distributing pubkeys: autocrypt, hagrid, WKD (Re: Your Thoughts)

Werner Koch wk at gnupg.org
Mon Jul 1 18:33:41 CEST 2019

On Mon,  1 Jul 2019 15:13, gnupg-users at gnupg.org said:

> distribution keys in Gentoo.  However, the main problem with WKD right
> now is that AFAIK GnuPG doesn't support refreshing existing keys via WKD

Actually gpg updates expired keys via WKD.  However, to not break things
and not to go out and do a query on the mail domain, this is only done
if the key has originally been fetched via WKD.

That turned out to be a too conservative approach and thus I consider to
change this so that gpg always tries to update an expired key via the

Regarding a manual refresh there is indeed only a clumsy set of options
and commands but if we can agree to stop using --search-keys with
keyservers, this command can be used as a forceful update via WKD.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190701/e50466c5/attachment.sig>

More information about the Gnupg-users mailing list