我多年来一直使用 gpg 来完成一些最小的事情(pass、yadm 等),我一直注意到的一件事是,当通过门户网站访问时,密钥服务器(mit、ubuntu 等)的响应时间很慢(搜索绝对需要时间)。永远)。
最近yay似乎在导入密钥时遇到了麻烦,No Name人们似乎经常遇到这个错误,解决方案始终是手动导入密钥。过去一周,这种情况在我身上发生过两次,分别是1password和spotify。我尝试研究长期解决方案而不是手动导入快捷方式,一个建议是手动设置密钥服务器,/etc/pacman.d/gnupg/gpg.conf但这并没有解决问题。我跑了pacman-key --refresh-keys,它成功了,但它似乎非常容易出错。这是最后的输出快照:
==> ERROR: Could not update key: B9113D1ED21E1A55
gpg: error retrieving '[email protected]' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving '[email protected]' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving '[email protected]' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 6D1A9E70E19DAA50
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 3A726C6170E80477
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 81AF739EC0711BF1
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: WARNING: unacceptable HTTP redirect from server was cleaned up
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: WARNING: unacceptable HTTP redirect from server was cleaned up
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: CF7037A4F27FB7DA
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 73B8ED52F1D357C1
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: EA6836E1AB441196
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 7FB1A3800C84C0A5
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: WARNING: unacceptable HTTP redirect from server was cleaned up
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: WARNING: unacceptable HTTP redirect from server was cleaned up
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: F9E712E59AF5F22A
gpg: error retrieving '[email protected]' via WKD: Connection refused
gpg: error reading key: Connection refused
gpg: error retrieving '[email protected]' via WKD: No name
gpg: error reading key: No name
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: C8880A6406361833
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: E711306E3C4F88BC
gpg: error retrieving '[email protected]' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: error retrieving '[email protected]' via WKD: General error
gpg: error reading key: General error
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 39E4F17F295AFBF4
gpg: WARNING: unacceptable HTTP redirect from server was cleaned up
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 097D629E437520BD
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 5CED81B7C2E5C0D2
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: error retrieving '[email protected]' via WKD: General error
gpg: error reading key: General error
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 1F0CD4921ECAA030
gpg: key 4DC95B6D7BE9892E: "David Runge (Arch Linux Master Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
pub ed25519 2021-04-26 [SC]
2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E
uid [ full ] David Runge (Arch Linux Master Key) <[email protected]>
sub cv25519 2021-04-26 [E]
gpg: key 25EA6900D9EA5EBC: "George Rawlinson <[email protected]>" 1 new signature
gpg: Total number processed: 1
gpg: new signatures: 1
pub ed25519 2016-11-03 [C]
034D823DA2055BEE6A6BF0BB25EA6900D9EA5EBC
uid [ unknown] George Rawlinson <[email protected]>
uid [ full ] George Rawlinson <[email protected]>
sub ed25519 2016-11-03 [S]
sub ed25519 2016-11-04 [A]
sub cv25519 2016-11-04 [E]
gpg 和密钥服务器总是这样吗?手工进口只是生活的一部分吗?为什么这些密钥服务器如此不稳定?
请注意:Arch wiki 建议以下可能的问题:
- 过时的 archlinux-keyring 软件包。
- 日期不正确。
- 您的 ISP 阻止了用于导入 PGP 密钥的端口。
- 您的 pacman 缓存包含之前尝试的未签名包的副本。
- dirmngr 未正确配置
- 你已经很久没有升级了,gpg/pacman 处理得不太好
但我每天都升级,我的ISP没有阻止任何端口(我可以手动导入),而且我的日期是正确的。我很确定我最近甚至清除了我的 pacman 和 yay 缓存(这似乎是人们实际上建议反对的)。看起来好像是有问题密钥服务器本身的不稳定。
我错了,这是密钥服务器吗?如果不是的话,为什么它们如此参差不齐?如果我错了,我能做些什么来改善我的 pacman/yay 体验,使其更顺畅并消除这些痛点。
答案1
您可能会遇到密钥服务器问题,至少对于某些密钥服务器而言是这样。
WKD 本质上是不可靠,或者至少不可预测:它需要您尝试从中获取密钥的每个域的支持,因此对于来自各种域的任何给定用户 ID(电子邮件地址)集,失败的可能性大于成功的可能性(如您的示例中的情况)。存在拥有大量 OpenPGP 用户的域支持WKD(包括 Debian、Gentoo 和 Linux 内核),并且在这种情况下 WKD 有望发挥作用。
SKS 池已弃用并且不应该使用。看sks-keyservers 消失了。用什么代替?以便可能的替代品。
根据我的经验keys.openpgp.org,这是可靠的,但有限,因为它仅提供已通过该服务确认其密钥的用户的密钥。麻省理工学院的密钥服务器长期以来可用性不稳定。
实际上,对于大多数最终需要 OpenPGP 密钥进行包验证的用户来说,最可靠的密钥服务器是发行版密钥服务器,对于那些维护自己的密钥服务器的发行版(例如Debian 或 Ubuntu)。这些几乎总是可触及且实用的;根据他们的目的,他们可能只有与分发相关的密钥,但总是值得尝试。