Lib.rs

Command line utilities
#openpgp #pgp #fs-file #open-file #test-cases #wkd

bin+lib wkd-exporter

Exports an OpenPGP keyring into an advanced WKD directory path

by Wiktor Kwapisiewicz. Co-owned by David Runge, Heiko Schaefer.

3 unstable releases

0.2.2 Jan 23, 2025
0.2.0 Oct 17, 2024
0.1.0 Oct 15, 2024

#1032 in Command line utilities

MIT/Apache

1.5MB
139 lines

WKD exporter

CI Crates.io latest packaged version(s)

Exports an OpenPGP keyring into the Web Key Directory directory path.

Use it like this (advanced variant with a domain filter):

$ cargo install wkd-exporter
$ DIR=$(mktemp -d)
$ gpg --export | wkd-exporter --append --domain archlinux.org $DIR
$ tree $DIR | head
/tmp/tmp.ZaHdlAQGRw
└── openpgpkey
    └── archlinux.org
        ├── hu
           ├── 46yqwra65to1p94e9ebafpucymkwsi7f
           ├── 9drt4xorn699rkbj5xyq7ykoc1z5nnof
           ├── 9hy3wi4ewwiicomnjmhewifn6d1gi87i
           ├── 9sh859e31bn46hmfxyftn3ymop5ewdkz
           ├── b9qi357oeysqibkxmmh3hanrppd6nj9p
           ├── btfkn1ht1kzda3e9495fe4sjznkygui4

For smaller deployments, direct variant may be more appropriate:

$ DIR=$(mktemp -d)
$ gpg --export | wkd-exporter --append --direct metacode.biz $DIR
$ tree $DIR | head
/tmp/tmp.cxEBeXnwdv
└── openpgpkey
    ├── hu
       └── gebusffkx9g581i6ch4t3ewgwd6dctmp
    └── policy

This project can also be used as a library:

use wkd_exporter::{export, Options};

export(
     std::fs::File::open("tests/test-cases-default/simple.pgp").expect("file to exist"),
    "/tmp/well-known",
    Options::default().set_append(true),
).expect("exporting to succeed");

Multiple certificates

The --append flag causes all certificates sharing the same local part (user in user@example.com) to be exported in the same location. By default the exporter leaves only the last certificate. Appending allows exporting several certificates, for example when a certificate has been rotated (one is revoked and one is current). Other workflows may also require multiple certificates, e.g. a code-signing certificate which is different from a regular one.

Note that if the same directory is used for export and --append flag has been enabled it will cause multiple copies of the same certificate to be present in the target directory. For that reason it is advisable to use a fresh directory when using --append. That is one of the reasons why this flag is not enabled by default (even though it is recommended).

Append may become the default (and a no-op) when certificate merging has been implemented in our backing library.

License

This project is licensed under either of:

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this crate by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Dependencies

~17–25MB
~339K SLoC