semantics of gnupg --keyserver in 2.1

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Dec 17 20:03:24 CET 2014


On Wed 2014-12-17 13:48:32 -0500, Andre Heinecke wrote:
> On Wednesday, December 17, 2014 12:31:24 PM Daniel Kahn Gillmor wrote:
>> I like the idea that if a --keyserver command line argument is present,
>> it would supersede the configuration information that dirmngr started up
>> with -- but only for these specific queries.  other queries routed
>> through the same dirmngr process concurrently (or afterward) should
>> retain their initial configuration.
>
> I also agree with you there. Afaik this happens now as the gnupg process 
> always sends a --clear with the first KEYSERVER command.

Here's what i see in the dirmngr log when doing:

  gpg2 --keyserver hkp://keys.gnupg.org --refresh $PGPID

2014-12-17 13:49:27 dirmngr[7354.0] ready with housekeeping
2014-12-17 13:58:21 dirmngr[7354.0] handler for fd 0 started
2014-12-17 13:58:21 dirmngr[7354.0] DBG: chan_0 -> # Home: /home/dkg/.gnupg
2014-12-17 13:58:21 dirmngr[7354.0] DBG: chan_0 -> # Config: /home/dkg/.gnupg/dirmngr.conf
2014-12-17 13:58:21 dirmngr[7354.0] DBG: chan_0 -> OK Dirmngr 2.1.1 at your service
2014-12-17 13:58:21 dirmngr[7354.0] connection from process 21358 (1000:1000)
2014-12-17 13:58:21 dirmngr[7354.1] handler for fd 1 started
2014-12-17 13:58:21 dirmngr[7354.1] DBG: chan_1 -> # Home: /home/dkg/.gnupg
2014-12-17 13:58:21 dirmngr[7354.1] DBG: chan_1 -> # Config: /home/dkg/.gnupg/dirmngr.conf
2014-12-17 13:58:21 dirmngr[7354.1] DBG: chan_1 -> OK Dirmngr 2.1.1 at your service
2014-12-17 13:58:21 dirmngr[7354.1] connection from process 21358 (1000:1000)
2014-12-17 13:58:21 dirmngr[7354.1] DBG: chan_1 <- KEYSERVER --clear hkp://keys.mayfirst.org
2014-12-17 13:58:21 dirmngr[7354.1] DBG: chan_1 -> OK
2014-12-17 13:58:21 dirmngr[7354.1] DBG: chan_1 <- KEYSERVER hkps://keys.mayfirst.org
2014-12-17 13:58:21 dirmngr[7354.1] DBG: chan_1 -> OK
2014-12-17 13:58:21 dirmngr[7354.1] DBG: chan_1 <- KS_GET -- 0x0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
2014-12-17 13:58:21 dirmngr[7354.1] DBG: gnutls:L5: REC[0x7fce58008600]: Allocating epoch #0
2014-12-17 13:58:21 dirmngr[7354.1] DBG: gnutls:L3: ASSERT: gnutls_constate.c:586

(yes, my gpg.conf says "keyserver hkps://keys.mayfirst.org")

so --clear is present, but the keyserver from the configuration file is
also introduced (and appears to take precedence, since you can see
gnutls being initialized).

       --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: </pipermail/attachments/20141217/edf0418f/attachment.sig>


More information about the Gnupg-devel mailing list