Why is --auto-key-locate only for encrypting?
Phil Pennock
gnupg-users at spodhuis.org
Wed Sep 1 18:15:56 CEST 2021
On 2021-09-01 at 13:50 +0200, Ingo Klöcker wrote:
> On Mittwoch, 1. September 2021 07:55:21 CEST raf via Gnupg-users wrote:
> > Why is the --auto-key-locate only for encrypting (says
> > the gpg(1) manpage)? Wouldn't it also be useful when
> > receiving emails and verifying signatures?
>
> --auto-key-locate looks up keys by email address. It makes no sense when
> verifying signatures because in this case you already know the key id the
> signature was made with, so that there's no reason to look up the key by email
> address (which is ambiguous).
If you're looking up purely by key id, then you need a working global
key-lookup facility. It doesn't federate.
If you look up by email address, then federation becomes available and
efforts such as WKD pay off.
-Phil
More information about the Gnupg-users
mailing list