Page MenuHome GnuPG
Create Task
Maniphest T2130

Using HKPS gives me "gpg: error searching keyserver: General error"
Closed, ResolvedPublic
Actions

Description

I am trying to use GPG with a HKPS server, as described on
https://sks-keyservers.net/overview-of-pools.php. I am always getting the above
error, if I use hkp://p80.pool.sks-keyservers.net it is alright.

This seems to be a duplicate of Issue1792, and there was a patch provided. I
tried to apply https://bugs.g10code.com/gnupg/file586/poolname_and_SNI.patch to
my Arch Linux package, which is using
ftp://ftp.gnupg.org/gcrypt/gnupg-2.1.9.tar.bz2 to compile the package, but I am
getting

$ patch -p0 --dry-run ~/Downloads/poolname_and_SNI.patch
checking file common/http.c
Hunk #1 FAILED at 1443.
Hunk #2 FAILED at 1452.
2 out of 2 hunks FAILED
checking file dirmngr/ks-engine-hkp.c
Hunk #1 FAILED at 521.
Hunk #2 FAILED at 564.
2 out of 2 hunks FAILED

Cheers

Thomas

Details

Version
2.1.9

Event Timeline

tpreissler renamed this task from gpg: error searching keyserver: General error to Using HKPS gives me "gpg: error searching keyserver: General error".Oct 20 2015, 11:59 PM
tpreissler added a project: Bug Report.
tpreissler set Version to 2.1.9.
tpreissler added a subscriber: tpreissler.
tpreissler added a comment.Oct 21 2015, 12:04 AM

Additional Info:

$ cat gpg.conf
keyserver hkps://hkps.pool.sks-keyservers.net

keyserver hkp://p80.pool.sks-keyservers.net

auto-key-locate cert pka ldap hkps://hkps.pool.sks-keyservers.net

keyserver-options no-try-dns-srv

keyserver-options auto-key-retrieve
keyserver-options no-honor-keyserver-url
keyserver-options include-revoked

  1. keyserver-options honor-http-proxy
  2. default-key 7CB6197E385A02DC15D8E223E4DB6492FDB9B5D5

personal-cipher-preferences AES256 AES
personal-digest-preferences SHA512 SHA384 SHA256
cert-digest-algo SHA512
require-cross-certification
keyid-format 0xlong
no-emit-version
use-agent
with-fingerprint
fixed-list-mode
verify-options show-uid-validity
list-options show-uid-validity
default-preference-list SHA512 SHA384 SHA256 AES256 AES ZLIB BZIP2 Uncompressed

$ cat dirmngr.conf
hkp-cacert /home/tomtom/.gnupg/sks-keyservers.netCA.pem

tpreissler added a comment.Oct 21 2015, 12:05 AM

And the error is:

$ gpg --search-keys 2071B08A33BD3F06
gpg: error searching keyserver: General error
gpg: keyserver search failed: General error

werner lowered the priority of this task from Unbreak Now! to Normal.Oct 28 2015, 7:27 PM
werner added a project: gnupg.
werner added a subscriber: werner.

The mentioned patch has already been applied for 2.1.3. This explains why you
can't add it a second time ;-). I need to replicate this here.

werner claimed this task.Oct 28 2015, 7:27 PM
justus added a subscriber: justus.Dec 2 2015, 1:55 PM

I can reproduce this without the proper configuration described in https://sks-
keyservers.net/overview-of-pools.php#pool_hkps:

% :> /home/teythoon/repos/g10/local/gnupghome/dirmngr.conf
% gpg2 --keyserver hkps://hkps.pool.sks-keyservers.net --search-keys 2071B08A33BD3F06
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: error searching keyserver: General error
gpg: keyserver search failed: General error

But with it, it seems to work fine. Remember to kill the old daemon first:

% echo hkp-cacert /home/teythoon/repos/g10/sks-keyservers.netCA.pem >
/home/teythoon/repos/g10/local/gnupghome/dirmngr.conf
% pkill dirmngr
% gpg2 --keyserver hkps://hkps.pool.sks-keyservers.net --search-keys 2071B08A33BD3F06
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: data source: https://jarvis.alpha-labs.net:443
(1) NIIBE Yutaka (GnuPG Release Key) <gniibe@fsij.org>

          2048 bit RSA key 33BD3F06, created: 2014-10-29, expires: 2016-10-28

You can talk to the dirmngr directly like this:

% echo -e "KEYSERVER hkps://hkps.pool.sks-keyservers.net\nKS_SEARCH 2071B08A33BD3F06\n" | dirmngr

If this still does not work for you, please paste the output of the above invocation.

tpreissler added a comment.Dec 2 2015, 10:06 PM

Hi,

On Wed, Dec 02, 2015 at 12:55:23PM +0000, Justus Winter via BTS wrote:

Justus Winter <justus@g10code.com> added the comment:

I can reproduce this without the proper configuration described in https://sks-
keyservers.net/overview-of-pools.php#pool_hkps:

[..]

But with it, it seems to work fine. Remember to kill the old daemon first:

% echo hkp-cacert /home/teythoon/repos/g10/sks-keyservers.netCA.pem >
/home/teythoon/repos/g10/local/gnupghome/dirmngr.conf
% pkill dirmngr
% gpg2 --keyserver hkps://hkps.pool.sks-keyservers.net --search-keys 2071B08A33BD3F06
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: data source: https://jarvis.alpha-labs.net:443
(1) NIIBE Yutaka (GnuPG Release Key) <gniibe@fsij.org>

2048 bit RSA key 33BD3F06, created: 2014-10-29, expires: 2016-10-28

You can talk to the dirmngr directly like this:

% echo -e "KEYSERVER hkps://hkps.pool.sks-keyservers.net\nKS_SEARCH 2071B08A33BD3F06\n" | dirmngr

If this still does not work for you, please paste the output of the above invocation.

It does work now, strange, but many thanks.

Regards

Thomas

werner closed this task as Resolved.Dec 4 2015, 9:17 AM