LDAP OpenPGP key servers

In order to allow more flexible exchange of public keys between members of an organization, the keys can be submitted to a central store. One of those stores used widely at production sites is the LDAP OpenPGP key server, like Symantec Encryption Management Server (SEMS, previously PGP Universal Server) and OpenLDAP/slapd with pgp LDAP scheme installed.

DLL file and namespace

The functionality is available in the class LdapClient located in the namespace DidiSoft.Pgp.Net.
As of version 1.7.10 you will have to reference and deploy with your application an additional DLL

[library installation folder]\Bin\DidiSoft.Pgp.Net.LdapClient.dll

Table of Contents

In this chapter we will demonstrate how to exchange keys with LDAP OpenPGP key servers.

1. Searching for a key
2. Uploading a key
3. Exception handling
4. Supported .NET patforms

Searching for a key

We can search for a key by referencing it by it’s Key Id, hexadecimal Key Id or part or the whole User Id. The example below illustrates key retrieval with part of the User Id.

C# example

1
2
3
4
5
6
7
8
9
10
11

DidiSoft.Pgp.Net.LdapClient ldap = new DidiSoft.Pgp.Net.LdapClient("keyserver.pgp.com");
ldap.PartialMatchUserIds = true;
byte[] keyBytes = ldap.GetKeyByUserId("Didisoft");if (keyBytes.Length > 0)
{
   Console.WriteLine("key found");
 
   // example usage of the key
   KeyStore store = new KeyStore();
   store.ImportPublicKey(new MemoryStream(keyBytes));
}

VB.NET example

1
2
3
4
5
6
7
8
9
10

Dim ldap As New DidiSoft.Pgp.Net.LdapClient("keyserver.pgp.com")
ldap.PartialMatchUserIds = True
Dim keyBytes As Byte() = ldap.GetKeyByUserId("Didisoft")If (keyBytes.Length > 0) Then
   Console.WriteLine("key found")
 
   ' example usage of the key
   Dim store As New KeyStore()
   store.ImportPublicKey(New MemoryStream(keyBytes))
End If

Uploading a key

The key upload is simply invoking the method submitKey of the LdapClient class.  For private LDAP servers like a private Symantec Encryption Management Server usually you will have to authenticate by using the LdapClient constructor that accepts username and password parameters.

C# example

DidiSoft.Pgp.Net.LdapClient ldap = new DidiSoft.Pgp.Net.LdapClient("keyserver.pgp.com");
ldap.SubmitKey(File.ReadAllBytes(@"c:\Test\My_key.asc"));

VB.NET example

Dim ldap As New DidiSoft.Pgp.Net.LdapClient("keyserver.pgp.com")
ldap.SubmitKey(File.ReadAllBytes("c:\Test\My_key.asc"))

Exception handling

All methods for interaction with an LDAP server throw two basic exceptions:

System.Runtime.InteropServices.COMException – in case of a network error
System.DirectoryServices.DirectoryServicesCOMException – LDAP related exception

Supported platforms

This functionality is available only in the standard .NET Framework version of the library.

Summary

This chapter was a brief introduction how to exchange keys with LDAP OpenPGP keys servers with C# and VB.NET examples.

You may also be interested in exchanging keys with HKP key servers.