[Gpg4win-users-en] GpgOL - Automatic Key Discovery

Andre Heinecke aheinecke at intevation.de
Thu Nov 22 09:17:23 CET 2018


On Thursday, November 22, 2018 1:08:10 AM CET me at kilosierracharlie.me wrote:
> I’m trying to get a family-friend setup with GpgOL. He’s not very technical,
> and as of current the only part he’s struggling with is searching and
> importing public keys (at this point, via Kleopatra!). 

Searching the keyservers via Mail address is a bad idea, you cannot know who 
uploaded the key and if the key is the right one.

> I understand that GpgOL will make use of WKD / WKS to find keys, but is there
> any way of automatically discovering and retrieving keys from a key-server
> in the same way? 

As stated above there is no automated way possible for us to get keys for a 
mail address from the keyservers because anyone can upload keys there and mess 
with us.

> WKD / WKS requires that the recipient owns, controls and has setup WKD / WKS
> on their domain – something that can’t be done for most people, who use
> popular free e-mail clients such as Gmail and Outlook.com.
> If anyone knows how I could set something like this up (or even just an
> easier way to help him understand), I’d truly appreciate it!

You can add "auto-key-retrieve" into your %APPDATA%\gnupg\gpg.conf that will 
query the keyservers once a signed mail is received for the key that belongs 
to the signature (by fingerprint). GpgOL can then use that key. Although it 
won't use it for "automatically secure" before it has been certified. You could 
change that by also adding "trust-model tofu+pgp" in your gpg.conf that is 
still experimental but will be our next step to automate even more.

Best Regards,

Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20181122/115b7ada/attachment.asc>

More information about the Gpg4win-users-en mailing list