Keyserver rejection filter and signing subkeys

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Tue Jul 29 20:11:52 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

Since the introduction of the keyserver rejection filter, receiving a
key by using a subkey ID/fpr rather than the primary key ID/fpr fails
as shown below. I noticed this due to using a signing subkey, and a
correspondent asked why he couldn't download the key. Naturally
- --search still works, as the following request is then done by primary
key fpr.

Is this something that should be considered a regression, or do we
simply mark it as per design and that the primary key ID should always
be used. If so, should a reference to the primary key fpr be printed
along with the subkey ID when doing --verify?

$ gpg2 --verify test.tar.bz2.asc
gpg: Signature made Sat 12 Jul 2014 03:16:04 PM CEST
gpg:                using RSA key 0xFC3B17DE05E136A0

$ gpg2 --recv-key 0xFC3B17DE05E136A0
gpg: requesting key 0xFC3B17DE05E136A0 from hkp server 192.168.0.33
gpg: key 0x0B7F8B60E3EDFAE3: rejected by import filter
gpg: Total number processed: 1

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Nunc aut numquam
Now or never
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJT1+PoAAoJEPw7F94F4TagKJYP/jNveZf2GQZGhy44e6vCe8li
HSjT/mlZ+NwVHhC5OYaH/S0kMfjFLLXth4X9ICncgNJbBhOZJIH0g0lNaV6Tbbce
+Vd72SOkFRBL0W7FXgJhfW2PWbD1EisRis9jP5nZkWj4tEKQszxLLu9LjjZBmYy8
dtMObB9exGZOkZqhUmZmXqXy/Zib1jPrnVdIFdCqiru5SKLVn0rEzwseBKWqadEm
hx8Hl59daHhA3zwNVb5K7GzqceKgDVMHvVvdRLYke68rk4OJu4mtBxIhpWd+iKNI
UpOtE+j7lp5S3HtfJciXPoXz0N+V5UP3MFFfbGMROYwuVTh6cCvKSu8dcF8xWIaK
phaDyhsAbebsfnYN4KRQTJeMw8YOljO63ElUH3BufiVK8pwZdvXffWPEkRur0ncY
0vbqVrXArCLNTuuuakAuVwU53WqneB1qIA8ms6I7Fv8Qj5I/RKH9OkjxNsFly/D9
R35vIwwO4yje84B/3MWVB4SLPi6hefnDs0ZpnvhR/CaXKktOdVasYCuvCYs4+A7M
yi25mtnThqcNsbO6MzaN0LHZykBS2R9fSAwb8M2B2fq1AkRsYEqV9NEKNG4ev2Hc
MDmt4pvYtDAPcguh38BrazDNlkGa8bKg5zpbTXjjhEDymW/uyQ+Y/yBvOB1/1AoF
faJ7mG9oEm6AkoJgbFTT
=1MVH
-----END PGP SIGNATURE-----



More information about the Gnupg-devel mailing list