LDAP OpenPGP key servers

In order to allow more flexible exchange of public keys between members of an organization, the keys can be submitted to a central store. One of those stores used widely at production sites is the LDAP OpenPGP key server, like Symantec Encryption Management Server (SEMS, previously PGP Universal Server) and OpenLDAP/slapd with PGP LDAP scheme installed.

DLL file and namespace

The functionality is available in the class LdapClient located in the namespace DidiSoft.Pgp.Net.
As of version 1.7.10, you will have to reference and deploy with your application an additional DLL

[library installation folder]\Bin\DidiSoft.Pgp.Net.LdapClient.dll

Table of Contents

In this chapter, we will demonstrate how to exchange keys with LDAP OpenPGP key servers.

1. Searching for keys
2. Uploading a key
3. Exception handling
4. Supported .NET patforms

Searching for a key

We can search for a key by referencing it by it’s Key Id, hexadecimal Key Id or part or the whole User Id. The example below illustrates retrieval of the first matching key:

Searching for the first matching keys

C# example

1
2
3
4
5
6
7
DidiSoft.Pgp.Net.LdapClient ldap = new DidiSoft.Pgp.Net.LdapClient("keyserver.pgp.com");
ldap.PartialMatchUserIds = true;
DidiSoft.Pgp.KeyPairInformation key = ldap.GetSingleKeyByUserId("Didisoft");if (key != null)
{
   Console.WriteLine("Found key: " + key.UserId);
}

VB.NET example

1
2
3
4
5
6
Dim ldap As New DidiSoft.Pgp.Net.LdapClient("keyserver.pgp.com")
ldap.PartialMatchUserIds = True
Dim key As DidiSoft.Pgp.KeyPairInformation = ldap.GetSingleKeyByUserId("Didisoft")If Not IsNothing(key) Then
   Console.WriteLine("Found key: " + key.UserId)
End If

Searching for multiple keys

When using Partial matching of the user Id, we can get all the matching keys with GetMultipleKesByUserId.In the sample code below we are also using the wild card symbol *that will match any character sequence:

1
2
3
4
5
DidiSoft.Pgp.KeyPairInformation[] keys = ldap.GetMultipleKeysByUserId("Didisoft*");
foreach (DidiSoft.Pgp.KeyPairInformation key in keys)
{   Console.WriteLine("Found key: " + key.UserId);
}

Searching by key Id

1
2
3
4
5
DidiSoft.Pgp.KeyPairInformation key = ldap.GetSingleKeyByKeyIdHex("9A652C43");
if (key != null)
{   Console.WriteLine("Found key: " + key.UserId);
}

Uploading a key

The key upload is simply invoking the method submitKey of the LdapClient class.  For private LDAP servers like a private Symantec Encryption Management Server usually you will have to authenticate by using the LdapClient constructor that accepts username and password parameters.

C# example

DidiSoft.Pgp.Net.LdapClient ldap = new DidiSoft.Pgp.Net.LdapClient("keyserver.pgp.com");
ldap.SubmitKey(File.ReadAllBytes(@"c:\Test\My_key.asc"));

VB.NET example

Dim ldap As New DidiSoft.Pgp.Net.LdapClient("keyserver.pgp.com")
ldap.SubmitKey(File.ReadAllBytes("c:\Test\My_key.asc"))

Exception handling

All methods for interaction with an LDAP server throws:

DidiSoft.Pgp.Net.LdapKeyServerException – in case of a network error

Supported platforms

This functionality is available only in the standard .NET Framework and .NET Standard

Summary

This chapter was a brief introduction to how to exchange keys with LDAP OpenPGP keys servers with C# and VB.NET examples.

You may also be interested in exchanging keys with HKP key servers.