gpg2 --refresh-keys fails

Nessuna risposta
apitsch
Offline
Iscritto: 06/08/2019

***BEGIN DISCLAIMER***
more nicely formatted question here [0]
***END DISCLAIMER***

Hi all,

I've been experiencing problems with

$ gpg2 --refresh-keys
gpg: refreshing 18 keys from hkps://keys.openpgp.org
gpg: keyserver refresh failed: General error

As you can gather from the above, I've configured the keyserver to be hkps://keys.openpgp.org in ~/.gnupg/dirmngr.conf as suggested here [1]. This is the full content of ~/.gnupg/dirmngr.conf:

keyserver hkps://keys.openpgp.org
verbose
debug 4096
debug-level 4096
debug-all
log-file /tmp/dirmngr.log

Running gpg2 --refresh-keys again after pkill dirmngr gives this in /tmp/dirmngr.log

2020-04-19 23:36:35 dirmngr[20588.0] listening on socket '/home/whoami/.gnupg/S.dirmngr'
2020-04-19 23:36:35 dirmngr[20589.0] can't access directory '/etc/gnupg2/trusted-certs': No such file or directory
2020-04-19 23:36:35 dirmngr[20589.0] can't access directory '/etc/gnupg2/extra-certs': No such file or directory
2020-04-19 23:36:35 dirmngr[20589.0] permanently loaded certificates: 0
2020-04-19 23:36:35 dirmngr[20589.0] runtime cached certificates: 0
2020-04-19 23:36:36 dirmngr[20589.0] handler for fd 0 started
2020-04-19 23:36:36 dirmngr[20589.0] DBG: chan_0 -> # Home: /home/whoami/.gnupg
2020-04-19 23:36:36 dirmngr[20589.0] DBG: chan_0 -> # Config: /home/whoami/.gnupg/dirmngr.conf
2020-04-19 23:36:36 dirmngr[20589.0] DBG: chan_0 -> OK Dirmngr 2.1.11 at your service
2020-04-19 23:36:36 dirmngr[20589.0] connection from process 20586 (1000:1000)
2020-04-19 23:36:36 dirmngr[20589.0] DBG: chan_0 <- GETINFO version
2020-04-19 23:36:36 dirmngr[20589.0] DBG: chan_0 -> D 2.1.11
2020-04-19 23:36:36 dirmngr[20589.0] DBG: chan_0 -> OK
2020-04-19 23:36:36 dirmngr[20589.0] DBG: chan_0 <- KEYSERVER
2020-04-19 23:36:36 dirmngr[20589.0] DBG: chan_0 -> S KEYSERVER hkps://keys.openpgp.org
2020-04-19 23:36:36 dirmngr[20589.0] DBG: chan_0 -> OK
2020-04-19 23:36:36 dirmngr[20589.0] DBG: chan_0 <- KS_GET -- LIST_OF_KEYS
2020-04-19 23:36:36 dirmngr[20589.0] resolve_dns_addr for 'keys.openpgp.org': 'keys.openpgp.org' [already known]
2020-04-19 23:36:36 dirmngr[20589.0] resolve_dns_addr for 'keys.openpgp.org': 'keys.openpgp.org' [already known]
2020-04-19 23:36:36 dirmngr[20589.0] TLS verification of peer failed: status=0x0042
2020-04-19 23:36:36 dirmngr[20589.0] TLS verification of peer failed: The certificate is NOT trusted. The certificate issuer is unknown.
2020-04-19 23:36:36 dirmngr[20589.0] DBG: expected hostname: keys.openpgp.org
2020-04-19 23:36:36 dirmngr[20589.0] DBG: BEGIN Certificate 'server[0]':
2020-04-19 23:36:36 dirmngr[20589.0] DBG: serial: 031419524A880F1D74B7C7BF3514F95D3FFA
2020-04-19 23:36:36 dirmngr[20589.0] DBG: notBefore: 2020-04-02 04:32:09
2020-04-19 23:36:36 dirmngr[20589.0] DBG: notAfter: 2020-07-01 04:32:09
2020-04-19 23:36:36 dirmngr[20589.0] DBG: issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
2020-04-19 23:36:36 dirmngr[20589.0] DBG: subject: CN=keys.openpgp.org
2020-04-19 23:36:36 dirmngr[20589.0] DBG: hash algo: 1.2.840.113549.1.1.11
2020-04-19 23:36:36 dirmngr[20589.0] DBG: SHA1 fingerprint: 447582CA4F0DDA406F88D52DBBDF35B16C060B7D
2020-04-19 23:36:36 dirmngr[20589.0] DBG: END Certificate
2020-04-19 23:36:36 dirmngr[20589.0] DBG: BEGIN Certificate 'server[1]':
2020-04-19 23:36:36 dirmngr[20589.0] DBG: serial: 0A0141420000015385736A0B85ECA708
2020-04-19 23:36:36 dirmngr[20589.0] DBG: notBefore: 2016-03-17 16:40:46
2020-04-19 23:36:36 dirmngr[20589.0] DBG: notAfter: 2021-03-17 16:40:46
2020-04-19 23:36:36 dirmngr[20589.0] DBG: issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
2020-04-19 23:36:36 dirmngr[20589.0] DBG: subject: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
2020-04-19 23:36:36 dirmngr[20589.0] DBG: hash algo: 1.2.840.113549.1.1.11
2020-04-19 23:36:36 dirmngr[20589.0] DBG: SHA1 fingerprint: E6A3B45B062D509B3382282D196EFE97D5956CCB
2020-04-19 23:36:36 dirmngr[20589.0] DBG: END Certificate
2020-04-19 23:36:36 dirmngr[20589.0] TLS connection authentication failed: General error
2020-04-19 23:36:36 dirmngr[20589.0] error connecting to 'https://keys.openpgp.org:443': General error
2020-04-19 23:36:36 dirmngr[20589.0] TLS verification of peer failed: status=0x0042
2020-04-19 23:36:36 dirmngr[20589.0] TLS verification of peer failed: The certificate is NOT trusted. The certificate issuer is unknown.

What's the problem here?
- Do I have to specify (TLS) certificates for gpg2 separately? If yes, how do I do so?
- Or am I missing something in ~./gnupg/dirmngr.conf?
- Or why else is the TLS connection failing?

Thanks in advance for your help!

EDIT 1

$ gpg2 --version | head -n 1
gpg (GnuPG) 2.1.11

EDIT 2

$ dirmngr --version | head -n 1
dirmngr (GnuPG) 2.1.11

[0] https://askubuntu.com/questions/1228662/gpg2-refresh-keys-general-error
[1] https://keys.openpgp.org/about/usage