Local solutions: SKS Keyserver Network Under Attack
Peter Lebbing
peter at digitalbrains.com
Wed Jul 3 12:58:39 CEST 2019
Hello Roland,
> Hansen's and DKG's blog are only partly helpful. For example my Linux
> system seems to *not* have a ~/.gnupg/dirmngr.conf file at all (one
> of those files recommended for editing). I.e. Nautilus cannot find it.
The usual case on Linux systems is that if a configuration file would
otherwise be empty or equal to the default (the two can be entirely
different things in general!), the configuration file simply does not
exist.
So instead of modifying ~/.gnupg/dirmngr.conf, *create* one and put a
single line in it saying
keyserver hkps://keys.openpgp.org/
I encountered some strange behaviour here: I invoked
$ gpgconf --reload dirmngr
afterwards (otherwise dirmngr will not reconsider its now changed
configuration), and it *did not work*. It was still using the default.
It did work after I rebooted (I was not in the mood to fiddle more with
it and did the most heavy-handed thing that would work).
Also, Enigmail doesn't seem to use this configuration at all and instead
it is configured at
Enigmail -> Preferences -> Keyserver
I did verify using systemd's journal that the gpgconf --reload command
reached its intended goal: dirmngr said "re-reading config". It just
didn't have an effect for some odd reason. For people thinking about
this: no, I don't use Tor for keyservers, it's not related to dirmngr
refusing to change keyservers when on Tor.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190703/990cd3bb/attachment.sig>
More information about the Gnupg-users
mailing list