Checking key server response against the request parameters

John Clizbe John at
Mon Sep 16 00:29:13 CEST 2013

Stefan Tomanek wrote:
> Dies schrieb Stefan Tomanek (tomanek at
>> While working with the gnupg source code, I noticed that gnupg does not take
>> the query itself into consideration when retrieving key data from a server
>> (--search-key, --recv-key); regardless of the query issued, gnupg will happily
>> import anything returned.
> I just noticed that gnupg will even import secret keys from any keyserver
> response if the key data is prefixed with "BEGIN PGP PUBLIC KEY DATA".
> My newly submitted patch (v2) fixes this issue as well.
> Any feedback is welcome :-)

It looks like you are working from a solution back to a problem instead of
from a problem to a solution.

Before you need this solution, you need to be able to fetch a secret key from
a keyserver, and before you can do that, you need a keyserver that will accept
and store a secret key. None that I know of will (PKS, CKS, ONAK, OpenPKSd,
SKS, LDAP implementations).

John P. Clizbe                      Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP                  or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://  or
     mailto:pgp-public-keys at

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 475 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130915/7cd3bf38/attachment.sig>

More information about the Gnupg-devel mailing list