On 06/03/2014 12:03 PM, Daniel wrote: > i looked up the Docs on http://www.rainydayz.org/content/915-keyserver > Quote: "You may prepend a protocol to the name of a keyserver, e.g. > hkp://keyserver.example.com or ldap://certserver.pgp.com."; > > I tried and Enigmail 1.6 as well as today's nightly won't connect to > hkps://hkps.pool.sks-keyservers.net > using the search dialog in the key management menu. > > Enigmail does connect to hkps.pool.sks-keyservers.net, so this seems to > be a Enigmail Problem, either in the Docs or the Plugin?
Using hkps properly (with certificate checking) requires setting up the
root certificate authority. Without this, the connection will fail to
validate.
To do this, you need to fetch the root CA key for this pool [0], as
described at [1].
Place this in a stable place (e.g. /home/daniel/sks-keyserver.netCA.pem
) and then tell enigmail to look for it. You can do this either by
adding the following line to ~/.gnupg/gpg.conf:
keyserver-options ca-cert-file=/home/daniel/sks-keyserver.netCA.pem
or you can do it directly from Enigmail: OpenPGP > Preferences >
"Display Expert Settings and Menus" > Advanced > "Additional Parameters
for GnuPG" should contain:
--keyserver-options ca-cert-file=/home/daniel/sks-keyserver.netCA.pem
Once that's in place, you should be able to pull from the hkps pool.
Does this work for you?
Perhaps we should ship this root CA cert in enigmail directly, and
default to using the hkps pool, or use it automatically if no other
ca-cert-file option is set and the user has selected
hkps://hkps.pool.sks-keyserver.net as their keyserver. Patrick, would
you be willing to accept a patch for this?
--dkg
PS on debian and debian-derived systems, hkps is also only available if
you have the "gnupg-curl" package installed. Without that package, hkps
will fail regardless of the ca-cert-file, since you will just have the
default shim keyserver transports.
[0] https://sks-keyservers.net/sks-keyservers.netCA.pem
[1] https://sks-keyservers.net/overview-of-pools.php#pool_hkps
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
