GPG Suite: Cannot connect to any keyserver

artur's Avatar

artur

10 Jan, 2018 06:14 AM

The same exact problem and the same configuration as in this thread.
Firewall on my macbook is off.
I also tried to follow these suggestions but with the same results - "Bad Keyserver" error.

Any help would be very much appreciated.

  1. Support Staff 1 Posted by Steve on 10 Jan, 2018 03:28 PM

    Steve's Avatar

    Hi Artur,

    welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.

    You already did some research regarding this problem.

    Can you let us know which key server you are using? You can find that info in GPG Keychain > Prefereces > Key servers. If you are using the sks key servers could you repeat your key search a few times in GPG Keychain (search for any email address) to check that this problem is persisting.

    This problem can have various causes.

    Please open Terminal.app, paste the following command and post the output into this discussion.

    nslookup hkps.pool.sks-keyservers.net
    

    Then execute the following command (replace email with the email address to search):

    gpg --debug-level expert --search-keys email
    

    Another question: Are you using Little Snitch or any other firewall-like software on your mac? If so, please temporarily disable that software and repeat the process. Can you then connect to the key servers as expected?

    In case a connection can be made:

    could you post the output of

    gpg --keyserver-options=debug --search-key [email blocked]
    

    Kind regards,
    steve

  2. 2 Posted by artur on 10 Jan, 2018 11:34 PM

    artur's Avatar

    Hi,

    Thank you for your quick response. I do not use any third-party firewall on my mac and the OS X firewall is off. Also, I have no problems connecting to outside (internet) world at any address or port.

    Below is my session from executing all the commands you suggested. I replaced real domain name I used for commands with 'example.com'.
    Also, I tried all the key servers addresses from the list in GPG Suite system preferences with the same exact result.

    One thing I suspect is that a while ago I played a bit with GPG Suite compiling modified version of the source code to support longer than standard key lengths. I removed the other version but maybe there are some leftovers somehow conflicting with the official version?

    kobit ~ $ nslookup hkps.pool.sks-keyservers.net
    Server:     192.168.1.1
    Address:    192.168.1.1#53
    
    Non-authoritative answer:
    Name:   hkps.pool.sks-keyservers.net
    Address: 18.9.60.141
    Name:   hkps.pool.sks-keyservers.net
    Address: 192.94.109.73
    Name:   hkps.pool.sks-keyservers.net
    Address: 193.164.133.100
    Name:   hkps.pool.sks-keyservers.net
    Address: 176.9.147.41
    Name:   hkps.pool.sks-keyservers.net
    Address: 37.191.226.104
    
    kobit ~ $ gpg --debug-level expert --search-keys [email blocked]
    gpg: enabled debug flags: packet filter cache memstat trust extprog
    gpg: error searching keyserver: Server indicated a failure
    gpg: keyserver search failed: Server indicated a failure
    gpg: keydb: handles=0 locks=0 parse=0 get=0
    gpg:        build=0 update=0 insert=0 delete=0
    gpg:        reset=0 found=0 not=0 cache=0 not=0
    gpg: kid_not_found_cache: count=0 peak=0 flushes=0
    gpg: sig_cache: total=0 cached=0 good=0 bad=0
    gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
                  outmix=0 getlvl1=0/0 getlvl2=0/0
    gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
    gpg: secmem usage: 0/32768 bytes in 0 blocks
    kobit ~ $ gpg --keyserver-options=debug --search-key [email blocked] blocked
    gpg: keyserver option 'debug' is unknown
    gpg: error searching keyserver: Server indicated a failure
    gpg: keyserver search failed: Server indicated a failure
    kobit ~ $ gpg --keyserver-options=debug --search-key [email blocked]
    gpg: keyserver option 'debug' is unknown
    gpg: error searching keyserver: Server indicated a failure
    gpg: keyserver search failed: Server indicated a failure
    kobit ~ $ gpg --version
    gpg (GnuPG/MacGPG2) 2.2.3
    libgcrypt 1.8.1
    Copyright (C) 2017 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.
    
    Home: /Users/kobit/.gnupg
    Supported algorithms:
    Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
    Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
            CAMELLIA128, CAMELLIA192, CAMELLIA256
    Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Compression: Uncompressed, ZIP, ZLIB, BZIP2
    kobit ~ $
    
  3. Support Staff 3 Posted by Luke Le on 11 Jan, 2018 02:46 PM

    Luke Le's Avatar

    Hi Artur,

    please enable debug mode for keyserver requests by adding the following lines to your ~/.gnupg/dirmngr.conf` file (create it if it doesn't exist):

    debug-level guru
    debug-all
    log-file /tmp/dirmngr.log
    

    After that, kill any dirmngr processes:

    killall dirmngr
    

    And then run a keyserver search

    gpg --search-keys [email blocked]
    

    Please attach the /tmp/dirmngr.log file to this discussion once you've completed the previously mentioned steps.

    This should give us a better idea of what might not be working.

    Thanks!

  4. 4 Posted by artur on 12 Jan, 2018 01:14 AM

    artur's Avatar

    Thank you for your help with the problem.

    I have spent some more time on this and figured out that everything seems to be working OK on another Mac next to my MacBook Pro. So this must have been problem with my MacBook. I have changed MacBooks a few times in the past and every time I transferred old data using time capsule to a new Mac for several years.
    So my system was pretty loaded with old stuff which were conflicting and causing problems. I thought the reinstalling system from scratch could/should solve the problem.

    And it did, partially. After clean reinstallation and putting gpg tools on clean, new installed system, I got the same exact error when trying all the key servers from the list in GPG Keychain properties. However, them I tried: hkps://hkps.pool.sks-keyservers.net:443 this worked right away, finally. So, now I have usable system with gpg tools and keychain working OK.

    Firewall is off on my MacBook and I do not use any third-party firewalls.

    However, if you are interested in getting to the bottom of this I can continue investigation and provide you with more information if you wish. Please let me know if you want me to continue digging into it. I would be also interested in having it working without any workarounds.

  5. Support Staff 5 Posted by Steve on 17 Jan, 2018 07:06 PM

    Steve's Avatar

    Hi Artur,

    can you please try the following:

    Open GPG Keychain > Preferences > Key servers and select the hkps://hkps.pool.sks-keyservers.net

    Then see if you are able to use the key servers as expected.

    If that is not the case, please attach the log requested in comment 3.

    All the best,
    steve

  6. 6 Posted by artur on 18 Jan, 2018 12:03 AM

    artur's Avatar

    Ok,

    I tried to change the server in preferences and it did not work, neither the hkps or hkp protocol worked. Only settings: hkps://hkps.pool.sks-keyservers.net:443 works.

    I tried to change the server settings in the .gnupg/gpg.conf and and I ran the commands twice with the log activated. Once with the working settings with key server on port 443 and second time with manually modified gpg.conf for key server: hkps://hkps.pool.sks-keyservers.net.

    The first time it all worked, the second failed with message below:
    gpg: error searching keyserver: Server indicated a failure
    gpg: keyserver search failed: Server indicated a failure

    Log attached.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac