Unreliable key server operations
I’ve been experiencing this for a while without being sure it was a bug. Today I’m convinced it is one:
I tried to fetch a public key and it failed:
amnesia@amnesia:~$ gpg --search-keys email@example.com gpg: WARNING: Tor is not properly configured gpg: error searching keyserver: Permission denied gpg: keyserver search failed: Permission denied
Then unplugged my Ethernet cable and plugged it back.
Then tried to fetch the same key again and it worked:
amnesia@amnesia:~$ gpg --search-keys firstname.lastname@example.org gpg: data source: http://jirk5u4osbsr34t5.onion:11371 (1) Floriana Pagano <email@example.com> 4096 bit RSA key 0xB4B65273C21574E0, created: 2017-04-21, expires: 2022-04-20 Keys 1-1 of 1 for "firstname.lastname@example.org". Enter number(s), N)ext, or Q)uit > 1 gpg: key 0xB4B65273C21574E0: public key "Floriana Pagano <email@example.com>" imported gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 20 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: depth: 1 valid: 20 signed: 36 trust: 20-, 0q, 0n, 0m, 0f, 0u gpg: next trustdb check due at 2018-04-11 gpg: Total number processed: 1 gpg: imported: 1
It seems like some keyservers don’t like Tor. Maybe we could configure one that always works?
Related to Tails -
#3 Updated by intrigeri 2018-03-16 08:01:54
- Assignee set to sajolida
- QA Check set to Info Needed
Could you please share the content of your
The default one is:
use-tor keyserver hkp://jirk5u4osbsr34t5.onion
… which uses an Onion Service so “some keyservers don’t like Tor” does not apply.
#4 Updated by sajolida 2018-03-16 16:55:17
- Status changed from Confirmed to Resolved
- Assignee deleted (
Before reporting my bug I checked the diff between my gpg.conf and /etc/skel/.gnupg/gpg.conf and the only difference is ‘default-key’.
But indeed, I didn’t have /etc/skel/.gnupg/dirmngr.conf in my ~/.gnupg, probably because I created my persistence before it was added (3c68e5ff4c - 2017-01-31).
So I copied this dirmngr.conf to my ~/.gnupg and can probably close this ticket now.
It might still be useful for other people :)