get a key by short subkey keyid

David Shaw dshaw at jabberwocky.com
Sun Jan 9 16:38:44 CET 2005


On Fri, Jan 07, 2005 at 11:20:53AM +0100, Peter Palfrader wrote:

> gpg --keyserver ldap://keyserver.pgp.com/ --recv 1069EFEB
> does not fetch the key that has a subkey with keyid 1069EFEB.  It does
> work with long keyids tho.

[ using "(|(pgpkeyid=%.8s)(pgpsubkeyid=*%.8s))" to match short subkey
ids ]

I'm not sure what to do about this.  You're quite right that this
works in theory, but it is very slow due to the pattern match in the
server.  In a perfect world, the query would actually be:

 "(|(pgpcertid=*%.8s)(pgpsubkeyid=*%.8s))"

As pgpcertid is guaranteed to be present in the schema, and pgpkeyid
is not.  Naturally, that's even slower with two pattern matches.  If
the server is slow enough, using the pattern match can result in the
user getting no answer.

On ldap://keyserver.pgp.com, using straight pgpkeyid it answers within
1 second.  pgpkeyid|pgpsubkeyid or pgpcertid|pgpsubkeyid take 5
minutes and then the server times out the request.

The results on ldap://keyserver-beta.pgp.com (the Global Directory)
are considerably better:

pgpkeyid               <1 second
pgpkeyid|pgpsubkeyid   4.5 seconds
pgpcertid|pgpsubkeyid  4.5 seconds

David



More information about the Gnupg-devel mailing list