Hi, I just configured WKD on my server, and
gpg -v --auto-key-locate clear,wkd,nodefault --locate-key [email protected] works as expected for most of my uid/key combos, except for one address ([email protected]) which is linked to both a current and a revoked key. The output of the above command looks like this: gpg: Note: RFC4880bis features are enabled. gpg: using pgp trust model gpg: pub rsa4096/68FD03F8C6AB1DE4 2016-06-15 Old User <[email protected]> gpg: Note: signature key 68FD03F8C6AB1DE4 expired Mon Jun 14 18:12:44 2021 CEST gpg: key 68FD03F8C6AB1DE4: "Old Nickname <[email protected]>" not changed gpg: pub ed25519/7CD4656792B3A1F9 2022-06-06 Old User <[email protected]> gpg: key 7CD4656792B3A1F9: "Old User <[email protected]>" not changed gpg: Total number processed: 2 gpg: unchanged: 2 gpg: auto-key-locate found fingerprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx gpg: Note: signature key 68FD03F8C6AB1DE4 expired Mon Jun 14 18:12:44 2021 CEST gpg: automatically retrieved '[email protected]' via WKD pub rsa4096 2016-06-15 [SC] [revoked: 2022-06-07] 51585E1318770F501D3CBDE968FD03F8C6AB1DE4 uid [ revoked] Old Nickname <[email protected]> uid [ revoked] Old User <[email protected]> uid [ revoked] Old Nickname2 <[email protected]> sub rsa4096 2016-06-15 [E] [revoked: 2022-06-07] Even though [email protected] is the primary uid for the new key, gpg shows the other uid for this key ([email protected]). This is odd, but irrelevant. But then gpg proceeds to select the revoked key which is somehow available via WKD. The WKD test at https://metacode.biz/openpgp/web-key-directory delivers similar results, but at least it displays the fingerprints of both the current and the revoked key. Two questions: - Which WKD server hosts my expired/revoked key such that it takes precedence over my own WKD server at domain.com? - Why does gpg select an expired/revoked key over a valid key? Thanks, Jan _______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
