[Q] Sending a key to a keyserver

Michael Nahrath gnupg-users@nahrath.de
Wed May 14 15:00:04 2003

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

David Shaw wrote:

>>>>OTOH all GPG applications default to the HKP network and GPG can't even
>>>>fully access the LDAP keyservers.

After current test results I have to take that back.

>>[michi@localhost]~$ gpg --keyserver ldap://keyserver.pgp.com --send-keys
>>gpgkeys: error adding key 99242560 to keyserver: Already exists
>>gpg: keyserver internal error
>>Currently I don't have a key to change, but next time I have to sign a key
>>I'll try to check if tis is simply an errouros error-message.
> Not erroneous - that is an actual error.  You tried to add 99242560 to
> the keyserver, and it's already there.  It's not what I'd call a
> terribly *serious* error... ;)

Usually sending a key is not only for the first time upload but also to
update it with new signatures, UIDs etc.

But strangely this seems to be special for David's key (sorry for using and
uploading it as an example - I was too quick in copy&paste).

I can upload my own key to the ldap keyserver several times without any
answer or warning:

$ gpg --keyserver ldap://keyserver.pgp.com --send-keys 9A4C704C

I checked
$ gpg --keyserver ldap://keyserver.pgp.com --no-default-keyring \
  --keyring test --recv-key 9A4C704C
$ gpg --keyserver ldap://keyserver.pgp.com --no-default-keyring \
  --keyring test --list-sigs 9A4C704C

My key is complete so it seems that the upload has been successfull.

Nice suprise at least!

>> Gives me plenty of trouble, since I made a friend change from PGP to GPG and
>> now he can't find his other PGP using friends any more ...
> Tell your friend to put "keyserver ldap://keyserver.pgp.com" in his
> gpg.conf file and he's done.

That is what I did. But it is one step further from
'works out of the box' and 'works for everyone' :-(

Understanding public key krypto is hard enough for the users.
Flaws in the infrastructure make it even harder - unneccesarily.

Greeting, Michi

Content-Type: application/pgp-signature

Version: GnuPG v1.2.2 (Darwin)
Comment: http://www.biglumber.com/x/web?qs=0x9A4C704C