gpg keyserver: giving up dirmngr

Greg Chao-Kuei Hung
2 min readJan 2, 2022

--

The gpg command on Linux can be used to manage gpg keys. Dev dungeon has a very nice tutorial. This short piece about search functionalities compliments that tutorial. My system is linux mint 20.2 xfce.

The recommended way of specifying key servers for gpg key searches is to use dirmngr. One would create the configuration file ~/.gnupg/dirmngr.conf containing the following:

standard-resolver
keyserver keyserver.ubuntu.com
keyserver keys.gnupg.net

Then restart dirmngr by systemctl --user restart dirmngr . The error message produced by dirmngr, however, is rather mysterious. “Connection refused” error probably means that standard-resolver was omitted from the configuration file. “No data” error means there is no keyserver statement in the configuration file. My most recent frustration comes from this unhelpful error message: “gpg: error searching keyserver: No name”. After enabling debug logging I still fail to figure out what caused the problem. The discussion in this issue points to non-standard implementation of server name lookup in dirmngr. However, the developer refuses to acknowledge it.

So I recommend bypassing dirmngr and using the --keyserver command line option instead. To search for the public key of Linus Torvalds, one can use gpg --keyserver keyserver.ubuntu.com --search-keys 'Linus Torvalds' or more precisely gpg --keyserver keyserver.ubuntu.com --search-keys torvalds@kernel.org If the Ubuntu server happens to be offline, you can find alternative servers in this long list. (I am not scared by the warning which only means that their https certificate is not by some authority.)

After finding out the key ID of the expected recipient of your encrypted message, you can do gpg --keyserver keyserver.ubuntu.com --recv-keys 79BE3E4300411886to add it to your keyring ~/.gnupg/pubring.gpg From time to time you can do gpg --refresh-keys to update the information of those recipients in your keyring. You can put all keys in a text file by gpg --export -ao friend-pgp-keys.txt . Conversely, you can also do gpg --import friend-pgp-keys.txt to import many keys all at once. Such file can be useful for transfering friend list across systems or across many different applications that support GPG/PGP.

--

--

No responses yet