[PATCH GnuPG] RFC: g10: Improve and unify key selection.

Andre Heinecke aheinecke at intevation.de
Mon Oct 31 15:51:29 CET 2016


Hi,

On Monday 31 October 2016 13:12:16 Justus Winter wrote:
> When a name resembling a mail address is given to either --locate-key
> or --recipient, rank the search results and use only the most relevant
> key.

I would prefer it if this function would also return expired / revoked / 
validitity never etc. Keys. So in a GUI we could handle this case by informing 
the user that the key for this user is expired.

Otherwise we would have to check for that case with another keylisting to 
avoid the problem that a user was able to encrypt to someone yesterday 
automatically and today it no longer works and the UI just shows "No key for 
this recipient" when a UI uses locate-keys.

> This also lets us query which key will be used for encryption using
> --locate-key.  XXX: Is this true?  B/c if we use --recipient, we only
> consider keys usable for encryption. Otoh, --locate-key has no such
> constraint.

I think this could be solved by ranking a key that can both encrypt higher 
then a key that can't encrypt. This would avoid the state where an encrypt key 
can can't be found because a user has a different primary key with only signing 
(for whatever weird reason). The primary usecase of this function imo is to 
look up recipient keys for encryption.


Regards,
Andre

-- 
Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20161031/8435a16b/attachment-0001.sig>


More information about the Gnupg-devel mailing list