You are not logged in.
- Topics: Active | Unanswered
#1 2022-06-02 02:40:44
- cherio
- Member
- Registered: 2022-04-27
- Posts: 30
[SOLVED] gpg --recv-keys ignores keyserver and doesn't work in general
My gpg --recv-keys doesn't seem to work no matter what I do. Depending on the settings it produces either
"gpg: keyserver receive failed: Server indicated a failure"or
"gpg: keyserver receive failed: Try again later"or at best
"no valid OpenPGP data found"I experimented with nameserver and keyserver settings, I played with system DNS, I reinstalled gnupg & archlinux-keyring, I wiped ~/.gnupg clean - nothing worked.
Currently my gpg.conf is blank and dirmngr.conf has the following:
$> cat ~/.gnupg/dirmngr.conf
debug ipc,network,dns,lookup
log-file /home/user/tmp/dirmngr.log
standard-resolver
keyserver https://keyserver.ubuntu.comWhile running the following command I noticed that even though I explicitly specify --keyserver https://keyserver.ubuntu.com argument, the GET response body (HTML content, see the log below) seems to be coming from https://keys.openpgp.org. This mystifies me. It feels like the keyserver argument gets ignored.
$> killall dirmngr gpg-agent
$> gpg --debug-all --keyserver https://keyserver.ubuntu.com --recv-keys FA41BF59C1B48E8C5F3DA61C8CE26BF4A9F606B0The log from gpg is right below and the corresponding log from dirmngr for the same request follows further down below
===================================================
gpg: reading options from '/etc/gnupg/gpg.conf'
gpg: reading options from '/home/user/.gnupg/gpg.conf'
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/user/.gnupg
gpg: DBG: chan_3 <- # Config: /home/user/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.2.35 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.2.35
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear https://keyserver.ubuntu.com
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_GET -- 0xFA41BF59C1B48E8C5F3DA61C8CE26BF4A9F606B0
gpg: DBG: chan_3 <- D <!DOCTYPE html>%0A
gpg: DBG: chan_3 <- D <html lang="en">%0A
gpg: DBG: chan_3 <- D <head>%0A
gpg: DBG: chan_3 <- D <meta charset="utf-8">%0A
gpg: DBG: chan_3 <- D <meta name="viewport" content="width=device-width, initial-scale=1.0">%0A
gpg: DBG: chan_3 <- D <meta name="description" content="OpenPGP Keyserver">%0A
gpg: DBG: chan_3 <- D %0A
gpg: DBG: chan_3 <- D <title>OpenPGP Keyserver</title>%0A
gpg: DBG: chan_3 <- D <link rel="icon" href="/favicon.ico" type="image/x-icon"/>%0A
gpg: DBG: chan_3 <- D <link href="assets/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet" type="text/css">%0A
gpg: DBG: chan_3 <- D <style type="text/css">%0A
gpg: DBG: chan_3 <- D html,body {%0A
gpg: DBG: chan_3 <- D height: 100%25;%0A
gpg: DBG: chan_3 <- D }%0A
gpg: DBG: chan_3 <- D #wrap {%0A
gpg: DBG: chan_3 <- D min-height: 100%25;%0A
gpg: DBG: chan_3 <- D height: auto !important;%0A
gpg: DBG: chan_3 <- D height: 100%25;%0A
gpg: DBG: chan_3 <- D margin: 0 auto -60px;%0A
gpg: DBG: chan_3 <- D }%0A
gpg: DBG: chan_3 <- D #push,#footer {%0A
gpg: DBG: chan_3 <- D height: 60px;%0A
gpg: DBG: chan_3 <- D }%0A
gpg: DBG: chan_3 <- D #footer {%0A
gpg: DBG: chan_3 <- D background-color: #f5f5f5;%0A
gpg: DBG: chan_3 <- D }%0A
gpg: DBG: chan_3 <- D .container .credit {%0A
gpg: DBG: chan_3 <- D margin: 20px 0;%0A
gpg: DBG: chan_3 <- D }%0A
gpg: DBG: chan_3 <- D .modal:target {%0A
gpg: DBG: chan_3 <- D display: block;%0A
gpg: DBG: chan_3 <- D }%0A
gpg: DBG: chan_3 <- D </style>%0A
gpg: DBG: chan_3 <- D </head>%0A
gpg: DBG: chan_3 <- D <body>%0A
gpg: DBG: chan_3 <- D <div id="wrap">%0A
gpg: DBG: chan_3 <- D <div class="container">%0A
gpg: DBG: chan_3 <- D <div class="page-header" id="banner" style="border-bottom: 0px;">%0A
gpg: DBG: chan_3 <- D <div class="row">%0A
gpg: DBG: chan_3 <- D <div class="col-lg-12">%0A
gpg: DBG: chan_3 <- D <h1 class="text-center"><strong>Hockeypuck</strong> OpenPGP keyserver</h1>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div><!--closing page header container-->%0A
gpg: DBG: chan_3 <- D <div class="container">%0A
gpg: DBG: chan_3 <- D <div class="row">%0A
gpg: DBG: chan_3 <- D <div class="col-lg-8 col-lg-offset-2">%0A
gpg: DBG: chan_3 <- D <form action="/pks/lookup" method="get" class="form" role="form">%0A
gpg: DBG: chan_3 <- D <div class="control-group">%0A
gpg: DBG: chan_3 <- D <div class="controls" style="max-width:30em; margin:0 auto;">%0A
gpg: DBG: chan_3 <- D <input name="search" class="form-control" type="text" placeholder="Search for an OpenPGP Public Key, ie 0x..." style="font-size: 1.5em; line-height: 1.5em; height: 2em;" required autofocus />%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D <div class="control-group text-center" style="margin-top: 0.5em;">%0A
gpg: DBG: chan_3 <- D <div class="controls">%0A
gpg: DBG: chan_3 <- D <button type="submit" class="btn btn-primary">%0A
gpg: DBG: chan_3 <- D <span class="glyphicon glyphicon-search"></span>%0A
gpg: DBG: chan_3 <- D Search Key%0A
gpg: DBG: chan_3 <- D </button>%0A
gpg: DBG: chan_3 <- D <a id="showSubmitFormBtn" type="button" class="btn btn-primary" data-toggle="modal" href="#submitKey">%0A
gpg: DBG: chan_3 <- D <span class="glyphicon glyphicon-cloud-upload"></span>%0A
gpg: DBG: chan_3 <- D Submit Key%0A
gpg: DBG: chan_3 <- D </a>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D <details class="text-center" style="margin-top: 0.5em;">%0A
gpg: DBG: chan_3 <- D <summary>Advanced Options</summary>%0A
gpg: DBG: chan_3 <- D <div class="control-group col-md-4 col-md-offset-2">%0A
gpg: DBG: chan_3 <- D <div class="controls">%0A
gpg: DBG: chan_3 <- D Index Options:%0A
gpg: DBG: chan_3 <- D <label class="checkbox" for="fingerprint">%0A
gpg: DBG: chan_3 <- D <input id="fingerprint" type="checkbox" name="fingerprint" checked="checked" />%0A
gpg: DBG: chan_3 <- D Show OpenPGP fingerprints%0A
gpg: DBG: chan_3 <- D </label>%0A
gpg: DBG: chan_3 <- D <label class="checkbox" for="hash">%0A
gpg: DBG: chan_3 <- D <input id="hash" type="checkbox" name="hash" />%0A
gpg: DBG: chan_3 <- D Show full-key hashes%0A
gpg: DBG: chan_3 <- D </label>%0A
gpg: DBG: chan_3 <- D <label class="checkbox" for="exact">%0A
gpg: DBG: chan_3 <- D <input id="exact" type="checkbox" name="exact" value="on" />%0A
gpg: DBG: chan_3 <- D Only return exact matches%0A
gpg: DBG: chan_3 <- D </label>%0A
gpg: DBG: chan_3 <- D <label class="checkbox" for="mr">%0A
gpg: DBG: chan_3 <- D <input id="mr" type="checkbox" name="options" value="mr" />%0A
gpg: DBG: chan_3 <- D Machine readable%0A
gpg: DBG: chan_3 <- D </label>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D <div class="control-group col-md-offset-6">%0A
gpg: DBG: chan_3 <- D <div class="controls">%0A
gpg: DBG: chan_3 <- D Index type:%0A
gpg: DBG: chan_3 <- D <label class="radio" for="radios-0">%0A
gpg: DBG: chan_3 <- D <input name="op" id="radios-0" value="index" checked="checked" type="radio">%0A
gpg: DBG: chan_3 <- D Get regular index of matching keys%0A
gpg: DBG: chan_3 <- D </label>%0A
gpg: DBG: chan_3 <- D <label class="radio" for="radios-1">%0A
gpg: DBG: chan_3 <- D <input name="op" id="radios-1" value="vindex" type="radio">%0A
gpg: DBG: chan_3 <- D Get <strong>verbose</strong> index of matching keys%0A
gpg: DBG: chan_3 <- D </label>%0A
gpg: DBG: chan_3 <- D <label class="radio" for="radios-2">%0A
gpg: DBG: chan_3 <- D <input name="op" id="radios-2" value="get" type="radio">%0A
gpg: DBG: chan_3 <- D Retrieve ASCII-armored keys%0A
gpg: DBG: chan_3 <- D </label>%0A
gpg: DBG: chan_3 <- D <label class="radio" for="radios-3">%0A
gpg: DBG: chan_3 <- D <input name="op" id="radios-3" value="hget" type="radio">%0A
gpg: DBG: chan_3 <- D Retrieve keys by full hash fingerprint%0A
gpg: DBG: chan_3 <- D </label>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </details>%0A
gpg: DBG: chan_3 <- D </form>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D <div class="modal" id="submitKey" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">%0A
gpg: DBG: chan_3 <- D <div class="modal-dialog">%0A
gpg: DBG: chan_3 <- D <div class="modal-content">%0A
gpg: DBG: chan_3 <- D <div class="modal-header">%0A
gpg: DBG: chan_3 <- D <h4 class="modal-title" id="myModalLabel">Submit Your OpenPGP Public Key</h4>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D <div class="modal-body">%0A
gpg: DBG: chan_3 <- D <form action="/pks/add" method="post" id="keySubmitForm">%0A
gpg: DBG: chan_3 <- D <div class="control-group">%0A
gpg: DBG: chan_3 <- D <div class="controls">%0A
gpg: DBG: chan_3 <- D <textarea id="textarea" name="keytext" rows="20" style="width: 100%25;font-family:Courier;font-size:12px;" placeholder="Enter your ASCII-armored OpenPGP public key here" required ></textarea>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D <div class="modal-footer">%0A
gpg: DBG: chan_3 <- D <a href="#" type="button" class="btn btn-default" data-dismiss="modal">Close</a>%0A
gpg: DBG: chan_3 <- D <button type="submit" class="btn btn-primary">%0A
gpg: DBG: chan_3 <- D <span class="glyphicon glyphicon-cloud-upload"></span>%0A
gpg: DBG: chan_3 <- D Submit Public Key%0A
gpg: DBG: chan_3 <- D </button>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </form>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D <div class="modal" id="about" tabindex="-1" role="dialog" aria-labelledby="AboutLabel" aria-hidden="true">%0A
gpg: DBG: chan_3 <- D <div class="modal-dialog">%0A
gpg: DBG: chan_3 <- D <div class="modal-content">%0A
gpg: DBG: chan_3 <- D <div class="modal-header">%0A
gpg: DBG: chan_3 <- D <a href="#" type="button" class="close" data-dismiss="modal" aria-hidden="true">×</a>%0A
gpg: DBG: chan_3 <- D <h4 class="modal-title" id="AboutLabel">About this Server</h4>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D <div class="modal-body">%0A
gpg: DBG: chan_3 <- D <p><strong>OpenPGP</strong> is a method of encrypting and/or signing data (for example an email) in a secure “<em>end to end</em>” way.%0A
gpg: DBG: chan_3 <- D This means, the message is encrypted on your computer, using the recipient’s public key,%0A
gpg: DBG: chan_3 <- D in a way that the e-mail server has no knowledge of the content of the message.%0A
gpg: DBG: chan_3 <- D The recipient of the message then decrypts the message on their own computer using their private key.</p>%0A
gpg: DBG: chan_3 <- D <hr />%0A
gpg: DBG: chan_3 <- D <h5>OpenPGP Resources</h5>%0A
gpg: DBG: chan_3 <- D <ul>%0A
gpg: DBG: chan_3 <- D <li><a href="https://github.com/hockeypuck/hockeypuck" target="_blank">Hockeypuck project on Github</a></li>%0A
gpg: DBG: chan_3 <- D <li><a href="https://gnupg.org/" target="_blank">GnuPG Homepage</a></li>%0A
gpg: DBG: chan_3 <- D <li><a href="https://emailselfdefense.fsf.org/en/" target="_blank">Email Self-defense</a></li>%0A
gpg: DBG: chan_3 <- D <li><a href="http://en.wikipedia.org/wiki/Pretty_Good_Privacy" target="_blank">Wikipedia - Pretty Good Privacy</a></li>%0A
gpg: DBG: chan_3 <- D </ul>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div><!--Closing content wrap-->%0A
gpg: DBG: chan_3 <- D <div id="footer">%0A
gpg: DBG: chan_3 <- D <div class="container">%0A
gpg: DBG: chan_3 <- D <div style="max-width: 20em; float: left;" >%0A
gpg: DBG: chan_3 <- D <p class="muted credit small">%0A
gpg: DBG: chan_3 <- D <a href="#about">about</a> |%0A
gpg: DBG: chan_3 <- D <a href="/pks/lookup?op=stats">statistics</a>%0A
gpg: DBG: chan_3 <- D </p>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </div>%0A
gpg: DBG: chan_3 <- D </body>%0A
gpg: DBG: chan_3 <- D </html>%0A
gpg: DBG: chan_3 <- OK
gpg: DBG: iobuf-1.0: esopen_nc '[fd 0x55a34dd24de0]'
gpg: DBG: armor-filter: control: 5
gpg: DBG: iobuf-1.1: push 'armor_filter'
gpg: DBG: armor-filter: control: 5
gpg: DBG: iobuf chain: 1.1 'armor_filter' filter_eof=0 start=0 len=0
gpg: DBG: iobuf chain: 1.0 'estream_filter' filter_eof=0 start=0 len=0
gpg: DBG: armor-filter: control: 1
gpg: DBG: iobuf-1.1: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.1: underflow: A->FILTER (8192 bytes)
gpg: DBG: armor-filter: control: 3
gpg: DBG: iobuf-1.0: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.0: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-1.0: A->FILTER() returned rc=0 (ok), read 8014 bytes
gpg: DBG: iobuf-1.0: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.0: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-1.0: A->FILTER() returned rc=-1 (EOF), read 0 bytes
gpg: DBG: [fd 0x55a34dd24de0]: es_fclose 0x000055a34dd24de0
gpg: DBG: iobuf-1.0: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.0: underflow: eof (pending eof)
gpg: DBG: iobuf-1.1: A->FILTER() returned rc=-1 (EOF), read 0 bytes
gpg: DBG: armor-filter: control: 2
gpg: no valid OpenPGP data found.
gpg: DBG: iobuf-1.1: pop in underflow (nothing buffered, got EOF)
gpg: DBG: iobuf chain: 1.0 '?' filter_eof=0 start=0 len=0
gpg: DBG: iobuf-1.0: close '?'
gpg: Total number processed: 0
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks=====================================================================
2022-06-01 20:31:57 dirmngr[30549.0] SIGTERM received - shutting down ...
2022-06-01 20:31:57 dirmngr[30549.0] dirmngr (GnuPG) 2.2.35 stopped
2022-06-01 20:31:57 dirmngr[30565.0] permanently loaded certificates: 136
2022-06-01 20:31:57 dirmngr[30565.0] runtime cached certificates: 0
2022-06-01 20:31:57 dirmngr[30565.0] trusted certificates: 136 (136,0,0,0)
2022-06-01 20:31:57 dirmngr[30565.6] handler for fd 6 started
2022-06-01 20:31:57 dirmngr[30565.6] DBG: chan_6 -> # Home: /home/user/.gnupg
2022-06-01 20:31:57 dirmngr[30565.6] DBG: chan_6 -> # Config: /home/user/.gnupg/dirmngr.conf
2022-06-01 20:31:57 dirmngr[30565.6] DBG: chan_6 -> OK Dirmngr 2.2.35 at your service
2022-06-01 20:31:57 dirmngr[30565.6] connection from process 30564 (1000:1000)
2022-06-01 20:31:57 dirmngr[30565.6] DBG: chan_6 <- GETINFO version
2022-06-01 20:31:57 dirmngr[30565.6] DBG: chan_6 -> D 2.2.35
2022-06-01 20:31:57 dirmngr[30565.6] DBG: chan_6 -> OK
2022-06-01 20:31:57 dirmngr[30565.6] DBG: chan_6 <- KEYSERVER --clear https://keyserver.ubuntu.com
2022-06-01 20:31:57 dirmngr[30565.6] DBG: chan_6 -> OK
2022-06-01 20:31:57 dirmngr[30565.6] DBG: chan_6 <- KS_GET -- 0xFA41BF59C1B48E8C5F3DA61C8CE26BF4A9F606B0
2022-06-01 20:31:57 dirmngr[30565.6] number of system provided CAs: 153
2022-06-01 20:31:57 dirmngr[30565.6] DBG: Using TLS library: GNUTLS 3.7.6
2022-06-01 20:31:57 dirmngr[30565.6] DBG: http.c:connect_server: trying name='keyserver.ubuntu.com' port=443
2022-06-01 20:31:57 dirmngr[30565.6] DBG: dns: resolve_dns_name(keyserver.ubuntu.com): Success
2022-06-01 20:31:58 dirmngr[30565.6] DBG: http.c:1914:socket_new: object 0x00007f9c400495b0 for fd 7 created
2022-06-01 20:31:58 dirmngr[30565.6] DBG: http.c:request:
2022-06-01 20:31:58 dirmngr[30565.6] DBG: >> GET / HTTP/1.0\r\n
2022-06-01 20:31:58 dirmngr[30565.6] DBG: >> Host: keyserver.ubuntu.com\r\n
2022-06-01 20:31:58 dirmngr[30565.6] DBG: http.c:request-header:
2022-06-01 20:31:58 dirmngr[30565.6] DBG: >> \r\n
2022-06-01 20:31:58 dirmngr[30565.6] DBG: http.c:response:
2022-06-01 20:31:58 dirmngr[30565.6] DBG: >> HTTP/1.1 200 OK\r\n
2022-06-01 20:31:58 dirmngr[30565.6] http.c:RESP: 'Date: Thu, 02 Jun 2022 00:31:59 GMT'
2022-06-01 20:31:58 dirmngr[30565.6] http.c:RESP: 'Server: Hockeypuck/~unreleased'
2022-06-01 20:31:58 dirmngr[30565.6] http.c:RESP: 'Accept-Ranges: bytes'
2022-06-01 20:31:58 dirmngr[30565.6] http.c:RESP: 'Content-Length: 8014'
2022-06-01 20:31:58 dirmngr[30565.6] http.c:RESP: 'Content-Type: text/html; charset=utf-8'
2022-06-01 20:31:58 dirmngr[30565.6] http.c:RESP: 'Last-Modified: Sun, 09 Jan 2022 07:36:31 GMT'
2022-06-01 20:31:58 dirmngr[30565.6] http.c:RESP: 'Vary: Accept-Encoding'
2022-06-01 20:31:58 dirmngr[30565.6] http.c:RESP: 'Connection: close'
2022-06-01 20:31:58 dirmngr[30565.6] http.c:RESP: ''
2022-06-01 20:31:58 dirmngr[30565.6] DBG: (8014 bytes sent via D lines not shown)
2022-06-01 20:31:58 dirmngr[30565.6] DBG: chan_6 -> OK
2022-06-01 20:31:58 dirmngr[30565.6] DBG: chan_6 <- BYE
2022-06-01 20:31:58 dirmngr[30565.6] DBG: chan_6 -> OK closing connection
2022-06-01 20:31:58 dirmngr[30565.6] handler for fd 6 terminatedAfter spending a day researching this I need help and fresh ideas
Last edited by cherio (2022-06-02 20:11:01)
Offline
#2 2022-06-02 04:59:49
- mpan
- Member
- Registered: 2012-08-01
- Posts: 1,418
- Website
Re: [SOLVED] gpg --recv-keys ignores keyserver and doesn't work in general
Wrong protocol. It’s “hkps://keyserver.ubuntu.com”, not “https://keyserver.ubuntu.com/”.
The answer is from keyserver.ubuntu.com: the “OpenPGP” mention refers to the standard, not the openpgp.com domain.
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
#3 2022-06-02 05:19:03
- cherio
- Member
- Registered: 2022-04-27
- Posts: 30
Re: [SOLVED] gpg --recv-keys ignores keyserver and doesn't work in general
Oh, I tried both hkps and hkp. They give the "gpg: keyserver receive failed: Try again later" error.
dirmngr(24165): Operation not permitted
gpg-agent: no process found
gpg: reading options from '/etc/gnupg/gpg.conf'
gpg: reading options from '/home/user/.gnupg/gpg.conf'
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/user/.gnupg
gpg: DBG: chan_3 <- # Config: /home/user/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.2.35 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.2.35
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkp://keyserver.ubuntu.com
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_GET -- 0xFA41BF59C1B48E8C5F3DA61C8CE26BF4A9F606B0
gpg: DBG: chan_3 <- ERR 167772472 Try again later <Dirmngr>
gpg: keyserver receive failed: Try again later
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks2022-06-02 01:14:44 dirmngr[36726.0] dirmngr (GnuPG) 2.2.35 stopped
2022-06-02 01:14:44 dirmngr[74340.0] permanently loaded certificates: 136
2022-06-02 01:14:44 dirmngr[74340.0] runtime cached certificates: 0
2022-06-02 01:14:44 dirmngr[74340.0] trusted certificates: 136 (136,0,0,0)
2022-06-02 01:14:44 dirmngr[74340.6] handler for fd 6 started
2022-06-02 01:14:44 dirmngr[74340.6] DBG: chan_6 -> # Home: /home/user/.gnupg
2022-06-02 01:14:44 dirmngr[74340.6] DBG: chan_6 -> # Config: /home/user/.gnupg/dirmngr.conf
2022-06-02 01:14:44 dirmngr[74340.6] DBG: chan_6 -> OK Dirmngr 2.2.35 at your service
2022-06-02 01:14:44 dirmngr[74340.6] connection from process 74339 (1000:1000)
2022-06-02 01:14:44 dirmngr[74340.6] DBG: chan_6 <- GETINFO version
2022-06-02 01:14:44 dirmngr[74340.6] DBG: chan_6 -> D 2.2.35
2022-06-02 01:14:44 dirmngr[74340.6] DBG: chan_6 -> OK
2022-06-02 01:14:44 dirmngr[74340.6] DBG: chan_6 <- KEYSERVER --clear hkp://keyserver.ubuntu.com
2022-06-02 01:14:44 dirmngr[74340.6] DBG: chan_6 -> OK
2022-06-02 01:14:44 dirmngr[74340.6] DBG: chan_6 <- KS_GET -- 0xFA41BF59C1B48E8C5F3DA61C8CE26BF4A9F606B0
2022-06-02 01:14:44 dirmngr[74340.6] DBG: dns: getsrv(_pgpkey-http._tcp.keyserver.ubuntu.com): Try again later
2022-06-02 01:14:44 dirmngr[74340.6] command 'KS_GET' failed: Try again later
2022-06-02 01:14:44 dirmngr[74340.6] DBG: chan_6 -> ERR 167772472 Try again later <Dirmngr>
2022-06-02 01:14:44 dirmngr[74340.6] DBG: chan_6 <- BYE
2022-06-02 01:14:44 dirmngr[74340.6] DBG: chan_6 -> OK closing connection
2022-06-02 01:14:44 dirmngr[74340.6] handler for fd 6 terminatedOffline
#4 2022-06-02 05:51:22
- seth
- Member
- Registered: 2012-09-03
- Posts: 64,524
Re: [SOLVED] gpg --recv-keys ignores keyserver and doesn't work in general
And did you try later?
gpg --keyserver 'hkps://keyserver.ubuntu.com' --search-keys FA41BF59C1B48E8C5F3DA61C8CE26BF4A9F606B0Offline
#5 2022-06-02 13:53:16
- cherio
- Member
- Registered: 2022-04-27
- Posts: 30
Re: [SOLVED] gpg --recv-keys ignores keyserver and doesn't work in general
Yes, I tried search requests as well. Key search yields practically the same results
gpg: reading options from '/etc/gnupg/gpg.conf'
gpg: reading options from '/home/user/.gnupg/gpg.conf'
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/user/.gnupg
gpg: DBG: chan_3 <- # Config: /home/user/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.2.35 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.2.35
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkps://keyserver.ubuntu.com
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- FA41BF59C1B48E8C5F3DA61C8CE26BF4A9F606B0
gpg: DBG: chan_3 <- ERR 167772472 Try again later <Dirmngr>
gpg: error searching keyserver: Try again later
gpg: keyserver search failed: Try again later
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks2022-06-02 09:48:26 dirmngr[99172.0] permanently loaded certificates: 136
2022-06-02 09:48:26 dirmngr[99172.0] runtime cached certificates: 0
2022-06-02 09:48:26 dirmngr[99172.0] trusted certificates: 136 (136,0,0,0)
2022-06-02 09:48:26 dirmngr[99172.6] handler for fd 6 started
2022-06-02 09:48:26 dirmngr[99172.6] DBG: chan_6 -> # Home: /home/user/.gnupg
2022-06-02 09:48:26 dirmngr[99172.6] DBG: chan_6 -> # Config: /home/user/.gnupg/dirmngr.conf
2022-06-02 09:48:26 dirmngr[99172.6] DBG: chan_6 -> OK Dirmngr 2.2.35 at your service
2022-06-02 09:48:26 dirmngr[99172.6] connection from process 99171 (1000:1000)
2022-06-02 09:48:26 dirmngr[99172.6] DBG: chan_6 <- GETINFO version
2022-06-02 09:48:26 dirmngr[99172.6] DBG: chan_6 -> D 2.2.35
2022-06-02 09:48:26 dirmngr[99172.6] DBG: chan_6 -> OK
2022-06-02 09:48:26 dirmngr[99172.6] DBG: chan_6 <- KEYSERVER --clear hkps://keyserver.ubuntu.com
2022-06-02 09:48:26 dirmngr[99172.6] DBG: chan_6 -> OK
2022-06-02 09:48:26 dirmngr[99172.6] DBG: chan_6 <- KS_SEARCH -- FA41BF59C1B48E8C5F3DA61C8CE26BF4A9F606B0
2022-06-02 09:48:26 dirmngr[99172.6] DBG: dns: getsrv(_pgpkey-https._tcp.keyserver.ubuntu.com): Try again later
2022-06-02 09:48:26 dirmngr[99172.6] command 'KS_SEARCH' failed: Try again later
2022-06-02 09:48:26 dirmngr[99172.6] DBG: chan_6 -> ERR 167772472 Try again later <Dirmngr>
2022-06-02 09:48:26 dirmngr[99172.6] DBG: chan_6 <- BYE
2022-06-02 09:48:26 dirmngr[99172.6] DBG: chan_6 -> OK closing connection
2022-06-02 09:48:26 dirmngr[99172.6] handler for fd 6 terminatedOffline
#6 2022-06-02 14:50:02
- seth
- Member
- Registered: 2012-09-03
- Posts: 64,524
Re: [SOLVED] gpg --recv-keys ignores keyserver and doesn't work in general
2022-06-02 09:48:26 dirmngr[99172.6] DBG: dns: getsrv(_pgpkey-https._tcp.keyserver.ubuntu.com): Try again later
dig keyserver.ubuntu.com
dig _pgpkey-https._tcp.keyserver.ubuntu.comOffline
#7 2022-06-02 16:29:07
- cherio
- Member
- Registered: 2022-04-27
- Posts: 30
Re: [SOLVED] gpg --recv-keys ignores keyserver and doesn't work in general
You might be onto something 
$ dig keyserver.ubuntu.com
;; communications error to 127.0.0.1#53: connection refused
$ dig _pgpkey-https._tcp.keyserver.ubuntu.com
;; communications error to 127.0.0.1#53: connection refuseddig does work though when I append @resolver1.opendns.com as an explicit DNS server to use for address resolution.
I did not explicitly configure DNS, systemd-resolved does that from /etc/systemd/network/name.network, where it is simply set as
[Network]
LinkLocalAddressing=ipv6
Address=10.1.9.xx
Gateway=10.1.9.1
DNS=1.1.1.1
DNS=8.8.8.8systemd-resolved does the rest and listens to DNS requests as follows:
$ netstat -tulpn | grep -P ':53\b|resolv'
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 458/systemd-resolve
tcp 0 0 127.0.0.54:53 0.0.0.0:* LISTEN 458/systemd-resolve
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 458/systemd-resolve
tcp6 0 0 :::5355 :::* LISTEN 458/systemd-resolve
udp 0 0 127.0.0.54:53 0.0.0.0:* 458/systemd-resolve
udp 0 0 127.0.0.53:53 0.0.0.0:* 458/systemd-resolve
udp 0 0 0.0.0.0:5355 0.0.0.0:* 458/systemd-resolve
udp6 0 0 :::5355 :::* 458/systemd-resolve dig seems to assume a wrong local DNS address 
How would I reconcile this?
Last edited by cherio (2022-06-02 16:32:23)
Offline
#8 2022-06-02 16:51:06
- cherio
- Member
- Registered: 2022-04-27
- Posts: 30
Re: [SOLVED] gpg --recv-keys ignores keyserver and doesn't work in general
You are the BEST! You navigated me to the solution:
ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.confIt IS in the wiki https://wiki.archlinux.org/title/Systemd-resolved#DNS but coming from a different distribution (I'm ~ 4 weeks on Arch) I assumed this would be setup automatically and missed that paragraph.
I am surprised how everything else worked so far 
I wish there was a way to award people here e.g. with points for being helpful
Last edited by cherio (2022-06-02 17:11:02)
Offline
#9 2022-06-02 20:05:32
- seth
- Member
- Registered: 2012-09-03
- Posts: 64,524
Re: [SOLVED] gpg --recv-keys ignores keyserver and doesn't work in general
I award myself by padding my own ego
Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.
Offline