Bug #15415

Unreliable key server operations

Added by sajolida almost 2 years ago. Updated almost 2 years ago.

Target version:
Start date:
Due date:
% Done:


Feature Branch:
Type of work:
Affected tool:


I've been experiencing this for a while without being sure it was a bug. Today I'm convinced it is one:

I tried to fetch a public key and it failed:

amnesia@amnesia:~$ gpg --search-keys
gpg: WARNING: Tor is not properly configured
gpg: error searching keyserver: Permission denied
gpg: keyserver search failed: Permission denied

Then unplugged my Ethernet cable and plugged it back.

Then tried to fetch the same key again and it worked:

amnesia@amnesia:~$ gpg --search-keys
gpg: data source: http://jirk5u4osbsr34t5.onion:11371
(1)     Floriana Pagano <>
          4096 bit RSA key 0xB4B65273C21574E0, created: 2017-04-21, expires: 2022-04-20
Keys 1-1 of 1 for "".  Enter number(s), N)ext, or Q)uit > 1
gpg: key 0xB4B65273C21574E0: public key "Floriana Pagano <>" imported
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:  20  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  20  signed:  36  trust: 20-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2018-04-11
gpg: Total number processed: 1
gpg:               imported: 1

It seems like some keyservers don't like Tor. Maybe we could configure one that always works?

Related issues

Related to Tails - Bug #14770: "Fetching OpenPGP keys" scenarios are fragile: communication failure with keyserver Resolved 10/04/2017


#1 Updated by sajolida almost 2 years ago

  • Related to Bug #14770: "Fetching OpenPGP keys" scenarios are fragile: communication failure with keyserver added

#2 Updated by sajolida almost 2 years ago

Maybe that's related to #14770...

#3 Updated by intrigeri almost 2 years ago

  • Assignee set to sajolida
  • QA Check set to Info Needed

Could you please share the content of your ~/.gnupg/dirmngr.conf?

The default one is:

keyserver hkp://jirk5u4osbsr34t5.onion

… which uses an Onion Service so "some keyservers don't like Tor" does not apply.

#4 Updated by sajolida almost 2 years ago

  • Status changed from Confirmed to Resolved
  • Assignee deleted (sajolida)

Before reporting my bug I checked the diff between my gpg.conf and /etc/skel/.gnupg/gpg.conf and the only difference is 'default-key'.

But indeed, I didn't have /etc/skel/.gnupg/dirmngr.conf in my ~/.gnupg, probably because I created my persistence before it was added (3c68e5ff4c - 2017-01-31).

So I copied this dirmngr.conf to my ~/.gnupg and can probably close this ticket now.

It might still be useful for other people :)

Also available in: Atom PDF