key-keyserver problem?

David Shaw
Tue Jul 16 23:02:02 2002

On Tue, Jul 16, 2002 at 04:33:14PM -0400, Jason Harris wrote:
> On Tue, Jul 16, 2002 at 12:45:10AM -0400, Psy-Kosh wrote:
> > >This looks like the key (fetched from ldap://
> > (but
> > >shouldn't GPG report the signature (on the signed list message) was
> > made
> > >by 71AD88B3 instead of reporting 401EDF13 - Psy-Kosh, did you sign
> > >the message with a standalone version of 401EDF13?):
> > 
> > I'm using a signing subkey, so I guess it's just reporting the
> > specific subkey.
> Be aware that 0x401EDF13, being a subkey, isn't found by keyid from
> ldap://  You might want to put, at minimum, the
> primary keyid in your .sig or email headers.  (Manually fetching the
> keyid reported in your PGP signature doesn't work.)

This is not completely correct - the LDAP keyservers can searched by
(long) subkey IDs.

gpg --keyserver ldap:// --recv AA26722D2D455703

See that GnuPG fetches key 4B764FE1D4F1DD5E.

If you have "keyserver-options auto-key-retrieve" enabled, then GnuPG
does this automatically.

Alas, a LDAP keyserver bug prevents subkey searching from working with
v4 RSA keys, and it seems NAI isn't going to be fixing minor bugs. :(


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson