[Tickets #11380] Re: GPG keys are not fetched from the configured keyserver
bugs at horde.org
bugs at horde.org
Mon Aug 27 13:18:39 UTC 2012
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/11380
------------------------------------------------------------------------------
Ticket | 11380
Updated By | o+horde at immerda.ch
Summary | GPG keys are not fetched from the configured keyserver
Queue | Horde Framework Packages
Version | Git master
Type | Bug
State | Unconfirmed
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
o+horde at immerda.ch (2012-08-27 13:18) wrote:
Actually there was even more wrong in this case. See my updated pull
request for a second patch which checks all fetched keyids if they
actually have a correct uid:
(git log) Fix: horde picks mismatching gpg-keys.
We should only use gpg keys with an uid containing a matching email
address to encrypt mails.
How a keyserver responds to a text search is not standardized. See
https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#page-3
3.1.1.3. Text Searches
How a keyserver handles a textual search is implementation defined.
See also the definition of the "exact" variable for a method to
give additional instructions to the server on how the search is to
be executed.
We should therefore not rely to get the correct key, just because we
where searching for an email address. This patch removes all keys from
the candidates list, which do not contain the correct email address
between <> in the uid field.
uid lines from the keyserver are constructed as follows:
uid:escaped uid string:creationdate:expirationdate:flags
(s.openpgp-hkp rfc draft)
where all pgp compatible tools that i know of use the following uid
format:
name (comment) <email>
More information about the bugs
mailing list