Problem refreshing keys: Server indicated a failure

2018-11-09 Thread s7r 
Hello,

One of my notebooks running apparently fails to refresh keys from key
servers for so long time.

- it is running the latest gpg4win bundle (3.1.4);
- there is no firewall preventing gpg's connection to the key server;
- it just says: refreshing keys from hkps:// and hangs for like
10 - 15 minutes, after that ending with: Failed to refresh keys, server
indicated a failure. I have also tried the port 80 ubuntu key server,
but no success got the same error.

If I try to refresh keys via Thunderbird -> Enigmail (which is tied to
the same, system-wide gpg) I get exactly the same result (error) with
any key server I try. I have checked the servers I am trying to connect
via their web interface and they all seam accessible. Also ping and
traceroute to them give positive results.

Any ideas?

Thanks in advance.




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem refreshing keys on Linux

2018-07-24 Thread Werner Koch 
On Mon, 23 Jul 2018 18:33, hoelz...@mailbox.org said:

> Please find attached the ouput of 'env LANG=en_US.UTF-8 gpg -vvv --debug-all 
> --search-keys Torvalds'.

Missing.

> The output of 'gpg-connect-agent --dirmngr 'KS_GET 0x4D1E900E14C1CC04' /bye' 
> is as follows:
> ERR 167805009 No such file or directory 

Add a -v to the command line to see more.  The error code indicates that
dirmngr whas not able to find some file or other object.  Run

  dirmngr -v --server

and enter

  KS_GET 0x4D1E900E14C1CC04

that may give more insight.  Adding the option 

 --debug network, dns

might also be useful.  Use --debug help to see a list of all debug
options.



Shalom-Salam,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp_auwsoenR3.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Problem refreshing keys on Linux

2018-07-23 Thread Hölzel 
Hello,

recently, interacting with the keyserver 'hkps.pool.sks-keyservers.net' is 
apparently broken on GnuPG 2.2.9-1 on Arch Linux 4.17.8-1.
Please find attached the ouput of 'env LANG=en_US.UTF-8 gpg -vvv --debug-all 
--search-keys Torvalds'.

The output of 'gpg-connect-agent --dirmngr 'KS_GET 0x4D1E900E14C1CC04' /bye' is 
as follows:
ERR 167805009 No such file or directory 

This issue might be similar to: 
https://lists.gnupg.org/pipermail/gnupg-users/2018-June/060663.html

Any help is appreciated.

Sincerely
Julian

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

dirmngr Windows DNS resolution of pools (Re: Problem refreshing keys)

2018-06-15 Thread Phil Pennock 
On 2018-06-14 at 06:24 -0400, Jerry wrote:
> gpg-connect-agent --dirmngr "GETINFO version" /bye
> gpg-connect-agent: no running Dirmngr - starting 'C:\Program Files 
> (x86)\Gpg4win\..\GnuPG\bin\dirmngr.exe'
> gpg-connect-agent: waiting for the dirmngr to come up ... (5s)
> gpg-connect-agent: waiting for the dirmngr to come up ... (4s)
> gpg-connect-agent: connection to the dirmngr established
> D 2.2.7
> OK

Oh dear.  Sounds like there may be an issue with DNS resolution on
Windows and dealing with pool hostnames.

  gpg-connect-agent --dirmngr KILLDIRMNGR /bye
  gpg-connect-agent --dirmngr
  > KEYSERVER --hosttable
  > KEYSERVER hkps://hkps.pool.sks-keyservers.net
  > KS_GET 0x4D1E900E14C1CC04
 [warning: lots of output]
  > KEYSERVER --hosttable
  > /bye

There should be around five to nine IPs returned from the last
"KEYSERVER --hosttable"; if you only see one, could you also use
whatever tools are used for DNS resolution at the Windows command-prompt
and see what that tooling says?

I can't help any further, I don't use Windows and so just can't help
more (pragmatic backing out, not philosophical).

In the meantime, look through  and
see if there's any you recognize as belonging to anyone you personally
trust; look for a green box in the hkps column, it's "highly likely"
(but not certain) that you can use https/hkps with just the hostname
shown in that table.

Configure a keyserver which works for you until such time as GnuPG's DNS
resolution on Windows manages to handle pools correctly.  Werner?

-Phil

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem refreshing keys

2018-06-14 Thread Jerry 
On Wed, 13 Jun 2018 23:22:19 -0400, Phil Pennock stated:

>On 2018-06-13 at 09:52 -0400, Jerry wrote:
>> On Wed, 13 Jun 2018 15:25:04 +0200, Werner Koch stated:  
>> >The common problem on Windows: You can't use ' to quote; we Unix folks
>> >always forget about that.  Use  
>
>Bah, I just didn't know.  :D  I suspected though, which is why I
>mentioned typing interactively as a fallback.
>
>> gpg-connect-agent --dirmngr "KEYSERVER --hosttable" /bye
>> S # hosttable (idx, ipv6, ipv4, dead, name, time):
>> S #   0   hkps.pool.sks-keyservers.net (216.66.15.2)
>> OK
>> 
>> Is that what it should be reporting?  
>
>What version is it?  Is there a newer version available?
>
>  gpg-connect-agent --dirmngr "GETINFO version" /bye
>
>There have been a bunch of fixes for various DNS issues with dirmngr, I
>would expect to see something showing that it's a pool.
>
>You're talking to zimmermann.mayfirst.org, which works fine; I just
>overrode DNS for the pool and made sure that
>hkps.pool.sks-keyservers.net only reached that IP (/etc/hosts override)
>and I was able to retrieve a key fine, after which:
>
>> KEYSERVER --hosttable  
>S # hosttable (idx, ipv6, ipv4, dead, name, time):
>S #   0   hkps.pool.sks-keyservers.net
>S #   .   hkps.pool.sks-keyservers.net
>S #   .   --> 1*
>S #   1   4   216.66.15.2 (hkps.pool.sks-keyservers.net)
>OK
>
>I suspect that you have an old dirmngr and the problems are fixed with a
>newer release of gpg4win.
>
>-Phil

gpg-connect-agent --dirmngr "GETINFO version" /bye
gpg-connect-agent: no running Dirmngr - starting 'C:\Program Files 
(x86)\Gpg4win\..\GnuPG\bin\dirmngr.exe'
gpg-connect-agent: waiting for the dirmngr to come up ... (5s)
gpg-connect-agent: waiting for the dirmngr to come up ... (4s)
gpg-connect-agent: connection to the dirmngr established
D 2.2.7
OK

I have Gpg4win Version 3.1.1 (2018-05-03) installed. That is supposed to be
the latest version.

-- 
Jerry

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem refreshing keys

2018-06-13 Thread Phil Pennock 
On 2018-06-13 at 09:52 -0400, Jerry wrote:
> On Wed, 13 Jun 2018 15:25:04 +0200, Werner Koch stated:
> >The common problem on Windows: You can't use ' to quote; we Unix folks
> >always forget about that.  Use

Bah, I just didn't know.  :D  I suspected though, which is why I
mentioned typing interactively as a fallback.

> gpg-connect-agent --dirmngr "KEYSERVER --hosttable" /bye
> S # hosttable (idx, ipv6, ipv4, dead, name, time):
> S #   0   hkps.pool.sks-keyservers.net (216.66.15.2)
> OK
> 
> Is that what it should be reporting?

What version is it?  Is there a newer version available?

  gpg-connect-agent --dirmngr "GETINFO version" /bye

There have been a bunch of fixes for various DNS issues with dirmngr, I
would expect to see something showing that it's a pool.

You're talking to zimmermann.mayfirst.org, which works fine; I just
overrode DNS for the pool and made sure that
hkps.pool.sks-keyservers.net only reached that IP (/etc/hosts override)
and I was able to retrieve a key fine, after which:

> KEYSERVER --hosttable
S # hosttable (idx, ipv6, ipv4, dead, name, time):
S #   0   hkps.pool.sks-keyservers.net
S #   .   hkps.pool.sks-keyservers.net
S #   .   --> 1*
S #   1   4   216.66.15.2 (hkps.pool.sks-keyservers.net)
OK

I suspect that you have an old dirmngr and the problems are fixed with a
newer release of gpg4win.

-Phil

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem refreshing keys

2018-06-13 Thread Jerry 
On Wed, 13 Jun 2018 15:25:04 +0200, Werner Koch stated:

>On Wed, 13 Jun 2018 00:23, je...@seibercom.net said:
>
>> gpg-connect-agent --dirmngr 'KEYSERVER --hosttable' /bye  
>
>The common problem on Windows: You can't use ' to quote; we Unix folks
>always forget about that.  Use
>
>  gpg-connect-agent --dirmngr "KEYSERVER --hosttable" /bye
>
>
>Salam-Shalom,
>
>   Werner

OK, now this is what I am receiving:

gpg-connect-agent --dirmngr "KEYSERVER --hosttable" /bye
S # hosttable (idx, ipv6, ipv4, dead, name, time):
S #   0   hkps.pool.sks-keyservers.net (216.66.15.2)
OK

Is that what it should be reporting?

-- 
Jerry

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem refreshing keys

2018-06-13 Thread Werner Koch 
On Wed, 13 Jun 2018 00:23, je...@seibercom.net said:

> gpg-connect-agent --dirmngr 'KEYSERVER --hosttable' /bye

The common problem on Windows: You can't use ' to quote; we Unix folks
always forget about that.  Use

  gpg-connect-agent --dirmngr "KEYSERVER --hosttable" /bye


Salam-Shalom,

   Werner


-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp8ovELmZcc5.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem refreshing keys

2018-06-13 Thread Werner Koch 
On Tue, 12 Jun 2018 22:42, gnupg-us...@spodhuis.org said:

> provide more information, and AFAICT the "-->" line is "the order we'll
> try them in, with the currently active server marked with "*"; this

They are not tried in this order but they are picked randomly until one
worked.


Shalom-Salam,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp9GX2iMkshY.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem refreshing keys

2018-06-12 Thread Jerry 
On Tue, 12 Jun 2018 16:42:25 -0400, Phil Pennock stated:

>On 2018-06-12 at 10:05 -0400, Jerry wrote:
>> Starting C:\Program Files (x86)\GnuPG\bin\gpg.exe --display-charset utf-8
>> --refresh-keys... gpg: refreshing 387 keys from
>> hkps://hkps.pool.sks-keyservers.net gpg: keyserver refresh failed: Server
>> indicated a failure
>> 
>> This is happening on a Windows 10 PRO / amd64 machine. This has been
>> occurring for several days now. Is there something wrong with the server?  
>
>Seems likely, but there's not enough information there to track it down.
>
>hkps.pool.sks-keyservers.net is a collection of servers, run by
>different people, with management software tracking their status and
>updating DNS as needed.
>
>I've no idea how to use Kleopatra to ask for more debugging details to
>get the IP, sorry.
>
>You can see some of what's going on with:
>
>  gpg-connect-agent --dirmngr 'KEYSERVER --hosttable' /bye
>
>(if Windows doesn't like that quoting, then press enter after --dirmngr
>and then enter each of the next strings as a command at the prompt)
>
>Eg, I see:
>
>% gpg-connect-agent --dirmngr 'KEYSERVER --hosttable' /bye
>S # hosttable (idx, ipv6, ipv4, dead, name, time):
>S #   0   hkps.pool.sks-keyservers.net
>S #   .   hkps.pool.sks-keyservers.net
>S #   .   --> 4 9* 3 2 1 8 7 6 5
>S #   1   4   216.66.15.2
>S #   2   4   193.224.163.43 (hufu.ki.iif.hu)
>S #   3   4   193.164.133.100 (mail.b4ckbone.de)
>S #   4   4   176.9.147.41 (mail.ntzwrk.org)
>S #   5   4   92.43.111.21 (oteiza.siccegge.de)
>S #   6   4   68.187.0.77 (stlhs.archreactor.org)
>S #   7   4   51.15.53.138 (ams.sks.heypete.com)
>S #   8   4   37.191.226.104 (host-37-191-226-104.lynet.no)
>S #   9   4   18.191.65.131
>(ec2-18-191-65-131.us-east-2.compute.amazonaws.com) OK
>
>So the "." lines are because the previous item is a pool, so they
>provide more information, and AFAICT the "-->" line is "the order we'll
>try them in, with the currently active server marked with "*"; this
>shows me that the second item is active.  This makes sense, since the
>first retrieval took a long time, but the second was very quick: the
>first keyserver failed to give something sane back, so dirmngr fell over
>to the next item, which responded, and dirmngr has remembered that one
>as "good" so it will use it again in future.
>
>Given the failure you see, the "blind stabbing in the dark" approach
>would be to use:
>
>  KEYSERVER --dead IP.ADD.RE.SS
>
>to mark the one with a "*" as "bad" and see what happens.  If that fixes
>it, then you know that the IP address which was "responding" and so
>selected was actually failing.  You can drop a note to
>sks-de...@nongnu.org with details if you manage to extract that much
>information from the tooling.
>
>-Phil, whose keyserver is in the pool and, coincidentally, is #9 above,
>   the one which worked and was selected.

This is what I am getting:

gpg-connect-agent --dirmngr 'KEYSERVER --hosttable' /bye
gpg-connect-agent: Note: '--hosttable'' is not considered an option
ERR 167772435 Unknown IPC command 
ERR 167772435 Unknown IPC command 

-- 
Jerry



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Problem refreshing keys

2018-06-12 Thread Jerry 
I don't know if this is the right place to ask this, but it is a start.

Kleopatra
Version 3.1.1-gpg4win-3.1.1

Trying to refresh the keys, produces this error message:

Starting C:\Program Files (x86)\GnuPG\bin\gpg.exe --display-charset utf-8 
--refresh-keys... 
gpg: refreshing 387 keys from hkps://hkps.pool.sks-keyservers.net 
gpg: keyserver refresh failed: Server indicated a failure

This is happening on a Windows 10 PRO / amd64 machine. This has been occurring
for several days now. Is there something wrong with the server?

-- 
Jerry

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users