wks for sign-only keys
Erich Eckner
gnupg at eckner.net
Fri Jan 11 09:46:05 CET 2019
On 11.01.19 09:05, Bernhard Reiter wrote:
> Am Mittwoch 09 Januar 2019 11:55:12 schrieb Erich Eckner:
>> I'm currently setting up wkd and wks on my server. This works great for
>> keys which can encrypt and sign. However, when I try to publish a
>
>> gpg-wks-client: creating request failed: Unusable public key
>
> One of the design ideas of WKD/WKS is that it is as simple as possible.
> A pubkey without the ability to be encrypted to is a special case.
>
> Maybe some special cases could be supported in the future, but in my view this
> would need a very good reason, so that the hassle of added complexity is worth
> it.
>
> So what is your use case? Why not just use a pubkey with allows encryption
> and do not use it, if you don't need it? To me the encryption test has the
> advantage to check that it is actually possible to retrieve a pubkey for an
> email address and right away use it for encryption to this address.
>
>
> Best Regards,
> Bernhard
My use case is a key for (automatic) signing of packages and/or
archives. To avoid any confusions, I created the key without capability
of encryption (no emails should be sent to that address - besides of
course wks emails).
If it would add much complexity to allow for uploading sign-only keys, I
guess, I'm fine with replacing the key with one that can also encrypt -
or uploading the key manually to wkd.
regards,
Erich
More information about the Gnupg-devel
mailing list