Keyserver lookup failure, redux

Werner Koch wk at gnupg.org
Wed Sep 23 10:08:31 CEST 2015


On Tue, 22 Sep 2015 23:38, rjh at sixdemonbag.org said:
> Back in February I reported a bug that was preventing GnuPG 2.1.2 from
> being able to look up certificates on the keyservers:

Sorry, this got lost.  Your mail back then was:

  Is there any explanation for this behavior, or is this a 2.1.2 bug?
  (This is using Patrick's OS X package, if that matters.  It also affects
  all keyservers I tested, not just the round-robin front-end.)
  
  quorra:~ rjh$ gpg -vvvv --keyserver x-hkp://pool.sks-keyservers.net
                    --recv-key 0xD6B98E10
  gpg: using character set 'utf-8'
  gpg: keyserver receive failed: No route to host
  
  quorra:~ rjh$ ping pool.sks-keyservers.net
  PING pool.sks-keyservers.net (140.211.169.202): 56 data bytes
  64 bytes from 140.211.169.202: icmp_seq=0 ttl=55 time=102.879 ms
  
Well, for me it works (only one -v to keep the output short):

  $ gpg -v --keyserver hkp://pool.sks-keyservers.net --recv-key 0xD6B98E10
  gpg: data source: http://sks.mrball.net:11371
  gpg: armor header: Version: SKS 1.1.5
  gpg: armor header: Comment: Hostname: sks.mrball.net
  gpg: pub  dsa2048/23806BE5D6B98E10 2008-07-30  Robert J. Hansen [...]
  gpg: key 23806BE5D6B98E10: removed multiple subkey binding
  gpg: key 23806BE5D6B98E10: removed multiple subkey binding
  gpg: key 23806BE5D6B98E10: "Robert J. Hansen <[...]>" not changed
  gpg: Total number processed: 1
  gpg:              unchanged: 1
  
However, this used a different keyserver from the pool.  Let's check:

  $ gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye
  S # hosttable (idx, ipv6, ipv4, dead, name, time):
  S #   0 6 4   keys.mayfirst.org v6=[2001:470:1:116::6] v4=216.66.15.2
  S #   1       pool.sks-keyservers.net
  S #   .       pool.sks-keyservers.net
  S #   .   --> 8 19 5 6 3 14 11 18 13 10 7 17 16* 12 20 15 4 2 9
  S #   2 6     [2001:ba8:1f1:f2d4::2]
  S #   3 6     keys.stueve.us v6=[2001:470:e232:1681:214:d1ff:fe18:5019]
  S #   4 6     [2001:67c:2050:1000::3:4]
  S #   5 6     jupiter.zaledia.com v6=[2001:41d0:52:600::4c]
  S #   6 6     keys.jhcloos.com v6=[2602:ffea:1:ea::1]
  S #   7 6     openpgp.us v6=[2604:a880:800:10::60d:b001]
  S #   8 6 4   bluemlisalp.durcheinandertal.ch v6=[2a03:580:f001:103::2] v4=217.197.135.103
  S #   9 6     [2a01:4f8:192:f5::3]
  S #  10 6     openpgp-keyserver.de v6=[2a01:4f8:d12:1cca::2]
  S #  11 6     matteoswelt.de v6=[2a01:4f8:d16:24c1::2]
  S #  12   4   sks.powdarrmonkey.net v4=78.157.209.9
  S #  13   4   mx1.adeti.org v4=91.121.41.109
  S #  14   4   keys02.fedoraproject.org v4=140.211.169.202
  S #  15   4   tyo1.sks.reimu.io v4=157.7.123.130
  S #  16   4   sks.mrball.net v4=208.89.139.251
  S #  17   4   s3.pkern.at v4=5.45.99.106
  S #  18   4   metalgamer.eu v4=5.45.108.219
  S #  19   4   cryptonomicon.mit.edu v4=18.9.60.141
  S #  20   4   stlhs.archreactor.org v4=68.187.0.77
  OK
  
Trying your keyserver:

  $ gpg -v --keyserver hkp://keys02.fedoraproject.org --recv-key 0xD6B98E10
  gpg: data source: http://keys02.fedoraproject.org:11371
  gpg: armor header: Version: SKS 1.1.5
  gpg: armor header: Comment: Hostname: keys.fedoraproject.org
  gpg: pub  dsa2048/23806BE5D6B98E10 2008-07-30  Robert J. Hansen <[...]>
  gpg: key 23806BE5D6B98E10: removed multiple subkey binding
  gpg: key 23806BE5D6B98E10: removed multiple subkey binding
  gpg: key 23806BE5D6B98E10: "Robert J. Hansen <[...]>" not changed
  gpg: Total number processed: 1
  gpg:              unchanged: 1
  
So, no problem here.  I have a v6 and a v4 connection and running Linux
on i386.  Can you please run this after the failed --recv-key with the
pool:

  gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye

maybe we can see what is special with your build.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list