From dashohoxha at gmail.com Mon May 3 19:53:46 2021 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Mon, 3 May 2021 19:53:46 +0200 Subject: OpenPGP Web Key Directory Message-ID: Hi, I would appreciate if someone could review this article and provide any comments or feedback: http://dashohoxha.fs.al/web-key-directory/ Regards, Dashamir From bernhard at intevation.de Tue May 4 14:46:18 2021 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue, 4 May 2021 14:46:18 +0200 Subject: OpenPGP Web Key Directory In-Reply-To: References: Message-ID: <202105041446.25094.bernhard@intevation.de> Hi Dashamir, Am Montag 03 Mai 2021 19:53:46 schrieb Dashamir Hoxha via Gnupg-devel: > I would appreciate if someone could review this article and provide > any comments or feedback: http://dashohoxha.fs.al/web-key-directory/ just briefly browsed it (not read through everything). Thanks for working on WKD and WKS in the first place! It is helpful to get the word out on this. Some suggestions: * Give details about the version numbers and systems that you give commands for. (Maybe Debian as you use apt-get.) * Personally I found it too long, maybe the container part could at least be split out. * There is some duplication to what is in the wiki.gnupg.org other places in the documentation and your article. (You can add stuff to the wiki, too. :)) * There are a few recommendations for the server in the specificaton like RR record if the advanced method is used or the disabling of directory listings. Maybe your examples could mention them. * It is still okay to use the public keyservers. I like the first three sections. Best Regards, Bernhard -- www.intevation.de/~bernhard ? +49 541 33 508 3-3 Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: This is a digitally signed message part. URL: From dashohoxha at gmail.com Tue May 4 19:48:45 2021 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Tue, 4 May 2021 19:48:45 +0200 Subject: OpenPGP Web Key Directory In-Reply-To: <202105041446.25094.bernhard@intevation.de> References: <202105041446.25094.bernhard@intevation.de> Message-ID: Bernhard, thanks for your quick review and suggestions. On Tue, May 4, 2021 at 4:20 PM Bernhard Reiter wrote: > Thanks for working on WKD and WKS in the first place! > It is helpful to get the word out on this. I think so too. WKD is an important piece of the GnuPG ecosystem, and not so difficult either. I have registered a presentation of up to 15 min about it on OW2con'21: https://www.ow2con.org/view/2021/ (it will be online). I intend to present the first 3 sections of this article, without going into much details about WKS, docker containers, postfix, etc. > Some suggestions: > * Give details about the version numbers and systems > that you give commands for. (Maybe Debian as you use > apt-get.) Actually it is the latest ubuntu stable release (Ubuntu-20.04, or focal). But I think that everything should work exactly the same on the latest debian stable release (buster). > * Personally I found it too long, maybe the container part > could at least be split out. Yes, it is a bit long. And it is mostly structured as a step-by-step tutorial, with instructions to be followed and commands to be tried. Which makes it a bit difficult to just read through it. However the container part (building a WKS server with docker) is my main contribution to this topic, so I can't leave it out. And the first three sections are a quick introduction to WKD. > * There is some duplication to what is in the wiki.gnupg.org > other places in the documentation and your article. (You can > add stuff to the wiki, too. :)) Wiki maintainers can feel free to copy any parts if they wish. I don't think there is anything wrong with duplication. > * There are a few recommendations for the server in the specificaton > like RR record if the advanced method is used or the disabling > of directory listings. Maybe your examples could mention them. Maybe I should mention disabling of directory listing, although one of the examples (in the container part) includes the apache2 directive "Options -Indexes", which does it. In general, if the WKD contains only your own key, maybe it is not strictly necessary. However for a large organization it is. About the RR record, I have noticed it in the specs, but I am not sure how this record should look like. Besides, if the WKD clients only checks for the presence of the 'policy' file to find out whether the advanced method is available, maybe it doesn't make any difference. > * It is still okay to use the public keyservers. I only mention quickly that they are not recommended, without going into much details about their problems. And I say that WKD is the recommended way for public key sharing, again without going into much details. Best regards, Dashamir From dashohoxha at gmail.com Sat May 8 00:37:11 2021 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Sat, 8 May 2021 00:37:11 +0200 Subject: OpenPGP Web Key Directory In-Reply-To: References: <202105041446.25094.bernhard@intevation.de> Message-ID: On Tue, May 4, 2021 at 7:48 PM Dashamir Hoxha wrote: > > * There are a few recommendations for the server in the specificaton > > like RR record if the advanced method is used or the disabling > > of directory listings. Maybe your examples could mention them. > > Maybe I should mention disabling of directory listing I have updated the blog post to mention this. By the way here is my presentation: - http://dashohoxha.fs.al/presentations/OpenPGP-Web-Key-Directory.pdf - https://www.youtube.com/watch?v=ucWFqU3aO08 Best regards, Dashamir From patrick at enigmail.net Sun May 9 11:53:17 2021 From: patrick at enigmail.net (Patrick Brunschwig) Date: Sun, 9 May 2021 11:53:17 +0200 Subject: Importing secret keys via gpgme-json Message-ID: I'm trying to import keys using gpgme-json 1.15.1. Importing public keys works as expected, but it seems that for secret keys, only the public key part is imported. Is there an option to allow importing secret keys or is importing of secret keys not supported? Thanks, Patrick From wk at gnupg.org Mon May 10 19:08:15 2021 From: wk at gnupg.org (Werner Koch) Date: Mon, 10 May 2021 19:08:15 +0200 Subject: Importing secret keys via gpgme-json In-Reply-To: (Patrick Brunschwig's message of "Sun, 9 May 2021 11:53:17 +0200") References: Message-ID: <87pmxyseio.fsf@wheatstone.g10code.de> On Sun, 9 May 2021 11:53, Patrick Brunschwig said: > Importing public keys works as expected, but it seems that for secret > keys, only the public key part is imported. Is there an option to allow > importing secret keys or is importing of secret keys not supported? Unless you have specific gpg import options, it should just work. If in doubt, build gpgme and test with tests/run-import or run GPGME_DEBUG=7:gpgme.log ./gpgme-json and check the log file. It might however, be easier to put log-file /some-file into gpg.conf to see gpg's diagnostics. GPGME also has an audit feature which can be used to get the gpg diagnostics; I am not sure whether gpgme-json supports this, though. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From luca.bogdan at gmail.com Wed May 12 16:13:34 2021 From: luca.bogdan at gmail.com (Bogdan Luca) Date: Wed, 12 May 2021 17:13:34 +0300 Subject: [PATCH gnupg] agent: Fix PIN caching. Message-ID: * agent/call-scd.c (padding_info_cb): Fix handle_pincache_put call. -- GnuPG-bug-id: 5436 Signed-off-by: Bogdan Luca --- agent/call-scd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent/call-scd.c b/agent/call-scd.c index 3ede33c1d..eb2078472 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -546,7 +546,7 @@ padding_info_cb (void *opaque, const char *line) *r_padding = atoi (s); } else if ((s=has_leading_keyword (line, "PINCACHE_PUT"))) - err = handle_pincache_put (line); + err = handle_pincache_put (s); return err; } -- 2.31.1 From luca.bogdan at gmail.com Wed May 12 15:35:17 2021 From: luca.bogdan at gmail.com (Bogdan Luca) Date: Wed, 12 May 2021 16:35:17 +0300 Subject: Bogdan Luca DCO Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 GnuPG Developer's Certificate of Origin. Version 1.0 ===================================================== By making a contribution to the GnuPG project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the free software license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate free software license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same free software license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the free software license(s) involved. Signed-off-by: Bogdan Luca -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEZ+WNrKd/eepVEPybNrR8RrsxtOAFAmCb0HQACgkQNrR8Rrsx tOAGCA/9EQxHGxMckX+IHr3ZWr8YQ9pv4hTHpNX80JlqIe/H5OHNKdkrMRxgJIED +mS0cqDwPc7rUK5xf5SIA6qtcMbUUclQ7M2zzJ/1SxDAilfug2Xmcy/QJynjMQli BjY2+CiVugyQ24H+yqYpYGMZbtH5RMgJDo0mKGgFIp6u6cSwB3PwmYoGu70epkQ/ C4i4u9YwTyRSWqjdOq8Tj2yM3827DsQC50kQAR/7xCp8feP6AnYRDezEvf2t6d/8 3VNX2lcfkQTNCgqtbLDConcg6iwy/H4L1i/7uk5VnS2kmxe4lOYgk+iuur5RDtOW AE4SkT4WL9Vlv1othSlJkgWlMi+jLjM1q2p3ucL1JbJqNQfjItLcaQ1MMmyvvi+X 98hwEERMNXf/hrz1aF4jyXOlJ0ix3guo0VXtKTXwrXtKCflN6qP+0/94wwbYeD1V iX+xxdEDkj+2c516L+md/Ghp4B2jfaiy/4RzUtCyRWvB70jnGbIwmPvwflv78Z5l MpZTi009kJiJmWQ0jkAhXopdfz1l3cgtcx3N42G5k74nX12KMFGN5QoRGlkc4DqB ifAxC4c7ExH7edyIP6oT4Cr+gGb4MKfHMo4Pj8LA9rMaf/k9bKA4QBp1V/Hicnly AfYSoF2PUzTA5BNV1457ahOIjK1Hyj0Noi/KPb1snoZ3Paw5vgg= =ZyiJ -----END PGP SIGNATURE----- From patrick at enigmail.net Thu May 13 15:58:44 2021 From: patrick at enigmail.net (Patrick Brunschwig) Date: Thu, 13 May 2021 15:58:44 +0200 Subject: Importing secret keys via gpgme-json In-Reply-To: <87pmxyseio.fsf@wheatstone.g10code.de> References: <87pmxyseio.fsf@wheatstone.g10code.de> Message-ID: Werner Koch wrote on 10.05.2021 19:08: > On Sun, 9 May 2021 11:53, Patrick Brunschwig said: > >> Importing public keys works as expected, but it seems that for secret >> keys, only the public key part is imported. Is there an option to allow >> importing secret keys or is importing of secret keys not supported? > > Unless you have specific gpg import options, it should just work. > If in doubt, build gpgme and test with tests/run-import or run > > GPGME_DEBUG=7:gpgme.log ./gpgme-json > > and check the log file. It might however, be easier to put > > log-file /some-file > > into gpg.conf to see gpg's diagnostics. GPGME also has an audit feature > which can be used to get the gpg diagnostics; I am not sure whether > gpgme-json supports this, though. 2021-05-13 15:53:58 gpg[2481] DBG: cache_user_id: already in cache 2021-05-13 15:53:58 gpg[2481] error getting the KEK: Forbidden 2021-05-13 15:53:58 gpg[2481] error reading '-&10': Forbidden 2021-05-13 15:53:58 gpg[2481] import from '-&10' failed: Forbidden 2021-05-13 15:53:58 gpg[2481] Total number processed: 0 2021-05-13 15:53:58 gpg[2481] imported: 1 2021-05-13 15:53:58 gpg[2481] secret keys read: 1 2021-05-13 15:53:58 gpg[2481] keydb: handles=3 locks=2 parse=2 get=2 2021-05-13 15:53:58 gpg[2481] build=1 update=0 insert=1 delete=0 2021-05-13 15:53:58 gpg[2481] reset=1 found=2 not=1 cache=0 not=0 I have attached the complete log, but I think this is the most relevant part of it. Apparently, reading from -&10 does not seem to work. -Patrick -------------- next part -------------- 2021-05-13 15:53:58 gpg[2481] enabled debug flags: packet filter cache memstat trust extprog 2021-05-13 15:53:58 gpg[2481] keybox '/tmp/.gnupgTesteoACpC5n/pubring.kbx' created 2021-05-13 15:53:58 gpg[2481] DBG: armor-filter: control: 1 2021-05-13 15:53:58 gpg[2481] DBG: armor-filter: control: 3 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=2): type=5 length=1862 (parse.../../g10/import.c.930) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=2): type=13 length=43 (parse.../../g10/import.c.930) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=2): type=2 length=590 (parse.../../g10/import.c.930) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=2): type=7 length=1862 (parse.../../g10/import.c.930) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=2): type=2 length=566 (parse.../../g10/import.c.930) 2021-05-13 15:53:58 gpg[2481] DBG: armor-filter: control: 3 2021-05-13 15:53:58 gpg[2481] DBG: armor-filter: control: 2 2021-05-13 15:53:58 gpg[2481] DBG: public key 781617319CE311C4: timestamp: 2015-05-04 16:17:31 (1430756251) 2021-05-13 15:53:58 gpg[2481] DBG: user id: anonymous strike 2021-05-13 15:53:58 gpg[2481] DBG: sig: class: 0x13, issuer: 781617319CE311C4, timestamp: 2018-07-23 15:53:35 (1532361215), digest: 56 71 2021-05-13 15:53:58 gpg[2481] DBG: Good signature over last key or uid! 2021-05-13 15:53:58 gpg[2481] DBG: subkey D535623BB60E9E71: timestamp: 2015-05-04 16:17:31 (1430756251) 2021-05-13 15:53:58 gpg[2481] DBG: sig: class: 0x18, issuer: 781617319CE311C4, timestamp: 2018-07-23 15:53:56 (1532361236), digest: 40 98 2021-05-13 15:53:58 gpg[2481] DBG: Good signature over last key or uid! 2021-05-13 15:53:58 gpg[2481] DBG: keydb_search: reset (hd=0x0000560420e210f0) 2021-05-13 15:53:58 gpg[2481] DBG: keydb: kid_not_found_flush 2021-05-13 15:53:58 gpg[2481] DBG: build_packet() type=6 2021-05-13 15:53:58 gpg[2481] DBG: build_packet() type=13 2021-05-13 15:53:58 gpg[2481] DBG: build_packet() type=2 2021-05-13 15:53:58 gpg[2481] DBG: build_packet() type=14 2021-05-13 15:53:58 gpg[2481] DBG: build_packet() type=2 2021-05-13 15:53:58 gpg[2481] /tmp/.gnupgTesteoACpC5n/trustdb.gpg: trustdb created 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=8): type=6 length=525 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=8): type=12 length=12 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=8): type=13 length=43 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=8): type=12 length=12 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=8): type=2 length=590 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=8): type=12 length=6 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=8): type=14 length=525 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=8): type=2 length=566 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=8): type=12 length=6 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] key 781617319CE311C4: public key "anonymous strike " imported 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=9): type=6 length=525 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=9): type=12 length=12 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=9): type=13 length=43 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=9): type=12 length=12 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=9): type=2 length=590 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=9): type=12 length=6 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=9): type=14 length=525 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=9): type=2 length=566 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: parse_packet(iob=9): type=12 length=6 (parse.../../g10/keydb.c.1257) 2021-05-13 15:53:58 gpg[2481] DBG: cache_user_id: already in cache 2021-05-13 15:53:58 gpg[2481] error getting the KEK: Forbidden 2021-05-13 15:53:58 gpg[2481] error reading '-&10': Forbidden 2021-05-13 15:53:58 gpg[2481] import from '-&10' failed: Forbidden 2021-05-13 15:53:58 gpg[2481] Total number processed: 0 2021-05-13 15:53:58 gpg[2481] imported: 1 2021-05-13 15:53:58 gpg[2481] secret keys read: 1 2021-05-13 15:53:58 gpg[2481] keydb: handles=3 locks=2 parse=2 get=2 2021-05-13 15:53:58 gpg[2481] build=1 update=0 insert=1 delete=0 2021-05-13 15:53:58 gpg[2481] reset=1 found=2 not=1 cache=0 not=0 2021-05-13 15:53:58 gpg[2481] kid_not_found_cache: count=0 peak=0 flushes=0 2021-05-13 15:53:58 gpg[2481] sig_cache: total=8 cached=6 good=6 bad=0 2021-05-13 15:53:58 gpg[2481] random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 2021-05-13 15:53:58 gpg[2481] rndjent stat: collector=0x0000000000000000 calls=0 bytes=0 2021-05-13 15:53:58 gpg[2481] secmem usage: 0/65536 bytes in 0 blocks From wk at gnupg.org Thu May 13 18:56:38 2021 From: wk at gnupg.org (Werner Koch) Date: Thu, 13 May 2021 18:56:38 +0200 Subject: Importing secret keys via gpgme-json In-Reply-To: (Patrick Brunschwig's message of "Thu, 13 May 2021 15:58:44 +0200") References: <87pmxyseio.fsf@wheatstone.g10code.de> Message-ID: <87eeear2rd.fsf@wheatstone.g10code.de> On Thu, 13 May 2021 15:58, Patrick Brunschwig said: > 2021-05-13 15:53:58 gpg[2481] error getting the KEK: Forbidden Ooops, I forgot about this. gpgme-json tells gpg that the origin of the request is the browser: gpgme_set_ctx_flag (ctx, "request-origin", "browser"); which enables this gpg option --request-origin origin Tell gpg to assume that the operation ultimately originated at origin. Depending on the origin certain restrictions are applied and the Pinentry may include an extra note on the origin. Supported values for origin are: local which is the default, remote to indicate a remote origin or browser for an operation requested by a web browser. this leads to OPTION pretend-request-origin=browser send to gpg-agent which the assumes the requests are coming from its browser socket which is restricted similar to the remote socket. So, you can't do certain operations. In case you are not running from a browser, we could add a command line option to gpgme-json to change this restriction. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From vladimir.kokovic at gmail.com Tue May 25 09:42:06 2021 From: vladimir.kokovic at gmail.com (=?UTF-8?Q?gmail_Vladimir_Kokovi=c4=87?=) Date: Tue, 25 May 2021 09:42:06 +0200 Subject: Server indicated a failure Message-ID: Hi, As there is no my mail "Server indicated a failure" sent 24.May 2021 in the Mail list for May, so I send that same mail again. Hi, I tried to install msys2 on windows10 but pacman fails to provide pgp keys because there is some problem that is not clear to me, the same procedure works on another windows10. That's why I made a git version of gnupg, but even with that version it's not possible to do "--refresh-keys" because gnupg reports an error "gpg: keyserver refresh failed: Server indicated a failure" and looking at the source I can say my opinion that no one doesn't know what it's about ! A particular problem in gnupg is the large number of possible errors, but also without any chance of finding out the reason. --- gpg --verbose --homedir /etc/pacman.d/gnupg/ --no-permission-warning --refresh-keys gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: Note: RFC4880bis features are enabled. gpg: no running dirmngr - starting '\\VBoxSvr\winxp-share-wine-z\mnt\WD-Elements-25A1\msys2\windows-10\usr\local\bin\dirmngr.exe' gpg: waiting for the dirmngr to come up ... (5s) gpg: waiting for the dirmngr to come up ... (4s) gpg: waiting for the dirmngr to come up ... (3s) gpg: waiting for the dirmngr to come up ... (2s) gpg: connection to the dirmngr established gpg: refreshing 12 keys from hkps://hkps.pool.sks-keyservers.net gpg: keyserver refresh failed: Server indicated a failure --- My basic question is is there anyone who can tell how to overcome this problem ? Vladimir Kokovi?, DP senior(70), Serbia, Belgrade, 24.May 2021 -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrewg at andrewg.com Tue May 25 10:18:55 2021 From: andrewg at andrewg.com (Andrew Gallagher) Date: Tue, 25 May 2021 09:18:55 +0100 Subject: Server indicated a failure In-Reply-To: References: Message-ID: <661459d7-6458-f964-eb0b-a81ecf32ad25@andrewg.com> On 25/05/2021 08:42, gmail Vladimir Kokovi? via Gnupg-devel wrote: > gpg: refreshing 12 keys from hkps://hkps.pool.sks-keyservers.net > gpg: keyserver refresh failed: Server indicated a failure This is most likely your problem. hkps.pool.sks-keyservers.net currently consists of a single node, and so is vulnerable to transient network failures etc. But the default keyserver was changed a long time ago, so either you are using an old version of gnupg, or you have a custom config file with obsolete settings. * What version of gnupg are you using? * Did you build it locally or download a binary? * What's in your dirmngr.conf file? -- Andrew Gallagher -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From vladimir.kokovic at gmail.com Tue May 25 13:21:52 2021 From: vladimir.kokovic at gmail.com (=?UTF-8?Q?gmail_Vladimir_Kokovi=c4=87?=) Date: Tue, 25 May 2021 13:21:52 +0200 Subject: Server indicated a failure In-Reply-To: <661459d7-6458-f964-eb0b-a81ecf32ad25@andrewg.com> References: <661459d7-6458-f964-eb0b-a81ecf32ad25@andrewg.com> Message-ID: <1f0e8d07-ee1c-4afd-cb09-13c83a542110@gmail.com> Hi, I explained everything nicely, but I still answer your questions. 1."What version of gnupg are you using" which gpg /usr/local/bin/gpg gpg --version gpg (GnuPG) 2.3.2-beta60 libgcrypt 1.9.3-unknown NOTE: THIS IS A DEVELOPMENT VERSION! It is only intended for test purposes and should NOT be used in a production environment or with production keys! Copyright (C) 2021 g10 Code GmbH License GNU GPL-3.0-or-later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: C:\Users\vlada\AppData\Roaming\gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, ??????? CAMELLIA128, CAMELLIA192, CAMELLIA256 AEAD: EAX, OCB Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB 2. "Did you build it locally or download a binary" GIT_DIR=.git git describe HEAD gnupg-2.3.1-60-g260bbb4ab 3. "What's in your dirmngr.conf file" vlada at vlada-kuci-win MSYS ~ ls -laR /z/mnt/WD-Elements-25A1/msys2/windows-10/etc/pacman.d /z/mnt/WD-Elements-25A1/msys2/windows-10/etc/pacman.d: total 28 drwxr-xr-x 1 vlada None??? 0 May 24 06:39 . drwxr-xr-x 1 vlada None??? 0 May 25 13:11 .. drwxr-xr-x 1 vlada None??? 0 May 24 10:52 gnupg -rw-r--r-- 1 vlada None 1309 Mar 25 23:24 mirrorlist.mingw32 -rw-r--r-- 1 vlada None 1351 Mar 25 23:24 mirrorlist.mingw64 -rw-r--r-- 1 vlada None 1299 Mar 25 23:24 mirrorlist.msys -rw-r--r-- 1 vlada None 1351 Mar 25 23:24 mirrorlist.ucrt64 /z/mnt/WD-Elements-25A1/msys2/windows-10/etc/pacman.d/gnupg: total 128 drwxr-xr-x 1 vlada None???? 0 May 24 10:52 . drwxr-xr-x 1 vlada None???? 0 May 24 06:39 .. -rw-r--r-- 1 vlada None??? 22 May 24 10:52 S.dirmngr -rw-r--r-- 1 vlada None??? 54 May 24 10:37 S.gpg-agent -rw-r--r-- 1 vlada None??? 54 May 24 10:37 S.gpg-agent.browser -rw-r--r-- 1 vlada None??? 54 May 24 10:37 S.gpg-agent.extra -rw-r--r-- 1 vlada None??? 54 May 24 10:37 S.gpg-agent.ssh drwxr-xr-x 1 vlada None???? 0 May 24 10:52 crls.d -rw-r--r-- 1 vlada None??? 17 May 24 06:39 gpg-agent.conf -rw-r--r-- 1 vlada None?? 141 May 24 06:39 gpg.conf drwxr-xr-x 1 vlada None???? 0 May 24 06:39 private-keys-v1.d -rw-r--r-- 1 vlada None 39991 May 24 07:13 pubring.gpg -rw-r--r-- 1 vlada None 39991 May 24 07:13 pubring.gpg~ -rw-r--r-- 1 vlada None???? 0 May 24 06:39 secring.gpg -rw-r--r-- 1 vlada None? 1200 May 24 07:13 trustdb.gpg /z/mnt/WD-Elements-25A1/msys2/windows-10/etc/pacman.d/gnupg/crls.d: total 12 drwxr-xr-x 1 vlada None 0 May 24 10:52 . drwxr-xr-x 1 vlada None 0 May 24 10:52 .. -rw-r--r-- 1 vlada None 6 May 24 10:52 DIR.txt /z/mnt/WD-Elements-25A1/msys2/windows-10/etc/pacman.d/gnupg/private-keys-v1.d: total 8 drwxr-xr-x 1 vlada None 0 May 24 06:39 . drwxr-xr-x 1 vlada None 0 May 24 10:52 .. cat /z/mnt/WD-Elements-25A1/msys2/windows-10/etc/pacman.d/gnupg/gpg.conf no-greeting no-permission-warning lock-never keyserver-options timeout=10 keyserver-options import-clean keyserver-options no-self-sigs-only cat /z/mnt/WD-Elements-25A1/msys2/windows-10/etc/pacman.d/gnupg/gpg-agent.conf disable-scdaemon vlada at vlada-kuci-win MSYS ~ Vladimir Kokovi?, DP senior(70), Serbia, Belgrade, 25.May 2021 -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrewg at andrewg.com Tue May 25 14:54:53 2021 From: andrewg at andrewg.com (Andrew Gallagher) Date: Tue, 25 May 2021 13:54:53 +0100 Subject: Server indicated a failure In-Reply-To: <1f0e8d07-ee1c-4afd-cb09-13c83a542110@gmail.com> References: <661459d7-6458-f964-eb0b-a81ecf32ad25@andrewg.com> <1f0e8d07-ee1c-4afd-cb09-13c83a542110@gmail.com> Message-ID: <232a9b03-1ef0-1db4-6800-0cfba094e72c@andrewg.com> Hi, Vladimir. On 25/05/2021 12:21, gmail Vladimir Kokovi? wrote: > > There is NO WARRANTY, to the extent permitted by law. > Home: C:\Users\vlada\AppData\Roaming\gnupg Are there any config files in c:\Users\vlada\AppData\Roaming\gnupg ? You may be able to address this by creating a new file: ``` /z/mnt/WD-Elements-25A1/msys2/windows-10/etc/pacman.d/gnupg/dirmngr.conf ``` and adding the following line: ``` keyserver hkps://keys.openpgp.net ``` -- Andrew Gallagher -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From andrewg at andrewg.com Tue May 25 14:58:04 2021 From: andrewg at andrewg.com (Andrew Gallagher) Date: Tue, 25 May 2021 13:58:04 +0100 Subject: Server indicated a failure In-Reply-To: <232a9b03-1ef0-1db4-6800-0cfba094e72c@andrewg.com> References: <661459d7-6458-f964-eb0b-a81ecf32ad25@andrewg.com> <1f0e8d07-ee1c-4afd-cb09-13c83a542110@gmail.com> <232a9b03-1ef0-1db4-6800-0cfba094e72c@andrewg.com> Message-ID: On 25/05/2021 13:54, Andrew Gallagher via Gnupg-devel wrote: > > ``` > keyserver hkps://keys.openpgp.net > ``` This should of course be `keys.openpgp.org`. I always get that wrong. :-( -- Andrew Gallagher -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From vladimir.kokovic at gmail.com Tue May 25 15:08:41 2021 From: vladimir.kokovic at gmail.com (=?UTF-8?Q?gmail_Vladimir_Kokovi=c4=87?=) Date: Tue, 25 May 2021 15:08:41 +0200 Subject: Server indicated a failure In-Reply-To: References: <661459d7-6458-f964-eb0b-a81ecf32ad25@andrewg.com> <1f0e8d07-ee1c-4afd-cb09-13c83a542110@gmail.com> <232a9b03-1ef0-1db4-6800-0cfba094e72c@andrewg.com> Message-ID: <0eda7fa8-0755-c23f-60f2-476ba0fce3bd@gmail.com> Hi Andrew, vlada at vlada-kuci-win MSYS ~ cat /z/mnt/WD-Elements-25A1/msys2/windows-10/etc/pacman.d/gnupg/dirmngr.conf keyserver hkps://keys.openpgp.org vlada at vlada-kuci-win MSYS ~ gpg --verbose --homedir /etc/pacman.d/gnupg/ --no-permission-warning --refresh-keys gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: Note: RFC4880bis features are enabled. gpg: refreshing 12 keys from hkps://hkps.pool.sks-keyservers.net gpg: keyserver refresh failed: Server indicated a failure vlada at vlada-kuci-win MSYS ~ Vladimir Kokovi?, DP senior(70), Serbia, Belgrade, 25.May 2021 On 25.5.21. 14:58, Andrew Gallagher via Gnupg-devel wrote: > On 25/05/2021 13:54, Andrew Gallagher via Gnupg-devel wrote: >> >> ``` >> keyserver hkps://keys.openpgp.net >> ``` > > This should of course be `keys.openpgp.org`. I always get that wrong. :-( > > > _______________________________________________ > Gnupg-devel mailing list > Gnupg-devel at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-devel -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrewg at andrewg.com Tue May 25 15:14:58 2021 From: andrewg at andrewg.com (Andrew Gallagher) Date: Tue, 25 May 2021 14:14:58 +0100 Subject: Server indicated a failure In-Reply-To: <0eda7fa8-0755-c23f-60f2-476ba0fce3bd@gmail.com> References: <661459d7-6458-f964-eb0b-a81ecf32ad25@andrewg.com> <1f0e8d07-ee1c-4afd-cb09-13c83a542110@gmail.com> <232a9b03-1ef0-1db4-6800-0cfba094e72c@andrewg.com> <0eda7fa8-0755-c23f-60f2-476ba0fce3bd@gmail.com> Message-ID: On 25/05/2021 14:08, gmail Vladimir Kokovi? wrote: > gpg --verbose --homedir /etc/pacman.d/gnupg/ --no-permission-warning > --refresh-keys Is /etc/pacman.d the same directory as /z/mnt/WD-Elements-25A1/msys2/windows-10/etc/pacman.d? You may need to kill the dirmngr process if it is still running from before you changed the configuration. -- Andrew Gallagher -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From vladimir.kokovic at gmail.com Tue May 25 15:50:16 2021 From: vladimir.kokovic at gmail.com (=?UTF-8?Q?gmail_Vladimir_Kokovi=c4=87?=) Date: Tue, 25 May 2021 15:50:16 +0200 Subject: Server indicated a failure In-Reply-To: References: <661459d7-6458-f964-eb0b-a81ecf32ad25@andrewg.com> <1f0e8d07-ee1c-4afd-cb09-13c83a542110@gmail.com> <232a9b03-1ef0-1db4-6800-0cfba094e72c@andrewg.com> <0eda7fa8-0755-c23f-60f2-476ba0fce3bd@gmail.com> Message-ID: <924a69e9-e0f1-8c7d-daa9-49a6c6951335@gmail.com> Hi Andrew, Yes, msys2 /etc/pacman.d is the /z/mnt/WD-Elements-25A1/msys2/windows-10/etc/pacman.d or z:\mnt\WD-Elements-25A1\msys2\windows-10\etc\pacman.d vlada at vlada-kuci-win MSYS ~ ps -ef|grep dirmngr On 25.5.21. 15:14, Andrew Gallagher wrote: > On 25/05/2021 14:08, gmail Vladimir Kokovi? wrote: >> gpg --verbose --homedir /etc/pacman.d/gnupg/ --no-permission-warning >> --refresh-keys > > Is /etc/pacman.d the same directory as > /z/mnt/WD-Elements-25A1/msys2/windows-10/etc/pacman.d? > > You may need to kill the dirmngr process if it is still running from > before you changed the configuration. >