[Gpg4win-users-en] Gpg4win 2.2.2: gpg --refresh-keys no longer working with hkps

Dr. Peter Voigt pvoigt at uos.de
Fri Dec 5 13:31:14 CET 2014


On Fri, 05 Dec 2014 18:03:41 +0900
Kosuke Kaizuka <cai.0407 at gmail.com> wrote:

> Hi,
> 
> On Thu, 4 Dec 2014 21:18:24 +0100, Dr. Peter Voigt wrote:
> > On Thu, 4 Dec 2014 21:03:46 +0100
> > "Dr. Peter Voigt" <pvoigt at uos.de> wrote:
> > 
> >> Well, I finally found some time to upgrade to Gpg4win 2.2.3. I have
> >> used the full intallation. However
> >>
> >> gpg --refresh-keys
> >>
> >> is no longer working with hkps. I have tested against
> >> hkps://hkps.pool.sks-keyservers.net. As soon as I change to
> >> hkp://hkps.pool.sks-keyservers.net instead, key refresh is working
> >> again.
> >>
> >> Error message with hkps is (translated from German):
> >>
> >> No valid OpenPGP data found.
> >> Number of processed keys: 0
> >>
> >> I am afraid Gpg4win 2.2.3 might have caught an old and meanwhile
> >> solved gpg issue:
> >>
> >> http://lists.gnupg.org/pipermail/gnupg-users/2014-May/049606.html
> >>
> >> Can anybody confirm this behavior?
> 
> Works fine in my environment.
> Win 7 x64 SP1
> Gpg4win 2.2.3 Light
> 
> configurations in gpg.conf
> keyserver hkps://hkps.pool.sks-keyservers.net
> keyserver-options
> auto-key-retrieve,verbose,no-honor-keyserver-url,ca-cert-file=pathto/sks-keyservers.netCA.pem
> 
> I had also seen the error message you got in gpg4win 2.2.1 or older,
> which did not support TLS/SSL access because of old libraries
> (libcurl, gnutls). There seems to be some trouble about TLS/SSL
> access. Your firewall blocks TLS/SSL access by GnuPG?
> 
> How about other than --refresh-keys? cf. --recv-key or --search
> 

Well, I can exclude any firewall problems, because all my Unix machines
(Linux, FreeBSD) habe no problems at all to refresh their keyrings via
hkps. The same is true with Gpg4win 2.2.2. Just Gpg4win 2.2.3 fails with
hkps.

My hkps keyserver options on all machines are:
keyserver hkps://hkps.pool.sks-keyservers.net
keyserver-options ca-cert-file=<pathto>/sks-keyservers.netCA.pem
keyserver-options no-honor-keyserver-url
keyserver-options auto-key-retrieve,verbose,timeout=120

Regards,
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20141205/1bedaa4e/attachment.sig>


More information about the Gpg4win-users-en mailing list