Why is --auto-key-locate only for encrypting?

Phil Pennock gnupg-users at spodhuis.org
Wed Sep 1 18:15:56 CEST 2021


On 2021-09-01 at 13:50 +0200, Ingo Klöcker wrote:
> On Mittwoch, 1. September 2021 07:55:21 CEST raf via Gnupg-users wrote:
> > Why is the --auto-key-locate only for encrypting (says
> > the gpg(1) manpage)? Wouldn't it also be useful when
> > receiving emails and verifying signatures?
> 
> --auto-key-locate looks up keys by email address. It makes no sense when 
> verifying signatures because in this case you already know the key id the 
> signature was made with, so that there's no reason to look up the key by email 
> address (which is ambiguous).

If you're looking up purely by key id, then you need a working global
key-lookup facility.  It doesn't federate.

If you look up by email address, then federation becomes available and
efforts such as WKD pay off.

-Phil



More information about the Gnupg-users mailing list