| gabriel rosenkoetter on Sat, 5 Jul 2003 23:16:14 -0400 |
|
On Sat, Jul 05, 2003 at 06:34:49PM +0000, John Beck wrote: > My question is, if my key id is my email address, what information should I be > putting in the <keyserver> field? Your keyid isn't your email address, it's the last four bytes (eight characters in hex representation) of your key's fingerprint. Your email address works because GnuPG (and most other PGP implementations) do a string search across the information in the key when you give them a string. I actually don't remember whether using your email address will work for --send-key. I'm pretty sure it won't for --recv-key (because it would put a ridiculous load on the keyserver to go do a pattern match across all the data in its whole keyring). On Sat, Jul 05, 2003 at 07:02:59PM -0400, Jeff Abrahamson wrote: > You can put this in your ~/.gnupg/options file to avoid having to > specify it each time. Which is handy[1] in conjunction with keyserver-options auto-key-retrieve because, if you're using an MUA like mutt that just makes a shell call to gpg, it'll retrieve keys that show up on mailing lists but aren't already on your public keyring. Also, I think ~/.gnupg/options is deprecated; you might want to switch that to gpg.conf. (It'll work the same way for now, but isn't guaranteed to in the future, right David?) > keyserver wwwkeys.pgp.net > # Gabe R recommends: > #keyserver subkeys.pgp.net > > I will let Gabe remark on the difference between wwwkeys and subkeys. > According to dig, sometimes they are the same host, sometimes not. I'd strongly recommend switching. subkeys.pgp.net should be a superset of wwwkeys.pgp.net. That's a DNS round-robin for the keyservers that don't mangle keys with various kinds of subkeys attached to them (like say new subkeys after a given one has expired). Supporting the keyservers that have been too lazy to switch off the broken version of pks they're using isn't helping the situation... (That enough explanation?) [1] Definiton 2 of "handy": security risk. Automatically downloading things is almost always a bad idea. There's no more reason to assume that gpg doesn't contain a buffer flow than there is to assume that Microsoft Outlook doesn't. Now, gpg is probably a little bit more careful with the data it retrieves from a keyserver... but still. Be conscious of what you're having your software do for you. -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpD7KwggnV6i.pgp
|
|