keys retrieved from keyserver (keys.openpgp.org) are unusable

root root at springbeautygroup.com
Tue Jul 27 20:12:14 CEST 2021


On Tue, Jul 27, 2021 at 02:34:28PM +0200, Ingo Klöcker wrote:
> On Dienstag, 27. Juli 2021 01:32:53 CEST root wrote:
> > Long story short, when the public key is downloaded to my PC as a plain text
> > .asc file, and later imported using the function
> > gpgme_op_keylist_from_data_start() and gpgme_op_keylist_new(), the
> > key->can_encrypt, key->sign_certify, and can_sign are all 0x01.
> 
> gpgme_op_keylist_from_data_start() does _not_ import any keys. All it does is 
> retrieve the meta data of the keys passed to it as data. Those keys cannot be 
> used for any crypto operations like signing, encrypting, etc. because the 
> public key data has _not_ been imported. The keys have just been listed. This 
> is very similar to listing the keys on a keyserver without actually retrieving 
> the public keys from the keyserver.
> 
> > Alternatively, if I do gpgme_op_keylist_start() using an email address with
> > GPGME_KEYLIST_MODE_EXTERN, the key->can_encrypt, key->can_certify and
> > key->can_sign are all 0x00. I've tried several email addresses found on
> > keys.opengpg.org, and the result is the same.
> 
> Using gpgme_op_keylist_start() with GPGME_KEYLIST_MODE_EXTERN does a remote 
> lookup on the keyserver. It does _not_ import the found keys. That's why 
> can_encrypt, etc. are all 0x00. You need to download and import the keys if 
> you want to use them.
> 
This makes sense now. I will look into the sample codes and manual to see how
I can download and import the keys after listing it. Any suggestion on where to
look for them ? Hopefully, it'll be straight forward.
> Alternatively, you may want to use the auto-key-locate option of gpg which 
> automatically locates and retrieves keys when encrypting to an email address.
The codes that I am developing is actually a DLL used by another C#/C++ written
in .Net framwork. Thus, the binary developed has to be portable. I will look 
into the auto-key-locate option for sure. 
> 
> Don't reinvent the wheel using gpgme if you can simply use what gpg provides 
> out of the box. Of course, you can still use gpgme for doing the encryption, 
> but don't try to retrieve the keys yourself if gpg can do it for you.
I am new to GnuPG and this is a great tool in programming. I am not sure how to
use gpg commands directly in C/C++ codes though. I thought gpgme is providing the 
interface to use gpg ? 

Thanks again,
Eric
> 
> Regards,
> Ingo



> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users




More information about the Gnupg-users mailing list