gpgme_op_import_keys() -- unclear documentation, problematic behavior

Justus Winter justus at
Mon Jun 19 15:52:23 CEST 2017

Daniel Kahn Gillmor <dkg at> writes:

> But in practice, looking at src/engine-gpg.c, if i use the
> gpgme_op_import_keys() form (instead of the keydata form), the backend
> actually uses --recv-keys on the importing context.  This doesn't work
> at all if the keys are not on the public keyservers, or if the local
> host is offline.
> And even when keys are on the public keyservers and the local host is
> online, in the case where the two contexts may have specialized
> knowledge of the OpenPGP certificate (e.g. non-published certifications,
> freshly-generated subkeys, etc) it has particularly strange failure
> cases -- it'll result in different OpenPGP certificates held by the two
> contexts.
> Additionally, using the keyservers for this represents a metadata
> leakage, without any warning to the user that such a thing is planned.
> [...]
> Can anybody clarify these concerns?  Have i misunderstood things, or
> should i try to  use the tool differently?

Your analysis is right, this is bad.  We should at least fix the

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: </pipermail/attachments/20170619/affcad65/attachment.sig>

More information about the Gnupg-devel mailing list