[neomutt-devel] pager: how to retrieve pubkey -> auto-key-retrieve

Sven Guckes neomutt-lists at guckes.net
Tue Nov 22 17:22:59 CET 2016 

* Pietro Cerutti <gahr at gahr.ch> [2016-11-22 16:17]:
> On 2016-Nov-22, 15:23, Sven Guckes wrote:
> > how do *you* retrieve an unknown public key?
> >
> > situation:
> > you read a message (you are in the menu "pager")
> > and gpg tells you that it can not check the signature
> > because you do not have a copy of the public key
> > which was used to sign the message:
> >
> >   gpg: Signature made Wed Nov 23 05:23:42 2016 CET
> >   gpg:              using RSA key 0123456789ABCDEF
> >   gpg: Can't check signature: public key not found
> >
> > who to download/retrieve that public key?
>
> Does setting
>
>     keyserver hkp://keys.gnupg.net
>     keyserver-options auto-key-retrieve
>
> in your ~/.gnupg/gpg.conf help?

oh - i hadnt know about "auto-key-retrieve" yet!
thanks, Pietro! :) i shall use that from now on..

this is what i see on your message now:

  gpg: Signature made Tue Nov 22 16:16:57 2016 CET
  gpg:                using RSA key ADD0D38EA192089E
  gpg: requesting key ADD0D38EA192089E from hkp server keys.gnupg.net
  gpg: DBG: armor-keys-failed (KEY 0xADD0D38EA192089E BEGIN
  ) ->0
  gpg: DBG: armor-keys-failed (KEY 0xADD0D38EA192089E END
  ) ->0
  gpg: please do a --check-trustdb
  gpg: Good signature from "Pietro Cerutti <gahr at gahr.ch>"
  gpg:                 aka "Pietro Cerutti (The FreeBSD Project) <gahr at FreeBSD.org>"
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: DA6D E106 A5B8 54B8 5DD8  6D49 ADD0 D38E A192 089E

so here it is:
"gpg: requesting key ADD0D38EA192089E from hkp server keys.gnupg.net"
gpg is now retrieving keys automagically.  yay!

okay, now gpg will *always* do this.
however, this might be too much..

how to solve the problem with just
a command (internal or external)?
so my description of the problem
is missing a "case-by-case" request.

two sidenotes:

trustdb warnings:
even though a cron job is taking care of my trustdb every day
and my gpg.conf has "no-auto-check-trustdb" set, i *still*
get that message of "gpg: please do a --check-trustdb" o_O
why?

does anyone know how to handle these errors?

  gpg: DBG: armor-keys-failed (KEY 0xADD0D38EA192089E BEGIN) ->0
  gpg: DBG: armor-keys-failed (KEY 0xADD0D38EA192089E END) ->0

these messages are a bit annoying.

maybe it's time to upgrade gpg..

Sven

More information about the neomutt-devel mailing list