Question about specifics of --locate-key option

Wiktor Kwapisiewicz wiktor at
Mon Oct 15 15:21:26 CEST 2018


I have a question about specifics of --locate-key option, that is how
does it decide which lookup mechanism will additionally be called if a
local key is not present.

A little bit of context - I was checking how Evolution works with GnuPG
and whether it would locate key through WKD if it's missing locally. I
found out that even though it passes the e-mail address to -r option
(encrypt/recipient) WKD doesn't work. A more careful look revealed that
they pass e-mail address wrapped in "<" and ">".

Sample call:

  gpg2 --verbose --no-secmem-warning --no-greeting --no-tty --batch
--yes --status-fd=61 --encrypt --armor --always-trust -u
user at -r <test-wkd at> --output -

This, as it turns out, does not trigger WKD. Removing "<" and ">" sure
enough does the trick and the key is found.

My question is: is there a documented behavior of how --locate-key
algorithm will process it's input? Or is it implementation-defined?
(currently I see it must be an exact e-mail address with no leading,
trailing characters). The man page description seems to leave it as

Thank you for your time!

Kind regards,


More information about the Gnupg-users mailing list