Beta for 2.1.1 available
Hugo Hinterberger
hugo.hinterberger at gmx.net
Tue Nov 25 10:50:24 CET 2014
Hi Kristian,
On Mon, 24 Nov 2014 21:40:22 +0100, Kristian Fiskerstrand
<kristian.fiskerstrand at sumptuouscapital.com> wrote:
> For 2.1 you need the following in dirmngr.conf:
> hkp-cacert /path/to/sks-keyservers.netCA.pem
>
> instead of
> keyserver-options
> ca-cert-file="C:/Users/<username>/AppData/Roaming/gnupg/sks-keyservers.netCA.crt"
OK, so: sks-keyservers.netCA.crt is a PEM encoded (...BEGIN
CERTIFICATE...END CERTIFICATE...) certificate and is hardlinked to
sks-keyservers.netCA.pem . The files are located in %appdata%/gnupg/ .
In dirmngr.conf I have the following line:
hkp-cacert
"C:/Users/<username>/AppData/Roaming/gnupg/sks-keyservers.netCA.pem"
In gpg.conf I have also the following line:
keyserver-options
ca-cert-file="C:/Users/hinterberger.h/AppData/Roaming/gnupg/sks-keyservers.netCA.crt"
This means I have both options set => no change: No keyserver available.
I commented out the line in gpg.conf => still no change.
Pinging the keyserver works.
Hmm... I just tried to:
> wget --certificate=sks-keyservers.netCA.pem
> "https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&search=0x8BCF070743176C6A"
and I got:
OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
OpenSSL: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
Disabling SSL due to encountered errors.
OK, using "--ca-certificate" instead of "--certificate" worked, so the
network seems to be OK.
gpg --keyserver hkps://hkps.pool.sks-keyservers.net --recv-key
0x8BCF070743176C6A
gpg --keyserver https://hkps.pool.sks-keyservers.net --recv-key
0x8BCF070743176C6A
Both fail. Using hkp, on the other hand, works.
Regards,
Hugo
More information about the Gnupg-users
mailing list