Exchanging keys with OpenPGP LDAP Servers in Java

With DidiSoft OpenPGP Library for Java we can easily store and retrieve keys from OpenPGP LDAP (Lightweight directory access protocol) servers that support the pgp ldap scheme, such as Symantec Encryption Management Server (SEMS, formerly PGP Universal Server) and OpenLDAP/slapd.

The communication functionality is exposed by the class LDAPClient located in com.didisoft.pgp.net. This chapter illustrates its usage:

1 Store a key into the LDAP server
2 Retrieve a key from the LDAP server
3 Exception handling

Store a key into the LDAP server

The key upload process consists of instantiating the LDAPClient class and invoking its submitKey method. For public key servers like keyserver.pgp.com we don’t need authentication. For private LDAP servers we shall use the LDAPClient constructor that accepts username and password parameters with values that match an LDAP user account with write access.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
import java.io.*;
 
import com.didisoft.pgp.net.LDAPClient;
import com.didisoft.pgp.KeyStore;
 
public class DemoLDAP {
  public static void demo() throws Exception {
    // connect to LDAP server that supports pgp schema
    LDAPClient ldap = new LDAPClient("keyserver.pgp.com");
 
    // read the key into a byte array
    File file = new File("c:\\Test\\public_key.asc");
    FileInputStream fIn = new FileInputStream(file);
    byte[] keyBytes = new byte[(int)file.length()];       
    fIn.read(keyBytes, 0, keyBytes.length);
 
    boolean submitted = ldap.submitKey(keyBytes);
  }
}

Retrieve a key from the LDAP server

We can retrieve a  key from an OpenPGP LDAP server by addressing the key with its User Id (whole or part of it) or its hexadecimal Key Id. The example below uses part of the User Id.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
import java.io.ByteArrayInputStream;
 
import com.didisoft.pgp.net.LDAPClient;
import com.didisoft.pgp.KeyStore;
 
public class DemoLDAP {
  public static void demo() throws Exception {
    // connect to LDAP server that supports pgp schema
   LDAPClient ldap = new LDAPClient("keyserver.pgp.com");
   // search by part of the User Id
   ldap.setPartialMatchUserIds(true);
   byte[] keyBytes = ldap.getKeyByUserId("DidiSoft");
 
   if (keyBytes != null && keyBytes.length > 0) {
	KeyStore ks = new KeyStore(); // create an in-memory keystore
	ks.importKeyRing(new ByteArrayInputStream(keyBytes));
   } else {
        System.out.println("No such key was found");
   }
 }
}

Exception handling

All the methods that exchange data with the LDAP server throw java.io.IOException in case of a network failure.

Summary

This chapter illustrated with Java code how to exchange keys with LDAP key servers that support the pgp scheme.

You may also be interested in how to exchange OpenPGP keys with HKP key servers.

List of methods used:

LDAPClient.setPartialMatchUserIds controls should keys be searched by the whole or part of the User ID
LDAPClient.getKeyByUserId retrieves a key from an LDAP server by whole or part of the User ID
LDAPClient.submitKey uploads a key to an LDAP server