[Gpg4win-users-en] gpg4win 3.1.16 with updated GnuPG 2.2.32: No public key found despite having refreshed the keys
Stella Ashburne
rewefie at gmx.com
Wed Dec 22 12:17:45 CET 2021
Hello Bernhard
Thanks for taking the time to write a rather lengthy reply and I appreciate your effort.
> Sent: Wednesday, December 22, 2021 at 6:32 PM
> From: "Bernhard Reiter" <bernhard at intevation.de>
> To: gpg4win-users-en at wald.intevation.org
> Subject: Re: [Gpg4win-users-en] gpg4win 3.1.16 with updated GnuPG 2.2.32: No public key found despite having refreshed the keys
>
> http://keyserver.ubuntu.com/pks/lookup?search=0xE53D989A9E2D47BF&fingerprint=on&op=index
> it seems is one one of the public keys that got flodded with
> third-party signatures and they added a new subkey.
>
> This will cause the problem when refreshing the key.
> It seems the emerging new pubkeyserver do not carry the pubkey currently,
> see https://spider.pgpkeys.eu/sks-peers
May I conclude that gpg4win is unable to cope with the scenario that you described? In any case, Debian 11 is able to refresh Tor's sub-keys without having to use WKD.
> The a better alternative then using keys.openpgp.org is to use
> WKD to get the pubkey directly from the Tor Project, e.g.
> https://support.torproject.org/tbb/how-to-verify-signature/
Noted
> (The problem with keys.openpgp.org is that they valididate pubkeys, which aims
> for being a central service and they do not serve the other pubkeys in a way
> being compatible with the openpgp standard 4880.)
It's not just keys.openpgp.org. I have tried at least six public keyservers without success.
> But WKD is more directy anyway, so you could use
> gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser at torproject.org
> or try
> gpg --locate-keys torbrowser at torproject.org
> in the command line.
Thanks for the tips on how to use the commandline to locate keys.
Best wishes of the season.
Stella
More information about the Gpg4win-users-en
mailing list