You are not logged in.

#1 2016-12-22 20:38:26

vredez
Member
Registered: 2016-01-07
Posts: 5

[SOLVED] GPG fails connecting to keyservers

I tried to import a key from various key servers with

$ gpg --recv-keys --keyserver hkp://pgp.mit.edu 1EB2638FF56C0C53

resulting in

gpg: keyserver receive failed: No keyserver available

no matter which server I choose.

Gathering some more details yields

$ gpg -vvv --debug-all --recv-keys --keyserver hkp://pgp.mit.edu 1EB2638FF56C0C53
gpg: Optionen werden aus '/home/philipp/.gnupg/gpg.conf' gelesen
gpg: using character set 'utf-8'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/philipp/.gnupg
gpg: DBG: chan_3 <- # Config: /home/philipp/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.1.17 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.1.17
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkp://pgp.mit.edu
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_GET -- 0x1EB2638FF56C0C53
gpg: DBG: chan_3 <- ERR 167772346 Kein Schlüsselserver verfügbar <Dirmngr>
gpg: Empfangen vom Schlüsselserver fehlgeschlagen: Kein Schlüsselserver verfügbar
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: secmem usage: 0/32768 bytes in 0 blocks

Importing the key on a different machine works flawlessly (via ssh), so the problem is located on my side.

EDIT:

I managed to track the problem further down by creating some dirmngr logs

# ~/.bin/dirmngr_log:

#!/bin/bash
dirmngr -vvv --debug-all --daemon --homedir ~/.gnupg --log-file ~/dirmngr_trace.log
gpg -vvv --debug-all --recv-keys --keyserver hkp://pgp.mit.edu --dirmngr ~/.bin/dirmngr_log 1EB2638FF56C0C53

yielding

# ~/dirmngr_trace.log:

2016-12-22 22:54:07 dirmngr[3210] Es wird auf Socket `/run/user/1000/gnupg/S.dirmngr' gehört
2016-12-22 22:54:07 dirmngr[3211.0]    dauerhaft geladene Zertifikate: 0
2016-12-22 22:54:07 dirmngr[3211.0] zur Laufzeit zwischengespeicherte Zertifikate: 0
2016-12-22 22:54:08 dirmngr[3211.7] Handhabungsroutine für fd 7 gestartet
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 -> # Home: /home/philipp/.gnupg
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 -> # Config: /home/philipp/.gnupg/dirmngr.conf
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 -> OK Dirmngr 2.1.17 at your service
2016-12-22 22:54:08 dirmngr[3211.7] connection from process 3207 (1000:1000)
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 <- GETINFO version
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 -> D 2.1.17
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 -> OK
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 <- KEYSERVER --clear hkp://pgp.mit.edu
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 -> OK
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 <- KS_GET -- 0x1EB2638FF56C0C53
2016-12-22 22:54:08 dirmngr[3211.7] DBG: dns: getsrv(_hkp._tcp.pgp.mit.edu): Server zeigt einen unbestimmten Fehler an
2016-12-22 22:54:08 dirmngr[3211.7] command 'KS_GET' failed: Server zeigt einen unbestimmten Fehler an <Quelle nicht angegeben>
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 -> ERR 219 Server zeigt einen unbestimmten Fehler an <Quelle nicht angegeben>
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 <- BYE
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 -> OK closing connection
2016-12-22 22:54:08 dirmngr[3211.7] Handhabungsroutine für den fd 7 beendet
2016-12-22 23:05:07 dirmngr[3211.0] starting housekeeping
2016-12-22 23:05:07 dirmngr[3211.0] ready with housekeeping

which seems to be a DNS issue?

Last edited by vredez (2016-12-22 23:55:54)

Offline

#2 2016-12-22 23:20:36

lilorox
Member
Registered: 2011-10-16
Posts: 25

Re: [SOLVED] GPG fails connecting to keyservers

I'm having the exact same problems.

Here are the messages I get (which are probably the same but in english wink :

[lilo:~] % killall dirmngr

[lilo:~] % ps aux | grep dirm
lilo      2244  0.0  0.0  11348  2276 pts/1    S+   00:15   0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn dirm

[lilo:~] % rm -rf ~/.gnupg

[lilo:~] % dirmngr </dev/null
dirmngr[2300]: error opening '/home/lilo/.gnupg/dirmngr_ldapservers.conf': No such file or directory
dirmngr[2300.0]: permanently loaded certificates: 0
dirmngr[2300.0]:     runtime cached certificates: 0
dirmngr[2300.0]: failed to open cache dir file '/home/lilo/.gnupg/crls.d/DIR.txt': No such file or directory
dirmngr[2300.0]: creating directory '/home/lilo/.gnupg'
dirmngr[2300.0]: creating directory '/home/lilo/.gnupg/crls.d'
dirmngr[2300.0]: new cache dir file '/home/lilo/.gnupg/crls.d/DIR.txt' created
# Home: /home/lilo/.gnupg
# Config: [none]
OK Dirmngr 2.1.17 at your service

[lilo:~] % dirmngr -vvv --debug-all --daemon --homedir /home/lilo/.gnupg --log-file /tmp/dirmngr_trace.log
dirmngr[2353]: Note: no default option file '/home/lilo/.gnupg/dirmngr.conf'
dirmngr[2353]: enabled debug flags: x509 crypto memory cache memstat hashing ipc dns network lookup
dirmngr[2353]: error opening '/home/lilo/.gnupg/dirmngr_ldapservers.conf': No such file or directory
DIRMNGR_INFO=/run/user/1000/gnupg/S.dirmngr:2357:1; export DIRMNGR_INFO;

[lilo:~] % DIRMNGR_INFO=/run/user/1000/gnupg/S.dirmngr:2357:1; export DIRMNGR_INFO;

[lilo:~] % gpg -vvv --debug-all --keyserver pgp.mit.edu --search-keys 79BE3E4300411886
gpg: Note: no default option file '/home/lilo/.gnupg/gpg.conf'
gpg: using character set 'utf-8'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: fd_cache_invalidate (/home/lilo/.gnupg/pubring.kbx)
gpg: DBG: iobuf-1.0: open '/home/lilo/.gnupg/pubring.kbx' desc=file_filter(fd) fd=3
gpg: DBG: iobuf-1.0: close 'file_filter(fd)'
gpg: DBG: /home/lilo/.gnupg/pubring.kbx: close fd/handle 3
gpg: DBG: fd_cache_close (/home/lilo/.gnupg/pubring.kbx) new slot created
gpg: DBG: iobuf-*.*: ioctl '/home/lilo/.gnupg/pubring.kbx' invalidate
gpg: DBG: fd_cache_invalidate (/home/lilo/.gnupg/pubring.kbx)
gpg: DBG:                 did (/home/lilo/.gnupg/pubring.kbx)
gpg: keybox '/home/lilo/.gnupg/pubring.kbx' created
gpg: DBG: chan_3 <- # Home: /home/lilo/.gnupg
gpg: DBG: chan_3 <- # Config: [none]
gpg: DBG: chan_3 <- OK Dirmngr 2.1.17 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.1.17
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkp://pgp.mit.edu
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- 79BE3E4300411886
gpg: DBG: chan_3 <- ERR 219 Server indicated a failure <Unspecified source>
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: secmem usage: 0/32768 bytes in 0 blocks

[lilo:~] 2 % cat /tmp/dirmngr_trace.log
2016-12-23 00:16:28 dirmngr[2353] listening on socket '/run/user/1000/gnupg/S.dirmngr'
2016-12-23 00:16:28 dirmngr[2357.0] permanently loaded certificates: 0
2016-12-23 00:16:28 dirmngr[2357.0]     runtime cached certificates: 0
2016-12-23 00:16:46 dirmngr[2357.7] handler for fd 7 started
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 -> # Home: /home/lilo/.gnupg
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 -> # Config: [none]
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 -> OK Dirmngr 2.1.17 at your service
2016-12-23 00:16:46 dirmngr[2357.7] connection from process 2406 (1000:100)
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 <- GETINFO version
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 -> D 2.1.17
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 -> OK
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 <- KEYSERVER --clear hkp://pgp.mit.edu
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 -> OK
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 <- KS_SEARCH -- 79BE3E4300411886
2016-12-23 00:16:46 dirmngr[2357.7] DBG: dns: getsrv(_hkp._tcp.pgp.mit.edu): Server indicated a failure
2016-12-23 00:16:46 dirmngr[2357.7] command 'KS_SEARCH' failed: Server indicated a failure <Unspecified source>
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 -> ERR 219 Server indicated a failure <Unspecified source>
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 <- BYE
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 -> OK closing connection
2016-12-23 00:16:46 dirmngr[2357.7] handler for fd 7 terminated

I get the same result on two different computers running Arch and with different keyservers.

Offline

#3 2016-12-22 23:23:06

lilorox
Member
Registered: 2011-10-16
Posts: 25

Re: [SOLVED] GPG fails connecting to keyservers

Offline

#4 2016-12-22 23:33:43

vredez
Member
Registered: 2016-01-07
Posts: 5

Re: [SOLVED] GPG fails connecting to keyservers

Yep, this seems to be the exact issue.
It comes down to the dirmngr DNS resolution, which doesn't work at all:

I captured the DNS traffic (TCP/UDP port 53) on my system issuing

$ gpg-connect-agent --dirmngr
...
> keyserver --resolve hkp://gpg.mit.edu
S # hkp://keys.gnupg.net:11371: resolve failed: Server zeigt einen unbestimmten Fehler an
OK

which was nonexistent.
I double checked, no DNS packets left my adapter hmm

EDIT:
Tagging this as SOLVED since it is most likely an upstream bug and can be temporarily fixed by downgrading to gnupg-2.1.16-2.

Last edited by vredez (2016-12-22 23:54:20)

Offline

#5 2017-02-23 09:58:22

gauteh
Member
Registered: 2008-03-17
Posts: 19
Website

Re: [SOLVED] GPG fails connecting to keyservers

Does this work for you with the latest gnupg release? What keyservers are you using?

Offline

#6 2017-03-05 12:26:57

martvefun
Member
From: The Internets
Registered: 2009-12-19
Posts: 172

Re: [SOLVED] GPG fails connecting to keyservers

Still the same issue with 2.1.19


English is not my native language, sorry for the mistakes
Arch amd64, GNOME, Dell Vostro

Offline

#7 2017-04-13 05:52:36

clanned
Member
Registered: 2017-04-13
Posts: 1

Re: [SOLVED] GPG fails connecting to keyservers

Hi, I'm facing the same problem, please add

standard-resolver

to file

/root/.gnupg/dirmngr.conf

and kill all dirmngr instance with

killall dirmngr

then try again

gpg --recv-keys --keyserver hkp://pgp.mit.edu 1EB2638FF56C0C53

More details please read https://dev.gnupg.org/T2889

Offline

#8 2017-09-10 19:52:37

Svante
Member
Registered: 2017-09-10
Posts: 1

Re: [SOLVED] GPG fails connecting to keyservers

This surfaced to me again today.  The problem seems to be that dirmngr expects some feature from the DNS server that not all ISP DNS servers seem to provide (?).

The solution for me was to force my system to use 8.8.8.8 as DNS (the Google provided one).

Offline

Board footer

Powered by FluxBB