[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: No gpg keyservers available on GuixSD out-of-the-box

From: Ni*
Subject: Re: No gpg keyservers available on GuixSD out-of-the-box
Date: Mon, 04 Jan 2016 17:50:47 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

address@hidden (Ludovic Courtès) writes:

> address@hidden skribis:
>> On 2016-01-01 19:21, address@hidden wrote:
>>> On 2015-12-30 22:16, address@hidden wrote:
>>>> Which version of GnuPG is it, per “gpg2 --version”?
>>> ~$ gpg2 --version
>>> gpg (GnuPG) 2.1.10
>>> libgcrypt 1.6.3
>> I now tested with the 2.0 version and the result was that it only
>> worked when specifying the keyserver ( on the commandline.
>> So to sum it up (i'm on an i686 platform):
>> (with default config-files)
>> gpg 2.1.10 - keyservers are not reachable at all
>> gpg 2.0.29 - keyservers are only reachable when using --keyserver
>> URL-to-keyserver on the commandline omplains about wrong keyserver URI
>> when not specifying --keyserver URL-to-keyserver).
> I confirm that 2.1 behaves differently:
> $ $(guix build gnupg-2.1)/bin/gpg2 --keyserver --recv-keys 
> 3D9AEBB5
> gpg: key "3D9AEBB5 #EA52ECF4" not found
> gpg: (check argument of option '--hidden-encrypt-to')
> $ $(guix build gnupg-2.0)/bin/gpg2 --keyserver --recv-keys 
> 3D9AEBB5
> gpg: requesting key 3D9AEBB5 from hkp server
> gpg: key 3D9AEBB5: "Ludovic Courtès <address@hidden>" not changed
> gpg:       Nombro traktita entute: 1
> gpg:                   neŝanĝitaj: 1
> I would suggest reaching out to the GnuPG mailing lists.
> Ludo’.


I thought I figured out my mistake from 12 months ago when GnuPG broke
(and I faded out using it), the question here got me motivated to look
into 2.1 issues again.

I got it to the point where it works again, meaning searching for
keys (although I am unsure wether it uses hkp or hkps protocol), etc.

~/.gnupg$ tree
├── crls.d
│   └── DIR.txt
├── dirmngr.conf
├── gpg-agent.conf
├── gpg.conf
├── openpgp-revocs.d

├── private-keys-v1.d

├── pubring.kbx
├── pubring.kbx~
├── random_seed
├── S.dirmngr
├── S.gpg-agent
└── trustdb.gpg

What I did was start from scratch with GnuPG 2.1:

cat gpg.conf 
keyserver-options no-honor-keyserver-url include-revoked
keyid-format 0xlong
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 
BZIP2 ZLIB ZIP Uncompressed
verify-options show-uid-validity
list-options show-uid-validity
cert-digest-algo SHA512

cat dirmngr.conf 
keyserver hkp://
hkp-cacert /home/myusername/certificates/sks-keyservers.netCA.pem

cat gpg-agent.conf 
pinentry-program /home/myusername/.guix-profile/bin/pinentry-curses
default-cache-ttl 86400

I noticed that gpg-agent needs at least those 2 entries to work with.

Related question:
is it intentional that there's no pinentry-gtk and pinentry-qt in Guix?

Ni* --
Email is public. Talk to me in private:
privacy respecting, secure communication:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]