tag:gpgtools.tenderapp.com,2011-11-04:/discussions/problems/112654-gpg-suite-ignores-auto-key-locate-configurationGPGTools: Discussion 2023-07-17T18:00:48Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/493240412021-08-12T15:07:31Z2021-08-12T15:07:31ZGPG Suite ignores auto-key-locate configuration<div><p>Hi Bryan,</p>
<p>this is true for our GPG Suite tools like GPG Mail, GPG Services and GPG Keychain.<br>
Since they don't automatically fetch any keys at the moment, this is by design.</p>
<p>Via command line you can of course use auto-locate-key and it will work as expected if configured in your gpg.conf</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/493240412021-08-12T16:04:04Z2021-08-12T16:04:06ZGPG Suite ignores auto-key-locate configuration<div><p>Hey Luke, thanks for the response. I'm a little confused though... I have an option that says "Automatically download public keys" which does automatically fetch keys from my configured key server when I receive a signed email and don't already have the signer's key. Could this option not use --locate-key to support the auto-locate-key options since the keyserver is still used in the same way?</p></div>Bryantag:gpgtools.tenderapp.com,2011-11-04:Comment/493240412021-08-18T09:41:42Z2021-08-18T09:41:42ZGPG Suite ignores auto-key-locate configuration<div><p>Hi Bryan,</p>
<p>my previous message left out a few details. "They don't automatically fetch any keys" was meant to say, unless manually configured by using the setting you mentioned. Since our default is that fetching keys is disabled, it should not be overridden by a "misconfigured" gpg.conf. It's of course absolutely possible that you have added the auto-key-retrieve setting on purpose in the past, but it's also possible that it was set by a different tool in the past, without asking you, which is why we want you to "re-activate" option explicitly.</p>
<p>Based on <a href="https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html">GnuPG's manual</a> however, auto-key-retrieve does use WKD, which of course makes sense:</p>
<p>"--auto-key-retrieve [...] If the signature has the Signer’s UID set a WKD lookup is done. This is the default configuration [...]"</p>
<p><code>auto-key-locate</code> on the other hand is mainly used to fetch missing keys when encrypting messages for a recipient. But can also be used to disable the use of WKD with <code>auto-key-retrieve</code></p>
<p>Could you send a signed message to <a href="mailto:team@gpgtools.org">team@gpgtools.org</a> so we can test this?</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/493240412021-08-25T19:58:03Z2021-08-25T19:58:06ZGPG Suite ignores auto-key-locate configuration<div><p>Hey Luke,<br>
Okay, so I was initially confused by auto-key-retrieve setting. Thank you for clearing that up.</p>
<p>I set the auto-key-locate parameter manually in gpg.conf with the mechanisms I wanted "local,wkd,keyserver" and enabled auto-key-retrieve. I see now that auto-key-retrieve is not necessary for auto-key-locate to work, and having auto-key-retrieve disabled is a safe default. Maybe I should just explain what I was trying to do...</p>
<p>My goal was to set up GPG Suite to retrieve keys from our WKD and optionally use our internal HKP server as fallback. But even with the auto-key-locate parameters set in gpg.conf nothing actually tries to look up the key. This is why I was attempting to use the "Automatically download public keys" (aka auto-key-retrieve) setting, but was mistaken about what it did.</p>
<p>If I may request a feature it would be WKD support. Thunderbird has removed the ability to set a custom HKP server and GPG Suite seems to not work reliably with our internal HKP server either so I'd like to transition my Org to WKD.</p>
<p>Also the email address you have in your message is blocked. Feel free to email me at the email associated with this post.</p></div>Bryantag:gpgtools.tenderapp.com,2011-11-04:Comment/493240412021-08-26T15:06:37Z2021-08-27T19:30:17ZGPG Suite ignores auto-key-locate configuration<div><p>Thanks for elaborating on and sharing your use-case. We have a ticket for adding support for WKD. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you stay in the loop and will receive info as soon as we have news. Feel free to open a new discussion should you run into further problems or need assistance.</p>
<p>What do you mean by "email address is blocked"? Blocked in what way?</p>
<p>Best,<br>
Steve</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/493240412021-08-26T18:28:21Z2021-08-26T18:28:25ZGPG Suite ignores auto-key-locate configuration<div><p>Thanks for the update, Steve.</p>
<p>-Bryan</p></div>Bryantag:gpgtools.tenderapp.com,2011-11-04:Comment/493240412022-01-22T15:58:26Z2022-01-22T15:58:26ZGPG Suite ignores auto-key-locate configuration<div><p>Sorry Bryan - I never responded about the blocked email question of yours. You sent a screenshot showing the problem. Tender (the support platform service we use) has a "feature" where they remove email addresses.</p>
<p>Luke was asking about a signed test message from you. The email address you can send that to is team AT gpgtools DOT org</p></div>Steve