CERT fails with LDAP URL

David Shaw dshaw at jabberwocky.com
Thu Sep 4 18:06:33 CEST 2008

On Wed, Sep 03, 2008 at 04:31:01PM -0400, Alex wrote:
> Hi, when I try to locate a key with CERT it fails with this message:
> $ gpg2 --auto-key-locate cert -r email at address --encrypt
> gpgkeys: key 0000000000000000 not found on keyserver
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0
> gpg: automatically retrieved `email at address' via DNS CERT
> gpg: email at address: skipped: No public key
> gpg: [stdin]: encryption failed: No public key
> $ gpg2 --version
> gpg (GnuPG) 2.0.9
> [...]
> Used libraries: gcrypt(1.4.1)
> I generated the CERT record using the make-dns-cert tool and set the
> url to "ldap://keyserver.pgp.com". My key is definitely listed on the
> keyserver, and GPG is correctly connecting to the keyserver using ldap.
> It seems that gpg is asking the ldap server for the wrong key (all 0's) 
> I checked the RR with `host' and it is indeed correct.

(Alex sent me the necessary information to diagnose this off-list)

This is actually working correctly.  CERT is not intended to pass a
keyserver address (like ldap://keyserver.pgp.com), but rather a
complete URL to the key (like http://www.jabberwocky.com/key.asc).

That said, I don't see any harm in accepting a keyserver address in a
CERT in addition to full URLs.  I'll change the code to permit that in
the future.


More information about the Gnupg-users mailing list