photo-ID omitted when retrieving keys from WKD

Piotr Morgwai Kotarbinski foss at morgwai.pl
Mon Jan 31 15:58:22 CET 2022 

Hello all,
I have a public key with a photo-ID uploaded to WKD at my domain and when I download it manually and import to gpg, everything works as expected:

> ubuntu at sandbox-jammy:~$ mkdir curl
> ubuntu at sandbox-jammy:~$ chmod 0700 curl
> ubuntu at sandbox-jammy:~$ gpg --homedir curl --list-keys
> gpg: keybox '/home/ubuntu/curl/pubring.kbx' created
> gpg: /home/ubuntu/curl/trustdb.gpg: trustdb created
> ubuntu at sandbox-jammy:~$ curl https://morgwai.pl/.well-known/openpgpkey/hu/iffe93qcsgp4c8ncbb378rxjo6cn9q6u?l=test |gpg --homedir curl --import
>   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>                                  Dload  Upload   Total   Spent    Left  Speed
> 100  6131  100  6131    0     0   7041      0 --:--:-- --:--:-- --:--:--  7039
> gpg: key 5EE910C88398CC40: public key "Test Email <test at morgwai.pl>" imported
> gpg: Total number processed: 1
> gpg:               imported: 1
> ubuntu at sandbox-jammy:~$ gpg --homedir curl --list-keys
> /home/ubuntu/curl/pubring.kbx
> -----------------------------
> pub   rsa3072 2022-01-31 [SC] [expires: 2024-01-31]
>       23F3101D5D4428E12E6659095EE910C88398CC40
> uid           [ unknown] Test Email <test at morgwai.pl>
> uid           [ unknown] [jpeg image of size 3890]
> sub   rsa3072 2022-01-31 [E] [expires: 2024-01-31]


However if I try to locate the same key automatically using WKD mechanism, then the attached photo-ID is not imported into my keyring:

> ubuntu at sandbox-jammy:~$ gpg --homedir wkd --list-keys
> gpg: keybox '/home/ubuntu/wkd/pubring.kbx' created
> gpg: /home/ubuntu/wkd/trustdb.gpg: trustdb created
> ubuntu at sandbox-jammy:~$ gpg -vv --homedir wkd --locate-keys test at morgwai.pl
> gpg: using pgp trust model
> gpg: error retrieving 'test at morgwai.pl' via Local: No public key
> # off=0 ctb=99 tag=6 hlen=3 plen=397
> :public key packet:
> 	version 4, algo 1, created 1643637767, expires 0
> 	pkey[0]: [3072 bits]
> 	pkey[1]: [17 bits]
> 	keyid: 5EE910C88398CC40
> # off=400 ctb=b4 tag=13 hlen=2 plen=28
> :user ID packet: "Test Email <test at morgwai.pl>"
> # off=430 ctb=89 tag=2 hlen=3 plen=468
> :signature packet: algo 1, keyid 5EE910C88398CC40
> 	version 4, created 1643637767, md5len 0, sigclass 0x13
> 	digest algo 10, begin of digest d0 92
> 	hashed subpkt 33 len 21 (issuer fpr v4 23F3101D5D4428E12E6659095EE910C88398CC40)
> 	hashed subpkt 2 len 4 (sig created 2022-01-31)
> 	hashed subpkt 27 len 1 (key flags: 03)
> 	hashed subpkt 9 len 4 (key expires after 2y0d0h0m)
> 	hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
> 	hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
> 	hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
> 	hashed subpkt 30 len 1 (features: 01)
> 	hashed subpkt 23 len 1 (keyserver preferences: 80)
> 	subpkt 16 len 8 (issuer key ID 5EE910C88398CC40)
> 	data: [3072 bits]
> # off=901 ctb=d1 tag=17 hlen=3 plen=3909 new-ctb
> :attribute packet: [jpeg image of size 3890]
> # off=4813 ctb=89 tag=2 hlen=3 plen=468
> :signature packet: algo 1, keyid 5EE910C88398CC40
> 	version 4, created 1643638375, md5len 0, sigclass 0x13
> 	digest algo 10, begin of digest 64 cc
> 	hashed subpkt 33 len 21 (issuer fpr v4 23F3101D5D4428E12E6659095EE910C88398CC40)
> 	hashed subpkt 2 len 4 (sig created 2022-01-31)
> 	hashed subpkt 27 len 1 (key flags: 03)
> 	hashed subpkt 9 len 4 (key expires after 2y0d0h0m)
> 	hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
> 	hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
> 	hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
> 	hashed subpkt 30 len 1 (features: 01)
> 	hashed subpkt 23 len 1 (keyserver preferences: 80)
> 	subpkt 16 len 8 (issuer key ID 5EE910C88398CC40)
> 	data: [3072 bits]
> # off=5284 ctb=b9 tag=14 hlen=3 plen=397
> :public sub key packet:
> 	version 4, algo 1, created 1643637767, expires 0
> 	pkey[0]: [3072 bits]
> 	pkey[1]: [17 bits]
> 	keyid: B66941040BC242DD
> # off=5684 ctb=89 tag=2 hlen=3 plen=444
> :signature packet: algo 1, keyid 5EE910C88398CC40
> 	version 4, created 1643637767, md5len 0, sigclass 0x18
> 	digest algo 10, begin of digest 65 bc
> 	hashed subpkt 33 len 21 (issuer fpr v4 23F3101D5D4428E12E6659095EE910C88398CC40)
> 	hashed subpkt 2 len 4 (sig created 2022-01-31)
> 	hashed subpkt 27 len 1 (key flags: 0C)
> 	hashed subpkt 9 len 4 (key expires after 2y0d0h0m)
> 	subpkt 16 len 8 (issuer key ID 5EE910C88398CC40)
> 	data: [3069 bits]
> gpg: pub  rsa3072/5EE910C88398CC40 2022-01-31  Test Email <test at morgwai.pl>
> gpg: writing to '/home/ubuntu/wkd/pubring.kbx'
> gpg: key 5EE910C88398CC40: public key "Test Email <test at morgwai.pl>" imported
> gpg: no running gpg-agent - starting '/usr/bin/gpg-agent'
> gpg: waiting for the agent to come up ... (5s)
> gpg: connection to agent established
> gpg: Total number processed: 1
> gpg:               imported: 1
> gpg: auto-key-locate found fingerprint 23F3101D5D4428E12E6659095EE910C88398CC40
> gpg: automatically retrieved 'test at morgwai.pl' via WKD
> pub   rsa3072 2022-01-31 [SC] [expires: 2024-01-31]
>       23F3101D5D4428E12E6659095EE910C88398CC40
> uid           [ unknown] Test Email <test at morgwai.pl>
> sub   rsa3072 2022-01-31 [E] [expires: 2024-01-31]


Is this intended or is it a bug? Is there a way to force gpg to retrieve photo-ID when using WKD?
I'm using GnuPG-2.2.27 on ubuntu jammy.
Or maybe there's some problem with my WKD, regardless that it works manually with curl as shown above? It was generated using the python-3 script: `./generate-openpgpkey-hu-3 -k .gnupg/pubring.kbx -m morgwai.pl -o hu`

Thanks!

More information about the Gnupg-users mailing list