Re: Hints on how to check for a WKD key (was: Trying to get PKA working)
Am Mittwoch 21 Februar 2024 17:16:57 schrieb Werner Koch via Gnupg-users: > On Wed, 21 Feb 2024 15:52, Philip Colmer said: > > that works. The wiki (https://wiki.gnupg.org/WKDHosting) says to use > > gpg --homedir "$(mktemp -d)" --verbose --locate-keys > > your.em...@example.org ... and this doesn't work. > > Its a wiki and ppl change it at will and worse nobody checks and updates > it. *cough* I do check and update it on a few places, but not everywhere. (And help is always appreciated.) The above example as it is in the wiki still works as a test with 2.2.40. And it is indicated as test. Note that for the test somebody is not really importing the pubkey. What did not work? > $ gpg-wks-client --check -v w...@gnupg.org > > If you add --debug=ipc you can actually see what has been requested from > the server. Without any option you just get an returns status for > scripting. I've added the second test method as well. -- https://intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Hints on how to check for a WKD key (was: Trying to get PKA working)
On Wed, 21 Feb 2024 15:52, Philip Colmer said: > that works. The wiki (https://wiki.gnupg.org/WKDHosting) says to use > gpg --homedir "$(mktemp -d)" --verbose --locate-keys > your.em...@example.org ... and this doesn't work. Its a wiki and ppl change it at will and worse nobody checks and updates it. The above seems to be an old idea to make sure tha the key does not yet exist. In contrast to --locate-key --locate-external-key loads the key from external resources even if it already exists. Thus this is a refresh key function. Some folks don't like to clutter their keyring with more keys and thus use a temporary GNUPGHOME directory (i..e --homedir). For me the above works: $ gpg --homedir "$(mktemp -d)" --verbose --locate-keys w...@gnupg.org [...] gpg: pub ed25519/63113AE866587D0A 2018-09-28 w...@gnupg.org gpg: key 63113AE866587D0A: public key "w...@gnupg.org" imported gpg: no running gpg-agent - starting '/usr/local/bin/gpg-agent' gpg: waiting for the agent to come up ... (5s) gpg: connection to the agent established gpg: Total number processed: 1 gpg: imported: 1 gpg: auto-key-locate found fingerprint AEA84EDCF01AD86C4701C85C63113AE866587D0A gpg: automatically retrieved 'w...@gnupg.org' via WKD pub ed25519 2018-09-28 [SC] [expires: 2027-01-31] AEA84EDCF01AD86C4701C85C63113AE866587D0A uid [ unknown] w...@gnupg.org sub cv25519 2018-09-28 [E] [expired: 2022-01-31] sub ed25519 2020-08-04 [S] sub brainpoolP384r1 2021-06-28 [E] [expires: 2027-01-10] Another way to test is $ gpg-wks-client check -v w...@gnupg.org gpg-wks-client: public key for 'w...@gnupg.org' found via WKD gpg-wks-client: fingerprint: AEA84EDCF01AD86C4701C85C63113AE866587D0A gpg-wks-client: user-id: w...@gnupg.org gpg-wks-client: created: Mon 01 Oct 2018 05:39:07 PM CEST gpg-wks-client: addr-spec: w...@gnupg.org This is develpment version, you need to use the classical thing though: $ gpg-wks-client --check -v w...@gnupg.org If you add --debug=ipc you can actually see what has been requested from the server. Without any option you just get an returns status for scripting. Now someone(tm) should update the wiki. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
