Re: --search-keys: "gpg: error searching keyserver: No inquire callback in IPC"

Wed, 28 Jul 2021 12:40:04 -0700 

On Mittwoch, 28. Juli 2021 18:38:07 CEST Rainer Fiebig via Gnupg-users wrote:
> Am 28.07.21 um 17:42 schrieb Andrew Gallagher:
> > On 28/07/2021 15:19, Rainer Fiebig via Gnupg-users wrote:
> >> 2021-07-28 16:06:50 dirmngr[4135.6] Fehler beim Verbinden mit
> >> 'https://keys.openpgp.org:443': Fehlendes Herausgeberzertifikat in der
> >> Kette
> >> 2021-07-28 16:06:50 dirmngr[4135.6] command 'KS_SEARCH' failed:
> >> Fehlendes Herausgeberzertifikat in der Kette
> >> 2021-07-28 16:06:50 dirmngr[4135.6] Handhabungsroutine für den fd 6
> >> beendet
> > 
> > "Fehlendes Herausgeberzertifikat in der Kette" translates as "Missing
> > publisher certificate in the chain", is that correct?
> 
> Correct.
> 
> > keys.openpgp.org uses LetsEncrypt as their TLS CA. Can you connect to
> > other keyservers that also use LetsEncrypt? For example, pgpkeys.eu uses
> > the same intermediate certificate (LetsEncrypt R3) as keys.openpgp.org.
> 
> This works:
> 
> ~> gpg --keyserver pgpkeys.eu --search-keys
> E3FF2839C048B25C084DEBE9B26995E310250568
> gpg: enabled debug flags: memstat
> gpg: data source: http://pgpkeys.eu:11371
> (1)   Łukasz Langa (GPG langa.pl) <luk...@langa.pl>
>       Łukasz Langa <luk...@edgedb.com>
>       Łukasz Langa <luk...@python.org>
>       Łukasz Langa (Work e-mail account) <a...@fb.com>
>         4096 bit RSA key B26995E310250568, erzeugt: 2015-05-11
> Keys 1-1 of 1 for "E3FF2839C048B25C084DEBE9B26995E310250568".  Eingabe
> von Nummern, Nächste (N) oder Abbrechen (Q) >

Doesn't use TLS. Just plain HTTP.

> Each of these lines in dirmngr.conf also work:
> keyserver http://keys2.andreas-puls.de/
> keyserver http://pgpkeys.eu/

Ditto. Since your problems seem to be related to TLS it's not really 
surprising that keyservers not using https work.

Does 'gpg --keyserver hkps://pgpkeys.eu --search-keys ...' work for you?

What does 'curl -v https://keys.openpgp.org' say?

Regards,
Ingo

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to