[PATCH v4] filter and verify keyserver responses

Werner Koch wk at gnupg.org
Wed Jun 25 20:14:39 CEST 2014

On Wed, 25 Jun 2014 16:22, jerome at jerome.cc said:

> A filter that imports only keys authenticated by one or more given
> key(s) (identified by its(their) fingerprint(s))?


> keyserver, a user won't be able to download a rogue key that has not
> been authenticated by the organization's key(s).

Do not rely on the content of the standard keyring.  You MUST somehow
make sure that the key is authentic - using the keyring is not a
repalcement for that.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list