Why is --auto-key-locate only for encrypting?

Ingo Klöcker kloecker at kde.org
Thu Sep 2 12:57:47 CEST 2021

On Mittwoch, 1. September 2021 18:15:56 CEST Phil Pennock via Gnupg-users 
> On 2021-09-01 at 13:50 +0200, Ingo Klöcker wrote:
> > On Mittwoch, 1. September 2021 07:55:21 CEST raf via Gnupg-users wrote:
> > > Why is the --auto-key-locate only for encrypting (says
> > > the gpg(1) manpage)? Wouldn't it also be useful when
> > > receiving emails and verifying signatures?
> > 
> > --auto-key-locate looks up keys by email address. It makes no sense when
> > verifying signatures because in this case you already know the key id the
> > signature was made with, so that there's no reason to look up the key by
> > email address (which is ambiguous).
> If you're looking up purely by key id, then you need a working global
> key-lookup facility.  It doesn't federate.
> If you look up by email address, then federation becomes available and
> efforts such as WKD pay off.

I concur. That's why --auto-key-retrieve also does a WKD lookup if the 
signature has the Signer's UID set.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210902/41b3189f/attachment.sig>

More information about the Gnupg-users mailing list