When reading IPGP entries the processing fails with "public key not found".
Based on my debugging the issue is that gpg_dirmngr_dns_cert always returns an r_key stream, which causes the caller to assume a key was returned (i.e., that a PGP entry was found), but that it has no valid key.
I added a patch that seems to fix this for me, though not sure it's the right use of the estream.
| rG GnuPG | |||
| rGa17584d000cf gpg: Fix getting key by IPGP. | |||
| rG7e321c2c2a15 gpg: Fix getting key by IPGP. | |||
Thank you for the bug report and your patch.
I read RFC 4398 and IIUC, it is indirect key reference by fpr or url, with no key data, and the return line by dirmngr is nothing but status lines for fpr and/or url (only).
I'm afraid accessing internal field of estream is ok or not. If it's not OK, something like following would be equivalent:
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index ed2cf9dc2..02edfefea 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -1198,7 +1198,7 @@ gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype, if (err) goto leave; - if (r_key) + if (es_ftell (parm.memfp) != 0 && r_key) { es_rewind (parm.memfp); *r_key = parm.memfp;