Local solutions: SKS Keyserver Network Under Attack [edited]

Roland siemons at cleanfuels.nl
Tue Jul 2 11:21:24 CEST 2019 

Dear Forum,

GNUPG Users Digest is nearly flooding my mailbox with exchanges about 
the WoT and keyserver issues.

A simple user (me) needs to know how one could make adaptations in the 
settings of GPA or Kleopatra. I would expect instructions here:
https://kde.org/applications/utilities/org.kde.kleopatra
www.gnupg.org/related_software/gpa/
or perhaps here:
www.gpg4win.org/index.html
www.enigmail.net/index.php/en/
*There are not.*

Hansen's and DKG's blog are only partly helpful. For example my Linux 
system seems to *not* have a  ~/.gnupg/dirmngr.conf file at all (one of 
those files recommended for editing). I.e. Nautilus cannot find it.
So, I did adapt gpg.conf by outcommenting (#) any line starting with 
keyserver, but was not able to adapt the dirmngr.conf.
Upon inspection, thereafter, my GPA and Kleopatra were NOT correctly 
configured.

Trying to figure out how GPA and Kleopatra could be adapted, I found, 
for GPA: Menu > Edit > Backend preferences > Network > Configuration for 
Keyservers > Use custom value > adapt to hkps://keys.openpgp.org
For Kleopatra: Menu > Settings > Configure Kleopatra > Directory 
Services > Open PGP Keyserver > adapt to hkps://keys.openpgp.org
(I would have included an inline screenshot, but this list is allergic 
to html)

Apparently these GUI manipulations generated the ~/.gnupg/dirmngr.conf 
file! (Only hereafter they existed). And that file indeed showed the new 
keyserver.

GPG4Win and Enigmail need further research. (This is a suggestion. I 
cannot do it).

And further, I would have expected a program update that sets the 
defaults to the ones suggested by Hansen and DKG. Or is the matter still 
under consideration, or is it not that important? (I personally cannot 
judge it).

The only hint that I can give: The WoT nor keyservers are not very 
important in my case. I use GnuPG inside a small group of people who 
(for identity verification) can talk to each other, at least by 
telephone. I do not use Enigmail (since limited to few mail clients and 
not accepted by sufficient of my recipients), but just send encrypted 
messages as attachments.

Best regards

Roland

More information about the Gnupg-users mailing list