SKS Keyserver, HKPS, and GnuPG 2.1

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Wed Mar 18 21:21:08 CET 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 03/18/2015 09:13 PM, Samir Nassar wrote:
> On Wednesday, March 18, 2015 08:54:47 PM Kristian Fiskerstrand 
> wrote:
>> Hmm, I didn't notice that it was a wildcard cert, that should 
>> also support holdfast.myriapolis.net in the cert matching, 
>> however it results a redirect and 	404 for [0]. If you add this 
>> as a vhost I suspect it will work in your configuration.
> 
> I configured nginx to also server up holdfast.myriapolis.net on 
> port 11371

11371 is expected to be for HKP, so requiring this to be TLS is bad
practice.

> 
> testing with:
> 
> gpg-connect-agent --verbose --dirmngr 'keyserver 
> https://keyserver.myriapolis.net:11371' 'ks_get 1e42b367' /bye
> 
> gpg-connect-agent --verbose --dirmngr 'keyserver 
> https://holdfast.myriapolis.net:11371' 'ks_get 1e42b367' /bye

https shouldn't work in this regard, it require the API from HKP protocol

> 
> and with:
> 
> gpg-connect-agent --verbose --dirmngr 'keyserver 
> hkps://keyserver.myriapolis.net:11371' 'ks_get 1e42b367' /bye
> 
> gpg-connect-agent --verbose --dirmngr 'keyserver 
> hkps://holdfast.myriapolis.net:11371' 'ks_get 1e42b367' /bye
> 

What if you just update the keyserver in gpg.conf and kill the dirmngr
(it will auto-restart)?


> Gives this result:
> 
> OK ERR 1 General error <Unspecified source> gpg-connect-agent: 
> closing connection to agent

increase verbosity, e.g. gpg --debug-level guru --search
blah at invaliddomain.com , alternatively specify debug / debug-level in
dirmngr.conf along with a log-file

> 
> Samir
> 
> 
> 
> _______________________________________________ Gnupg-users
> mailing list Gnupg-users at gnupg.org 
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 


- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Testis unus, testis nullus
A single witness is no witness
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJVCd36AAoJEP7VAChXwav6gDQIAJ9WiiGHT1dLkbyGAxzW8h5X
Es6CZBWZ7fAvpZvR5ES/4BtnPXC2Wcw1QAbed0fzlZDe2SJf4t6JznYsOJAm7VGS
Ru629/ecytSdPddIhQkFaI+Exc5uA4lX8qGHi6L5zKH9t9EgMbF9KBJzIDPSngFz
hbrY4d1TWHC8jX53vPIAwB2xX5EdBlQpJiKpoL+RzHkLzCh3TcnHbIcInCEUgSpI
gxPUWhvFgPX+AOS4Bpp/Mv7hE7w9Kb6KrVDA2r6jtsi/1oA2rnnz9gtZ8B1qYBlr
YYG8aoOsfb5Y00GGSRa5FL5TiSIsCehP8wA2A5pHqfLSECxm6y/PauEYCuyqkl4=
=VVlz
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list