keys.openpgp.org not sending confirmation email

Binarus lists at binarus.de
Mon Sep 16 09:06:07 CEST 2019 

On 14.09.2019 13:15, Binarus wrote:
> I have used the Thunderbird / Enigmail / Gpg4Win troika for quite a
> while without any issue. Yesterday, I had to reinstall, and while doing
> so, upgraded to the newest versions of that packages, and while I was at
> it, revoked my old (1024-bit) keys and generated new (4096-bit) ones
> (using Enigmail's key management).
> 
> So I got four new key pairs, each of them associated with exactly one
> email address. I uploaded the four public keys, again using Enigmail's
> key management, to Enigmail's default key server, keys.openpgp.org.
> Enigmail reported success each time.
> 
> I got confirmation emails for three of that four keys, but it seems that
> the key server isn't in the mood to send a confirmation email for the
> fourth. I have uploaded that one multiple times since then (again via
> Enigmail's key management), each time getting a success message, but
> still getting no confirmation email.

The issue is solved now. I am documenting the solution for people who
are affected by the same problem and find this thread when searching.

Credits go to Vincent Breitmoser who has confirmed my own suspicion and
who was very helpful and fast with his support.

The point is that the key server failed to parse the key's ID as an
email address. The ID had the following structure (not the real ID, just
to make clear the structure):

Surname, Forename | Company <email at company.de>

Commas are not allowed as part of email addresses. While I knew that, I
made the wrong assumption that only the part between the brackets would
be considered the email address, and that I could use any characters for
the "name" part (expect brackets, of course ...).

Obviously, I was wrong, and the name part must obey the same rules as
the actual email address.

Vincent has told me that a certain number of other people had the same
problem, so they are thinking of making their parsers less strict, as
far as it concerns the name part. After my correspondence with him, I
think that they will be quite fast in implementing the changes.

However, I recommend everybody to make their whole key ID match the
rules for email addresses if they intend to upload it to a key server.

Personally, I have revoked all four of the new keys and generated new
ones with the ID being only the email address without a name part. While
this was not possible using Enigmail (because Enigmail insisted that I
had to add a name to the key), it was very easy by using gpg directly on
the command line (by the way, its documentation is quite good).

As a last tip, keys.openpgp.org offers to upload a public key directly.
When you do that, it will emit helpful messages in case of failure. In
my case, with the problematic key / ID, it clearly told the the ID could
not be parsed as an email address.

Unfortunately, I didn't know about the direct upload offer before asking
here ...

Regards, and thanks again,

Binarus

More information about the Gnupg-users mailing list