Page MenuHome GnuPG
Create Task
Maniphest T2050

«keyserver receive failed: General error» when using HKPS
Closed, ResolvedPublic
Actions

Description

When using HKPS, invoking recv-key on GnuPG 2.1.6 fails with a «general error».

This might be the same issue reported in T1851
. The issue was reported to be fixed in 2.1.3, but I still run into it on 2.1.6.

$ gpg --recv-keys 5EE1DBA789C809CB
gpg: reading options from '/home/seb/.gnupg/gpg.conf'
gpg: enabled debug flags: ipc
gpg: DBG: chan_3 <- # Home: /home/seb/.gnupg
gpg: DBG: chan_3 <- # Config: /home/seb/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.1.6 at your service
gpg: DBG: chan_4 <- # Home: /home/seb/.gnupg
gpg: DBG: chan_4 <- # Config: /home/seb/.gnupg/dirmngr.conf
gpg: DBG: chan_4 <- OK Dirmngr 2.1.6 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_4 -> KEYSERVER --clear hkps://hkps.pool.sks-keyservers.net
gpg: DBG: chan_4 <- OK
gpg: DBG: chan_4 -> KS_GET -- 0x5EE1DBA789C809CB
gpg: DBG: chan_4 <- ERR 1 General error <Unspecified source>
gpg: keyserver receive failed: General error
gpg: DBG: chan_4 -> BYE
gpg: secmem usage: 0/32768 bytes in 0 blocks

Details

Version
2.1.8

Related Objects

Event Timeline

zardoz set Version to 2.1.6.Jul 18 2015, 7:18 PM
zardoz added a project: Bug Report.
zardoz added a subscriber: zardoz.
neal added a project: gnupg.Sep 1 2015, 2:13 PM
werner added a subscriber: werner.Sep 10 2015, 4:07 PM

Please put

verbose
debug ipc
log-file FOO

into dirmngr.conf and try with 2.1.7. Make sure to shutdown running dirmngr
processes before testing.

werner mentioned this in T2123: « keyserver receive failed: General error» when using HKPS.Mar 30 2017, 7:16 PM
werner added a comment.Oct 10 2015, 8:46 PM

See also the log file posted to T2123

archange added a subscriber: archange.Oct 12 2015, 11:49 AM

So, is there anything else you might need to understand this issue (that is
still present with 2.1.8 by the way)?

archange changed Version from 2.1.6 to 2.1.8.Oct 12 2015, 11:49 AM
justus added a subscriber: justus.Dec 2 2015, 2:01 PM

The log clearly states the problem:

2015-10-09 10:27:37 dirmngr[2516.0] TLS verification of peer failed: The
certificate is NOT trusted. The certificate issuer is unknown.

Please see https://sks-keyservers.net/overview-of-pools.php#pool_hkps for how to
configure gpg properly. With the CA for the pool, this works as expected.
(remember to kill the old dirmngr daemon):

% gpg2 --keyserver hkps://hkps.pool.sks-keyservers.net --recv-keys
5EE1DBA789C809CB
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: key 89C809CB: public key "git-annex distribution signing key (for Joey
Hess) <id@joeyh.name>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg: imported: 1

archange added a comment.Dec 2 2015, 10:51 PM

OK, so things have changed regarding how this is handled since 2.1. That’s
probably why people like me think it’s still bogus, because behind the true bug
there was also another underlying change.

I can confirm it now works once correctly configured. Thanks for your help.

This, 2123 and 2130 can be closed I think.

werner closed this task as Resolved.Dec 4 2015, 9:18 AM
werner claimed this task.