Page MenuHome GnuPG
Create Task
Maniphest T8093

GPGME: inconsistent behavior on GPGME_KEYLIST_MODE_LOCATE from hkp server
Open, Needs TriagePublic
Actions

Description

I have a context where

gpgme_set_keylist_mode(ctx, GPGME_KEYLIST_MODE_LOCATE);
gpgme_set_ctx_flag(ctx, "auto-key-locate", "nodefault,hkp://fr.pgpkeys.eu:11371");

and I'm using gpgme_op_keylist_start, and gpgme_op_keylist_next to retrieve the keys of a test address that have multiple keys uploaded on that server.

As a result, I'd expect the keys to be imported in the keyring and listed one after another in the loop.

Instead, the keys get imported into the keyring, but gpgme_op_keylist_next returns GPG_ERR_EOF and does not list any key.

To easily replcate the issue I modified tests/run-keylist.c as attached

run-keylist.c16 KBDownload

Once built, it will reprodue the issue with

$ ./tests/run-keylist  --from-uri hkp://fr.pgpkeys.eu:11371 test@email.address

that will succeed with no error or output

(I can share privately the testing address I'm using, if you cannot reproduce the issue)

Event Timeline

giacomo created this task.Sat, Feb 7, 5:16 PM
giacomo added a comment.Sat, Feb 7, 7:28 PM

Looking to workaround this issue, I've noticed something that might be useful during debug.

if I invoke the test with

/tests/run-keylist  --from-uri hkp://fr.pgpkeys.eu:11371,local test@email.address

it actually prints the infos of the first key returned by the server. Only the first.

However all the keys found are still added to the keyring.

PS: If you know a workaround that I could adopt while waiting for the fix to spread downstream, please share it

giacomo added a comment.Sun, Feb 8, 2:49 PM

After serveral clever attempt, I've settled to this simple workaround that seems working despite being quite inefficient: if you don't find any key with gpgme_op_keylist_next and gpgme_err_code(err) == GPG_ERR_EOF on a ctx with keylist mode set to GPGME_KEYLIST_MODE_LOCATE, try again (even on the same context), after

gpgme_set_keylist_mode(ctx, GPGME_KEYLIST_MODE_LOCAL);
gpgme_set_ctx_flag(ctx, "auto-key-locate","clear,nodefault"); // still not sure this line is required

This will fork a new gpg command, so right now I'm only using this workaround when the user ask to locate the key over keyservers, not when they try with WKD, that, as far as I understood the protocol, cannot return multiple keys for one email.

Please let me know if you have a better workaround or any other suggestions.