Page MenuHome GnuPG
Create Task
Maniphest T4467

dirmngr keyserver option (and legacy gpg --keyserver) should assume `hkps://` or `hkp://` if no scheme is present
Closed, WontfixPublic
Actions

Description

I've seen several reports of people who have bare hostnames (e.g. keys.example.net) for keyserver in their configurations for dirmngr.conf (they've often ported it from gpg.conf as recommended).

The current implementation appears to demand a full URI, failing on a bare hostname with:

0 dkg@alice:~$ gpg --recv $PGPID
gpg: keyserver receive failed: Syntax error in URI
2 dkg@alice:~$

If a bare hostname is present, dirmngr should first try it with an hkps:// prefix, and fall back to an hkp:// prefix if hkps is not available. It should probably also emit a warning that it is doing this rewriting, which the user can avoid by explicitly specifying the full URI in dirmngr.conf.

As an easier/simpler fix, we could not do the hkp:// fallback, and that would still be an improvement over the status quo.

Details

Version
2.2.15

Related Objects

Event Timeline

dkg created this task.Apr 19 2019, 5:26 PM
werner triaged this task as Low priority.Apr 23 2019, 9:05 AM
dkg mentioned this in T4493: Default to HKPS, not HKP.May 13 2019, 11:12 PM
dkg updated the task description. (Show Details)May 13 2019, 11:32 PM

further testing suggests that the invalid URI issue is only present for dirmngr's --keyserver option, and gpg's deprecated --keyserver option actually accepts schema-less hostnames.

however, both options should accept schema-less hostnames, and should prefer hkps://

steve added a subscriber: steve.Jul 3 2019, 4:53 PM
werner closed this task as Wontfix.Sep 26 2023, 2:27 PM
werner claimed this task.
werner added a subscriber: werner.

HKP keyservers are anyway out of fashion and thus we won't put anymore effort into his part of the code.