No gpg keyservers available on GuixSD out-of-the-box

No gpg keyservers available on GuixSD out-of-the-box

[swedebugia]

Hi

Is this an error? On trisquel it just works.

~$ torsocks gpg2 --recv-keys 139A768E
gpg: keyserver receive failed: No keyserver available
~$ gpg2 --recv-keys 139A768E
gpg: keyserver receive failed: No keyserver available
~$ torsocks gpg2 --keyserver keys.gnupg.net --recv-keys 139A768E
gpg: keyserver receive failed: No keyserver available

Re: No gpg keyservers available on GuixSD out-of-the-box

[Ludovic Courtès]

swedebugia@riseup.net skribis:

> Is this an error? On trisquel it just works.
>
> ~$ torsocks gpg2 --recv-keys 139A768E
> gpg: keyserver receive failed: No keyserver available
> ~$ gpg2 --recv-keys 139A768E
> gpg: keyserver receive failed: No keyserver available
> ~$ torsocks gpg2 --keyserver keys.gnupg.net --recv-keys 139A768E
> gpg: keyserver receive failed: No keyserver available

Could it be that keys.gnupg.net is unreachable?  Did you try with
pgp.mit.edu?  It seems to be more reliable.

HTH,
Ludo’.

Re: No gpg keyservers available on GuixSD out-of-the-box

[Ni*]

ludo@gnu.org (Ludovic Courtès) writes:

> swedebugia@riseup.net skribis:
>
>> Is this an error? On trisquel it just works.
>>
>> ~$ torsocks gpg2 --recv-keys 139A768E
>> gpg: keyserver receive failed: No keyserver available
>> ~$ gpg2 --recv-keys 139A768E
>> gpg: keyserver receive failed: No keyserver available
>> ~$ torsocks gpg2 --keyserver keys.gnupg.net --recv-keys 139A768E
>> gpg: keyserver receive failed: No keyserver available
>
> Could it be that keys.gnupg.net is unreachable?  Did you try with
> pgp.mit.edu?  It seems to be more reliable.
>
> HTH,
> Ludo’.
>

Additionally, you could try https://sks-keyservers.net/ which was okay
to use for me in the past. But I failed to get it to work with newer
GnuPG 1 year ago, but maybe that's just my personal error.

-- 
ng/Ni*
http://libertad.pw:8080
Email is public. Talk to me in private:
https://psyced.org:34443/~niasterisk
privacy respecting, secure communication:
BM-2cSj8qEigE3CMaLU3CwPZf7T3LvzvnttsC
(bitmessage)

Re: No gpg keyservers available on GuixSD out-of-the-box

[Andreas Enge]

On Wed, Dec 30, 2015 at 12:12:44AM +0100, Ludovic Courtès wrote:
> Could it be that keys.gnupg.net is unreachable?  Did you try with
> pgp.mit.edu?  It seems to be more reliable.

You need to create the file
   .gnupg/gpg.conf
in your home directory containing a line
   keyserver pgp.mit.edu

Andreas

Re: No gpg keyservers available on GuixSD out-of-the-box

[swedebugia]

On 2015-12-30 11:34, Andreas Enge wrote:
> On Wed, Dec 30, 2015 at 12:12:44AM +0100, Ludovic Courtès wrote:
>> Could it be that keys.gnupg.net is unreachable?  Did you try with
>> pgp.mit.edu?  It seems to be more reliable.

Yes. Same error.

Andreas wrote:
> You need to create the file
>    .gnupg/gpg.conf

Already exist. According to this file --keyserver stuff has been moved 
to .gnupg/dirmngr.conf which contains (amongst other stuff):

# --keyserver URI
#
# GPG can send and receive keys to and from a keyserver.  These
# servers can be HKP, Email, or LDAP (if GnuPG is built with LDAP
# support).
#
# Example HKP keyservers:
#      hkp://keys.gnupg.net
#
# Example HKP keyserver using a Tor hidden service
#      hkp://dyh2j3qyrirn43iw.onion
#
# Example HKPS keyservers (see --hkp-cacert below):
#       hkps://hkps.pool.sks-keyservers.net
#
# Example LDAP keyservers:
#      ldap://pgp.surfnet.nl:11370
#
# Regular URL syntax applies, and you can set an alternate port
# through the usual method:
#      hkp://keyserver.example.net:22742
#
# Most users just set the name and type of their preferred keyserver.
# Note that most servers (with the notable exception of
# ldap://keyserver.pgp.com) synchronize changes with each other.  Note
# also that a single server name may actually point to multiple
# servers via DNS round-robin.  hkp://keys.gnupg.net is an example of
# such a "server", which spreads the load over a number of physical
# servers.
#
# If exactly two keyservers are configured and only one is a Tor hidden
# service, Dirmngr selects the keyserver to use depending on whether
# Tor is locally running or not (on a per session base).

keyserver hkp://dyh2j3qyrirn43iw.onion
keyserver hkp://keys.gnupg.net

I tested with ping as well:
~$ ping -c2 keys.gnupg.net
PING pool.sks-keyservers.net (193.17.17.6): 56 data bytes
64 bytes from 193.17.17.6: icmp_seq=0 ttl=54 time=32.097 ms
64 bytes from 193.17.17.6: icmp_seq=1 ttl=54 time=32.089 ms
--- pool.sks-keyservers.net ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 32.089/32.093/32.097/0.000 ms

I did not touch the conf-files at all in trisquel to get this to just 
work.

Thanks for you help so far.
/swedebugia

Re: No gpg keyservers available on GuixSD out-of-the-box

[swedebugia]

-------- Original Message --------
Subject: Re: No gpg keyservers available on GuixSD out-of-the-box
Date: 2015-12-30 18:55
 From: swedebugia@riseup.net
To: Andreas Enge <andreas@enge.fr>
Cc: Ludovic Courtès <ludo@gnu.org>, help-guix <help-guix@gnu.org>

On 2015-12-30 11:34, Andreas Enge wrote:
> On Wed, Dec 30, 2015 at 12:12:44AM +0100, Ludovic Courtès wrote:
>> Could it be that keys.gnupg.net is unreachable?  Did you try with
>> pgp.mit.edu?  It seems to be more reliable.

Yes. Same error.

Andreas wrote:
> You need to create the file
>    .gnupg/gpg.conf

Already exist. According to this file --keyserver stuff has been moved 
to .gnupg/dirmngr.conf which contains (amongst other stuff):

# --keyserver URI
#
# GPG can send and receive keys to and from a keyserver.  These
# servers can be HKP, Email, or LDAP (if GnuPG is built with LDAP
# support).
#
# Example HKP keyservers:
#      hkp://keys.gnupg.net
#
# Example HKP keyserver using a Tor hidden service
#      hkp://dyh2j3qyrirn43iw.onion
#
# Example HKPS keyservers (see --hkp-cacert below):
#       hkps://hkps.pool.sks-keyservers.net
#
# Example LDAP keyservers:
#      ldap://pgp.surfnet.nl:11370
#
# Regular URL syntax applies, and you can set an alternate port
# through the usual method:
#      hkp://keyserver.example.net:22742
#
# Most users just set the name and type of their preferred keyserver.
# Note that most servers (with the notable exception of
# ldap://keyserver.pgp.com) synchronize changes with each other.  Note
# also that a single server name may actually point to multiple
# servers via DNS round-robin.  hkp://keys.gnupg.net is an example of
# such a "server", which spreads the load over a number of physical
# servers.
#
# If exactly two keyservers are configured and only one is a Tor hidden
# service, Dirmngr selects the keyserver to use depending on whether
# Tor is locally running or not (on a per session base).

keyserver hkp://dyh2j3qyrirn43iw.onion
keyserver hkp://keys.gnupg.net

I tested with ping as well:
~$ ping -c2 keys.gnupg.net
PING pool.sks-keyservers.net (193.17.17.6): 56 data bytes
64 bytes from 193.17.17.6: icmp_seq=0 ttl=54 time=32.097 ms
64 bytes from 193.17.17.6: icmp_seq=1 ttl=54 time=32.089 ms
--- pool.sks-keyservers.net ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 32.089/32.093/32.097/0.000 ms

I did not touch the conf-files at all in trisquel to get this to just 
work.

Thanks for you help so far.
/swedebugia

Re: No gpg keyservers available on GuixSD out-of-the-box

[Ludovic Courtès]

Which version of GnuPG is it, per “gpg2 --version”?

I wonder if 2.1 behaves differently or something (I use 2.0 myself.)

Ludo’.

Re: No gpg keyservers available on GuixSD out-of-the-box

[Ni*]

ludo@gnu.org (Ludovic Courtès) writes:

> Which version of GnuPG is it, per “gpg2 --version”?
>
> I wonder if 2.1 behaves differently or something (I use 2.0 myself.)
>
> Ludo’.
>

(Speculation from memory:)
I vaguely remember that my GnuPG configuration did break with the
release of the version released at the end of 2014 (Maybe 1.x -> 2.0/2.1
update?), and using hkp-keyservers was no longer possible for me back
then.
I also remember that dirmngr needed to touch some file(s) and that
gnupg.conf was still needed.

An output of "tree" from the .gnupg directory dated from Dec 2014 and
Jan 2015 according to timestamps of directories inside:
 tree .gnupg/
.gnupg/
├── crls.d
│   └── DIR.txt
├── dirmngr-cache.d
│   └── DIR.txt
├── dirmngr.conf
├── dirmngr_ldapservers.conf
├── gpg-agent.conf
├── gpg-agent.conf.gpgconf.bak
├── gpg.conf
├── gpg.conf~
├── private-keys-v1.d
│   ├── --snip--
├── pubring.gpg
├── pubring.gpg~
├── random_seed
├── secring.gpg
├── sshcontrol
└── trustdb.gpg

-- 
ng/Ni*
http://libertad.pw:8080
Email is public. Talk to me in private:
https://psyced.org:34443/~niasterisk
privacy respecting, secure communication:
BM-2cSj8qEigE3CMaLU3CwPZf7T3LvzvnttsC
(bitmessage)

Re: No gpg keyservers available on GuixSD out-of-the-box

[swedebugia]

On 2015-12-30 22:16, ludo@gnu.org wrote:
> Which version of GnuPG is it, per “gpg2 --version”?
~$ gpg2 --version
gpg (GnuPG) 2.1.10
libgcrypt 1.6.3

Re: No gpg keyservers available on GuixSD out-of-the-box

[swedebugia]

On 2016-01-01 19:21, swedebugia@riseup.net wrote:
> On 2015-12-30 22:16, ludo@gnu.org wrote:
>> Which version of GnuPG is it, per “gpg2 --version”?
> ~$ gpg2 --version
> gpg (GnuPG) 2.1.10
> libgcrypt 1.6.3

I now tested with the 2.0 version and the result was that it only worked 
when specifying the keyserver (pgp.mit.edu) on the commandline.

So to sum it up (i'm on an i686 platform):
(with default config-files)
gpg 2.1.10 - keyservers are not reachable at all
gpg 2.0.29 - keyservers are only reachable when using --keyserver 
URL-to-keyserver on the commandline omplains about wrong keyserver URI 
when not specifying --keyserver URL-to-keyserver).


Can somebody please verify this?

Re: No gpg keyservers available on GuixSD out-of-the-box

[Ludovic Courtès]

swedebugia@riseup.net skribis:

> On 2016-01-01 19:21, swedebugia@riseup.net wrote:
>> On 2015-12-30 22:16, ludo@gnu.org wrote:
>>> Which version of GnuPG is it, per “gpg2 --version”?
>> ~$ gpg2 --version
>> gpg (GnuPG) 2.1.10
>> libgcrypt 1.6.3
>
> I now tested with the 2.0 version and the result was that it only
> worked when specifying the keyserver (pgp.mit.edu) on the commandline.
>
> So to sum it up (i'm on an i686 platform):
> (with default config-files)
> gpg 2.1.10 - keyservers are not reachable at all
> gpg 2.0.29 - keyservers are only reachable when using --keyserver
> URL-to-keyserver on the commandline omplains about wrong keyserver URI
> when not specifying --keyserver URL-to-keyserver).

I confirm that 2.1 behaves differently:

--8<---------------cut here---------------start------------->8---
$ $(guix build gnupg-2.1)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 3D9AEBB5
gpg: key "3D9AEBB5 #EA52ECF4" not found
gpg: (check argument of option '--hidden-encrypt-to')
$ $(guix build gnupg-2.0)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 3D9AEBB5
gpg: requesting key 3D9AEBB5 from hkp server pgp.mit.edu
gpg: key 3D9AEBB5: "Ludovic Courtès <ludo@gnu.org>" not changed
gpg:       Nombro traktita entute: 1
gpg:                   neŝanĝitaj: 1
--8<---------------cut here---------------end--------------->8---

I would suggest reaching out to the GnuPG mailing lists.

Ludo’.

Re: No gpg keyservers available on GuixSD out-of-the-box

[Ni*]

ludo@gnu.org (Ludovic Courtès) writes:

> swedebugia@riseup.net skribis:
>
>> On 2016-01-01 19:21, swedebugia@riseup.net wrote:
>>> On 2015-12-30 22:16, ludo@gnu.org wrote:
>>>> Which version of GnuPG is it, per “gpg2 --version”?
>>> ~$ gpg2 --version
>>> gpg (GnuPG) 2.1.10
>>> libgcrypt 1.6.3
>>
>> I now tested with the 2.0 version and the result was that it only
>> worked when specifying the keyserver (pgp.mit.edu) on the commandline.
>>
>> So to sum it up (i'm on an i686 platform):
>> (with default config-files)
>> gpg 2.1.10 - keyservers are not reachable at all
>> gpg 2.0.29 - keyservers are only reachable when using --keyserver
>> URL-to-keyserver on the commandline omplains about wrong keyserver URI
>> when not specifying --keyserver URL-to-keyserver).
>
> I confirm that 2.1 behaves differently:
>
> $ $(guix build gnupg-2.1)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 3D9AEBB5
> gpg: key "3D9AEBB5 #EA52ECF4" not found
> gpg: (check argument of option '--hidden-encrypt-to')
> $ $(guix build gnupg-2.0)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 3D9AEBB5
> gpg: requesting key 3D9AEBB5 from hkp server pgp.mit.edu
> gpg: key 3D9AEBB5: "Ludovic Courtès <ludo@gnu.org>" not changed
> gpg:       Nombro traktita entute: 1
> gpg:                   neŝanĝitaj: 1
>
> I would suggest reaching out to the GnuPG mailing lists.
>
> Ludo’.
>

Hi,

I thought I figured out my mistake from 12 months ago when GnuPG broke
(and I faded out using it), the question here got me motivated to look
into 2.1 issues again.

I got it to the point where it works again, meaning searching for
keys (although I am unsure wether it uses hkp or hkps protocol), etc.

~/.gnupg$ tree
.
├── crls.d
│   └── DIR.txt
├── dirmngr.conf
├── gpg-agent.conf
├── gpg.conf
├── openpgp-revocs.d

├── private-keys-v1.d

├── pubring.kbx
├── pubring.kbx~
├── random_seed
├── S.dirmngr
├── S.gpg-agent
└── trustdb.gpg

What I did was start from scratch with GnuPG 2.1:

cat gpg.conf 
keyserver-options no-honor-keyserver-url include-revoked
fixed-list-mode
keyid-format 0xlong
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
use-agent
verify-options show-uid-validity
list-options show-uid-validity
cert-digest-algo SHA512
no-comments
with-fingerprint
no-emit-version

cat dirmngr.conf 
keyserver hkp://hkps.pool.sks-keyservers.net
hkp-cacert /home/myusername/certificates/sks-keyservers.netCA.pem

cat gpg-agent.conf 
pinentry-program /home/myusername/.guix-profile/bin/pinentry-curses
default-cache-ttl 86400


I noticed that gpg-agent needs at least those 2 entries to work with.

Related question:
is it intentional that there's no pinentry-gtk and pinentry-qt in Guix?


-- 
Ni* -- http://www.libertad.pw
Email is public. Talk to me in private:
https://psyced.org:34443/~niasterisk
privacy respecting, secure communication:
BM-2cSj8qEigE3CMaLU3CwPZf7T3LvzvnttsC
(bitmessage)

Re: No gpg keyservers available on GuixSD out-of-the-box

[Leo Famulari]

On Mon, Jan 04, 2016 at 05:50:47PM +0100, Ni* wrote:
> ludo@gnu.org (Ludovic Courtès) writes:
> 
> > swedebugia@riseup.net skribis:
> >
> >> On 2016-01-01 19:21, swedebugia@riseup.net wrote:
> >>> On 2015-12-30 22:16, ludo@gnu.org wrote:
> >>>> Which version of GnuPG is it, per “gpg2 --version”?
> >>> ~$ gpg2 --version
> >>> gpg (GnuPG) 2.1.10
> >>> libgcrypt 1.6.3
> >>
> >> I now tested with the 2.0 version and the result was that it only
> >> worked when specifying the keyserver (pgp.mit.edu) on the commandline.
> >>
> >> So to sum it up (i'm on an i686 platform):
> >> (with default config-files)
> >> gpg 2.1.10 - keyservers are not reachable at all
> >> gpg 2.0.29 - keyservers are only reachable when using --keyserver
> >> URL-to-keyserver on the commandline omplains about wrong keyserver URI
> >> when not specifying --keyserver URL-to-keyserver).
> >
> > I confirm that 2.1 behaves differently:
> >
> > $ $(guix build gnupg-2.1)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 3D9AEBB5
> > gpg: key "3D9AEBB5 #EA52ECF4" not found
> > gpg: (check argument of option '--hidden-encrypt-to')
> > $ $(guix build gnupg-2.0)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 3D9AEBB5
> > gpg: requesting key 3D9AEBB5 from hkp server pgp.mit.edu
> > gpg: key 3D9AEBB5: "Ludovic Courtès <ludo@gnu.org>" not changed
> > gpg:       Nombro traktita entute: 1
> > gpg:                   neŝanĝitaj: 1
> >
> > I would suggest reaching out to the GnuPG mailing lists.
> >
> > Ludo’.
> >
> 
> Hi,
> 
> I thought I figured out my mistake from 12 months ago when GnuPG broke
> (and I faded out using it), the question here got me motivated to look
> into 2.1 issues again.
> 
> I got it to the point where it works again, meaning searching for
> keys (although I am unsure wether it uses hkp or hkps protocol), etc.
> 
> ~/.gnupg$ tree
> .
> ├── crls.d
> │   └── DIR.txt
> ├── dirmngr.conf
> ├── gpg-agent.conf
> ├── gpg.conf
> ├── openpgp-revocs.d
> 
> ├── private-keys-v1.d
> 
> ├── pubring.kbx
> ├── pubring.kbx~
> ├── random_seed
> ├── S.dirmngr
> ├── S.gpg-agent
> └── trustdb.gpg
> 
> What I did was start from scratch with GnuPG 2.1:
> 
> cat gpg.conf 
> keyserver-options no-honor-keyserver-url include-revoked
> fixed-list-mode
> keyid-format 0xlong
> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
> use-agent
> verify-options show-uid-validity
> list-options show-uid-validity
> cert-digest-algo SHA512
> no-comments
> with-fingerprint
> no-emit-version
> 
> cat dirmngr.conf 
> keyserver hkp://hkps.pool.sks-keyservers.net
> hkp-cacert /home/myusername/certificates/sks-keyservers.netCA.pem
> 
> cat gpg-agent.conf 
> pinentry-program /home/myusername/.guix-profile/bin/pinentry-curses
> default-cache-ttl 86400
> 
> 
> I noticed that gpg-agent needs at least those 2 entries to work with.
> 
> Related question:
> is it intentional that there's no pinentry-gtk and pinentry-qt in Guix?

I'm using the Debian provided pinentry, but it looks like our pinentry
provides a GTK interface and a console (ncurses?) interface, at least
based on the package definition in gnupg.scm.

> 
> 
> -- 
> Ni* -- http://www.libertad.pw
> Email is public. Talk to me in private:
> https://psyced.org:34443/~niasterisk
> privacy respecting, secure communication:
> BM-2cSj8qEigE3CMaLU3CwPZf7T3LvzvnttsC
> (bitmessage)
> 

Re: No gpg keyservers available on GuixSD out-of-the-box

[Ludovic Courtès]

Leo Famulari <leo@famulari.name> skribis:

> On Mon, Jan 04, 2016 at 05:50:47PM +0100, Ni* wrote:

[...]

>> Related question:
>> is it intentional that there's no pinentry-gtk and pinentry-qt in Guix?
>
> I'm using the Debian provided pinentry, but it looks like our pinentry
> provides a GTK interface and a console (ncurses?) interface, at least
> based on the package definition in gnupg.scm.

Yes, it provides both:

--8<---------------cut here---------------start------------->8---
$ ls -l $(guix build pinentry)/bin
totalo 180
lrwxrwxrwx 5 root root    14 Jan  1  1970 pinentry -> pinentry-gtk-2
-r-xr-xr-x 2 root root 74032 Jan  1  1970 pinentry-curses
-r-xr-xr-x 2 root root 94216 Jan  1  1970 pinentry-gtk-2
--8<---------------cut here---------------end--------------->8---

Ludo’.

Re: No gpg keyservers available on GuixSD out-of-the-box

[Ludovic Courtès]

Ni* <niasterisk@grrlz.net> skribis:

> I got it to the point where it works again, meaning searching for
> keys (although I am unsure wether it uses hkp or hkps protocol), etc.

[...]

> What I did was start from scratch with GnuPG 2.1:
>
> cat gpg.conf 
> keyserver-options no-honor-keyserver-url include-revoked
> fixed-list-mode
> keyid-format 0xlong
> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
> use-agent
> verify-options show-uid-validity
> list-options show-uid-validity
> cert-digest-algo SHA512
> no-comments
> with-fingerprint
> no-emit-version
>
> cat dirmngr.conf 
> keyserver hkp://hkps.pool.sks-keyservers.net
> hkp-cacert /home/myusername/certificates/sks-keyservers.netCA.pem

Do you know which of these options made the difference?

Thanks,
Ludo’.

Re: No gpg keyservers available on GuixSD out-of-the-box

[Efraim Flashner]

[-- Attachment #1: Type: text/plain, Size: 980 bytes --]

On Tue, 05 Jan 2016 10:29:40 +0100
ludo@gnu.org (Ludovic Courtès) wrote:

> Leo Famulari <leo@famulari.name> skribis:
> 
>  [...]  
> 
> [...]
> 
>  [...]  
>  [...]  
> 
> Yes, it provides both:
> 
> --8<---------------cut here---------------start------------->8---
> $ ls -l $(guix build pinentry)/bin
> totalo 180
> lrwxrwxrwx 5 root root    14 Jan  1  1970 pinentry -> pinentry-gtk-2
> -r-xr-xr-x 2 root root 74032 Jan  1  1970 pinentry-curses
> -r-xr-xr-x 2 root root 94216 Jan  1  1970 pinentry-gtk-2
> --8<---------------cut here---------------end--------------->8---
> 
> Ludo’.
> 

When I last built pinentry it went very quickly. It should be hardly any
overhead to add some of the others if someone prefers gtk3 or qt popups.

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: No gpg keyservers available on GuixSD out-of-the-box

[Ni*]

ludo@gnu.org (Ludovic Courtès) writes:

> Ni* <niasterisk@grrlz.net> skribis:
>
>> I got it to the point where it works again, meaning searching for
>> keys (although I am unsure wether it uses hkp or hkps protocol), etc.
>
> [...]
>
>> What I did was start from scratch with GnuPG 2.1:
>>
>> cat gpg.conf 
>> keyserver-options no-honor-keyserver-url include-revoked
>> fixed-list-mode
>> keyid-format 0xlong
>> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
>> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
>> use-agent
>> verify-options show-uid-validity
>> list-options show-uid-validity
>> cert-digest-algo SHA512
>> no-comments
>> with-fingerprint
>> no-emit-version
>>
>> cat dirmngr.conf 
>> keyserver hkp://hkps.pool.sks-keyservers.net
>> hkp-cacert /home/myusername/certificates/sks-keyservers.netCA.pem
>
> Do you know which of these options made the difference?
>
> Thanks,
> Ludo’.

I had initialy issues with a pinentry, which were solved with adding the
 "default-cache-ttl" to gpg-agent.conf
 
 ~/.gnupg$ cat gpg-agent.conf 
pinentry-program /home/pathto/.guix-profile/bin/pinentry-curses
default-cache-ttl 86400

cat ~/.gnupg/gpg.conf
use-agent

-- 
Ni* -- http://www.libertad.pw
Email is public. Talk to me in private:
https://psyced.org:34443/~niasterisk
privacy respecting, secure communication:
BM-2cSj8qEigE3CMaLU3CwPZf7T3LvzvnttsC
(bitmessage)