Mailing List Archive

Local solutions: SKS Keyserver Network Under Attack [edited]
Dear Forum,

GNUPG Users Digest is nearly flooding my mailbox with exchanges about
the WoT and keyserver issues.

A simple user (me) needs to know how one could make adaptations in the
settings of GPA or Kleopatra. I would expect instructions here:
https://kde.org/applications/utilities/org.kde.kleopatra
www.gnupg.org/related_software/gpa/
or perhaps here:
www.gpg4win.org/index.html
www.enigmail.net/index.php/en/
*There are not.*

Hansen's and DKG's blog are only partly helpful. For example my Linux
system seems to *not* have a  ~/.gnupg/dirmngr.conf file at all (one of
those files recommended for editing). I.e. Nautilus cannot find it.
So, I did adapt gpg.conf by outcommenting (#) any line starting with
keyserver, but was not able to adapt the dirmngr.conf.
Upon inspection, thereafter, my GPA and Kleopatra were NOT correctly
configured.

Trying to figure out how GPA and Kleopatra could be adapted, I found,
for GPA: Menu > Edit > Backend preferences > Network > Configuration for
Keyservers > Use custom value > adapt to hkps://keys.openpgp.org
For Kleopatra: Menu > Settings > Configure Kleopatra > Directory
Services > Open PGP Keyserver > adapt to hkps://keys.openpgp.org
(I would have included an inline screenshot, but this list is allergic
to html)

Apparently these GUI manipulations generated the ~/.gnupg/dirmngr.conf
file! (Only hereafter they existed). And that file indeed showed the new
keyserver.

GPG4Win and Enigmail need further research. (This is a suggestion. I
cannot do it).

And further, I would have expected a program update that sets the
defaults to the ones suggested by Hansen and DKG. Or is the matter still
under consideration, or is it not that important? (I personally cannot
judge it).

The only hint that I can give: The WoT nor keyservers are not very
important in my case. I use GnuPG inside a small group of people who
(for identity verification) can talk to each other, at least by
telephone. I do not use Enigmail (since limited to few mail clients and
not accepted by sufficient of my recipients), but just send encrypted
messages as attachments.

Best regards

Roland



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Local solutions: SKS Keyserver Network Under Attack [ In reply to ]
Hello Roland,

> Hansen's and DKG's blog are only partly helpful. For example my Linux
> system seems to *not* have a ~/.gnupg/dirmngr.conf file at all (one
> of those files recommended for editing). I.e. Nautilus cannot find it.

The usual case on Linux systems is that if a configuration file would
otherwise be empty or equal to the default (the two can be entirely
different things in general!), the configuration file simply does not
exist.

So instead of modifying ~/.gnupg/dirmngr.conf, *create* one and put a
single line in it saying

keyserver hkps://keys.openpgp.org/

I encountered some strange behaviour here: I invoked

$ gpgconf --reload dirmngr

afterwards (otherwise dirmngr will not reconsider its now changed
configuration), and it *did not work*. It was still using the default.
It did work after I rebooted (I was not in the mood to fiddle more with
it and did the most heavy-handed thing that would work).

Also, Enigmail doesn't seem to use this configuration at all and instead
it is configured at

Enigmail -> Preferences -> Keyserver

I did verify using systemd's journal that the gpgconf --reload command
reached its intended goal: dirmngr said "re-reading config". It just
didn't have an effect for some odd reason. For people thinking about
this: no, I don't use Tor for keyservers, it's not related to dirmngr
refusing to change keyservers when on Tor.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>