WKD: returns only one pubkey (and why)

Werner Koch wk at gnupg.org
Fri Feb 24 10:02:58 CET 2023


On Sat, 28 Jan 2023 23:50, Jakub Wilk said:

> Beware that this may import unrelated keys to your keyring:
> https://bugs.debian.org/909755

Nope (see also https://dev.gnupg.org/T3398).  The security of GnUPG
OpenPGP keys does not rely on the keys in a certain database but soley
on key signatures.

The whole idea of using "curated keyrings" for general purposes is
entirely wrong.  If you do this, you should at least disable dirmngr and
don't use any frontends or tools which might import keys (e.g. taken
from a mail).

The only standard use of "curated keyrings" is with gpgv which - for
that reason - uses a dedicated file name (trustedkeys.kbx or
trustedkeys.gpg).


Shalom-Salam,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20230224/aa4d8a24/attachment.sig>


More information about the Gnupg-devel mailing list