Stefan Claas <s...@300baud.de> wrote: > One more question, I tried to verify Werner's signature, from postings here > on the ML, but his signature could not be verified, due to a missing pub key > (0xFF80AE9D1DEC358D). But when looking at Wiktor's WKD checker a key is > present, but with a different Fingerprint. > > https://metacode.biz/openpgp/web-key-directory
Well, thatʼs seems to be true:
$ wget -qO - "$(/usr/lib/gnupg/gpg-wks-client --print-wkd-url
w...@gnupg.org)" | gpg --with-colons
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub:-:256:22:63113AE866587D0A:1538149415:1801393200::-:
uid:::::::::w...@gnupg.org:
sub:-:256:18:3CD7B3A055039224:1538149415:1643626805:::
I dunno why @w...@gnupg.org did that, but whatever his reasons were, the fact
that he was _able_ to do that, is exactly the key reason why proper
(write-only) keyserver networks (SKS- or Hockeypuck-based) are indispensable.
Use them, not WKD or proprietary keyserver services, when you want to get a key
by a given fingerprint. In other words, when enabling --auto-key-retrieve,
make sure that --keyserver is set to something like
hkps://keyserver.ubuntu.com. IIUC, there is, unfortunately, still no way to
configure multiple keyservers for retrieval (contrary to locating).
BTW, does anyone remember, how to command gpg(1) to print the above in a
human-readable format? There was some incantation, IIRC, but GPGʼs options are
so tangled, that I have failed to find it.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
