On Mon, Jan 04, 2016 at 05:50:47PM +0100, Ni* wrote: > [email protected] (Ludovic Courtès) writes: > > > [email protected] skribis: > > > >> On 2016-01-01 19:21, [email protected] wrote: > >>> On 2015-12-30 22:16, [email protected] wrote: > >>>> Which version of GnuPG is it, per “gpg2 --version”? > >>> ~$ gpg2 --version > >>> gpg (GnuPG) 2.1.10 > >>> libgcrypt 1.6.3 > >> > >> I now tested with the 2.0 version and the result was that it only > >> worked when specifying the keyserver (pgp.mit.edu) on the commandline. > >> > >> So to sum it up (i'm on an i686 platform): > >> (with default config-files) > >> gpg 2.1.10 - keyservers are not reachable at all > >> gpg 2.0.29 - keyservers are only reachable when using --keyserver > >> URL-to-keyserver on the commandline omplains about wrong keyserver URI > >> when not specifying --keyserver URL-to-keyserver). > > > > I confirm that 2.1 behaves differently: > > > > $ $(guix build gnupg-2.1)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys > > 3D9AEBB5 > > gpg: key "3D9AEBB5 #EA52ECF4" not found > > gpg: (check argument of option '--hidden-encrypt-to') > > $ $(guix build gnupg-2.0)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys > > 3D9AEBB5 > > gpg: requesting key 3D9AEBB5 from hkp server pgp.mit.edu > > gpg: key 3D9AEBB5: "Ludovic Courtès <[email protected]>" not changed > > gpg: Nombro traktita entute: 1 > > gpg: neŝanĝitaj: 1 > > > > I would suggest reaching out to the GnuPG mailing lists. > > > > Ludo’. > > > > Hi, > > I thought I figured out my mistake from 12 months ago when GnuPG broke > (and I faded out using it), the question here got me motivated to look > into 2.1 issues again. > > I got it to the point where it works again, meaning searching for > keys (although I am unsure wether it uses hkp or hkps protocol), etc. > > ~/.gnupg$ tree > . > ├── crls.d > │ └── DIR.txt > ├── dirmngr.conf > ├── gpg-agent.conf > ├── gpg.conf > ├── openpgp-revocs.d > > ├── private-keys-v1.d > > ├── pubring.kbx > ├── pubring.kbx~ > ├── random_seed > ├── S.dirmngr > ├── S.gpg-agent > └── trustdb.gpg > > What I did was start from scratch with GnuPG 2.1: > > cat gpg.conf > keyserver-options no-honor-keyserver-url include-revoked > fixed-list-mode > keyid-format 0xlong > personal-digest-preferences SHA512 SHA384 SHA256 SHA224 > default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 > BZIP2 ZLIB ZIP Uncompressed > use-agent > verify-options show-uid-validity > list-options show-uid-validity > cert-digest-algo SHA512 > no-comments > with-fingerprint > no-emit-version > > cat dirmngr.conf > keyserver hkp://hkps.pool.sks-keyservers.net > hkp-cacert /home/myusername/certificates/sks-keyservers.netCA.pem > > cat gpg-agent.conf > pinentry-program /home/myusername/.guix-profile/bin/pinentry-curses > default-cache-ttl 86400 > > > I noticed that gpg-agent needs at least those 2 entries to work with. > > Related question: > is it intentional that there's no pinentry-gtk and pinentry-qt in Guix?
I'm using the Debian provided pinentry, but it looks like our pinentry provides a GTK interface and a console (ncurses?) interface, at least based on the package definition in gnupg.scm. > > > -- > Ni* -- http://www.libertad.pw > Email is public. Talk to me in private: > https://psyced.org:34443/~niasterisk > privacy respecting, secure communication: > BM-2cSj8qEigE3CMaLU3CwPZf7T3LvzvnttsC > (bitmessage) >
