gpg auto-locate-key selects expired/revoked key

Jan Eden tech at
Thu Jun 9 08:11:01 CEST 2022

On 2022-06-08 22:51, Andrew Gallagher via Gnupg-users wrote:
> On 8 Jun 2022, at 07:46, Jan Eden via Gnupg-users <gnupg-users at> wrote:
> > 
> > - Which WKD server hosts my expired/revoked key such that it takes precedence
> >  over my own WKD server at <>?
> > - Why does gpg select an expired/revoked key over a valid key?
> I suspect the issue is that your WKD is serving both keys (as you can see from the output of the metacode checker) but GnuPG expects just one key to be served, and so is consuming the first (which is the expired one) and ignoring the second. Try replacing the file on the WKD server with one that contains just the current key?

Thanks for the hint! I followed the instructions at, and
unintentionally exported all keys for the address (gpg --no-armor
--export $uid) instead of specifying the key id.

Now I corrected the mistake, and all is well.

- Jan

PS. The key used to sign your message seems to be expired.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list