Thanks, Peter, for this confirmation.
You give further detail to what I had guessed in the course of playing
with the settings of GPA and Kleopatra.
I conclude that there are at least two possible actions for those who
want to protect there systems:
In the GUIs of GPA or Kleopatra to fiddle the settings as I suggested
earlier in this thread. And for Enigmail: your suggestion
or
In the terminal, to edit ~/.gnupg/dirmngr.conf so as to say "keyserver
hkps://keys.openpgp.org/" or, if that file does not exist to create it
as per your suggestion.
This could be useful for some mere common GnuPG users, like me.
Greetz
Roland
Some side thoughts:
1/ Perhaps the fear of compromised communication (including distributed
software, private messages) can be mitigated by practicing short feed
back lines: confirmations. Like "did you get my communication, what did
it say?"
2/ Perhaps one should not give too much trust to a WoT at all. After
all, a crook can pretend to be a friend, and thus yield the entire WoT
untrustworthy. Sometimes a friend becomes an enemy at a later stage. As
a very ordinary mere user, I do not really understand the trust levels
that GnuPG asks me to consider. How can a WoT that is not 100%
understood by absolutely all users be reliable?
3/ With these thoughts, I hope NOT to embarrass the developers. Forget
it, if you consider it useless for your troubles. (Thanks for GnuPG!)
On 03/07/2019 12:58, Peter Lebbing wrote:
Hello Roland,
Hansen's and DKG's blog are only partly helpful. For example my Linux
system seems to *not* have a ~/.gnupg/dirmngr.conf file at all (one
of those files recommended for editing). I.e. Nautilus cannot find it.
The usual case on Linux systems is that if a configuration file would
otherwise be empty or equal to the default (the two can be entirely
different things in general!), the configuration file simply does not
exist.
So instead of modifying ~/.gnupg/dirmngr.conf, *create* one and put a
single line in it saying
keyserver hkps://keys.openpgp.org/
I encountered some strange behaviour here: I invoked
$ gpgconf --reload dirmngr
afterwards (otherwise dirmngr will not reconsider its now changed
configuration), and it *did not work*. It was still using the default.
It did work after I rebooted (I was not in the mood to fiddle more with
it and did the most heavy-handed thing that would work).
Also, Enigmail doesn't seem to use this configuration at all and instead
it is configured at
Enigmail -> Preferences -> Keyserver
I did verify using systemd's journal that the gpgconf --reload command
reached its intended goal: dirmngr said "re-reading config". It just
didn't have an effect for some odd reason. For people thinking about
this: no, I don't use Tor for keyservers, it's not related to dirmngr
refusing to change keyservers when on Tor.
HTH,
Peter.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users