Hello, The signature on a Linux kernel can be verified successfully using `--auto-key-retrieve', but the signature on an Emacs cannot be verified in the same manner because gpg is unable to retrieve the needed public key automatically.
The GPG version is 2.2.19 (libgcrypt 1.8.5, if that matters) as shipped by Ubuntu 20.04.3. I manage to locate only one post in the GnuPG mailing list archive with respect to this `--auto-key-retrieve' failure. But, as far as I can see it, the post has no response. Perhaps one of you can reproduce the problem by the following steps? 1. Test using Linux kernel. wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.11.tar.xz https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.11.tar.sign unxz < linux-5.11.tar.xz | gpg --keyserver hkp://keyserver.ubuntu.com:80 --auto-key-retrieve --verify linux-5.11.tar.sign - The output of the last command is as follows: gpg: Signature made Mon 15 Feb 2021 10:11:32 AM CET gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E gpg: requesting key 38DBBDC86092693E from hkp server keyserver.ubuntu.com gpg: key 38DBBDC86092693E: public key "Greg Kroah-Hartman <gre...@linuxfoundation.org>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: Good signature from "Greg Kroah-Hartman <gre...@linuxfoundation.org>" [unknown] gpg: aka "Greg Kroah-Hartman <gre...@kernel.org>" [unknown] gpg: aka "Greg Kroah-Hartman (Linux kernel stable release signing key) <g...@kroah.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E 2. Test using Emacs. wget http://mirror.kumi.systems/gnu/emacs/emacs-27.2.tar.xz.sig http://mirror.kumi.systems/gnu/emacs/emacs-27.2.tar.xz cat emacs-27.2.tar.xz | gpg --keyserver hkp://keyserver.ubuntu.com:80 --auto-key-retrieve --verify emacs-27.2.tar.xz.sig - The output of the last command is as follows: gpg: Signature made Thu 25 Mar 2021 12:53:08 PM CET gpg: using RSA key 91C1262F01EB8D39 gpg: Can't check signature: No public key The key 0x91C1262F01EB8D39, however, can be retrieved manually just fine as shown below: gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0x91C1262F01EB8D39 gpg: key 91C1262F01EB8D39: public key "Eli Zaretskii (eliz) <e...@gnu.org>" imported gpg: Total number processed: 1 gpg: imported: 1 Any idea why the --auto-key-retrieve feature fails for some keys? Thank you. -- Best regards, Tadeus _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
