GnuPG 2.1.0: --refresh-keys regression

Luis Ressel aranea at
Tue Nov 11 23:49:20 CET 2014


One of the changes introduced with GnuPG 2.1 -- namely, using dirmngr
for key retrieval -- has caused some problems for me. First of all, I'm
not able to use gpg --refresh-keys anymore, as dirmngr requests all of
the keys from the keyserver at once, instead of one-by-one as GnuPG 2.0

For keyrings with more than approx. 70 keys, the keyserver
( denies the request, thereby causing the error
    gpg: keyserver refresh failed: Too many objects
and failure to receive any key updates.

I assume keymngr should handle this in a better way (or is it wrong for
the keyservers to deny such requests?)

dirmngr also seems to have problems with hkps certificate checking for
keyserver addresses with round-robin DNS, but I need to examine this
further before I can provide details.

Luis Ressel

Luis Ressel <aranea at>
GPG fpr: F08D 2AF6 655E 25DE 52BC  E53D 08F5 7F90 3029 B5BD

More information about the Gnupg-users mailing list