auto-key-locate

Simon Josefsson jas at extundo.com
Thu May 18 14:32:24 CEST 2006 

Werner Koch <wk at gnupg.org> writes:

>     * New auto-key-locate option that takes an ordered list of methods
>       to locate a key if it is not available at encryption time (-r or
>       --recipient).  Possible methods include "cert" (use DNS CERT as
>       per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
>       server for the domain in question), "keyserver" (use the
>       currently defined keyserver), as well as arbitrary keyserver
>       URIs that will be contacted for the key.

I'm having trouble getting hkp keyservers to work with
auto-key-locate.  gpg do appear to retrieve the key successfully, but
then it complains that it can't use it.  Ideas?

~/.gnupg/gpg.conf contains:

auto-key-locate x-hkp://subkeys.pgp.net

jas at latte:~/src/gnupg$ gpg -a -e -r dshaw at jabberwocky.com
gpg: searching for names from hkp server subkeys.pgp.net
gpg: key 99242560: public key "David M. Shaw <dshaw at jabberwocky.com>" imported
gpg: key 3CB3B415: public key "David M. Shaw <dshaw at jabberwocky.com>" imported
gpg: key D46DCCC5: "David M. Shaw (High Security) <dshaw+secure at jabberwocky.com>" not changed
gpg: key DFF20E79: public key "David M. Shaw <dshaw at jabberwocky.com>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0  valid:   4  signed:  21  trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: depth: 1  valid:  21  signed:  43  trust: 1-, 0q, 0n, 1m, 19f, 0u
gpg: depth: 2  valid:  29  signed: 223  trust: 24-, 0q, 0n, 0m, 5f, 0u
gpg: depth: 3  valid:  24  signed: 158  trust: 24-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2006-07-10
gpg: Total number processed: 4
gpg:               imported: 3  (RSA: 3)
gpg:              unchanged: 1
gpg: automatically retrieved `dshaw at jabberwocky.com' via x-hkp://subkeys.pgp.net
gpg: dshaw at jabberwocky.com: skipped: unusable public key
gpg: [stdin]: encryption failed: unusable public key
jas at latte:~/src/gnupg$ gpg -a -e -r dshaw at jabberwocky.com
gpg: 1643B926: There is no assurance this key belongs to the named user

pub  2048g/1643B926 2002-01-28 David M. Shaw <dshaw at jabberwocky.com>
 Primary key fingerprint: 7D92 FD31 3AB6 F373 4CC5  9CA1 DB69 8D71 9924 2560
      Subkey fingerprint: F0EC 51D9 2ED0 C183 8977  DDD0 AE28 27D1 1643 B926

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N)

Btw, DNS CERT retrieval work fine, see:

foo at latte:~$ gpg -a -e -r simon at josefsson.org
gpg: key B565716F: public key "Simon Josefsson <simon at josefsson.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: no ultimately trusted keys found
gpg: automatically retrieved `simon at josefsson.org' via DNS CERT
gpg: A14C401A: There is no assurance this key belongs to the named user

pub  1024R/A14C401A 2006-03-18 Simon Josefsson <simon at josefsson.org>
 Primary key fingerprint: 0424 D4EE 81A0 E3D1 19C6  F835 EDA2 1E94 B565 716F
      Subkey fingerprint: 9FB3 8B75 7032 6114 34B5  649E C0C3 8BF5 A14C 401A

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N)

Thanks,
Simon

More information about the Gnupg-users mailing list