Re: Sending gpg keys to keyserver
Hi All, On 12/02/2021 20:08, Ross Gammon wrote: > Thanks for the tips everyone - it wasn't the silver bullet I was after, > but that has given me some clues to investigate. > Just a quick update on this. $ gpg --refresh-keys This gave me an error saying that Tor was not running. Sorry - I did not capture the exact output from the command. I found that dirmngr.conf had a "use-tor" item. After commenting this setting out and rebooting: $ gpg --refresh-keys gpg: refreshing keys from hkps://hkps.pool.sks-keyservers.net gpg: keyserver refresh failed: General error This was a much shorter error message, not complaining about Tor. But still not very helpful :-) So I decided to try the original command as something had changed: $ gpg -vvv --keyserver keyring.debian.org --send-key 'fingerprint' gpg: using character set 'utf-8' gpg: sending key to hkps://keyring.debian.org That seemed to work! Probably I should be using Tor for obvious reasons. I will look into that another day. -- Regards, Ross Gammon FBEE 0190 904F 1EA0 BA6A 300E 53FE 7BBD A689 10FC signature.asc Description: OpenPGP digital signature
Re: Sending gpg keys to keyserver
Thanks for the tips everyone - it wasn't the silver bullet I was after, but that has given me some clues to investigate. It turned out to be faster to fix my laptop and upload from there :-) I will hopefully get some time to fully investigate what is wrong with the desktop machine soon. On 10/02/2021 01:30, Paul Wise wrote: > On Tue, Feb 9, 2021 at 6:48 PM Ross Gammon wrote: > >> I have an upload stuck in the upload queue due to an expired key, and I >> would like upload my newly unexpired key to the Debian keyservers so >> that it is eventually unblocked. >> >> But I get this error: >> $ gpg -v --keyserver keyring.debian.org --send-key 'fingerprint' >> gpg: sending key 0x to hkp://keyring.debian.org >> gpg: keyserver send failed: Connection refused >> gpg: keyserver send failed: Connection refused > > That command works for me and looks like the correct one according to: > > https://keyring.debian.org/ > >> 6. Today, realise the upload has silently failed due to expired key. >> 7. Extend expiry date of keys forward two more years. > > It is a good idea to set a calendar appointment or at/systemd-run job > to give you a reminder before the date. I'm doing the expiry update 3 > months before my expiry. > > https://riseup.net/en/security/message-security/openpgp/best-practices#set-a-calendar-event-to-remind-you-about-your-expiration-date > >> Any ideas on what configuration I might need to update? > > Maybe look at your firewalls, network or proxy setup, or use wireshark > and tcptraceroute to see what is blocking the connection. Or try > creating a temporary user on your machine, logging in as that, > creating a new key with a test name/email and try sending that to the > server, the result will give some more info on where the problem is. > Also do that from another machine on the same network, or from a > Debian Live system booted on your machine. > -- Regards, Ross Gammon FBEE 0190 904F 1EA0 BA6A 300E 53FE 7BBD A689 10FC signature.asc Description: OpenPGP digital signature
Re: Sending gpg keys to keyserver
On Tue, Feb 9, 2021 at 6:48 PM Ross Gammon wrote: > I have an upload stuck in the upload queue due to an expired key, and I > would like upload my newly unexpired key to the Debian keyservers so > that it is eventually unblocked. > > But I get this error: > $ gpg -v --keyserver keyring.debian.org --send-key 'fingerprint' > gpg: sending key 0x to hkp://keyring.debian.org > gpg: keyserver send failed: Connection refused > gpg: keyserver send failed: Connection refused That command works for me and looks like the correct one according to: https://keyring.debian.org/ > 6. Today, realise the upload has silently failed due to expired key. > 7. Extend expiry date of keys forward two more years. It is a good idea to set a calendar appointment or at/systemd-run job to give you a reminder before the date. I'm doing the expiry update 3 months before my expiry. https://riseup.net/en/security/message-security/openpgp/best-practices#set-a-calendar-event-to-remind-you-about-your-expiration-date > Any ideas on what configuration I might need to update? Maybe look at your firewalls, network or proxy setup, or use wireshark and tcptraceroute to see what is blocking the connection. Or try creating a temporary user on your machine, logging in as that, creating a new key with a test name/email and try sending that to the server, the result will give some more info on where the problem is. Also do that from another machine on the same network, or from a Debian Live system booted on your machine. -- bye, pabs https://wiki.debian.org/PaulWise
Re: Sending gpg keys to keyserver
On Tue, 09 Feb 2021 19:47:47 +0100, Ross Gammon wrote: > But I get this error: > $ gpg -v --keyserver keyring.debian.org --send-key 'fingerprint' > gpg: sending key 0x to hkp://keyring.debian.org > gpg: keyserver send failed: Connection refused > gpg: keyserver send failed: Connection refused Years ago I had this problem when I had http_proxy set in my environment. Cheers, gregor -- .''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe `- NP: Aimee Mann: It Takes All Kinds signature.asc Description: Digital Signature
Re: Sending gpg keys to keyserver
Hello, >I have an upload stuck in the upload queue due to an expired key, and I >would like upload my newly unexpired key to the Debian keyservers so >that it is eventually unblocked. > >But I get this error: >$ gpg -v --keyserver keyring.debian.org --send-key 'fingerprint' >gpg: sending key 0x to hkp://keyring.debian.org >gpg: keyserver send failed: Connection refused >gpg: keyserver send failed: Connection refused > >So how did I get into this mess? > >1. Many years ago followed the riseup.net guide to configure my keys. >2. Over two years ago set the expiry date of my signing/encryption key >forwad two years to about now. >3. Weeks ago, sponsored a package to NEW. >4. Package was rejected. >5. The other day, uploaded a fixed package for my sponsee. >6. Today, realise the upload has silently failed due to expired key. >7. Extend expiry date of keys forward two more years. >8. Issue above command, then spend hours of frustrated searching :-) > >I should say that I am on an Ubuntu machine (my Debian laptop has other >issues that need fixing). Googling comes up with gpg changes with >v2.1(?), and dirmngr now being the default - not curl ($ gpg --help >gives > gpg (GnuPG) 2.2.19). Riseup.net has completely changed since I >last looked, and there does not seem to be any updated advice on the >Debian keysigning pages. > >Any ideas on what configuration I might need to update? gpg --keyserver keyring.debian.org --send-keys mykeyID works for me on Ubuntu 20.04 G.
