Page MenuHome GnuPG

Kleopatra: Certificate lookup shows only one result even if there are 100s matches
Closed, ResolvedPublic

Description

How to reproduce:

  • Select Lookup on Server
  • Enter test
  • Click Search

Observation:
A single key is listed as result of the lookup.

Analysis:

  • Kleopatra's certificate tree view removes duplicate keys based on their fingerprint.
  • KeyListJob returns keys which have fingerprint NULL.

-> Both together result in a list with a single key.

KeyListJob does something like
gpg --with-colons --search-keys -- test

Running this on the command line I get a list of keys with long key ids but without fingerprints. I'm using the default keyserver, i.e. I haven't specified any keyservers in any configuration files. Did keyservers in the past return fingerprints? Or do they still do so, but gpg somehow "forgets" the fingerprints when parsing the keyserver replies?

In the end it means that OpenPGP certificate lookup in Kleopatra is completely useless unless there is exactly one matching key.

Event Timeline

That KeyListJob returns keys which have fingerprint NULL is caused by keyservers returning just key IDs instead of fingerprints. The change for T5741: dirmngr does not ask keyservers for fingerprints should fix this. Still keyservers are only guaranteed to return key IDs, so we cannot assume that keys returned by KeyListJob have fingerprints.

We decided to notify the user if the keyserver doesn't return fingerprints. The fingerprints are needed by Kleopatra as unique identifier for keys. Trying to make key lookup work without fingerprints isn't useful.

ikloecker claimed this task.