On Thu, 27 Dec 2018 10:35:22 +0100, Alessandro Vesely wrote: > On Wed 26/Dec/2018 22:59:19 +0100 Stefan Claas wrote: > > > >> You seem to have already solved that: > > > > May i ask you what version of GnuPG you are using and what OS? > > Sure: > ale@pcale:~/tmp$ uname -a > Linux pcale 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 > GNU/Linux > ale@pcale:~/tmp$ > ale@pcale:~/tmp$ gpg2 --version > gpg (GnuPG) 2.1.18 > libgcrypt 1.7.6-beta > Copyright (C) 2017 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > > Home: /home/ale/.gnupg > Supported algorithms: > Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA > Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, > CAMELLIA128, CAMELLIA192, CAMELLIA256 > Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 > Compression: Uncompressed, ZIP, ZLIB, BZIP2
Thanks! > I see no SRV record from here, and I don't need one since 300baud.de resolves > correctly. host -t srv _openpgpkey._tcp.300baud.de _openpgpkey._tcp.300baud.de has SRV record 10 100 443 300baud.de. > > I then tried again with the macOS version, which is 2.2.12 and it > > did not worked again. :-( > > > Couldn't that be something with your CA bundle? What do you get if you try > and download your keys with curl, e.g.: > curl -o /dev/null -v > https://300baud.de/.well-known/openpgpkey/hu/ywwzopgqx5kmisb8r18gq68h13jwdg33 > ? Mmhh, good question... when downloading it says CAfile: /Users/sac/anaconda2/ssl/cacert.pem CApath: none, but i can download without a problem: curl -o /dev/null -v https://300baud.de/.well-known/openpgpkey/hu/ywwzopgqx5kmisb8r18gq68h13jwdg33 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 167.99.129.126... * TCP_NODELAY set * Connected to 300baud.de (167.99.129.126) port 443 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /Users/sac/anaconda2/ssl/cacert.pem CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): } [5 bytes data] * TLSv1.2 (OUT), TLS handshake, Client hello (1): } [512 bytes data] 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0* TLSv1.2 (IN), TLS handshake, Server hello (2): { [113 bytes data] * TLSv1.2 (IN), TLS handshake, Certificate (11): { [5662 bytes data] * TLSv1.2 (IN), TLS handshake, Server key exchange (12): { [333 bytes data] * TLSv1.2 (IN), TLS handshake, Server finished (14): { [4 bytes data] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): } [70 bytes data] * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): } [1 bytes data] * TLSv1.2 (OUT), TLS handshake, Finished (20): } [16 bytes data] * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): { [1 bytes data] * TLSv1.2 (IN), TLS handshake, Finished (20): { [16 bytes data] * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: OU=Domain Control Validated; OU=PositiveSSL; CN=300baud.de * start date: Dec 23 00:00:00 2018 GMT * expire date: Dec 23 23:59:59 2019 GMT * subjectAltName: host "300baud.de" matched cert's "300baud.de" * issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA * SSL certificate verify ok. } [5 bytes data] > GET /.well-known/openpgpkey/hu/ywwzopgqx5kmisb8r18gq68h13jwdg33 HTTP/1.1 > Host: 300baud.de > User-Agent: curl/7.62.0 > Accept: */* > { [5 bytes data] < HTTP/1.1 200 OK < Date: Thu, 27 Dec 2018 14:47:52 GMT < Server: Apache/2.4.18 (Ubuntu) < Last-Modified: Tue, 25 Dec 2018 17:27:21 GMT < ETag: "1f4-57ddc06a6a77b" < Accept-Ranges: bytes < Content-Length: 500 < Content-Language: de < { [5 bytes data] 100 500 100 500 0 0 396 0 0:00:01 0:00:01 --:--:-- 396 * Connection #0 to host 300baud.de left intact As a test i also created a blank .gnupg folder and tried to encrypt but it still say not trusted. I run out of ideas now and i will contact Patrick Brunschwig and wait what he says, because he is the maintainer of the SourceForge binary. Regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users