A question about WKD

Alessandro Vesely vesely at tana.it
Wed Dec 26 14:35:28 CET 2018


On Wed 26/Dec/2018 10:39:39 +0100 Stefan Claas wrote:
> 
> I have set up WKD on my VPS, in order to learn more about it and get now
> the following error:
> 
> gpg --encrypt -r sac at 300baud.de OpenSSL.txt
> gpg: error retrieving 'sac at 300baud.de' via WKD: Not trusted

You seem to have already solved that:
ale at pcale:~/tmp$ curl -o /dev/null -v https://300baud.de/.well-known/openpgpkey/hu/ywwzopgqx5kmisb8r18gq68h13jwdg33
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 167.99.129.126...
* TCP_NODELAY set
* Connected to 300baud.de (167.99.129.126) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [113 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [5662 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: OU=Domain Control Validated; OU=PositiveSSL; CN=300baud.de
*  start date: Dec 23 00:00:00 2018 GMT
*  expire date: Dec 23 23:59:59 2019 GMT
*  subjectAltName: host "300baud.de" matched cert's "300baud.de"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA
*  SSL certificate verify ok.
} [5 bytes data]
> GET /.well-known/openpgpkey/hu/ywwzopgqx5kmisb8r18gq68h13jwdg33 HTTP/1.1
> Host: 300baud.de
> User-Agent: curl/7.52.1
> Accept: */*
> 
{ [5 bytes data]
< HTTP/1.1 200 OK
< Date: Wed, 26 Dec 2018 13:33:07 GMT
< Server: Apache/2.4.18 (Ubuntu)
< Last-Modified: Tue, 25 Dec 2018 17:27:21 GMT
< ETag: "1f4-57ddc06a6a77b"
< Accept-Ranges: bytes
< Content-Length: 500
< Content-Language: de
< 
{ [5 bytes data]
* Curl_http_done: called premature == 0
100   500  100   500    0     0   7025      0 --:--:-- --:--:-- --:--:--  7042
* Connection #0 to host 300baud.de left intact

And, using the attached script:

ale at pcale:~/tmp$ testwkd.sh sac at 300baud.de
gpg: keybox '/tmp/user/1000/tmp.EDqjfCCXPH/pubring.kbx' created
gpg: /tmp/user/1000/tmp.EDqjfCCXPH/trustdb.gpg: trustdb created
gpg: using pgp trust model
gpg: error retrieving 'sac at 300baud.de' via None: No public key
gpg: no running Dirmngr - starting '/usr/bin/dirmngr'
gpg: waiting for the dirmngr to come up ... (5s)
gpg: connection to the dirmngr established
gpg: pub  ed25519/9A234E0B0E1F1FE8 2018-12-25  Stefan Claas <sac at 300baud.de>
gpg: key 9A234E0B0E1F1FE8: public key "Stefan Claas <sac at 300baud.de>" imported
gpg: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg: waiting for the agent to come up ... (5s)
gpg: connection to agent established
gpg: Total number processed: 1
gpg:               imported: 1
gpg: auto-key-locate found fingerprint EC15C644C35948FCB47E15899A234E0B0E1F1FE8
gpg: automatically retrieved 'sac at 300baud.de' via WKD
pub   ed25519 2018-12-25 [SC]
      EC15C644C35948FCB47E15899A234E0B0E1F1FE8
uid           [ unknown] Stefan Claas <sac at 300baud.de>
sub   cv25519 2018-12-25 [E]

gpg: using pgp trust model
/tmp/user/1000/tmp.EDqjfCCXPH/pubring.kbx
-----------------------------------------
pub   ed25519 2018-12-25 [SC]
      EC15C644C35948FCB47E15899A234E0B0E1F1FE8
uid           [ unknown] Stefan Claas <sac at 300baud.de>
sig!3   P    9A234E0B0E1F1FE8 2018-12-25  Stefan Claas <sac at 300baud.de>
sub   cv25519 2018-12-25 [E]
sig!    P    9A234E0B0E1F1FE8 2018-12-25  Stefan Claas <sac at 300baud.de>

gpg: 2 good signatures




Best
Ale

-------------- next part --------------
A non-text attachment was scrubbed...
Name: testwkd.sh
Type: application/x-shellscript
Size: 328 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181226/1fd3aee3/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181226/1fd3aee3/attachment-0001.sig>


More information about the Gnupg-users mailing list