Local solutions: SKS Keyserver Network Under Attack

Peter Lebbing peter at digitalbrains.com
Wed Jul 3 12:58:39 CEST 2019

Hello Roland,

> Hansen's and DKG's blog are only partly helpful. For example my Linux
> system seems to *not* have a  ~/.gnupg/dirmngr.conf file at all (one
> of those files recommended for editing). I.e. Nautilus cannot find it.

The usual case on Linux systems is that if a configuration file would
otherwise be empty or equal to the default (the two can be entirely
different things in general!), the configuration file simply does not

So instead of modifying ~/.gnupg/dirmngr.conf, *create* one and put a
single line in it saying

keyserver hkps://keys.openpgp.org/

I encountered some strange behaviour here: I invoked

$ gpgconf --reload dirmngr

afterwards (otherwise dirmngr will not reconsider its now changed
configuration), and it *did not work*. It was still using the default.
It did work after I rebooted (I was not in the mood to fiddle more with
it and did the most heavy-handed thing that would work).

Also, Enigmail doesn't seem to use this configuration at all and instead
it is configured at

Enigmail -> Preferences -> Keyserver

I did verify using systemd's journal that the gpgconf --reload command
reached its intended goal: dirmngr said "re-reading config". It just
didn't have an effect for some odd reason. For people thinking about
this: no, I don't use Tor for keyservers, it's not related to dirmngr
refusing to change keyservers when on Tor.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190703/990cd3bb/attachment.sig>

More information about the Gnupg-users mailing list