BUG: --keyserver option may compromise anonymity

Werner Koch wk at gnupg.org
Mon Dec 18 19:41:45 CET 2000

On Mon, 18 Dec 2000, Florian Weimer wrote:

> This is not the whole story.  Although there's a comment at the top of
> hkp_ask_import() mentioning user interaction, I've never seen GnuPG
> asking before doing a HKP request when verifying signatures.

The man page does not mention, that gpg will ask whether a key should be
retrieved, the comment and the name of the function is misleading,
but this is not a user documentation.

You may want to use --no-auto-key-retrieve  along with a --keyserver
in your options file.


More information about the Gnupg-devel mailing list