Often it is not desirable to use a keyserver,. However, not configuring one will fallback to a hardwired default OpenPGP keyserver. A new value "none" shall be used to disable the keyservers and have dirmngr to return GPG_ERR_NO_KEYSERVER.
Description
Revisions and Commits
rG GnuPG | |||
rG936954a18a2d dirmngr: Relax the detection of the "none" keyserver. | |||
rG4fc745bc43a7 dirmngr: Relax the detection of the "none" keyserver. | |||
rG0aa32e2429bb dirmngr: Allow conf files to disable default keyservers. | |||
rG0ad13023905d dirmngr: Allow conf files to disable default keyservers. |
Related Objects
- Mentioned In
- T7189: Release GnuPG 2.5.0
T6578: Release GnuPG 2.4.4
T6950: Kleopatra: Usability improvements for directory services configuration
T6866: Kleopatra: Remove fallback to keys.gnupg.net if no key server is configured
T6307: Release GnuPG 2.2.42
T6761: Kleopatra: Handle special keyserver value "none" - Mentioned Here
- T6950: Kleopatra: Usability improvements for directory services configuration
T6952: Gpg4win build system: Include commit hash in tarballs from gen-tarball.sh
T6953: Kleopatra: show commit id in about dialog
T6761: Kleopatra: Handle special keyserver value "none"
rG936954a18a2d: dirmngr: Relax the detection of the "none" keyserver.
T5903: Kleopatra: Add refresh button in certificatedetails
T6493: Kleopatra: Add feedback in search window
Event Timeline
Note that for vsd we also need to change our default configuration file. The new "none" value provides a better error message than the old default of assuming that the AD carries the keyserver (which it does not in practise).
BTW, with one of the recent gpgme fixes we now get
$~/b/gpgme/tests/run-keylist --extern --verbose foo run-keylist: file /home/wk/s/gpgme/tests/run-keylist.c line 414: <Dirmngr> No keyserver available
which is what users (and kleopatra) expects.
This works insofar that it is now possible to set "none" (via the registry in VSD):
But it does not speed up the lookup in Kleopatra as much as hoped for, yet, as we are held up by the error message "Suche auf Zertifikatserver fehlgeschlagen. Die Fehlermeldung lautet:
Kein Schlüsselserver verfügbar":
If we explicitly set "none" as a keyserver, there should be no error message because of it.
Only after acknowledging this message window do we get the WKD result.
I additionally suggest showing the WKD result first and only then showing an info window similar to the one we now show for key updates (T5903). This would fit into the scope of Ticket T6493, "Improvements on search window", though. Please consider to raise the prio of it if you want to continue this issue there.
Form the Gnupg-2.2 commit rG936954a18a2df made sure that the hkps:// prefixing from kleopatra is ignored.
Well I have looked at this ticket and posted a comment. We should talk about if there is anything left to do or not. I suspect that the gpg side is done and I should open one (or probably better several) ticket(s) for the kleopatra side.
I am pretty sure that we have done everything in gnupg. Now if we only had a workboard for kleopatra.
Does not work in Gpg4win-4.2.1-beta178
Inserting "none" as keyserver and saving results in the setting "hkps://none":
Which then causes:
After clicking OK, the search result for WKD is correctly shown though, that part is ok.
Hi, ebo I would still think this is resolved. Because it was never meant that the user manually enters the value of "none" because there is no hint for the user that "none" is a reserved word. It should either be administratively configured which does not make much sense for Gpg4win or provided by the distribution. If left empty the default of GnuPG should be used. If we really want users to deactivate keyserver access by using "none" in the dirmngr.conf a much better solution would be a checkbox for this. In that case I would open a new issue.
To be clear: This ticket is only about GnuPG (more precisely dirmngr) and the changes are included in VSD and Gpg4win.
Related changes in Kleopatra which are not included in VSD and Gpg4win are tracked in T6761: Kleopatra: Handle special keyserver value "none".
I would also suggest that we show the git last git commit in Kleo's About dialog. That makes it far easier to see what we are testing. The Kleo version numbers are a bit arbitrary.
It would also be helpful to include the git commit hash (additionally to the date) in the name of the snapshot tarballs used for gpg4win because the date is ambiguous.
- To configure a keyserver none I have now T6950: Kleopatra: Usability improvements for directory services configuration
- For tarball naming I created T6952: Gpg4win build system: Include commit hash in tarballs from gen-tarball.sh
- For the about dialog I have T6953: Kleopatra: show commit id in about dialog
Fixes are already in GnuPG 2.4.4 and can't be easily tested. Thus closing also for gnupg24