How to reproduce:
0. configure sks keyservers
- gpg2 --search-keys 0xDB068FA97889A60F0A0D615BD5E0B342C6B115B5
- gpg --search-keys 0xDB068FA97889A60F0A0D615BD5E0B342C6B115B5
Expected output:
gpg2 and gpg both return the same search result, i.e. one key found.
Actual output:
- gpg: error searching keyserver: No data
gpg: keyserver search failed: No data
- (1) Tilo Jung <tilo@jungundnaiv.de>
2048 bit RSA key C6B115B5, created: 2014-01-02, expires: 2018-01-02
Keys 1-1 of 1 for "0xDB068FA97889A60F0A0D615BD5E0B342C6B115B5". Enter
number(s), N)ext, or Q)uit >
In contrast to that, just searching with the short key id with gpg and gpg2
works as expected, i.e. in both cases a match is returned:
gpg2 --search-keys 0xC6B115B5
gpg --search-keys 0xC6B115B5
Looking at the verbose output of gpg and dirmngr (when using gpg2) it seems that
the difference is that gpg2/dirmngr strips the 0x print from the fingerprint
string when constructing the https URL. GPG 1 doesn't do that.
For example URL from the dirmngr log:
with curl:
-> 404, no keys found
When patching that Url with a 0x fingerprint prefix:
$ curl
'https://keys02.fedoraproject.org:443/pks/lookup?op=index&options=mr&search=0xDB068FA97889A60F0A0D615BD5E0B342C6B115B5'
info:1:1
pub:DB068FA97889A60F0A0D615BD5E0B342C6B115B5:1:2048:1388670492:1514900892:
uid:Tilo Jung <tilo@jungundnaiv.de>:1388670492::
And with gpg 1, enabling verbose logging like this:
gpg -v --keyserver-options=debug --search-keys
0xDB068FA97889A60F0A0D615BD5E0B342C6B115B5
I can verify that the internally generated URL indeed has the search=0xDB... part.