Local solutions: SKS Keyserver Network Under Attack

Mirimir mirimir at riseup.net
Thu Jul 4 07:19:13 CEST 2019


Moved by Roland's requests, I've broken Enigmail in a fresh VM. And I'd
appreciate some advice about how to fix it.

I installed Thunderbird and Enigmail in a Debian 9.5 x64 VM with Gnome.
Using Enigmail Key Management, I tried to get rjh's 1DCBDC01B44427C7
from pool.sks-keyservers.net, but that just timed out.

So I downloaded it via HTTPS. And it was ~60MB. I tried importing from
the downloaded file, but that went nowhere. With 100% CPU.

So I got it from https://keybase.io/rjh and imported from clipboard in
Enigmail Key Management. That worked just fine. So then I tried
refreshing keys in Enigmail, leaving pool.sks-keyservers.net as the
default keyserver. And that failed, complaining about no dirmngr. Then I
tried refreshing keys with gpg in terminal, and got the same error about
no dirmngr.

Then I deleted rjh's key, and got my own from Keybase, and imported it.
But when I tried refreshing keys, I got the same error about no dirmngr.

So gpg must still work, because I can import and delete keys via
Enigmail. But something seems borked about dirmngr. I guess that I'll
try purging and reinstalling. Or is there a better fix?

And yes, I should have tested everything first with a clean key, before
messing with rjh's key. Is it likely that I borked dirmngr during the
intital attempt to get it from pool.sks-keyservers.net?



More information about the Gnupg-users mailing list