wks for sign-only keys

Erich Eckner gnupg at eckner.net
Fri Jan 11 09:46:05 CET 2019



On 11.01.19 09:05, Bernhard Reiter wrote:
> Am Mittwoch 09 Januar 2019 11:55:12 schrieb Erich Eckner:
>> I'm currently setting up wkd and wks on my server. This works great for
>> keys which can encrypt and sign. However, when I try to publish a
> 
>> gpg-wks-client: creating request failed: Unusable public key
> 
> One of the design ideas of WKD/WKS is that it is as simple as possible.
> A pubkey without the ability to be encrypted to is a special case.
> 
> Maybe some special cases could be supported in the future, but in my view this
> would need a very good reason, so that the hassle of added complexity is worth 
> it.
> 
> So what is your use case? Why not just use a pubkey with allows encryption
> and do not use it, if you don't need it? To me the encryption test has the 
> advantage to check that it is actually possible to retrieve a pubkey for an 
> email address and right away use it for encryption to this address.
> 
> 
> Best Regards,
> Bernhard

My use case is a key for (automatic) signing of packages and/or
archives. To avoid any confusions, I created the key without capability
of encryption (no emails should be sent to that address - besides of
course wks emails).
If it would add much complexity to allow for uploading sign-only keys, I
guess, I'm fine with replacing the key with one that can also encrypt -
or uploading the key manually to wkd.

regards,
Erich



More information about the Gnupg-devel mailing list