Page MenuHome GnuPG

dirmngr keyserver option (and legacy gpg --keyserver) should assume `hkps://` or `hkp://` if no scheme is present
Closed, WontfixPublic

Description

I've seen several reports of people who have bare hostnames (e.g. keys.example.net) for keyserver in their configurations for dirmngr.conf (they've often ported it from gpg.conf as recommended).

The current implementation appears to demand a full URI, failing on a bare hostname with:

0 dkg@alice:~$ gpg --recv $PGPID
gpg: keyserver receive failed: Syntax error in URI
2 dkg@alice:~$

If a bare hostname is present, dirmngr should first try it with an hkps:// prefix, and fall back to an hkp:// prefix if hkps is not available. It should probably also emit a warning that it is doing this rewriting, which the user can avoid by explicitly specifying the full URI in dirmngr.conf.

As an easier/simpler fix, we could not do the hkp:// fallback, and that would still be an improvement over the status quo.

Details

Version
2.2.15

Related Objects

Event Timeline

further testing suggests that the invalid URI issue is only present for dirmngr's --keyserver option, and gpg's deprecated --keyserver option actually accepts schema-less hostnames.

however, both options should accept schema-less hostnames, and should prefer hkps://

werner claimed this task.
werner added a subscriber: werner.

HKP keyservers are anyway out of fashion and thus we won't put anymore effort into his part of the code.