keys retrieved from keyserver (keys.openpgp.org) are unusable
Ingo Klöcker
kloecker at kde.org
Tue Jul 27 14:34:28 CEST 2021
On Dienstag, 27. Juli 2021 01:32:53 CEST root wrote:
> Long story short, when the public key is downloaded to my PC as a plain text
> .asc file, and later imported using the function
> gpgme_op_keylist_from_data_start() and gpgme_op_keylist_new(), the
> key->can_encrypt, key->sign_certify, and can_sign are all 0x01.
gpgme_op_keylist_from_data_start() does _not_ import any keys. All it does is
retrieve the meta data of the keys passed to it as data. Those keys cannot be
used for any crypto operations like signing, encrypting, etc. because the
public key data has _not_ been imported. The keys have just been listed. This
is very similar to listing the keys on a keyserver without actually retrieving
the public keys from the keyserver.
> Alternatively, if I do gpgme_op_keylist_start() using an email address with
> GPGME_KEYLIST_MODE_EXTERN, the key->can_encrypt, key->can_certify and
> key->can_sign are all 0x00. I've tried several email addresses found on
> keys.opengpg.org, and the result is the same.
Using gpgme_op_keylist_start() with GPGME_KEYLIST_MODE_EXTERN does a remote
lookup on the keyserver. It does _not_ import the found keys. That's why
can_encrypt, etc. are all 0x00. You need to download and import the keys if
you want to use them.
Alternatively, you may want to use the auto-key-locate option of gpg which
automatically locates and retrieves keys when encrypting to an email address.
Don't reinvent the wheel using gpgme if you can simply use what gpg provides
out of the box. Of course, you can still use gpgme for doing the encryption,
but don't try to retrieve the keys yourself if gpg can do it for you.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210727/3c6efae7/attachment.sig>
More information about the Gnupg-users
mailing list