Questions regarding WKD/WKS
Werner Koch
wk at gnupg.org
Fri Dec 2 14:59:05 CET 2022
On Thu, 1 Dec 2022 14:45, Andreas Heinlein said:
> 1. If I follow the guidelines for creating the directory
> /var/lib/gnupg/wkd, it has ownership webkey:webkey and permissions
> 2750. So there ist no chance for the apache user to be able to read
That does not look right. You should have o+rx for the directories and
o+r for the files.
> suggested and I am submitting the key encrypted and signed with the
You should not sign the message.
The key to be published MUST be submitted using a PGP/MIME encrypted
message ({{{RFC(3156)}}}, section 4). The message MUST NOT be signed
(because the authenticity of the signing key has not yet been
confirmed).
I would also strongly suggest to use gpg-wks-client.
> gpg-wks-server: gpg: armor header: Version: GnuPG v1.4.11 (GNU/Linux)
GnuPG 1.4 - really? Don't do this. And in particialr not a 12 year old
version.
> 3. What is the behaviour when the WKS server receives a key for an
> address for which it already has a (different) key? Will it replace
> the old key, will it refuse or ignore the new one?
The old key will be replaced after the confirmation has been received.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20221202/449ef130/attachment.sig>
More information about the Gnupg-users
mailing list