Re: keys retrieved from keyserver (keys.openpgp.org) are unusable

2021-07-27 Thread root 
On Tue, Jul 27, 2021 at 02:34:28PM +0200, Ingo Klöcker wrote:
> On Dienstag, 27. Juli 2021 01:32:53 CEST root wrote:
> > Long story short, when the public key is downloaded to my PC as a plain text
> > .asc file, and later imported using the function
> > gpgme_op_keylist_from_data_start() and gpgme_op_keylist_new(), the
> > key->can_encrypt, key->sign_certify, and can_sign are all 0x01.
> 
> gpgme_op_keylist_from_data_start() does _not_ import any keys. All it does is 
> retrieve the meta data of the keys passed to it as data. Those keys cannot be 
> used for any crypto operations like signing, encrypting, etc. because the 
> public key data has _not_ been imported. The keys have just been listed. This 
> is very similar to listing the keys on a keyserver without actually 
> retrieving 
> the public keys from the keyserver.
> 
> > Alternatively, if I do gpgme_op_keylist_start() using an email address with
> > GPGME_KEYLIST_MODE_EXTERN, the key->can_encrypt, key->can_certify and
> > key->can_sign are all 0x00. I've tried several email addresses found on
> > keys.opengpg.org, and the result is the same.
> 
> Using gpgme_op_keylist_start() with GPGME_KEYLIST_MODE_EXTERN does a remote 
> lookup on the keyserver. It does _not_ import the found keys. That's why 
> can_encrypt, etc. are all 0x00. You need to download and import the keys if 
> you want to use them.
> 
This makes sense now. I will look into the sample codes and manual to see how
I can download and import the keys after listing it. Any suggestion on where to
look for them ? Hopefully, it'll be straight forward.
> Alternatively, you may want to use the auto-key-locate option of gpg which 
> automatically locates and retrieves keys when encrypting to an email address.
The codes that I am developing is actually a DLL used by another C#/C++ written
in .Net framwork. Thus, the binary developed has to be portable. I will look 
into the auto-key-locate option for sure. 
> 
> Don't reinvent the wheel using gpgme if you can simply use what gpg provides 
> out of the box. Of course, you can still use gpgme for doing the encryption, 
> but don't try to retrieve the keys yourself if gpg can do it for you.
I am new to GnuPG and this is a great tool in programming. I am not sure how to
use gpg commands directly in C/C++ codes though. I thought gpgme is providing 
the 
interface to use gpg ? 

Thanks again,
Eric
> 
> Regards,
> Ingo



> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

keys retrieved from keyserver (keys.openpgp.org) are unusable

2021-07-27 Thread root 
Hi, all

I've posted this question on stackoverflow.com a few days ago, and I am still 
waiting for someone to comment. 

https://stackoverflow.com/questions/68490051/key-retrieved-from-keyserver-keys-openpgp-org-cant-be-used-gpgme

Long story short, when the public key is downloaded to my PC as a plain text 
.asc file, and later imported using the
function gpgme_op_keylist_from_data_start() and gpgme_op_keylist_new(), the 
key->can_encrypt, key->sign_certify,
and can_sign are all 0x01. 

Alternatively, if I do gpgme_op_keylist_start() using an email address with 
GPGME_KEYLIST_MODE_EXTERN, the key->can_encrypt,
key->can_certify and key->can_sign are all 0x00. I've tried several email 
addresses found on keys.opengpg.org, and the
result is the same. 

Either way, I can't use this key to even encrypt data. For the key downloaded 
as a .asc file, if I manually 
"certify" the key first using Kleopatra prior to 
gpgme_op_keylist_from_data_start(), it then can be used to encrypt the
data. But my purpose is to use the public key downloaded remotely with 
GPGME_KEYLIST_MODE_EXTERN only, and without 
Kleopatra of course. 

The trust-model has been set to "ALWAYS", or "always" using 
gpgme_set_ctx_flag(). The crypto protocol used is OpenPGP. 

I can't find good hints using the sample codes in 
https://github.com/gpg/gpgme.git either.

Any comment/suggestion is welcome. 

Eric

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users