Keyserver lookup failure, redux
Werner Koch
wk at gnupg.org
Wed Sep 23 10:08:31 CEST 2015
On Tue, 22 Sep 2015 23:38, rjh at sixdemonbag.org said:
> Back in February I reported a bug that was preventing GnuPG 2.1.2 from
> being able to look up certificates on the keyservers:
Sorry, this got lost. Your mail back then was:
Is there any explanation for this behavior, or is this a 2.1.2 bug?
(This is using Patrick's OS X package, if that matters. It also affects
all keyservers I tested, not just the round-robin front-end.)
quorra:~ rjh$ gpg -vvvv --keyserver x-hkp://pool.sks-keyservers.net
--recv-key 0xD6B98E10
gpg: using character set 'utf-8'
gpg: keyserver receive failed: No route to host
quorra:~ rjh$ ping pool.sks-keyservers.net
PING pool.sks-keyservers.net (140.211.169.202): 56 data bytes
64 bytes from 140.211.169.202: icmp_seq=0 ttl=55 time=102.879 ms
Well, for me it works (only one -v to keep the output short):
$ gpg -v --keyserver hkp://pool.sks-keyservers.net --recv-key 0xD6B98E10
gpg: data source: http://sks.mrball.net:11371
gpg: armor header: Version: SKS 1.1.5
gpg: armor header: Comment: Hostname: sks.mrball.net
gpg: pub dsa2048/23806BE5D6B98E10 2008-07-30 Robert J. Hansen [...]
gpg: key 23806BE5D6B98E10: removed multiple subkey binding
gpg: key 23806BE5D6B98E10: removed multiple subkey binding
gpg: key 23806BE5D6B98E10: "Robert J. Hansen <[...]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
However, this used a different keyserver from the pool. Let's check:
$ gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye
S # hosttable (idx, ipv6, ipv4, dead, name, time):
S # 0 6 4 keys.mayfirst.org v6=[2001:470:1:116::6] v4=216.66.15.2
S # 1 pool.sks-keyservers.net
S # . pool.sks-keyservers.net
S # . --> 8 19 5 6 3 14 11 18 13 10 7 17 16* 12 20 15 4 2 9
S # 2 6 [2001:ba8:1f1:f2d4::2]
S # 3 6 keys.stueve.us v6=[2001:470:e232:1681:214:d1ff:fe18:5019]
S # 4 6 [2001:67c:2050:1000::3:4]
S # 5 6 jupiter.zaledia.com v6=[2001:41d0:52:600::4c]
S # 6 6 keys.jhcloos.com v6=[2602:ffea:1:ea::1]
S # 7 6 openpgp.us v6=[2604:a880:800:10::60d:b001]
S # 8 6 4 bluemlisalp.durcheinandertal.ch v6=[2a03:580:f001:103::2] v4=217.197.135.103
S # 9 6 [2a01:4f8:192:f5::3]
S # 10 6 openpgp-keyserver.de v6=[2a01:4f8:d12:1cca::2]
S # 11 6 matteoswelt.de v6=[2a01:4f8:d16:24c1::2]
S # 12 4 sks.powdarrmonkey.net v4=78.157.209.9
S # 13 4 mx1.adeti.org v4=91.121.41.109
S # 14 4 keys02.fedoraproject.org v4=140.211.169.202
S # 15 4 tyo1.sks.reimu.io v4=157.7.123.130
S # 16 4 sks.mrball.net v4=208.89.139.251
S # 17 4 s3.pkern.at v4=5.45.99.106
S # 18 4 metalgamer.eu v4=5.45.108.219
S # 19 4 cryptonomicon.mit.edu v4=18.9.60.141
S # 20 4 stlhs.archreactor.org v4=68.187.0.77
OK
Trying your keyserver:
$ gpg -v --keyserver hkp://keys02.fedoraproject.org --recv-key 0xD6B98E10
gpg: data source: http://keys02.fedoraproject.org:11371
gpg: armor header: Version: SKS 1.1.5
gpg: armor header: Comment: Hostname: keys.fedoraproject.org
gpg: pub dsa2048/23806BE5D6B98E10 2008-07-30 Robert J. Hansen <[...]>
gpg: key 23806BE5D6B98E10: removed multiple subkey binding
gpg: key 23806BE5D6B98E10: removed multiple subkey binding
gpg: key 23806BE5D6B98E10: "Robert J. Hansen <[...]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
So, no problem here. I have a v6 and a v4 connection and running Linux
on i386. Can you please run this after the failed --recv-key with the
pool:
gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye
maybe we can see what is special with your build.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list