[pkg-gnupg-maint] Bug#943952: gpg --locate-key fails to find keys via "basic/direct" URLs

Hans-Christoph Steiner hans at at.or.at
Fri Nov 1 15:55:08 GMT 2019 

Package: gpg
Version: 2.2.12-1+deb10u1
Severity: normal

Dear Maintainer,

I recently tried setting up three domains with Web Key Directory (WKD)
"basic/direct" URLs:

https://wiki.gnupg.org/WKDHosting says
>  .well-known/openpgpkey/hu if using the fallback "direct" URL scheme

https://www.ietf.org/id/draft-koch-openpgp-webkey-service-08.txt says:
>
>   The direct method requires no additional DNS entries and constructs
>   the URI from the concatenation of these items:
>
>   o  The scheme "https://",
>   o  the domain-part,
>   o  the string "/.well-known/openpgpkey/hu/",
>   o  the above constructed 32 octet string,
>   o  the unchanged local-part as a parameter with name "l" using proper
>      percent escaping.

Here are the URLs I setup:

hans at at.or.at
https://at.or.at/.well-known/openpgpkey/hu/tyyfxn4t6ytctsfpzfogin37su9pzssg

hans at guardianproject.info
https://guardianproject.info/.well-known/openpgpkey/hu/tyyfxn4t6ytctsfpzfogin37su9pzssg

admin at f-droid.org
https://f-droid.org/.well-known/openpgpkey/hu/4y36rkzdjnzmk3oxaekyi5biowgr5kcz

Using this test command fails to find any of them, all failing with the
same error:

$ gpg -v --auto-key-locate clear,wkd,nodefault --locate-key
admin at f-droid.org
gpg: using pgp trust model
gpg: error retrieving 'admin at f-droid.org' via WKD: No data
gpg: error retrieving 'admin at f-droid.org' via None: No public key
gpg: key "admin at f-droid.org" not found: No public key


-- System Information:
Debian Release: 10.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (100,
'proposed-updates'), (100, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gpg depends on:
ii  gpgconf        2.2.12-1+deb10u1
ii  libassuan0     2.5.2-1
ii  libbz2-1.0     1.0.6-9.2~deb10u1
ii  libc6          2.28-10
ii  libgcrypt20    1.8.4-5
ii  libgpg-error0  1.35-1
ii  libreadline7   7.0-5
ii  libsqlite3-0   3.27.2-3
ii  zlib1g         1:1.2.11.dfsg-1

Versions of packages gpg recommends:
ii  gnupg  2.2.12-1+deb10u1

gpg suggests no packages.

-- no debconf information

More information about the pkg-gnupg-maint mailing list