--search-keys: "gpg: error searching keyserver: No inquire callback in IPC"

Werner Koch wk at gnupg.org
Sat Jul 31 17:40:10 CEST 2021


On Thu, 29 Jul 2021 18:36, Andrew Gallagher said:

> If you built gnupg from its default configuration, it does not
> automatically look in /etc/ssl/certs for CA certificates. You may want

On Unix and unless gnupg was build with --with-default-trust-store-file
the following collections of certificates are used for TLS:

    { "/etc/ssl/ca-bundle.pem" },
    { "/etc/ssl/certs/ca-certificates.crt" },
    { "/etc/pki/tls/cert.pem" },
    { "/usr/local/share/certs/ca-root-nss.crt" },
    { "/etc/ssl/cert.pem" }

> to add a soft link from /etc/gnupg/trusted-certs to /etc/ssl/certs so
> that dirmngr looks in the Mozilla certificate library.

Not a too good idea becuase these certificates are used for a different
purpose.  


FWIW, here is the list of internal certificate classes used:

  CERTTRUST_CLASS_SYSTEM  = 1, /* From the system's list of trusted certs. */
  CERTTRUST_CLASS_CONFIG  = 2, /* From dirmngr's config files.         */
  CERTTRUST_CLASS_HKP     = 4, /* From --hkp-cacert                    */
  CERTTRUST_CLASS_HKPSPOOL= 8, /* The one and only from sks-keyservers */


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210731/619dab4b/attachment.sig>


More information about the Gnupg-users mailing list