Paul Bastide

GPG complains about No keyserver available

When I wanted to deploy my key to openpgp, I hit the issue where it said No keyserver available:

$ gpg  --verbose --keyserver hkps://keys.openpgp.org  --send-keys KEYDYID
gpg: Note: RFC4880bis features are enabled.
gpg: sending key KEYDYID to hkps://keys.openpgp.org
gpg: keyserver send failed: No keyserver available
gpg: keyserver send failed: No keyserver available

If you hit this, you can ps -ef dirmgr and then kill -9 the pid for the dirmngr.

Restart the dirmngr --debug-all --daemon --standard-resolver

Check the output for any errors (in my case a TLS issue – TLS connection authentication failed: General error)

09:02:27-homedir@machine:~$ dirmngr --debug-all --daemon --standard-resolver
dirmngr[58503]: reading options from '/Users/homedir/.gnupg/dirmngr.conf'
dirmngr[58503]: reading options from '[cmdline]'
dirmngr[58503]: enabled debug flags: x509 crypto memory cache memstat hashing ipc dns network lookup extprog
dirmngr[58503]: listening on socket '/Users/homedir/.gnupg/S.dirmngr'
DIRMNGR_INFO=/Users/homedir/.gnupg/S.dirmngr:58504:1; export DIRMNGR_INFO;
09:02:52-homedir@machine:~$ dirmngr[58504.0]: permanently loaded certificates: 133
dirmngr[58504.0]:     runtime cached certificates: 0
dirmngr[58504.0]:            trusted certificates: 133 (132,0,0,1)
dirmngr[58504.4]: handler for fd 4 started
dirmngr[58504.4]: DBG: chan_4 -> # Home: /Users/homedir/.gnupg
dirmngr[58504.4]: DBG: chan_4 -> # Config: /Users/homedir/.gnupg/dirmngr.conf
dirmngr[58504.4]: DBG: chan_4 -> OK Dirmngr 2.3.1 at your service
dirmngr[58504.4]: DBG: END Certificate
dirmngr[58504.4]: DBG: BEGIN Certificate 'server[2]':
dirmngr[58504.4]: DBG:      serial: 4001772137D4E942B8EE76AA3C640AB7
dirmngr[58504.4]: DBG:   notBefore: 2021-01-20 19:14:03
dirmngr[58504.4]: DBG:    notAfter: 2024-09-30 18:14:03
dirmngr[58504.4]: DBG:      issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
dirmngr[58504.4]: DBG:     subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
dirmngr[58504.4]: DBG:   hash algo: 1.2.840.113549.1.1.11
dirmngr[58504.4]: DBG:   SHA1 fingerprint: 933C6DDEE95C9C41A40F9F50493D82BE03AD87BF
dirmngr[58504.4]: DBG: END Certificate
dirmngr[58504.4]: TLS connection authentication failed: General error
dirmngr[58504.4]: error connecting to 'http://keys.openpgp.org:80': General error
dirmngr[58504.4]: command 'KS_PUT' failed: General error <Unspecified source>
dirmngr[58504.4]: DBG: chan_4 -> ERR 1 General error <Unspecified source>
dirmngr[58504.4]: DBG: chan_4 <- BYE
dirmngr[58504.4]: DBG: chan_4 -> OK closing connection
dirmngr[58504.4]: handler for fd 4 terminated

Create the file ~/.gnupg/dirmngr.conf with the following contents

keyserver hkps://keys.openpgp.org
hkp-cacert /Users/homedir/.gnupg/my.pem

Download the openpgp ceritifcate

echo "" | openssl s_client -showcerts -prexit -connect keys.openpgp.org:443 2> /dev/null \
    | sed -n -e '/BEGIN CERTIFICATE/,/END CERTIFICATE/ p' > ~/.gnupg/my.pem

Restart the dirmngr

Re-execute the gpg command

09:02:58-paulbastide@pauls-mbp:~$ gpg --keyserver hkp://keys.openpgp.org:80 --send-keys KEYDYID
gpg: sending key KEYDYID to hkp://keys.openpgp.org:80

Thanks to https://gist.github.com/troyfontaine/18c9146295168ee9ca2b30c00bd1b41e for the assist.

Posted

in

by

Paul

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.