On Thu, 26 Mar 2020 17:55, gus said: > gpg: error retrieving 'torbrow...@torproject.org' via WKD: Ricevuto > un > messaggio di avviso fatale > gpg: error reading key: Ricevuto un messaggio di avviso fatale
That is: "Fatal alert message received" which comes from the TLS layer. To see the actual cause you need to add log-file /some/file tls-debug 2 or a higher level to dirmngr.conf and "gpgconf --reload dirmngr". For me a gpg --locate-external-keys -v torbrow...@torproject.org (--locate-external-key is easier to type than yours. It excludes the local keys and thus always goes out to the WKD) then gives: DBG: ntbtls(2): got an alert message, type: [2:40] DBG: ntbtls(1): is a fatal alert message (msg 40) DBG: ntbtls(1): (handshake failed) DBG: ntbtls(1): read_record returned: Fatal alert message received <TLS> DBG: ntbtls(2): handshake ready TLS handshake failed: Fatal alert message received <TLS> error connecting to 'https://openpgpkey.tor[...] A reason for the failed handhake might be that no common parameters could be found. We would need to look at the server log or run tests with that server to see what it expects. I copy the full TLS log below. I have no GNUTLS based build currently available, if that works, it log could give also some conclusion. However, on Windows we always use NTBTLS. Salam-Shalom, Werner --8<---------------cut here---------------start------------->8--- DBG: ntbtls(2): handshake DBG: ntbtls(2): client state: 0 (hello_request) DBG: ntbtls(3): flush output DBG: ntbtls(2): client state: 1 (client_hello) DBG: ntbtls(3): flush output DBG: ntbtls(2): write client_hello DBG: ntbtls(3): client_hello, max version: [3:3] DBG: ntbtls(3): client_hello, current time: 1585298512 DBG: client_hello, random bytes: 5e7dbc5008b76aa83d09c4393a4bdbe792ad9fee5198c6d9f88357ad16020156 DBG: ntbtls(3): client_hello, session id len.: 0 DBG: client_hello, session id: DBG: ntbtls(5): client_hello, add ciphersuite: 49192 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 DBG: ntbtls(5): client_hello, add ciphersuite: 107 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 49172 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 57 TLS-DHE-RSA-WITH-AES-256-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 49271 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 DBG: ntbtls(5): client_hello, add ciphersuite: 196 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 136 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 49191 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 103 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 49171 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 51 TLS-DHE-RSA-WITH-AES-128-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 49270 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 190 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 69 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 49170 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 22 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 49208 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 DBG: ntbtls(5): client_hello, add ciphersuite: 179 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 DBG: ntbtls(5): client_hello, add ciphersuite: 49206 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 145 TLS-DHE-PSK-WITH-AES-256-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 49307 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 DBG: ntbtls(5): client_hello, add ciphersuite: 49303 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 DBG: ntbtls(5): client_hello, add ciphersuite: 49207 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 178 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 49205 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 144 TLS-DHE-PSK-WITH-AES-128-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 49302 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 49306 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 49204 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 143 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 61 TLS-RSA-WITH-AES-256-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 53 TLS-RSA-WITH-AES-256-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 192 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 132 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 60 TLS-RSA-WITH-AES-128-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 47 TLS-RSA-WITH-AES-128-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 186 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 65 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 10 TLS-RSA-WITH-3DES-EDE-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 183 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 DBG: ntbtls(5): client_hello, add ciphersuite: 149 TLS-RSA-PSK-WITH-AES-256-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 49305 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 DBG: ntbtls(5): client_hello, add ciphersuite: 182 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 148 TLS-RSA-PSK-WITH-AES-128-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 49304 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 147 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 175 TLS-PSK-WITH-AES-256-CBC-SHA384 DBG: ntbtls(5): client_hello, add ciphersuite: 141 TLS-PSK-WITH-AES-256-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 49301 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 DBG: ntbtls(5): client_hello, add ciphersuite: 174 TLS-PSK-WITH-AES-128-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 140 TLS-PSK-WITH-AES-128-CBC-SHA DBG: ntbtls(5): client_hello, add ciphersuite: 49300 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 DBG: ntbtls(5): client_hello, add ciphersuite: 139 TLS-PSK-WITH-3DES-EDE-CBC-SHA DBG: ntbtls(3): client_hello, got 54 ciphersuites DBG: ntbtls(3): client_hello, compress len.: 2 DBG: ntbtls(3): client_hello, compress alg.: 1 0 DBG: ntbtls(3): client_hello, adding server name extension: 'openpgpkey.torproject.org' DBG: ntbtls(3): client_hello, adding signature_algorithms extension DBG: ntbtls(3): client hello, adding supported_elliptic_curves extension DBG: ntbtls(3): client hello, adding supported_point_formats extension DBG: ntbtls(3): client_hello, adding session ticket extension DBG: ntbtls(3): client_hello, total extension length: 88 DBG: ntbtls(3): write record DBG: ntbtls(3): output record: msgtype = 22, version = [3:3], msglen = 242 DBG: output record sent to network: 16030300f2010000ee03035e7dbc5008b76aa83d09c4393a4bdbe792ad9fee51 \ DBG: 98c6d9f88357ad1602015600006c00ffc028006bc0140039c07700c40088c027 \ DBG: 0067c0130033c07600be0045c0120016c03800b3c0360091c09bc097c03700b2 \ DBG: c0350090c096c09ac034008f003d003500c00084003c002f00ba0041000a00b7 \ DBG: 0095c09900b60094c098009300af008dc09500ae008cc094008b020100005800 \ DBG: 00001e001c0000196f70656e7067706b65792e746f7270726f6a6563742e6f72 \ DBG: 67000d001600140601050104010301020106030503040303030203000a000e00 \ DBG: 0c001700180019001a001b001c000b0002010000230000 DBG: ntbtls(3): flush output DBG: ntbtls(3): message length: 247, out_left: 247 DBG: ntbtls(3): es_write returned: success DBG: ntbtls(2): client state: 2 (server_hello) DBG: ntbtls(3): flush output DBG: ntbtls(2): read server_hello DBG: ntbtls(3): read record DBG: ntbtls(3): fetch input DBG: ntbtls(3): in_left: 0, nb_want: 5 DBG: ntbtls(3): es_read returned: success DBG: ntbtls(3): input record: msgtype = 21, version = [3:3], msglen = 2 DBG: ntbtls(3): fetch input DBG: ntbtls(3): in_left: 5, nb_want: 7 DBG: ntbtls(3): es_read returned: success DBG: input record from network: 15030300020228 DBG: ntbtls(2): got an alert message, type: [2:40] DBG: ntbtls(1): is a fatal alert message (msg 40) DBG: ntbtls(1): (handshake failed) DBG: ntbtls(1): read_record returned: Fatal alert message received <TLS> DBG: ntbtls(2): handshake ready TLS handshake failed: Fatal alert message received <TLS> error connecting to 'https://openpgpkey.torproject.org/.well-known/openpgpkey/torproject.org/hu/kounek7zrdx745qydx6p59t9mqjpuhdf?l=torbrowser': Fatal alert message received DBG: ntbtls(2): release command 'WKD_GET' failed: Fatal alert message received <TLS> --8<---------------cut here---------------end--------------->8--- -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users