On Wed, Dec 03, 2025 at 11:38:04AM +0100, Giacomo Tesio wrote: > Hi, while trying to improve the usability of key lookup in Claws-Mail > with a contextual menu that let you search for pgp keys over any email, > upstream developers proposed an interesting scenario I would not know > how to handle, despite looking at the GPGME documentation. > > The scenario is running "gpg --locate-keys [email protected]" with the > configured keyservers returning different keys for that email address.
In PGP world, identities are denoted with a hex number. A key fingerprint or the shortened key ID. These identities can normally be considered to unique. The email address on the other hand is really just a convenience feature tacked on to the identity. It is not only possible, but reasonably common for there to be two PGP keys with the same email address. For example, that can happen when someone abandons a PGP key and starts over with another one with the same email address. So the problem seems intrinsic to me. The user will eventually be expected to determine which key fingerprint/ID is correct. Bruce _______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
