无法使用 LDAP 从 Symantec Encryption Management Server 删除或修改 PGP 密钥
Unable to delete or modify PGP keys from Symantec Encryption Management Server using LDAP
我想使用 LDAP 从 SEMS 服务器删除或修改 PGP public 密钥。为此,我正在使用 LDAP SDK 来自 UnboundID 和 Didisoft PGP java 库。当我执行代码时 connection.modify(request)
和 connection.delete(request)
都给出相同的结果 Success ,但没有从服务器中删除,我仍然可以在服务器上看到密钥。我的代码是这样的。
待修改
if (keyFound)
{
byte[] bytes = keyStr.getBytes();
this.tmpKS.purge();
KeyPairInformation[] keysTmp = this.tmpKS.importKeyRing(new ByteArrayInputStream(bytes));
KeyPairInformation tmpKeys = keysTmp[0];
String certIdS = Long.toHexString(tmpKeys.getKeyID()).toUpperCase();
for (int i = 0; i < 16 - certIdS.length(); i++) {
certIdS = "0" + certIdS;
}
object = "pgpCertID=" + certIdS + "," + keysDn;
ModifyRequest request = new ModifyRequest(object, new Modification[] { new Modification(ModificationType.REPLACE, "pgpCertID", certId), new Modification(ModificationType.REPLACE, "pgpKeyID", key.getKeyIDHex()), new Modification(ModificationType.REPLACE, "pgpKeyType", key.getAlgorithm()), new Modification(ModificationType.REPLACE, "pgpKeyCreateTime", keyCreationTime), new Modification(ModificationType.REPLACE, "pgpSignerID", certId), new Modification(ModificationType.REPLACE, "pgpRevoked", key.isRevoked() ? "1" : "0"), new Modification(ModificationType.REPLACE, "pgpCertID", certId), new Modification(ModificationType.REPLACE, "pgpDisabled", "0"), new Modification(ModificationType.REPLACE, "pgpKeyID", key.getKeyIDHex()), new Modification(ModificationType.REPLACE, "pgpKeyType", key.getAlgorithm()), new Modification(ModificationType.REPLACE, "pgpUserID", key.getUserID() + '[=10=]0'), new Modification(ModificationType.REPLACE, "pgpSignerID", certId), new Modification(ModificationType.REPLACE, "pgpKeySize", padLeft(key.getKeySize(), 5)), new Modification(ModificationType.REPLACE, "pgpDisabled", "0"), new Modification(ModificationType.REPLACE, "objectClass", "pgpKeyInfo"), new Modification(ModificationType.REPLACE, "pgpKey", tmpOut.toByteArray()) });
for (int i = 0; i < keysTmp.length; i++) {
request.addModification(new Modification(ModificationType.REPLACE, "pgpSubKeyID", Long.toHexString(keysTmp[i].getKeyID()).toUpperCase()));
}
LDAPResult result = connection.modify(request);
return result.getResultCode().intValue() == 0;
}
和用于删除目的
if (keyFound)
{
byte[] bytes = keyStr.getBytes();
this.tmpKS.purge();
KeyPairInformation[] keysTmp = this.tmpKS.importKeyRing(new ByteArrayInputStream(bytes));
KeyPairInformation tmpKeys = keysTmp[0];
String certIdS = Long.toHexString(tmpKeys.getKeyID()).toUpperCase();
for (int i = 0; i < 16 - certIdS.length(); i++) {
certIdS = "0" + certIdS;
}
object = "pgpCertID=" + certIdS + "," + keysDn;
DeleteRequest request1 = new DeleteRequest(object);
LDAPResult result1 = connection.delete(request1);
LDAPResult result = connection.modify(request);
return result.getResultCode().intValue() == 0;
}
LDAP 结果:
LDAPResult(resultCode=0 (成功), messageID=3, opType='modify')
删除旧密钥并推送新密钥的通常方法是撤销旧密钥,上传它,然后再上传新密钥。
如果您丢失了旧私钥也没有吊销证书,那么根据 Symantec 的 PGP SDK,有一个方法:
PGPDeleteFromKeyServer( PGPKeyServerRef inKeyServerRef,
PGPKeySetRef inKeysToDelete,
PGPKeySetRef * outKeysThatFailed
)
注意:必须使用 kPGPKeyServerAccessType_Administrator.
的访问类型建立密钥服务器连接
如果您建立的 LDAP 连接已验证为管理员 LDAP 用户,那么您必须能够执行删除操作。
我想使用 LDAP 从 SEMS 服务器删除或修改 PGP public 密钥。为此,我正在使用 LDAP SDK 来自 UnboundID 和 Didisoft PGP java 库。当我执行代码时 connection.modify(request)
和 connection.delete(request)
都给出相同的结果 Success ,但没有从服务器中删除,我仍然可以在服务器上看到密钥。我的代码是这样的。
待修改
if (keyFound)
{
byte[] bytes = keyStr.getBytes();
this.tmpKS.purge();
KeyPairInformation[] keysTmp = this.tmpKS.importKeyRing(new ByteArrayInputStream(bytes));
KeyPairInformation tmpKeys = keysTmp[0];
String certIdS = Long.toHexString(tmpKeys.getKeyID()).toUpperCase();
for (int i = 0; i < 16 - certIdS.length(); i++) {
certIdS = "0" + certIdS;
}
object = "pgpCertID=" + certIdS + "," + keysDn;
ModifyRequest request = new ModifyRequest(object, new Modification[] { new Modification(ModificationType.REPLACE, "pgpCertID", certId), new Modification(ModificationType.REPLACE, "pgpKeyID", key.getKeyIDHex()), new Modification(ModificationType.REPLACE, "pgpKeyType", key.getAlgorithm()), new Modification(ModificationType.REPLACE, "pgpKeyCreateTime", keyCreationTime), new Modification(ModificationType.REPLACE, "pgpSignerID", certId), new Modification(ModificationType.REPLACE, "pgpRevoked", key.isRevoked() ? "1" : "0"), new Modification(ModificationType.REPLACE, "pgpCertID", certId), new Modification(ModificationType.REPLACE, "pgpDisabled", "0"), new Modification(ModificationType.REPLACE, "pgpKeyID", key.getKeyIDHex()), new Modification(ModificationType.REPLACE, "pgpKeyType", key.getAlgorithm()), new Modification(ModificationType.REPLACE, "pgpUserID", key.getUserID() + '[=10=]0'), new Modification(ModificationType.REPLACE, "pgpSignerID", certId), new Modification(ModificationType.REPLACE, "pgpKeySize", padLeft(key.getKeySize(), 5)), new Modification(ModificationType.REPLACE, "pgpDisabled", "0"), new Modification(ModificationType.REPLACE, "objectClass", "pgpKeyInfo"), new Modification(ModificationType.REPLACE, "pgpKey", tmpOut.toByteArray()) });
for (int i = 0; i < keysTmp.length; i++) {
request.addModification(new Modification(ModificationType.REPLACE, "pgpSubKeyID", Long.toHexString(keysTmp[i].getKeyID()).toUpperCase()));
}
LDAPResult result = connection.modify(request);
return result.getResultCode().intValue() == 0;
}
和用于删除目的
if (keyFound)
{
byte[] bytes = keyStr.getBytes();
this.tmpKS.purge();
KeyPairInformation[] keysTmp = this.tmpKS.importKeyRing(new ByteArrayInputStream(bytes));
KeyPairInformation tmpKeys = keysTmp[0];
String certIdS = Long.toHexString(tmpKeys.getKeyID()).toUpperCase();
for (int i = 0; i < 16 - certIdS.length(); i++) {
certIdS = "0" + certIdS;
}
object = "pgpCertID=" + certIdS + "," + keysDn;
DeleteRequest request1 = new DeleteRequest(object);
LDAPResult result1 = connection.delete(request1);
LDAPResult result = connection.modify(request);
return result.getResultCode().intValue() == 0;
}
LDAP 结果: LDAPResult(resultCode=0 (成功), messageID=3, opType='modify')
删除旧密钥并推送新密钥的通常方法是撤销旧密钥,上传它,然后再上传新密钥。
如果您丢失了旧私钥也没有吊销证书,那么根据 Symantec 的 PGP SDK,有一个方法:
PGPDeleteFromKeyServer( PGPKeyServerRef inKeyServerRef,
PGPKeySetRef inKeysToDelete,
PGPKeySetRef * outKeysThatFailed
)
注意:必须使用 kPGPKeyServerAccessType_Administrator.
的访问类型建立密钥服务器连接如果您建立的 LDAP 连接已验证为管理员 LDAP 用户,那么您必须能够执行删除操作。