Adding support for fetching GPG key using WKD protocol

Fabian Groffen grobian at
Thu Jul 5 07:13:45 UTC 2018


Just wondering, I've got "auto-key-retrieve" set in my gpg.conf.  I'm
using gpgme, and as far as I'm aware it fetches keys it doesn't know
upon reading the message (gives a little delay) to verify the signature
is OK.

Is this a different thing somehow?


On 04-07-2018 23:27:23 +0200, Wiktor Kwapisiewicz wrote:
> Hello mutt-dev,
> I would like to extend mutt to add fetching GPG keys over Web Key 
> Directory protocol.
> (I've previously created an issue on gitlab [0] but I'll summarize the 
> thing here for the broader audience).
> Web Key Directory is a new scheme for GPG key discovery. It converts the 
> e-mail address to HTTPS URL and fetches the key from there. It is 
> already supported by some e-mail clients (EnigMail, GpgOL).
> For example has it enabled and Linus' key is at: 
> As GnuPG 2 has it enabled by default "gpg --locate-key 
> torvalds at" will fetch that key.
> I've been exploring mutt's source code and the change would mostly be 
> enabling external lookup for keys that are not locally present [1] when 
> encryption is explicitly turned on (gpgme backend).
> That raises some privacy issues, the same was discussed on gnupg-devel 
> ML [2] (gpg by default will fetch the key via WKD when encrypting to a 
> recipient but will *not* fetch the key when verifying signatures).
> The question is how to do it well. Maybe ask the user if they want to 
> search for the key using WKD if it's not locally present?
> An option would be the first choice but I worry about it not being used 
> at all (as people rarely enable non-standard features [3]).
> Thank you for your consideration!
> Kind regards,
> Wiktor
> [0]:
> [1]: gpgme_set_keylist_mode(ctx, 
> crypto-gpgme.c#get_candidates.
> [2]:
> [3]:
> -- 

Fabian Groffen
Gentoo on a different level
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <>

More information about the Mutt-dev mailing list