Trouble with keyservers

David Shaw dshaw at jabberwocky.com
Sun Oct 21 20:30:38 CEST 2007


On Tue, Oct 16, 2007 at 11:28:48AM -0400, Daniel Benoy wrote:
> Hi.  I generated my key with the assistance of an experimental program 
> called 'gnupg-pkcs11-scd' and my Aladdin eToken and I think the key that was 
> generated is somehow messed up.  When I exchange my public key with friends 
> manually, they can encrypt to me just fine.  But when they grab from a 
> keyserver they can't.

The problem with your key on the keyserver is that you have a primary
key that is tagged for Signing (signing data) and Certification
(signing keys), and a subkey tagged for Authentication (proving you
are you).  You don't have any key or subkey for encryption.

Or to be more accurate, you DO have a key for encryption, but the
keyserver isn't storing it.  This is a well-known keyserver bug with
the pksd keyserver software, but many sites refuse to stop running it,
despite this and other bugs.  If you use a keyerver running sks
software, you'll be fine.  I believe that pool.sks-keyservers.net has
only sks servers in its mix.

David



More information about the Gnupg-users mailing list