Alphax alphasigmax at
Thu May 18 15:38:32 CEST 2006

Simon Josefsson wrote:
> Werner Koch <wk at> writes:
>>     * New auto-key-locate option that takes an ordered list of methods
>>       to locate a key if it is not available at encryption time (-r or
>>       --recipient).  Possible methods include "cert" (use DNS CERT as
>>       per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
>>       server for the domain in question), "keyserver" (use the
>>       currently defined keyserver), as well as arbitrary keyserver
>>       URIs that will be contacted for the key.
> I'm having trouble getting hkp keyservers to work with
> auto-key-locate.  gpg do appear to retrieve the key successfully, but
> then it complains that it can't use it.  Ideas?
> ~/.gnupg/gpg.conf contains:
> auto-key-locate x-hkp://
> jas at latte:~/src/gnupg$ gpg -a -e -r dshaw at
> gpg: searching for names from hkp server
> gpg: key 99242560: public key "David M. Shaw <dshaw at>" imported
> gpg: key 3CB3B415: public key "David M. Shaw <dshaw at>" imported
> gpg: key D46DCCC5: "David M. Shaw (High Security) <dshaw+secure at>" not changed
> gpg: key DFF20E79: public key "David M. Shaw <dshaw at>" imported
> gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
> gpg: depth: 0  valid:   4  signed:  21  trust: 0-, 0q, 0n, 0m, 0f, 4u
> gpg: depth: 1  valid:  21  signed:  43  trust: 1-, 0q, 0n, 1m, 19f, 0u
> gpg: depth: 2  valid:  29  signed: 223  trust: 24-, 0q, 0n, 0m, 5f, 0u
> gpg: depth: 3  valid:  24  signed: 158  trust: 24-, 0q, 0n, 0m, 0f, 0u
> gpg: next trustdb check due at 2006-07-10
> gpg: Total number processed: 4
> gpg:               imported: 3  (RSA: 3)
> gpg:              unchanged: 1
> gpg: automatically retrieved `dshaw at' via x-hkp://
> gpg: dshaw at skipped: unusable public key
> gpg: [stdin]: encryption failed: unusable public key
> jas at latte:~/src/gnupg$ gpg -a -e -r dshaw at
> gpg: 1643B926: There is no assurance this key belongs to the named user
> pub  2048g/1643B926 2002-01-28 David M. Shaw <dshaw at>
>  Primary key fingerprint: 7D92 FD31 3AB6 F373 4CC5  9CA1 DB69 8D71 9924 2560
>       Subkey fingerprint: F0EC 51D9 2ED0 C183 8977  DDD0 AE28 27D1 1643 B926
> It is NOT certain that the key belongs to the person named
> in the user ID.  If you *really* know what you are doing,
> you may answer the next question with yes.
> Use this key anyway? (y/N)

Have you tried it with

trust-model always

in your gpg.conf? The key you're trying to encyrpt to probably isn't
within your trust path.

> Btw, DNS CERT retrieval work fine, see:

Oh yes, congrats on RFC 4398.

        Death to all fanatics!
  Down with categorical imperative!
OpenPGP key:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060518/dadd5bcc/signature.pgp

More information about the Gnupg-users mailing list