On Fri, Jan 29, 2016 at 11:44:06AM -0300, Raph wrote:
Hi,I want to pass custom option to the way unknown keys are fetched (custom keyring and a couple of `expect` things) For this I define `pgp_getkeys_command`. The issue is that as soon as it's defined, it's command (approximately `gpg --search-keys '<email>'`) is run every time, *even if the key is already in my keyring*. If I undefine `pgp_getkeys_command` then the default value behavior verify the signature using the local keyring as I would expect. How could I define a custom fetch command while keeping the sane default behavior of searching key servers only if needed?
I don't know if this helps, but I have the following options in my ~/.gnupg/gpg.conf:
keyserver hkps://hkps.pool.sks-keyservers.net keyserver-options ca-cert-file=~/.gnupg/sks-keyservers.netCA.pem keyserver-options auto-key-retrieve keyserver-options import-clean keyserver-options no-honor-keyserver-url keyserver-options no-try-dns-srv keyserver-options include-revoked import-options import-clean auto-key-locate local cert pka keyserverTogether, these options first try to verify a key from my local keyring then, if it's not found there, gpg will fetch the key from the specified keyserver. This does mean that mutt appears to freeze for a few seconds when opening a message from a new sender, but otherwise it all seems to work fine.
For the PEM file referenced above, see https://sks-keyservers.net/verify_tls.php
Thank you
-- For more information, please reread.
signature.asc
Description: PGP signature
