On Wed, Mar 04, 2009 at 10:51:39AM +0100, Werner Koch wrote: > On Wed, 4 Mar 2009 05:58, ds...@jabberwocky.com said: > > > This is not currently possible. It seems like it should be (the > > principle of least surprise dictates that it should work with anything > > that can be passed to '-r'). > > The reason it works only with mail addresses is that I don't see an > application case for anything else. Gpg is most commonly used for email > encryption and here you need an email address anyway. --auto-key-locate > makes this case easy by retrieving a corresponding key.
GPG does not strongly distinguish between these cases - either way, the message is encrypted to the specified key, however that key is located (by address or by keyid). auto-key-locate grew out of the PKA and CERT feature. When I generalized it for PKA, CERT, and (automatic) LDAP, it grew the ability to query any arbitrary keyserver. To be sure, some of those methods only could work with an email address. PKA, CERT, and automatic LDAP rely on an email address to find the key. There is no concept of a keyid there. Keyservers, however, can accept either one. (CERT actually allows for keyids in the protocol too, but GPG doesn't implement that part). So, assuming "auto-key-locate hkp://keys.gnupg.net" (or similar), the surprise is that this works: gpg -r the-addr...@example.com -e the-file.txt But this does not: gpg -r 0x12345678 -e the-file.txt You can even extend the use case to stuff like: auto-key-locate ldap://my-company-keyserver hkp://keys.gnupg.net ldap://keyserver.pgp.com And they will be tried in order until one of them succeeds. While most keyservers synch, a local company keyserver likely would not, and things like PGP's global directory can't synch by their nature. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
