getSingleKeyByUserId("DidiSoft"); if (key != null) { System.out.println("Found key: " + key.getKeyID()); } else { System.out.println("No such key was found"); } } } |
Searching for multiple keys
In order to retrieve multiple keys matching part of a User Id, we can use the getMultipleKeysByUserId method:
1 2 3 4 5 6 | ldap.setPartialMatchUserIds(true); KeyPairInformation[] keys = ldap.getMultipleKeysByUserId("DidiSoft*"); for (KeyPairInformation key : keys) { System.out.println("Found key: " + key.getKeyID()); } |
Note the wild card symbol * used in the example above. It can be placed anywhere in the searched user Id.
Searching by Key Id
Searching by Key Id is performed with getSingleKeyByKeyIdHex :
1 | KeyPairInformation[] key = ldap.getSingleKeyByKeyIdHex("A072B431"); |
Exception handling
All the methods that exchange data with the LDAP server throw java.io.IOException in case of a network failure.
Summary
This chapter illustrated with Java code how to exchange keys with LDAP key servers that support the pgp scheme.
You may also be interested in how to exchange OpenPGP keys with HKP key servers.
List of methods used:
LDAPClient.setPartialMatchUserIds | controls should keys be searched by the whole or part of the User ID |
LDAPClient.getSingleKeyByUserId | retrieves a key from an LDAP server by whole or part of the User ID |
LDAPClient.getSingleKeyByKeyIdHex | retrieves a key from an LDAP server by Key ID hexadecimal |
LDAPClient.getSingleKeyByKeyId | retrieves a key from an LDAP server by Key ID |
LDAPClient.getMultipleKeysByUserId | retrieves many keys from an LDAP server by whole or part of the User ID |
LDAPClient.submitKey | uploads a key to an LDAP server |