Page MenuHome GnuPG
Create Task
Maniphest T5033

dirmngr does not seem to use the default .gnupg directory if GNUPGHOME is not set
Closed, InvalidPublic
Actions

Description

When trying to send a key to a keyserver without GNUPGHOME being set, it seems dirmngr does not default to using ~/.gnupg/dirmngr.conf.

Setup

  • GnuPG 2.2.21
  • Linux 5.7.15
  • Tor 0.4.3.6
  • example ~/.gnupg/dirmngr.conf file:
use-tor
keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion

Try to upload a key to a keyserver using gpg2 --send-key <keyid>

Expected behaviour

GnuPG uploads the specified key to the keyserver defined in ~/.gnupg/dirmngr.conf

Resulting behaviour

GnuPG instead tries to upload the key to the default keyserver:

gpg: sending key <keyid> to hkps://hkps.pool.sks-keyservers.net

Additional comments

I spent some time trying to change the dirmngr configuration file, including not using Tor in case it was the problem, but each time the result was the same. Starting dirmngr using gpgconf --launch dirmngr did also not change anything. Eventually, I tried setting GNUPGHOME to $HOME/.gnupg and after that the correct keyserver was used. This seemed odd to me since the man pages suggest ~/.gnupg is the default directory used in case GNUPGHOME is not set. But this does not seem to be respected for dirmngr.

Details

Version
2.2.21

Event Timeline

CodingCellist created this task.Aug 24 2020, 1:10 PM
werner added a subscriber: werner.Aug 24 2020, 8:57 PM

I guess you have a keyserver statement in your gpg.conf.
By using

gpg --debug ipc --send-keys ...

you will the see that gpg tells dirmngr to use that certain keyserver.

CodingCellist added a comment.Aug 24 2020, 9:31 PM

I have a couple of keyserver-options statements in there, but no keyserver statement. Should the options be located in the dirmngr.conf file instead?

werner added a comment.Aug 25 2020, 8:40 AM

The keyserver options control how gpg imports or exports keys to the keyservers. Thus they indeed belong into gpg.conf.

You need to check what dirmngr is doing. See matchgnupg(1) for how I would do this but you can also use a plain log file. Put

log-file /foo/bar/dirmngr.log
verbose
debug ipc,dns

into dirmngr.conf and restart dirmngr. See whether you can find error messages or warnings in the log file or post it here. There are some other debug options, but I think the above are sufficient.

werner added a project: Info Needed.Aug 27 2020, 10:47 AM
CodingCellist added a comment.Aug 28 2020, 1:51 PM

Hmm. Now, even with a fresh session, dirmngr, GNUPGHOME not set, etc. it seems to work. It correctly uses the config file and the keyserver, and the logs show the Home and Config variables are set and communicated correctly.

It reports no keyserver found when the Tor service is not running, but that's expected given I'm using an onion keyserver.

I don't know why it seemed to not be working when I reported this. It seems to work correctly now. Apologies.

CodingCellist closed this task as Invalid.Aug 28 2020, 1:52 PM
werner edited projects, added Not A Bug, gnupg; removed Info Needed, Bug Report.Aug 29 2020, 5:18 PM