Hello, I am trying to implement WKD/WKS and followed the tutorial here: https://wiki.gnupg.org/WKS
I have a few questions: 1. If I follow the guidelines for creating the directory /var/lib/gnupg/wkd, it has ownership webkey:webkey and permissions 2750. So there ist no chance for the apache user to be able to read anything within that directory. I could solve that by adding the apache user to the webkey group. Is that the intended solution? 2. I am stuck when submitting a key to the submission address for confirmation. I have created a key for the submission address as suggested and I am submitting the key encrypted and signed with the key I am submitting. On the server side, gpg-wks-server fails when trying to decrypt the key because it cannot verify the signature: gpg-wks-server: t2body for level 0 gpg-wks-server: t2body for level 1 gpg-wks-server: t2body for level 1 gpg-wks-server: gpg: armor header: Version: GnuPG v1.4.11 (GNU/Linux) gpg-wks-server: gpg: public key is *** gpg-wks-server: gpg: using subkey *** instead of primary key *** gpg-wks-server: gpg: public key is *** gpg-wks-server: gpg: encrypted with ELG key, ID *** gpg-wks-server: gpg: using subkey *** instead of primary key *** gpg-wks-server: gpg: encrypted with 3072-bit RSA key, ID ***, creat ed 2022-11-30 gpg-wks-server: gpg: "schluessel@***.de" gpg-wks-server: gpg: AES256 encrypted data gpg-wks-server: gpg: original file name='' gpg-wks-server: gpg: Signature made Wed Nov 30 12:27:14 2022 CET gpg-wks-server: gpg: using DSA key *** gpg-wks-server: gpg: Can't check signature: No public key gpg-wks-server: error running '/usr/bin/gpg': exit status 2 gpg-wks-server: decryption failed: General error gpg-wks-server: parsing decrypted message gpg-wks-server: no suitable data found in the message gpg-wks-server: command failed: No data There's obviously no chance verification could succeed. How can I turn this off? I tried creating /home/webkey/.gnupg/gpg.conf and adding "skip-verify" to it. This works on the command line, but has no effect on gpg-wks-server. 3. What is the behaviour when the WKS server receives a key for an address for which it already has a (different) key? Will it replace the old key, will it refuse or ignore the new one? Thanks, Andreas _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
