The "Refresh" button in the key details should always check on WKD if there are UIDs with mail addresses.
Edit 2025-02-05: The button in question is now labeled "Update", the same action available in the context menu now is named "Update certificates".
Therefore the call to gpg --refresh-keys needs to be replaced by something else.
The WKD search should be done even if origin is "unknown" and not "WKD". And regardless of whether a keyserver is configured or not.
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Open | None | T6935 Kleopatra: Key search and refresh related improvements | ||
| Open | • werner | T6986 Refresh/update OpenPGP keys should check WKD |
I need to come up with a better strategy here. --refresh-keys is a very useful command and it should do what the user expects. Maybe we can adjust the behaviour iff we detect that there is an LDAP keyserver.
changed the workboard to gpd5x as this is still the case in Gpg4win 5.0-Beta versions.
I think there's some confusion.
The Update button in the Certificate Details uses gpg --recv-keys FPR for updating the key from the keyserver (if a keyserver is configured) and it uses gpg --locate-external-key EMAIL for updating the key/user ID via WKD.
gpg --refresh-keys is used when the user uses Tools->Refresh OpenPGP Certificates. I don't think that gpg --refresh-keys has anything to do with this ticket.
Moreover, I thought that we had agreed that Update only looks for email addresses on WKD that were originally retrieved from WKD unless the user enables the option "Query certificate directories of providers for all user IDs".