--auto-key-retrieve fails for some keys
kloecker at kde.org
Tue Nov 2 18:18:43 CET 2021
On Dienstag, 2. November 2021 16:05:30 CET Tadeus Prastowo via Gnupg-users
> The signature on a Linux kernel can be verified successfully using
> `--auto-key-retrieve', but the signature on an Emacs cannot be
> verified in the same manner because gpg is unable to retrieve the
> needed public key automatically.
The important difference is:
> gpg: Signature made Mon 15 Feb 2021 10:11:32 AM CET
> gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
-> fingerprint of signing key
> gpg: requesting key 38DBBDC86092693E from hkp server keyserver.ubuntu.com
> gpg: Signature made Thu 25 Mar 2021 12:53:08 PM CET
> gpg: using RSA key 91C1262F01EB8D39
-> (long) key id of signing key
> gpg: Can't check signature: No public key
man gpg tells us:
These options enable or disable the automatic retrieving of
keys from a keyserver when verifying signatures made by
keys that are not on the local keyring. The default is --no-
The order of methods tried to lookup the key is:
5. If any keyserver is configured and the Issuer Fingerprint
is part of the signature (since GnuPG 2.1.16), the con-
figured keyservers are tried.
The signature on the Linux kernel contains the Issuer Fingerprint. The
signature on Emacs doesn't (probably because a very old version of GnuPG is
used to sign Emacs).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users