gpg auto-locate-key selects expired/revoked key
Jan Eden
tech at eden.one
Thu Jun 9 08:11:01 CEST 2022
On 2022-06-08 22:51, Andrew Gallagher via Gnupg-users wrote:
> On 8 Jun 2022, at 07:46, Jan Eden via Gnupg-users <gnupg-users at gnupg.org> wrote:
> >
> > - Which WKD server hosts my expired/revoked key such that it takes precedence
> > over my own WKD server at domain.com <http://domain.com/>?
> > - Why does gpg select an expired/revoked key over a valid key?
>
> I suspect the issue is that your WKD is serving both keys (as you can see from the output of the metacode checker) but GnuPG expects just one key to be served, and so is consuming the first (which is the expired one) and ignoring the second. Try replacing the file on the WKD server with one that contains just the current key?
Thanks for the hint! I followed the instructions at
https://shibumi.dev/posts/how-to-setup-your-own-wkd-server/, and
unintentionally exported all keys for the address (gpg --no-armor
--export $uid) instead of specifying the key id.
Now I corrected the mistake, and all is well.
- Jan
PS. The key used to sign your message seems to be expired.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220609/ca74a403/attachment.sig>
More information about the Gnupg-users
mailing list