除非重新启动,否则 dirmngr 不会以正确的主目录启动

tag-icon tag-icon arch-linux security gpg
除非重新启动,否则 dirmngr 不会以正确的主目录启动

我尝试遵循以下 gpg 最佳实践指南:https://help.riseup.net/en/security/message-security/openpgp/best-practices

但我在使用 dirmngr 时遇到了麻烦,它处理 gpg 2.1(2.0?)及更高版本的所有传输。基本上,dirmngr 找不到允许我连接到 hkps 密钥服务器的 ssl 证书的位置。我也在使用ArchLinux。

连接到 hkp 服务器工作正常:

# with "keyserver hkp://keys.gnupg.net"
[my-pc]/home/me/.gnupg$ gpg --refresh-keys
  gpg: refreshing 7 keys from hkp://keys.gnupg.net
  gpg: key D7E69871: "asdf asdf <[email protected]>" not changed
  gpg: key 17A4CD9C: "asdf asdf <[email protected]>" not changed
  gpg: key 9741E8AC: "blah alh <[email protected]>" 1 new signature
  gpg: Total number processed: 3
  gpg:              unchanged: 2
  gpg:         new signatures: 1
  gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
  gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
  gpg: next trustdb check due at 2018-03-03

# with "keyserver hkps://hkps.pool.sks-keyservers.net":
[my-pc]/home/me/.gnupg$ gpg --refresh-keys
  gpg: refreshing 7 keys from hkps://hkps.pool.sks-keyservers.net
  gpg: keyserver refresh failed: General error

如图所示,我收到一条奇怪的“常规错误”消息。但 dirmngr 正在运行:

[my-pc]/home/me$ ps aux | grep dirmng
me    17695  0.0  0.0 311016  7240 ?        Ssl  Dec30   0:01 dirmngr --daemon --homedir /home/me/.gnupg
me    27366  0.0  0.0  10732  2376 pts/41   S+   14:35   0:00 grep --color=auto dirmng

一些调试表明我的证书没有被加载:

[my-pc]/home/me$ dirmngr --debug-level guru
  dirmngr[27054.0]: enabled debug flags: x509 crypto memory cache memstat hashing ipc lookup
  dirmngr[27054.0]: permanently loaded certificates: 0
  dirmngr[27054.0]:     runtime cached certificates: 0
  dirmngr[27054.0]: DBG: chan_4 -> # Home: ~/.gnupg
  # Home: ~/.gnupg
  dirmngr[27054.0]: DBG: chan_4 -> # Config: /home/me/.gnupg/dirmngr.conf
  # Config: /home/lucas/.gnupg/dirmngr.conf
  dirmngr[27054.0]: DBG: chan_4 -> OK Dirmngr 2.1.10 at your service
  OK Dirmngr 2.1.10 at your service

阅读此处的文档后:https://www.gnupg.org/%28en%29/documentation/manuals/dirmngr.pdf 它说该--homedir标志仅在命令行上有效,因此我杀死并重新启动了 dirmngr,现在gpg --refresh-keys似乎可以工作:

[my-pc]/home/me$ gpg --refresh-keys
gpg: key 0xD605848ED7E69871: "asdf asdf <[email protected]>" not changed
gpg: key 0x456032D717A4CD9C: "asdf asdf <[email protected]>" not changed
gpg: key 0x7F2D434B9741E8AC: "asdf asdf <[email protected]>" not changed
gpg: Total number processed: 3
gpg:              unchanged: 3

有谁知道这个错误,以及是否有解决办法?

附加信息 这是我的~/.gnupg/dirmngr.conf

keyserver hkps://hkps.pool.sks-keyservers.net
hkp-cacert /home/me/.cert/sks-keyservers.netCA.pem

相关内容