WKD question

Stefan Claas sac at 300baud.de
Sun Aug 2 16:17:00 CEST 2020


Dmitry Alexandrov wrote:
 
> Stefan Claas <sac at 300baud.de> wrote:
> > One more question, I tried to verify Werner's signature, from postings here on the ML, but his signature could not be
> > verified, due to a missing pub key (0xFF80AE9D1DEC358D). But when looking at Wiktor's WKD checker a key is present, but
> > with a different Fingerprint.
> >
> > https://metacode.biz/openpgp/web-key-directory
> 
> Well, thatʼs seems to be true:
> 
> 	$ wget -qO - "$(/usr/lib/gnupg/gpg-wks-client --print-wkd-url wk at gnupg.org)" | gpg --with-colons
> 	gpg: WARNING: no command supplied.  Trying to guess what you mean ...
> 	pub:-:256:22:63113AE866587D0A:1538149415:1801393200::-:
> 	uid:::::::::wk at gnupg.org:
> 	sub:-:256:18:3CD7B3A055039224:1538149415:1643626805:::
> 
> I dunno why @wk at gnupg.org did that, but whatever his reasons were, the fact that he was _able_ to do that, is exactly the key
> reason why proper (write-only) keyserver networks (SKS- or Hockeypuck-based) are indispensable.

Hopefully he can tell us.

> Use them, not WKD or proprietary keyserver services, when you want to get a key by a given fingerprint.  In other words, when
> enabling --auto-key-retrieve, make sure that --keyserver is set to something like hkps://keyserver.ubuntu.com.  IIUC, there
> is, unfortunately, still no way to configure multiple keyservers for retrieval (contrary to locating).

I have as key server keys.openpgp.org in my config, besides WKD and when I switched it to the Ubuntu key server Claws-Mail said
key for verification of this signature not available.

Regards
Stefan

-- 
my 'hidden' service gopherhole:
gopher://iria2xobffovwr6h.onion



More information about the Gnupg-users mailing list