Page MenuHome GnuPG

gpgme keyserver import incompatible with SKS 1.1.5
Closed, ResolvedPublic

Description

With SKS 1.1.5 keyservers return the full fingerprint in response to a search of
a v4 key.

According to http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-5.2
this is ok. But gpgme internally only reserves 16 byte for the keyid that it
parses from the keyserver response. If the response is longer it is ignored and
the key lookup fails.

As the 16 byte restriction is part of _gpgme_subkey changing it would break ABI
compatibility. As a workaround I would propose to just use the last 8 characters
of the fingerprint as Keyid in gpgme. (See attached patch)

Werner do you think this would be ok? (Maybe as a fix until a ABI breaking
version is released?)

Event Timeline

There is no guarantee that you will see a keyid at all. The keyid and the
fingerprint are actually different objects and it is only for v4 key format that
you can compute the keyid from the fingerprint. We have to implement this
knowledge into gpgme.

Meanwhile I did this and master does now work as expected. It even returns the
fingerprint if available. You may this with the also enhanced gpgme-tool.

While working on it I also fixed the --search-key thing for gnupg master.

Tested the patch with 1.4.4 on Windows against
vm-keyserver.spline.inf.fu-berlin.de which did not work previously.

Patch is also included in gpg4win now.

Thanks!

aheinecke removed a project: Restricted Project.