gpgme_op_import_keys() -- unclear documentation, problematic behavior
Justus Winter
justus at g10code.com
Mon Jun 19 15:52:23 CEST 2017
Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
> But in practice, looking at src/engine-gpg.c, if i use the
> gpgme_op_import_keys() form (instead of the keydata form), the backend
> actually uses --recv-keys on the importing context. This doesn't work
> at all if the keys are not on the public keyservers, or if the local
> host is offline.
>
> And even when keys are on the public keyservers and the local host is
> online, in the case where the two contexts may have specialized
> knowledge of the OpenPGP certificate (e.g. non-published certifications,
> freshly-generated subkeys, etc) it has particularly strange failure
> cases -- it'll result in different OpenPGP certificates held by the two
> contexts.
>
> Additionally, using the keyservers for this represents a metadata
> leakage, without any warning to the user that such a thing is planned.
>
> [...]
>
> Can anybody clarify these concerns? Have i misunderstood things, or
> should i try to use the tool differently?
Your analysis is right, this is bad. We should at least fix the
documentation.
Cheers,
Justus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: </pipermail/attachments/20170619/affcad65/attachment.sig>
More information about the Gnupg-devel
mailing list