Mailing List Archive

Instructions for confirming WKS requests manually
Hi, all.

gpg-wks-server sends a confirmation email with the following text/plain
alternative part:

```
This message has been send to confirm your request
to publish your key. If you did not request a key
publication, simply ignore this message.

Most mail software can handle this kind of message
automatically and thus you would not have seen this
message. It seems that your client does not fully
support this service. The web page

https://gnupg.org/faq/wkd.html

explains how you can process this message anyway in
a few manual steps.
```

The FAQ merely references the following page on the wiki:

https://wiki.gnupg.org/WKD

... and there are no instructions there for manual verification. Were
there instructions there before?

--
Andrew Gallagher
Re: Instructions for confirming WKS requests manually [ In reply to ]
On Wed, 25 Mar 2020 09:27, Andrew Gallagher said:

> https://wiki.gnupg.org/WKD
>
> ... and there are no instructions there for manual verification. Were
> there instructions there before?

I am not sure about the wiki pages; tehre is a history, though. The
easiest way on a Unix box to handle the message is by adding

--8<---------------cut here---------------start------------->8---
application/vnd.gnupg.wks; /usr/local/libexec/gpg-wks-client \
-v --read --send; needsterminal; description=WKS message
--8<---------------cut here---------------end--------------->8---

to /etc/mailcap. You may need to use /usr/lib/gpg-wks-client or so if
you are using the distros version of GnuPG.

Manual verification requires reading the specs and in the end you will
use gpg-wks-cleint anyway. Except for the option --send the tool also
works on Windows and on Unices with no installed sendmail You merely fee
the entire mail into gpg-wks-tool and it writes the confirmation mail to
stdout. --read expect an already decrypted message while --receive
would do that for you.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Re: Instructions for confirming WKS requests manually [ In reply to ]
On 25/03/2020 11:05, Werner Koch wrote:
>
> Manual verification requires reading the specs and in the end you will
> use gpg-wks-cleint anyway. Except for the option --send the tool also
> works on Windows and on Unices with no installed sendmail You merely fee
> the entire mail into gpg-wks-tool and it writes the confirmation mail to
> stdout.
It's the next step that I'm struggling with. If I have access to a
sendmail elsewhere then sure, I can cut and paste the stdout. But I'm
more concerned with use cases that lack local delivery or terminal
access, and rely on e.g. Mailvelope. If one has 2fa enabled on mail
accounts port 25 is going to be a world of pain, and won't work from
inside most corporate firewalls anyway...

I've tried various permutations of attaching the output from
gpg-wks-client to a webmail message but it always seems to get wrapped
in MIME parts that contradict the real content type, and gpg-wks-server
invariably treats it as cruft.

Is there any way that I can reliably get the PGP block through a
misbehaving webmail and have it understood at the server end?

--
Andrew Gallagher