We disabled authentication on they private keyserver and the key uploaded right away. Now we just need to figure out why it won't work anymore with authentication. If you have any references, please let me know.
Sorry to deviate from the topic but I was wondering if you can tell me the command to remove key(s) from our private key server. During troubleshooting, I ended up creating 3 different keys that I now need to remove.
This email may contain material that is confidential for the sole use of
the intended recipient(s). Any review, reliance or distribution or
disclosure by others without express permission is strictly prohibited. If
you are not the intended recipient, please contact the sender and delete
all copies of this message.
Luke Le on 11 Jan, 2018 12:28 AM
unfortunately there's no such thing as removing keys from a keyserver, you can only revoke them if you still have the revocation certificates. For each secret key you create, a revocation certificate is created in ~/.gnupg/openpgp-revocs.d
By importing the revocation certificate and sending the key to server afterwards, you'll be able to revoke them and prevents others from importing them.
Luke Le on 11 Jan, 2018 12:32 AM
I'm currently filing a bug with the GnuPG team for HTTP Basic Auth, since from the source code I could now confirm that this feature no longer works. Not sure since when, but it must be quite some time already. I still believe however, that a change of your internal key server system triggered the error you were seeing.
Thank you for this. As we discussed, we wanted to prevent our own users from uploading keys to our keyserver. We want our IT department to have complete control of key management. We also frequently have contractors working with us and this is a security measure we had to take.
As an update to removing keys from the keyserver, we found a way in case someone else is interested. The command is: sks drop <hash>
Luke Le on 02 Mar, 2018 09:45 AM
unfortunately we haven't heard back from the gnupg developers and unfortunately I don't believe it is a priority for them. We might consider including the patch in our version of gnupg, but it would feel better to receive approval from the gnupg developers.