A question about WKD
Wiktor Kwapisiewicz
wiktor at metacode.biz
Thu Dec 27 20:48:09 CET 2018
On 26.12.2018 10:39, Stefan Claas wrote:
> Hi all,
>
> hope you all had a nice Christmas!
>
> I have set up WKD on my VPS, in order to learn more about it and get now
> the following error:
>
> gpg --encrypt -r sac at 300baud.de OpenSSL.txt
> gpg: error retrieving 'sac at 300baud.de' via WKD: Not trusted
> gpg: sac at 300baud.de: skipped: Not trusted
> gpg: OpenSSL.txt: encryption failed: Not trusted
>
> I assume that dirmngr is downloading my cert and thinks it
> is not trusted. However, my site uses a popular Comodo cert.
>
> Any ideas what is going on here and how to fix this?
It works "on my end" too (GnuPG 2.2.12 on Linux).
Did you try fetching some "well-known" WKD people? E.g.:
$ gpg --auto-key-locate clear,wkd,nodefault --locate-key wk at gnupg.org
My first guess would also be a bad certificate bundle but when I try using "bad"
domains from this list https://badssl.com the error is:
gpg: error retrieving 'test at expired.badssl.com' via WKD: General error
gpg: error reading key: General error
Rather than "not trusted" (maybe you could try experimenting with these domains
to see if the error is different).
There is also "--debug lookup" flag, and "-vvv":
$ gpg -vvv --debug lookup --auto-key-locate clear,wkd,nodefault --locate-key EMAIL
Maybe that'd print something useful?
Do you have anything "exotic" in .gnupg/gpg.conf?
Kind regards,
Wiktor
--
https://metacode.biz/@wiktor
More information about the Gnupg-users
mailing list