所以我gpg --keyserver keys.gnupg.net --recv id
以 root 身份执行并得到:
gpg: 目录 '/root/.gnupg' 创建
gpg: 新配置文件 '/root/.gnupg/dirmngr.conf' 创建
gpg: 新配置文件 '/root/.gnupg/gpg.conf' 创建
gpg: 密钥箱 '/ root/.gnupg/pubring.kbx'已创建
它在最后一行之后卡住了,再次执行它不会返回任何内容。
难道是我的iptables有问题?我正在使用 KDE 运行 Debian 9.1。
我也尝试过gpgconf --kill gpg-agent && gpgconf --kill dirmngr
,ping keys.gnupg.net
(那个IP(194.94.127.122)似乎不是正确的服务器?),iptables -A OUTPUT -p tcp -d {ip} --dport 11371 -j ACCEPT
怎么修?
答案1
您描述的问题很可能是防火墙问题(如果您等待足够长的时间,是否有超时消息?)。keys.gnupg.net
事实上指向pool.sks-keyservers.net
(技术上作为CNAME
DNS 中的别名实现):
$ dig CNAME keys.gnupg.net
; <<>> DiG 9.10.3-P4-Debian <<>> CNAME keys.gnupg.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63954
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;keys.gnupg.net. IN CNAME
;; ANSWER SECTION:
keys.gnupg.net. 81999 IN CNAME pool.sks-keyservers.net.
;; Query time: 1 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Sat Aug 05 17:20:28 CEST 2017
;; MSG SIZE rcvd: 80
另一方面,SKS 密钥服务器池并不包含单个密钥服务器,而是由一个他们的整个池子,所有这些都相互同步。事实上,您可以操作自己的密钥服务器,该服务器将自动添加到网络中。这是在查询池域时返回的当前池中服务器的随机选择:
$ host pool.sks-keyservers.net
pool.sks-keyservers.net has address 81.187.55.68
pool.sks-keyservers.net has address 155.94.209.99
pool.sks-keyservers.net has address 195.181.242.148
pool.sks-keyservers.net has address 37.97.128.99
pool.sks-keyservers.net has address 80.108.201.53
pool.sks-keyservers.net has address 176.9.147.41
pool.sks-keyservers.net has address 178.254.42.45
pool.sks-keyservers.net has address 130.206.1.111
pool.sks-keyservers.net has address 130.133.110.62
pool.sks-keyservers.net has address 190.202.122.122
pool.sks-keyservers.net has IPv6 address 2001:41d0:1:ac90::1
pool.sks-keyservers.net has IPv6 address 2a00:f820:177:0:84:200:66:125
pool.sks-keyservers.net has IPv6 address 2a03:b0c0:1:d0::18c2:6001
pool.sks-keyservers.net has IPv6 address 2610:81:3001:53::231
pool.sks-keyservers.net has IPv6 address 2607:5300:60:3308::1
pool.sks-keyservers.net has IPv6 address 2a01:7e00::f03c:91ff:fe69:8da9
pool.sks-keyservers.net has IPv6 address 2001:648:2ffc:1225:a800:1ff:fee4:5da4
pool.sks-keyservers.net has IPv6 address 2001:4c80:40:628:5c70:d1ff:fe44:1424
pool.sks-keyservers.net has IPv6 address 2600:3c03::f03c:91ff:fe96:bd1a
pool.sks-keyservers.net has IPv6 address 2a02:7b40:c3b5:f294::1
这也意味着您无法为单个静态 IP(甚至不是一堆,因为它们会定期更改)连接到 定义防火墙规则keys.gnupg.net
。
有一些关键服务器是知名实体运营的,服务比较稳定,例如:
pgp.mit.edu
keyserver.ubuntu.com
pgp.surfnet.nl
pgp.uni-mainz.de
如果由于必要的防火墙限制而要求您选择单个 IP,您可能会选择其中之一(当然,它们仍然可能会离线或不时更改 IP)。