[pkg-gnupg-maint] Bug#811146: gnupg2: gpg2.1 failing to handle hkps keyservers

Phil Dibowitz phil at ipom.com
Sat Jan 16 04:07:53 UTC 2016 

Package: gnupg2
Version: 2.1.10-3
Severity: important

Dear Maintainer,

Sometime recently gpg2.1 stopped handling HKPS keyservers. dirmngr can
still do it if I ask directly, but gpg2.1 won't. All of the debug info I
can think of is below.

Relevant ~/.gnupg/gpg.conf lines:

  keyserver hkps://hkps.pool.sks-keyservers.net
  keyserver-options auto-key-retrieve no-honor-keyserver-url include-revoked

Relevant ~/.gnupg/dirmngr.conf lines:

  hkp-cacert /usr/local/share/ca-certificates/sks-keyservers.netCA.pem

When I try through gpg (first without debug for clarity) I get:

  $ gpg --search-key 58E11BB1E414D9AD
  gpg: error searching keyserver: General error
  gpg: keyserver search failed: General error

When I try with dirmngr it works:

  $ dirmngr
  dirmngr[21392.0]: error opening '/home/phil/.gnupg/dirmngr_ldapservers.conf': No such file or directory
  dirmngr[21392.0]: permanently loaded certificates: 0
  dirmngr[21392.0]:     runtime cached certificates: 0
  # Home: ~/.gnupg
  # Config: /home/phil/.gnupg/dirmngr.conf
  OK Dirmngr 2.1.10 at your service
  KEYSERVER --clear hkps://hkps.pool.sks-keyservers.net
  OK
  KS_SEARCH 58E11BB1E414D9AD
  dirmngr[21392.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'pgpkeys.co.uk'
  dirmngr[21392.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'ams3.sks.heypete.com'
  ...
  S PROGRESS tick ? 0 0
  S SOURCE https://prod00.keyserver.dca.witopia.net:443
  D
  info:1:1%0Apub:<---removed to keep email addresses away from scrapers--->

Trying it with debug from gpg:

  $ gpg -vvv --debug-level 10 --search-key 58E11BB1E414D9AD
  gpg: using character set 'utf-8'
  gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust cardio ipc clock lookup extprog
  gpg: DBG: [not enabled in the source] start
  gpg: DBG: chan_3 <- # Home: /home/phil/.gnupg
  gpg: DBG: chan_3 <- # Config: /home/phil/.gnupg/dirmngr.conf
  gpg: DBG: chan_3 <- OK Dirmngr 2.1.8 at your service
  gpg: DBG: chan_4 <- # Home: /home/phil/.gnupg
  gpg: DBG: chan_4 <- # Config: /home/phil/.gnupg/dirmngr.conf
  gpg: DBG: chan_4 <- OK Dirmngr 2.1.8 at your service
  gpg: DBG: connection to the dirmngr established
  gpg: DBG: chan_4 -> KEYSERVER --clear hkps://hkps.pool.sks-keyservers.net
  gpg: DBG: chan_4 <- OK
  gpg: DBG: chan_4 -> KS_SEARCH -- 58E11BB1E414D9AD
  gpg: DBG: chan_4 <- ERR 1 General error <Unspecified source>
  gpg: error searching keyserver: General error
  gpg: keyserver search failed: General error
  gpg: DBG: chan_4 -> BYE
  gpg: DBG: [not enabled in the source] stop
  gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
                outmix=0 getlvl1=0/0 getlvl2=0/0
  gpg: secmem usage: 0/65536 bytes in 0 blocks

And to be clear:

  $ gpg --version | head -1
  gpg (GnuPG) 2.1.10


Thanks.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.utf8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages gnupg2 depends on:
ii  dpkg           1.18.4
ii  gnupg-agent    2.1.10-3
ii  install-info   6.0.0.dfsg.1-4
ii  libassuan0     2.4.2-2
ii  libbz2-1.0     1.0.6-8
ii  libc6          2.21-6
ii  libgcrypt20    1.6.4-4
ii  libgpg-error0  1.21-1
ii  libksba8       1.3.3-1
ii  libreadline6   6.3-8+b4
ii  libsqlite3-0   3.10.1-1
ii  zlib1g         1:1.2.8.dfsg-2+b1

Versions of packages gnupg2 recommends:
ii  dirmngr  2.1.10-3

Versions of packages gnupg2 suggests:
pn  gnupg-doc   <none>
pn  parcimonie  <none>
pn  xloadimage  <none>

-- no debconf information

More information about the pkg-gnupg-maint mailing list