Download of public keys

sivmu at sivmu at
Fri Feb 17 13:37:06 CET 2017

Some time ago I asked about the unencrypted download of public keys.

The answer was that the current gnupg does use https by default to fetch the keys.
I found the time to retest this on a new setup and found that gnupg 2.1.18 still uses http connections to fetch the keys.

I uses a newly installes arch linux setup with basically nothing but the base linux tools and downloaded a public key whil sniffing on the network.
All requests, first to and tehn to some other keyservers were in plaintext.

The default dirmngr.conf file provided by arch, which seems to use gnupg 2.1.18 without changes, contains the followging lines:

# If exactly two keyservers are configured and only one is a Tor hidden
# service, Dirmngr selects the keyserver to use depending on whether
# Tor is locally running or not (on a per session base).

keyserver hkp://jirk5u4osbsr34t5.onion
keyserver hkp://

This would explain why no encryption is used. 

Is there something I missed or is this unintended?

More information about the Gnupg-users mailing list