Alternative to ‘--keyserver-options auto-key-retrieve’ under 2.1.x

Werner Koch wk at gnupg.org
Fri Feb 12 20:57:18 CET 2016 

On Fri, 12 Feb 2016 13:51, guilhem at fripost.org said:

> However it seems to be a noop with 2.1.11, unless the deprecated option
> ‘--keyserver’ is also given.  From the manpage it looks like only some
> not all keyserver options are deprecated, and ‘auto-key-retrieve’ in not
> among them.  Is there a way around to tell gpg to retrieve the key via
> dirmngr?

It works for me using a fresh GNUPGHOME with 
  keyserver hkp://keys.mayfirst.org
set in dirmngr.conf and no gpg.conf:

  $ gpg -v --verify --auto-key-retrieve ~/tarballs/gnupg/v1.4/gnupg-1.4.2[...]
  gpg: WARNING: "--auto-key-retrieve" is a deprecated option
  gpg: please use "--keyserver-options auto-key-retrieve" instead
  gpg: assuming signed data in '/home/wk/tarballs/gnupg/v1.4/gnupg-1.4.20[...]
  gpg: Signature made Sun Dec 20 09:02:24 2015 CET using RSA key ID 4F25E3B6
  gpg: no running Dirmngr - starting '/usr/local/bin/dirmngr'
  gpg: waiting for the dirmngr to come up ... (5s)
  gpg: connection to the dirmngr established
  gpg: data source: http://keys.mayfirst.org:11371
  gpg: armor header: Version: SKS 1.1.5
  gpg: armor header: Comment: Hostname: zimmermann.mayfirst.org
  gpg: pub  rsa2048/4F25E3B6 2011-01-12  Werner Koch (dist sig)
  gpg: using PGP trust model
  gpg: key 4F25E3B6: public key "Werner Koch (dist sig)" imported
  gpg: no running gpg-agent - starting '/usr/local/bin/gpg-agent'
  gpg: waiting for the agent to come up ... (5s)
  gpg: connection to agent established
  gpg: 0 keys processed (0 validity counts cleared)
  gpg: no ultimately trusted keys found
  gpg: Total number processed: 1
  gpg:               imported: 1
  gpg: Good signature from "Werner Koch (dist sig)" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6
  gpg: binary signature, digest algorithm SHA256, key algorithm rsa2048
  gpg: Signature made Mon Dec 21 07:06:19 2015 CET using RSA key ID
  33BD3F06
  gpg: Signature made Mon Dec 21 07:06:19 2015 CET using RSA key ID 33BD3F06
  gpg: data source: http://keys.mayfirst.org:11371
  gpg: armor header: Version: SKS 1.1.5
  gpg: armor header: Comment: Hostname: zimmermann.mayfirst.org
  gpg: pub  rsa2048/33BD3F06 2014-10-29  NIIBE Yutaka (GnuPG Release Ke[...]
  gpg: key 33BD3F06: public key "NIIBE Yutaka (GnuPG Release Key) <gn[...]
  gpg: 0 keys processed (0 validity counts cleared)
  gpg: no ultimately trusted keys found
  gpg: Total number processed: 1
  gpg:               imported: 1
  gpg: Good signature from "NIIBE Yutaka (GnuPG Release Key) <gniibe[...]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 031E C253 6E58 0D8E A286  A9F2 2071 B08A 33BD 3F06
  gpg: binary signature, digest algorithm SHA256, key algorithm rsa2048

and this raises the question whether it would make sense to un-deprecated
the options --[no-]auto-key-retrieve.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list