Trouble with keyservers

David Shaw dshaw at
Mon Oct 22 13:53:00 CEST 2007

On Sun, Oct 21, 2007 at 09:45:56PM -0700, Doug Barton wrote:
> On Sun, 21 Oct 2007, David Shaw wrote:
> > Or to be more accurate, you DO have a key for encryption, but the
> > keyserver isn't storing it.  This is a well-known keyserver bug with
> > the pksd keyserver software,
> Out of curiosity, what software are the servers running? 
> I've had pretty good luck with that pool but I would hate to think I'm not 
> getting the complete picture. (Not to mention if I ever decide to generate 
> a key with subkeys ...) is running a mix of sks and pksd.  The history of pgp
keyservers is a little messy, but essentially means
"won't destroy your key with multiple subkeys" and not "stores the
complete key and all subkeys".  The distinction is crucial. ;)

I suspect the reason this hasn't been a bigger problem is that most
people have only one subkey, so they never see this.

> > but many sites refuse to stop running it, despite this and other bugs. 
> > If you use a keyerver running sks software, you'll be fine.  I believe 
> > that has only sks servers in its mix.
> Is there a way for us to tell that remotely?

One way is to add "--keyserver-options debug" to your command when you
hit a keyserver.  GPG will print out some information, including a
line like:

  Server: sks_www/1.0.10
  Server: pks_www/0.9.6

sks is sks, and pks is pksd.


More information about the Gnupg-users mailing list