Page MenuHome GnuPG
Create Task
Maniphest T1804

HKPS scheme support for Windows Installer
Closed, ResolvedPublic
Actions

Description

GnuPG 2.1.1 fails to refresh, send, receive or search for keys via HKPS as
HKPS schema is not supported in Dirmngr as it hasn't been built with GnuTLS.

Here's the output of KEYSERVER --help in dirmngr:

KEYSERVER --help
S # Known schemata:
S # hkp
S # http
S # finger
S # kdns
S # (Use an URL for engine specific help.)
OK

Details

Version
2.1.15

Event Timeline

juanmi set Version to 2.1.1.Jan 4 2015, 1:59 AM
juanmi added projects: dirmngr, Bug Report.
juanmi added a subscriber: juanmi.
werner added a subscriber: werner.Jan 5 2015, 6:24 PM

Sorry, this is not a bug. If you configure with out TLS support it simply can't
do that. In case you are talking about the Windows installer, please note that
this binary version is marked as experimental with several limitations

werner added a project: Not A Bug.Jan 5 2015, 6:24 PM
aheinecke claimed this task.Aug 28 2015, 11:11 PM
aheinecke removed a project: Not A Bug.
aheinecke changed Version from 2.1.1 to 2.1.8.
aheinecke added a subscriber: aheinecke.

yeah no, With the gnupg-w32 installer becoming part of gpgwin we really need
support for hkps in that installer. Yeah gnutls sucks but thats what we have.

I'll prepare a patch.

werner added a comment.Aug 30 2015, 9:56 PM

We can't use gnutls because it depends on too many extra libraries duplicating
functionality we already have in gnupg. ntbtls will be the way forward.
Unfortunately too many other tasks delayed its development.

aheinecke reassigned this task from aheinecke to werner.Aug 31 2015, 9:27 AM

Yes I thought to use GnuTLS here.

The depedencies I see [1] are:
gmp -> No further depedencies
libgnurx -> No further dependencies
nettle -> depenendcy to gmp

Apart from that gettext and zlip which we already have.
So it should not be that hard to package. I really would like to get rid of it,
too but until then..

Would you accept a patch against gnupg to include GnuTLS 3.x in the Windows
installer?

1: https://github.com/mxe/mxe/blob/master/src/gnutls.mk

werner added a comment.Sep 10 2015, 4:12 PM

No. I won't maintain all that stuff again.

werner added a project: Feature Request.Sep 10 2015, 4:13 PM
werner removed a project: Bug Report.
werner added a project: gnupg.Jan 22 2016, 1:09 PM
davidw added a subscriber: davidw.Jul 29 2016, 6:08 PM
bernhard added subscribers: wk, bernhard.Sep 12 2016, 12:47 PM

@werner, if you prefer ntbtls over gnutls, okay. Can you add a link to ntblts
and outline the next steps. We'd probably need tls support for the web key
directory as well, so this needs a solution.

bernhard changed Version from 2.1.8 to 2.1.15.Sep 12 2016, 12:47 PM
bernhard added a project: Bug Report.
bernhard removed a project: Feature Request.
bernhard added a comment.Sep 13 2016, 8:38 AM

ntbtls is a development from Werner:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=ntbtls.git;a=summary

What about using https://tls.mbed.org/? At least until ntbtls is mature?

bernhard added a comment.Sep 13 2016, 9:21 AM

Spoke to Werner, it is better to do ntbtls anyway.
Timeline is: this year, hopefully earlier.

For ntbtls also see: https://wiki.gnupg.org/NTBTLS

werner closed this task as Resolved.Feb 23 2017, 8:39 PM
werner added a project: Unreleased.

ntbtls support is now available in master and we will release a TLS enabled
2.1.19 installer for Windows.

Right now it is somewhat limited and does not work with some sites, notably
those which allow only ECC ciphersuites. An example for such a site is
posteo.de. Note that posteo.net sends a a bogus certifcate with rediretion to
posteo.de.

Most other sites work.

werner removed a project: Unreleased.Mar 1 2017, 9:06 PM