cv25519 subkeys not sent in recv-keys or shown in search-keys

Scott M scott at smemsh.net
Sat Oct 10 01:50:00 CEST 2015


Using gpg2-2.1.8 with libgcrypt-1.7.0-beta262, I did the following:

(1) made a master sign/certify ed25519 key.
(2) made 3 subkeys (ed25519 sign, ed25519 authorize, cv25519 encrypt)
(3) send-keys to keys2.kfwebs.net (rumored to support ecc): success

Here are the keys:

    pub   ed25519/3AED5886 2015-10-04 [SC] [expires: 2016-10-03]
    uid         [ultimate] Scott Mcdermott <scott at smemsh.net>
    sub   cv25519/9300DF68 2015-10-04 [E] [expires: 2016-10-03]
    sub   ed25519/C0223044 2015-10-04 [A] [expires: 2016-10-03]
    sub   ed25519/EB2BDC84 2015-10-04 [S] [expires: 2016-10-03]

Ok, now I want to see if others can see them:

(1) make a brand new user account
(2) empty homedir except gpg.conf with keys2.kfwebs.net.
(3) recv-keys with the master ID (0x3AED5886)

ok, so the subkeys should now be in my new user's keyring, yes?
But NO.  Using list-keys, I see the sign and authorize (the ed25519s),
but *not* the encrypt subkey:

    pub   ed25519/3AED5886 2015-10-04 [SC] [expires: 2016-10-03]
    uid         [ unknown] Scott Mcdermott <scott at smemsh.net>
    sub   ed25519/C0223044 2015-10-04 [A] [expires: 2016-10-03]
    sub   ed25519/EB2BDC84 2015-10-04 [S] [expires: 2016-10-03]

However, when I search-keys for the hexid of the encrypt subkey,
it returns the master public key, so the server knows about the subkey.
Then why doesn't it send to me when I --recv-keys ? For that matter,
http://keys2.kfwebs.net/pks/lookup?op=vindex&search=0x9300DF68
does output my keys, but does not show the very key that was
searched for!

Is it possible the server supports ed25519, but not cv25519? Are there
any keyservers known to support both these key types? It seems that
almost all do not, even keys2.kfwebs.net (got this one from #gnupg).

-- 
Scott



More information about the Gnupg-users mailing list