A question about WKD

Wiktor Kwapisiewicz wiktor at metacode.biz
Thu Dec 27 20:48:09 CET 2018


On 26.12.2018 10:39, Stefan Claas wrote:
> Hi all,
> 
> hope you all had a nice Christmas!
> 
> I have set up WKD on my VPS, in order to learn more about it and get now
> the following error:
> 
> gpg --encrypt -r sac at 300baud.de OpenSSL.txt
> gpg: error retrieving 'sac at 300baud.de' via WKD: Not trusted
> gpg: sac at 300baud.de: skipped: Not trusted
> gpg: OpenSSL.txt: encryption failed: Not trusted
> 
> I assume that dirmngr is downloading my cert and thinks it
> is not trusted. However, my site uses a popular Comodo cert.
> 
> Any ideas what is going on here and how to fix this?

It works "on my end" too (GnuPG 2.2.12 on Linux).

Did you try fetching some "well-known" WKD people? E.g.:

$ gpg --auto-key-locate clear,wkd,nodefault --locate-key wk at gnupg.org

My first guess would also be a bad certificate bundle but when I try using "bad"
domains from this list https://badssl.com the error is:

gpg: error retrieving 'test at expired.badssl.com' via WKD: General error
gpg: error reading key: General error

Rather than "not trusted" (maybe you could try experimenting with these domains
to see if the error is different).

There is also "--debug lookup" flag, and "-vvv":

$ gpg -vvv --debug lookup --auto-key-locate clear,wkd,nodefault --locate-key EMAIL

Maybe that'd print something useful?

Do you have anything "exotic" in .gnupg/gpg.conf?

Kind regards,
Wiktor

-- 
https://metacode.biz/@wiktor



More information about the Gnupg-users mailing list