Trouble with keyservers
David Shaw
dshaw at jabberwocky.com
Sun Oct 21 20:30:38 CEST 2007
On Tue, Oct 16, 2007 at 11:28:48AM -0400, Daniel Benoy wrote:
> Hi. I generated my key with the assistance of an experimental program
> called 'gnupg-pkcs11-scd' and my Aladdin eToken and I think the key that was
> generated is somehow messed up. When I exchange my public key with friends
> manually, they can encrypt to me just fine. But when they grab from a
> keyserver they can't.
The problem with your key on the keyserver is that you have a primary
key that is tagged for Signing (signing data) and Certification
(signing keys), and a subkey tagged for Authentication (proving you
are you). You don't have any key or subkey for encryption.
Or to be more accurate, you DO have a key for encryption, but the
keyserver isn't storing it. This is a well-known keyserver bug with
the pksd keyserver software, but many sites refuse to stop running it,
despite this and other bugs. If you use a keyerver running sks
software, you'll be fine. I believe that pool.sks-keyservers.net has
only sks servers in its mix.
David
More information about the Gnupg-users
mailing list