You are not logged in.

#1 2024-08-01 19:05:28

neocat
Member
Registered: 2022-09-16
Posts: 14

[SOLVED] gpg: error reading key: Operation not supported

I was trying to install librewolf using yay and after reaching key import stage I got this

 
:: (1/1) Parsing SRCINFO: librewolf
gpg: error reading key: No public key

 :: PGP keys need importing:
 -> 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3, required by: librewolf
:: Import? [Y/n] Y
:: Importing keys with gpg...
gpg: keyserver receive failed: Operation not supported
 -> problem importing keys

After this I tried to run pacman-key --refresh-keys to check what I'd get and I got the same error on every key

$ sudo pacman-key --refresh-keys                                                                                                  (08-01 21:48)
gpg: error retrieving 'eworm@archlinux.org' via WKD: Operation not supported
gpg: error reading key: Operation not supported
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: keyserver refresh failed: Operation not supported
==> ERROR: Could not update key: A6234074498E9CEE
gpg: error retrieving 'george@rawlinson.net.nz' via WKD: Operation not supported
gpg: error reading key: Operation not supported
gpg: error retrieving 'grawlinson@archlinux.org' via WKD: Operation not supported
gpg: error reading key: Operation not supported
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: keyserver refresh failed: Operation not supported
==> ERROR: Could not update key: 25EA6900D9EA5EBC
gpg: error retrieving 'tpkessler@archlinux.org' via WKD: Operation not supported
gpg: error reading key: Operation not supported
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: keyserver refresh failed: Operation not supported
==> ERROR: Could not update key: 07D06351CA5B31BE
gpg: error retrieving 'polyzen@archlinux.org' via WKD: Operation not supported
gpg: error reading key: Operation not supported
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: keyserver refresh failed: Operation not supported
==> ERROR: Could not update key: EA4F7B321A906AD9
gpg: error retrieving 'raster@archlinux.org' via WKD: Operation not supported
gpg: error reading key: Operation not supported
gpg: error retrieving 'raster@rasterman.com' via WKD: Operation not supported
gpg: error reading key: Operation not supported
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: keyserver refresh failed: Operation not supported

...

I tried removing /etc/pacman.d/gnupg and repopulating it with sudo pacman-key --init && sudo pacman-key --populate && sudo pacman-key --refresh-keys but the result was the same.

There were no errors last time I tried pacman-key --refresh-keys several months ago. What can I do with it? Please help

Last edited by neocat (2024-08-02 23:20:09)

Offline

#2 2024-08-01 20:48:31

seth
Member
Registered: 2012-09-03
Posts: 59,188

Re: [SOLVED] gpg: error reading key: Operation not supported

 gpg -v --keyserver hkps://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3

Did you recently add/configure a yubikey or similar?

Offline

#3 2024-08-01 20:56:03

neocat
Member
Registered: 2022-09-16
Posts: 14

Re: [SOLVED] gpg: error reading key: Operation not supported

seth wrote:

Did you recently add/configure a yubikey or similar?

Yes, I've got yubikey recently

$ gpg -v --keyserver hkps://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
gpg: enabled compatibility flags:
gpg: error searching keyserver: Operation not supported
gpg: keyserver search failed: Operation not supported

Last edited by neocat (2024-08-01 20:57:26)

Offline

#4 2024-08-01 20:58:08

seth
Member
Registered: 2012-09-03
Posts: 59,188

Re: [SOLVED] gpg: error reading key: Operation not supported

I did

I'd look in that area and start by undidding that and see whether the error goes away and if so, maybe we should look into what you didded there wink

Edit: c'mon, you can't just edit yourself out of that tongue
But yeah, remove  the ubikey configuration to confirm it's the cause. But most likely gpg isn't able to open it, typically scdaemon isn't running.
https://github.com/DataDog/yubikey/blob … vice-error

Last edited by seth (2024-08-01 21:02:31)

Offline

#5 2024-08-01 23:16:28

neocat
Member
Registered: 2022-09-16
Posts: 14

Re: [SOLVED] gpg: error reading key: Operation not supported

seth wrote:

remove  the yubikey configuration to confirm it's the cause

I honestly don't know what to remove. The only thing I did was to install the yubikey pin in firefox. I did the same on another arch device and no problems with importing keys there.
I have not configured yubikey in any way. Just plugged it into usb and immediately started using it only in firefox.

seth wrote:

But most likely gpg isn't able to open it, typically scdaemon isn't running.
https://github.com/DataDog/yubikey/blob … vice-error

scdaemon is running 100% because when I run sudo gpg --card-status it shows the info, and in the htop there is the scdaemon process

seth wrote:

c'mon, you can't just edit yourself out of that tongue

I edited it before your comment, so it doesn't count cool

Last edited by neocat (2024-08-02 20:51:25)

Offline

#6 2024-08-01 23:40:10

neocat
Member
Registered: 2022-09-16
Posts: 14

Re: [SOLVED] gpg: error reading key: Operation not supported

I've noticed that I get an error when I run gpg --card-status as my main user after running the same command as root and vice versa, so I've tried to set up shared access to yubikey as shown here.
I've added this config to /root/.gnupg/scdaemon.conf, /home/myuser/.gnupg/scdaemon.conf and /etc/pacman.d/gnupg/scdaemon.conf

pcsc-driver /usr/lib/libpcsclite.so
card-timeout 5
disable-ccid
pcsc-shared

And while gpg --card-status works for both main and root user now with this config, it still prints the same error when I try to import a key

Last edited by neocat (2024-08-01 23:43:12)

Offline

#7 2024-08-02 06:18:14

seth
Member
Registered: 2012-09-03
Posts: 59,188

Re: [SOLVED] gpg: error reading key: Operation not supported

yank the key, stop scdaemon - does gpg work again? If not, do you get a different error?

Offline

#8 2024-08-02 18:59:49

neocat
Member
Registered: 2022-09-16
Posts: 14

Re: [SOLVED] gpg: error reading key: Operation not supported

seth wrote:

yank the key, stop scdaemon - does gpg work again? If not, do you get a different error?

I yanked the key, stopped pcscd, gpg-agent with scdaemon, but still get the same error.

I don't know if this will help, but I also noticed that when I run gpg -v --keyserver hkps://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3 as root I get different error

$ sudo gpg -v --keyserver hkps://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
gpg: enabled compatibility flags:
gpg: error searching keyserver: Not enabled
gpg: keyserver search failed: Not enabled
$ gpg -v --keyserver hkps://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
gpg: enabled compatibility flags:
gpg: error searching keyserver: Operation not supported
gpg: keyserver search failed: Operation not supported

Last edited by neocat (2024-08-02 20:01:59)

Offline

#9 2024-08-02 20:03:48

seth
Member
Registered: 2012-09-03
Posts: 59,188

Re: [SOLVED] gpg: error reading key: Operation not supported

Leave sudo alone.

ping -c1 keyserver.ubuntu.com # do you actually resolve the proper server
pkill dirmngr # will get restarted
gpg --debug-all --keyserver hkps://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3 # prints plenty of text…

Offline

#10 2024-08-02 20:17:26

neocat
Member
Registered: 2022-09-16
Posts: 14

Re: [SOLVED] gpg: error reading key: Operation not supported

I can resolve keyserver.ubuntu.com, but can't ping it

$ ping -vc1 keyserver.ubuntu.com
ping: sock4.fd: 3 (socktype: SOCK_DGRAM), sock6.fd: 4 (socktype: SOCK_DGRAM), hints.ai_family: AF_UNSPEC

ai->ai_family: AF_INET, ai->ai_canonname: 'keyserver.ubuntu.com'
PING keyserver.ubuntu.com (185.125.188.26) 56(84) bytes of data.

--- keyserver.ubuntu.com ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
$ pkill dirmngr
$ gpg --debug-all --keyserver hkps://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: enabled compatibility flags:
gpg: DBG: [no clock] start
gpg: no running dirmngr - starting '/usr/bin/dirmngr'
gpg: waiting for the dirmngr to come up ... (5s)
gpg: DBG: chan_3 <- # Home: /home/user/.local/share/gnupg
gpg: DBG: chan_3 <- # Config: /home/user/.local/share/gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.4.5 at your service, process 30258
gpg: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.4.5
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkps://keyserver.ubuntu.com
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
gpg: DBG: chan_3 <- ERR 167805029 Operation not supported <Dirmngr>
gpg: error searching keyserver: Operation not supported
gpg: keyserver search failed: Operation not supported
gpg: DBG: chan_3 -> BYE
gpg: DBG: [no clock] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: objcache: keys=0/0/0 chains=0,0..0 buckets=0/0 attic=0
gpg: objcache: uids=0/0/0 chains=0,0..0 buckets=0/0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks

Last edited by neocat (2024-08-02 20:25:36)

Offline

#11 2024-08-02 20:35:58

seth
Member
Registered: 2012-09-03
Posts: 59,188

Re: [SOLVED] gpg: error reading key: Operation not supported

The host does indeed not respond to icmp requests, sorry - it's however not relevant and you're resolving the correct IP.

cat /home/user/.local/share/gnupg/dirmngr.conf

If there's nothing obviously wrong in that file, add

log-file ~/dirmngr.log
verbose

pkill dirmngr and try again - hopefully w/ more details in ~/dirmngr.log …

Offline

#12 2024-08-02 20:45:53

neocat
Member
Registered: 2022-09-16
Posts: 14

Re: [SOLVED] gpg: error reading key: Operation not supported

There was no such file, so I created it

$ cat dirmngr.log
dirmngr[34422] listening on socket '/run/user/1000/gnupg/d.95nnr9ops9xjwwgsgeej5ija/S.dirmngr'
dirmngr[34423.0] permanently loaded certificates: 150
dirmngr[34423.0]     runtime cached certificates: 0
dirmngr[34423.0]            trusted certificates: 150 (150,0,0,0)
dirmngr[34423.6] handler for fd 6 started
dirmngr[34423.6] connection from process 34421 (1000:1000)
dirmngr[34423.6] command 'KS_SEARCH' failed: Operation not supported
dirmngr[34423.6] handler for fd 6 terminated

Last edited by neocat (2024-08-02 20:49:04)

Offline

#13 2024-08-02 21:07:32

seth
Member
Registered: 2012-09-03
Posts: 59,188

Re: [SOLVED] gpg: error reading key: Operation not supported

*grumpf*…

What if you add "standard-resolver" to the dirmngr conf?
Do you run some firewall?

pacman -Qikk gnupg

Offline

#14 2024-08-02 21:25:11

neocat
Member
Registered: 2022-09-16
Posts: 14

Re: [SOLVED] gpg: error reading key: Operation not supported

$ pacman -Qikk gnupg
Name            : gnupg
Version         : 2.4.5-4
Description     : Complete and free implementation of the OpenPGP standard
Architecture    : x86_64
URL             : https://www.gnupg.org/
Licenses        : BSD-2-Clause  BSD-3-Clause  BSD-4-Clause  CC0-1.0
                  GPL-2.0-or-later  GPL-3.0-or-later  LGPL-2.1-or-later
                  LGPL-3.0-or-later OR GPL-2.0-or-later  MIT  Unicode-TOU
Groups          : None
Provides        : None
Depends On      : glibc  gnutls  libgcrypt  libgpg-error  libksba  libldap
                  libusb  pinentry  sh  sqlite  tpm2-tss  zlib  bzip2
                  libbz2.so=1.0-64  libassuan  libassuan.so=9-64  npth
                  libnpth.so=0-64  readline  libreadline.so=8-64
Optional Deps   : pcsclite: for using scdaemon not with the gnupg internal card
                  driver [installed]
Required By     : gpgme  pacman  pass  thunderbird
Optional For    : None
Conflicts With  : None
Replaces        : None
Installed Size  : 9.69 MiB
Packager        : David Runge <dvzrv@archlinux.org>
Build Date      : Thu 18 Jul 2024 12:31:38 AM MSK
Install Date    : Fri 02 Aug 2024 09:56:42 PM MSK
Install Reason  : Installed as a dependency for another package
Install Script  : Yes
Validated By    : None

gnupg: 236 total files, 0 altered files

Do you run some firewall?

I run ufw. I tried disabling it, but that didn't help.
I also tried reinstalling gnupg, but that didn't help either.

What if you add "standard-resolver" to the dirmngr conf?

Now  dirmngr.conf looks like this

standard-resolver
log-file /home/user/dirmngr.log
verbose

And now there is another error:
gpg: error searching keyserver: Not enabled

$ gpg --debug-all --keyserver hkps://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: enabled compatibility flags:
gpg: DBG: [no clock] start
gpg: no running dirmngr - starting '/usr/bin/dirmngr'
gpg: waiting for the dirmngr to come up ... (5s)
gpg: DBG: chan_3 <- # Home: /home/user/.local/share/gnupg
gpg: DBG: chan_3 <- # Config: /home/user/.local/share/gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.4.5 at your service, process 38936
gpg: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.4.5
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkps://keyserver.ubuntu.com
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
gpg: DBG: chan_3 <- ERR 167772339 Not enabled <Dirmngr>
gpg: error searching keyserver: Not enabled
gpg: keyserver search failed: Not enabled
gpg: DBG: chan_3 -> BYE
gpg: DBG: [no clock] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: objcache: keys=0/0/0 chains=0,0..0 buckets=0/0 attic=0
gpg: objcache: uids=0/0/0 chains=0,0..0 buckets=0/0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks
$ cat dirmngr.log
dirmngr[38935] listening on socket '/run/user/1000/gnupg/d.95nnr9ops9xjwwgsgeej5ija/S.dirmngr'
dirmngr[38936.0] permanently loaded certificates: 150
dirmngr[38936.0]     runtime cached certificates: 0
dirmngr[38936.0]            trusted certificates: 150 (150,0,0,0)
dirmngr[38936.6] handler for fd 6 started
dirmngr[38936.6] connection from process 38934 (1000:1000)
dirmngr[38936.6] command 'KS_SEARCH' failed: Not enabled
dirmngr[38936.6] handler for fd 6 terminated

Offline

#15 2024-08-02 21:51:39

seth
Member
Registered: 2012-09-03
Posts: 59,188

Re: [SOLVED] gpg: error reading key: Operation not supported

Does the hkp protocol work? (http is still open on keyserver.ubuntu.com and hkp responds here)

gpg --debug-all --keyserver hkp://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
# if not, see what ports are open for you
nmap keyserver.ubuntu.com

… the entire "not supported" "not enabled" is weird, is there anything else specific about your network? TOR or some such?

Offline

#16 2024-08-02 22:30:59

neocat
Member
Registered: 2022-09-16
Posts: 14

Re: [SOLVED] gpg: error reading key: Operation not supported

I fixed it!
I got a list of all listening services with sudo netstat -tulpn, stopped all services I could from this list and restarted dirmngr and now it works!

I stopped a lot of running services so I don't know which service causes this issue, but I will investigate and report back.

Offline

#17 2024-08-02 23:18:53

neocat
Member
Registered: 2022-09-16
Posts: 14

Re: [SOLVED] gpg: error reading key: Operation not supported

I figured it out.
I was running proxy server on port 9050 and as it turned out dirmngr uses this port too.

it was an interesting thread, thanks for the help!

Offline

Board footer

Powered by FluxBB