key-keyserver problem?
David Shaw
dshaw@jabberwocky.com
Tue Jul 16 23:02:02 2002
On Tue, Jul 16, 2002 at 04:33:14PM -0400, Jason Harris wrote:
> On Tue, Jul 16, 2002 at 12:45:10AM -0400, Psy-Kosh wrote:
>
> > >This looks like the key (fetched from ldap://pgp.surfnet.nl:11370)
> > (but
> > >shouldn't GPG report the signature (on the signed list message) was
> > made
> > >by 71AD88B3 instead of reporting 401EDF13 - Psy-Kosh, did you sign
> > >the message with a standalone version of 401EDF13?):
> >
> > I'm using a signing subkey, so I guess it's just reporting the
> > specific subkey.
>
> Be aware that 0x401EDF13, being a subkey, isn't found by keyid from
> ldap://pgp.surfnet.nl:11370. You might want to put, at minimum, the
> primary keyid in your .sig or email headers. (Manually fetching the
> keyid reported in your PGP signature doesn't work.)
This is not completely correct - the LDAP keyservers can searched by
(long) subkey IDs.
Try:
gpg --keyserver ldap://pgp.surfnet.nl:11370 --recv AA26722D2D455703
See that GnuPG fetches key 4B764FE1D4F1DD5E.
If you have "keyserver-options auto-key-retrieve" enabled, then GnuPG
does this automatically.
Alas, a LDAP keyserver bug prevents subkey searching from working with
v4 RSA keys, and it seems NAI isn't going to be fixing minor bugs. :(
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson