Why is --auto-key-locate only for encrypting?
kloecker at kde.org
Thu Sep 2 12:57:47 CEST 2021
On Mittwoch, 1. September 2021 18:15:56 CEST Phil Pennock via Gnupg-users
> On 2021-09-01 at 13:50 +0200, Ingo Klöcker wrote:
> > On Mittwoch, 1. September 2021 07:55:21 CEST raf via Gnupg-users wrote:
> > > Why is the --auto-key-locate only for encrypting (says
> > > the gpg(1) manpage)? Wouldn't it also be useful when
> > > receiving emails and verifying signatures?
> > --auto-key-locate looks up keys by email address. It makes no sense when
> > verifying signatures because in this case you already know the key id the
> > signature was made with, so that there's no reason to look up the key by
> > email address (which is ambiguous).
> If you're looking up purely by key id, then you need a working global
> key-lookup facility. It doesn't federate.
> If you look up by email address, then federation becomes available and
> efforts such as WKD pay off.
I concur. That's why --auto-key-retrieve also does a WKD lookup if the
signature has the Signer's UID set.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users