On Wed, Sep 01, 2021 at 01:50:36PM +0200, Ingo Klöcker <kloec...@kde.org> wrote:
> On Mittwoch, 1. September 2021 07:55:21 CEST raf via Gnupg-users wrote: > > Why is the --auto-key-locate only for encrypting (says > > the gpg(1) manpage)? Wouldn't it also be useful when > > receiving emails and verifying signatures? > > --auto-key-locate looks up keys by email address. It makes no sense when > verifying signatures because in this case you already know the key id the > signature was made with, so that there's no reason to look up the key by > email > address (which is ambiguous). Thanks. I don't understand why it makes no sense, but I'll take your word for it. But I can think of a reason to look up the key by email address even though you have the keyid from the signature: when the key is not on a keyserver or a WKD server, but is in a DNS OPENPGPKEY record (DANE). But perhaps that's not a thing. > The equivalent for automatic look-up of keys when verifying signatures is > --auto-key-retrieve. Thanks, but the manpage doesn't include DANE as one of the lookup methods for that option. That's what I was hoping for. Since this option does a WKD lookup if wkd is in the auto-key-locate list (and --disable-signer-uid isn't used), it seems that it would make sense to do a DANE lookup if dane is in the auto-key-locate list (and --disable-signer-uid isn't used). > Regards, > Ingo cheers, raf _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users