2

In the past gpg/gpg2 used to run flawlessly on my MacOS laptop running macports. In the last few month (years?) it seems to have stopped being operational and after spending many hours in trying to get it to work again i wonder wether the root problem is much more severe after i saw that https://dev.gnupg.org/T3717 I am tired of errors like Connection Closed in DNS, Server Indicated a Failure, No Keyserver Available, and Not Enabled when trying to do something with a keyserver is closed.

See also https://lists.gnupg.org/pipermail/gnupg-users/2021-March/064922.html along the same lines

One of my issues is that error messages in my environment are displayed in german so that a web search does not alway reveal the proper results.

After i moved to a new laptop i recreated a key according to what i thought was the correct way to do it and then wanted to send it to the gpg infrastructure which failed. My old key is expired and somehow still being used by maven central and this is the original issue that i want to solve.

The story will probably be long so let's start with the basics: I assume we are talking about:

gpg --version
gpg (GnuPG) 2.2.29
libgcrypt 1.9.3
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/wf/.gnupg
Unterstützte Verfahren:
Öff. Schlüssel: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Verschlü.: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
           CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Komprimierung: nicht komprimiert, ZIP, ZLIB, BZIP2

gpg --list-keys

will happily display a key which expires in 2023

From the sonatype I get a message:

ERROR] Repository "..." failures
[ERROR]   Rule "signature-staging" failures
[ERROR]     * No public key: Key with id: (...) was not able to be located on &lt;a href=http://keyserver.ubuntu.com:11371/&gt;

so i assume i have to let the keyserver receive my new key and tell sonatype to use that new key.

gpg --send-keys <key>
gpg: sende Schlüssel ... auf hkps://keyserver.ubuntu.com
gpg: Senden an Schlüsselserver fehlgeschlagen: Network is unreachable

is the starting point of my problems.

gpg --send-keys --keyserver http://keyserver.ubuntu.com:11371 <key>

has the same effect.

https://qastack.com.de/unix/361642/keyserver-receive-failed-on-every-keyserver-available did not have a fitting answer for me

using the option from the FAQ Document https://gnupg.org/faq/gnupg-faq.html

--keyserver pool.sks-keyservers.net

gives the same error message: Network is unreachable which in this case makes even sense given that:

ping pool.sks-keyservers.net
ping: cannot resolve pool.sks-keyservers.net: Unknown host

while

ping keyserver.ubuntu.com
PING keyserver.ubuntu.com (162.213.33.8): 56 data bytes

so the same error message is displayed no matter whether the host is pingable or not ... I think that is a bug - the message should be more detailed ...

How can I get gpg running and send/receive keys in this environment?

Links that did not help me:

Wolfgang Fahl
  • 467

1 Answers1

1

For the time being my work around is to use a unix machine instead.

So first 1 transferred the key to my unix box:

gpg --export-secret-key 35...DEF | ssh server gpg --batch --import
gpg: key D38 ... not changed
gpg: key D38 ...: secret key imported
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

and then sent it from there:

gpg --send-keys --keyserver keyserver.ubuntu.com 35..
gpg: sending key D38... to hkp://keyserver.ubuntu.com

please note that the default keyserver on that machine failed:

.. hkp://hkps.pool.sks-keyservers.net
gpg: keyserver send failed: No name

Helpful links:

Wolfgang Fahl
  • 467