I want to delete or modify PGP public keys from SEMS server using LDAP. For these purpose i am using LDAP SDK from UnboundID and Didisoft PGP java library. When i am executing the codes both connection.modify(request)
and connection.delete(request)
are giving same result Success ,but not deleted from server, I still can see the keys on server. My code goes in this way.
For Modification
if (keyFound)
{
byte[] bytes = keyStr.getBytes();
this.tmpKS.purge();
KeyPairInformation[] keysTmp = this.tmpKS.importKeyRing(new ByteArrayInputStream(bytes));
KeyPairInformation tmpKeys = keysTmp[0];
String certIdS = Long.toHexString(tmpKeys.getKeyID()).toUpperCase();
for (int i = 0; i < 16 - certIdS.length(); i++) {
certIdS = "0" + certIdS;
}
object = "pgpCertID=" + certIdS + "," + keysDn;
ModifyRequest request = new ModifyRequest(object, new Modification[] { new Modification(ModificationType.REPLACE, "pgpCertID", certId), new Modification(ModificationType.REPLACE, "pgpKeyID", key.getKeyIDHex()), new Modification(ModificationType.REPLACE, "pgpKeyType", key.getAlgorithm()), new Modification(ModificationType.REPLACE, "pgpKeyCreateTime", keyCreationTime), new Modification(ModificationType.REPLACE, "pgpSignerID", certId), new Modification(ModificationType.REPLACE, "pgpRevoked", key.isRevoked() ? "1" : "0"), new Modification(ModificationType.REPLACE, "pgpCertID", certId), new Modification(ModificationType.REPLACE, "pgpDisabled", "0"), new Modification(ModificationType.REPLACE, "pgpKeyID", key.getKeyIDHex()), new Modification(ModificationType.REPLACE, "pgpKeyType", key.getAlgorithm()), new Modification(ModificationType.REPLACE, "pgpUserID", key.getUserID() + '\000'), new Modification(ModificationType.REPLACE, "pgpSignerID", certId), new Modification(ModificationType.REPLACE, "pgpKeySize", padLeft(key.getKeySize(), 5)), new Modification(ModificationType.REPLACE, "pgpDisabled", "0"), new Modification(ModificationType.REPLACE, "objectClass", "pgpKeyInfo"), new Modification(ModificationType.REPLACE, "pgpKey", tmpOut.toByteArray()) });
for (int i = 0; i < keysTmp.length; i++) {
request.addModification(new Modification(ModificationType.REPLACE, "pgpSubKeyID", Long.toHexString(keysTmp[i].getKeyID()).toUpperCase()));
}
LDAPResult result = connection.modify(request);
return result.getResultCode().intValue() == 0;
}
and For Delete Purpose
if (keyFound)
{
byte[] bytes = keyStr.getBytes();
this.tmpKS.purge();
KeyPairInformation[] keysTmp = this.tmpKS.importKeyRing(new ByteArrayInputStream(bytes));
KeyPairInformation tmpKeys = keysTmp[0];
String certIdS = Long.toHexString(tmpKeys.getKeyID()).toUpperCase();
for (int i = 0; i < 16 - certIdS.length(); i++) {
certIdS = "0" + certIdS;
}
object = "pgpCertID=" + certIdS + "," + keysDn;
DeleteRequest request1 = new DeleteRequest(object);
LDAPResult result1 = connection.delete(request1);
LDAPResult result = connection.modify(request);
return result.getResultCode().intValue() == 0;
}
LDAP Result: LDAPResult(resultCode=0 (success), messageID=3, opType='modify')
The usual way to remove an old key and push a new one is by revoking the old one, uploading it and afterwards uploading the new one.
In the case when you have lost the old private key nor having a revocation certificate then according to the PGP SDK from Symantec there is a method:
PGPDeleteFromKeyServer( PGPKeyServerRef inKeyServerRef,
PGPKeySetRef inKeysToDelete,
PGPKeySetRef * outKeysThatFailed
)
Note: The key server connection must have been established with an access type of kPGPKeyServerAccessType_Administrator.
If you establish an LDAP connection authenticated as admin LDAP user then you must be able to perform the delete operation.