keys retrieved from keyserver (keys.openpgp.org) are unusable

[Ingo Klöcker]

On Dienstag, 27. Juli 2021 01:32:53 CEST root wrote:
> Long story short, when the public key is downloaded to my PC as a plain text
> .asc file, and later imported using the function
> gpgme_op_keylist_from_data_start() and gpgme_op_keylist_new(), the
> key->can_encrypt, key->sign_certify, and can_sign are all 0x01.

gpgme_op_keylist_from_data_start() does _not_ import any keys. All it does is 
retrieve the meta data of the keys passed to it as data. Those keys cannot be 
used for any crypto operations like signing, encrypting, etc. because the 
public key data has _not_ been imported. The keys have just been listed. This 
is very similar to listing the keys on a keyserver without actually retrieving 
the public keys from the keyserver.

> Alternatively, if I do gpgme_op_keylist_start() using an email address with
> GPGME_KEYLIST_MODE_EXTERN, the key->can_encrypt, key->can_certify and
> key->can_sign are all 0x00. I've tried several email addresses found on
> keys.opengpg.org, and the result is the same.

Using gpgme_op_keylist_start() with GPGME_KEYLIST_MODE_EXTERN does a remote 
lookup on the keyserver. It does _not_ import the found keys. That's why 
can_encrypt, etc. are all 0x00. You need to download and import the keys if 
you want to use them.

Alternatively, you may want to use the auto-key-locate option of gpg which 
automatically locates and retrieves keys when encrypting to an email address.

Don't reinvent the wheel using gpgme if you can simply use what gpg provides 
out of the box. Of course, you can still use gpgme for doing the encryption, 
but don't try to retrieve the keys yourself if gpg can do it for you.

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210727/3c6efae7/attachment.sig>