Forum: help-en

Monitor Forum | Start New Thread Start New Thread
RE: gpg4win 2.3.3 and mailvelope key server [ Reply ]
By: Jochen Saalfeld on 2017-09-19 11:11
[forum:5145]
Hey Jan,

There won't be a 2.3.4. But the Release 3.0.0 will hit in the next few days and the fix will be in there.

Best wishes,
Jochen

RE: gpg4win 2.3.3 and mailvelope key server [ Reply ]
By: Jan Schmidt on 2017-09-19 11:09
[forum:5144]
Hi,

I saw that a fixed is already committed. Thanks at this place for the great work!

As I'm unfimiliar with the gpg4win release cycle... Will this change make it into the 3.0.0 release or will there be maybe even a 2.3.4 update?

Best regards and thanks again for this fast response and help!
Jan

RE: gpg4win 2.3.3 and mailvelope key server [ Reply ]
By: Jan Schmidt on 2017-09-18 13:21
[forum:5143]
Thanks a lot. I'll have a look at the problem report from time to time to check the progress and for a possible solution :)

Best,
Jan

RE: gpg4win 2.3.3 and mailvelope key server [ Reply ]
By: Bernhard Reiter on 2017-09-18 12:17
[forum:5142]
Hi,
thanks for the more verbose debug output,
this seems to be a problem with the used TLS library.

The message comes from the following code:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=ntbtls.git;a=blob;f=src/protocol.c;h=658cdbd02000c921519e03115df7a6ccc50c0889;hb=HEAD#l1707

As ntbtls is a TLS 1.2 library I guess it will be something else that is wrong.
I've created the following problem report: https://dev.gnupg.org/T3411

Best,
Bernhard

RE: gpg4win 2.3.3 and mailvelope key server [ Reply ]
By: Jan Schmidt on 2017-09-18 11:16
[forum:5141]
Me again. I managed to increase the gnutls debug level:

----------------------------------------
dirmngr
dirmngr[1888]: NOTE: this is a development version!
dirmngr[1888]: enabled debug flags: x509 crypto memory cache memstat hashing ipc dns network lookup extprog
dirmngr[1888]: Fehler beim Öffnen von `C:\Users\Jan\AppData\Roaming\gnupg\dirmngr_ldapservers.conf': No such file or directory
dirmngr[1888]: DBG: number of certs loaded from store 'ROOT': 56
dirmngr[1888]: DBG: Zertifikat `CA' ist bereits im Zwischenspeicher
dirmngr[1888]: DBG: number of certs loaded from store 'CA': 32
dirmngr[1888]: Zertifikat `D:\SwissSign_Silver_CA_-_G2.pem' ist bereits im Zwischenspeicher
dirmngr[1888]: dauerhaft geladene Zertifikate: 89
dirmngr[1888]: zwischengespeicherte Zertifikate: 0
dirmngr[1888]: vertrauenswürdige Zertifikate: 89 (88,0,0,1)
dirmngr[1888]: DBG: chan_0x00000274 -> # Home: C:\Users\Jan\AppData\Roaming\gnupg
# Home: C:\Users\Jan\AppData\Roaming\gnupg
dirmngr[1888]: DBG: chan_0x00000274 -> # Config: C:\Users\Jan\AppData\Roaming\gnupg\dirmngr.conf
# Config: C:\Users\Jan\AppData\Roaming\gnupg\dirmngr.conf
dirmngr[1888]: DBG: chan_0x00000274 -> OK Dirmngr 2.2.1-beta9 at your service
OK Dirmngr 2.2.1-beta9 at your service
KEYSERVER --clear hkps://pgp.mailbox.org
dirmngr[1888]: DBG: chan_0x00000274 <- KEYSERVER --clear hkps://pgp.mailbox.org
dirmngr[1888]: DBG: chan_0x00000274 -> OK
OK
KS_SEARCH -- support@mailbox.org
dirmngr[1888]: DBG: chan_0x00000274 <- KS_SEARCH -- support@mailbox.org
dirmngr[1888]: DBG: dns: dnsserver[0] '134.34.3.2'
dirmngr[1888]: DBG: dns: dnsserver[1] '134.34.3.3'
dirmngr[1888]: DBG: dns: libdns initialized
dirmngr[1888]: DBG: dns: getsrv(_pgpkey-https._tcp.pgp.mailbox.org) -> 0 records
dirmngr[1888]: DBG: dns: resolve_dns_name(pgp.mailbox.org): Erfolg
dirmngr[1888]: resolve_dns_addr for 'pgp.mailbox.org': 'pgp.mailbox.org' [already known]
dirmngr[1888]: DBG: http.c:connect_server: trying name='pgp.mailbox.org' port=443
dirmngr[1888]: DBG: dns: resolve_dns_name(pgp.mailbox.org): Erfolg
dirmngr[1888]: DBG: http.c:1819:socket_new: object 0x03018fb8 for fd 908 created
dirmngr[1888]: DBG: ntbtls(2): handshake
dirmngr[1888]: DBG: ntbtls(2): client state: 0 (hello_request)
dirmngr[1888]: DBG: ntbtls(3): flush output
dirmngr[1888]: DBG: ntbtls(2): client state: 1 (client_hello)
dirmngr[1888]: DBG: ntbtls(3): flush output
dirmngr[1888]: DBG: ntbtls(2): write client_hello
dirmngr[1888]: DBG: ntbtls(3): client_hello, max version: [3:3]
dirmngr[1888]: DBG: ntbtls(3): client_hello, current time: 1505733222
dirmngr[1888]: DBG: client_hello, random bytes: 59bfaa6669d0d44a6df21fd0d5355d668c95f70a2ecf2387c9bdfe4380c08cea
dirmngr[1888]: DBG: ntbtls(3): client_hello, session id len.: 0
dirmngr[1888]: DBG: client_hello, session id:
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49192 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 107 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49172 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 57 TLS-DHE-RSA-WITH-AES-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49271 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 196 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 136 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49191 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 103 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49171 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 51 TLS-DHE-RSA-WITH-AES-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49270 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 190 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 69 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49170 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 22 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49208 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 179 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49206 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 145 TLS-DHE-PSK-WITH-AES-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49307 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49303 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49207 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 178 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49205 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 144 TLS-DHE-PSK-WITH-AES-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49302 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49306 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49204 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 143 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 61 TLS-RSA-WITH-AES-256-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 53 TLS-RSA-WITH-AES-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 192 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 132 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 60 TLS-RSA-WITH-AES-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 47 TLS-RSA-WITH-AES-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 186 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 65 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 10 TLS-RSA-WITH-3DES-EDE-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 183 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 149 TLS-RSA-PSK-WITH-AES-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49305 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 182 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 148 TLS-RSA-PSK-WITH-AES-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49304 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 147 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 175 TLS-PSK-WITH-AES-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 141 TLS-PSK-WITH-AES-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49301 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 174 TLS-PSK-WITH-AES-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 140 TLS-PSK-WITH-AES-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49300 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 139 TLS-PSK-WITH-3DES-EDE-CBC-SHA
dirmngr[1888]: DBG: ntbtls(3): client_hello, got 54 ciphersuites
dirmngr[1888]: DBG: ntbtls(3): client_hello, compress len.: 2
dirmngr[1888]: DBG: ntbtls(3): client_hello, compress alg.: 1 0
dirmngr[1888]: DBG: ntbtls(3): client_hello, adding server name extension: 'pgp.mailbox.org'
dirmngr[1888]: DBG: ntbtls(3): client_hello, adding signature_algorithms extension
dirmngr[1888]: DBG: ntbtls(3): client hello, adding supported_elliptic_curves extension
dirmngr[1888]: DBG: ntbtls(3): client hello, adding supported_point_formats extension
dirmngr[1888]: DBG: ntbtls(3): client_hello, adding session ticket extension
dirmngr[1888]: DBG: ntbtls(3): client_hello, total extension length: 68
dirmngr[1888]: DBG: ntbtls(3): write record
dirmngr[1888]: DBG: ntbtls(3): output record: msgtype = 22, version = [3:3], msglen = 222
dirmngr[1888]: DBG: output record sent to network: 16030300de010000da030359bfaa6669d0d44a6df21fd0d5355d668c95f70a2e \
dirmngr[1888]: DBG: cf2387c9bdfe4380c08cea00006c00ffc028006bc0140039c07700c40088c027 \
dirmngr[1888]: DBG: 0067c0130033c07600be0045c0120016c03800b3c0360091c09bc097c03700b2 \
dirmngr[1888]: DBG: c0350090c096c09ac034008f003d003500c00084003c002f00ba0041000a00b7 \
dirmngr[1888]: DBG: 0095c09900b60094c098009300af008dc09500ae008cc094008b020100004400 \
dirmngr[1888]: DBG: 000014001200000f7067702e6d61696c626f782e6f7267000d00160014060105 \
dirmngr[1888]: DBG: 0104010301020106030503040303030203000a000400020017000b0002010000 \
dirmngr[1888]: DBG: 230000
dirmngr[1888]: DBG: ntbtls(3): flush output
dirmngr[1888]: DBG: ntbtls(3): message length: 227, out_left: 227
dirmngr[1888]: DBG: ntbtls(3): es_write returned: success
dirmngr[1888]: DBG: ntbtls(2): client state: 2 (server_hello)
dirmngr[1888]: DBG: ntbtls(3): flush output
dirmngr[1888]: DBG: ntbtls(2): read server_hello
dirmngr[1888]: DBG: ntbtls(3): read record
dirmngr[1888]: DBG: ntbtls(3): fetch input
dirmngr[1888]: DBG: ntbtls(3): in_left: 0, nb_want: 5
dirmngr[1888]: DBG: ntbtls(3): es_read returned: success
dirmngr[1888]: DBG: ntbtls(3): input record: msgtype = 21, version = [3:3], msglen = 2
dirmngr[1888]: DBG: ntbtls(3): fetch input
dirmngr[1888]: DBG: ntbtls(3): in_left: 5, nb_want: 7
dirmngr[1888]: DBG: ntbtls(3): es_read returned: success
dirmngr[1888]: DBG: input record from network: 15030300020228
dirmngr[1888]: DBG: ntbtls(2): got an alert message, type: [2:40]
dirmngr[1888]: DBG: ntbtls(1): is a fatal alert message (msg 40)
dirmngr[1888]: DBG: ntbtls(1): read_record returned: Fatale "Alert" Nachricht erhalten <TLS>
dirmngr[1888]: DBG: ntbtls(2): handshake ready
dirmngr[1888]: TLS handshake failed: Fatale "Alert" Nachricht erhalten <TLS>
dirmngr[1888]: Fehler beim Verbinden mit 'https://pgp.mailbox.org:443': Fatale "Alert" Nachricht erhalten
dirmngr[1888]: DBG: ntbtls(2): release
dirmngr[1888]: command 'KS_SEARCH' failed: Fatale "Alert" Nachricht erhalten <TLS>
dirmngr[1888]: DBG: chan_0x00000274 -> ERR 285212905 Fatale "Alert" Nachricht erhalten <TLS>
ERR 285212905 Fatale "Alert" Nachricht erhalten <TLS>

-------------------

Best,
Jan

P.S.: By the way, it is a Windwows 10 Enterprise Version 10.0.15063 Build 15063 64bit machine.

RE: gpg4win 2.3.3 and mailvelope key server [ Reply ]
By: Jan Schmidt on 2017-09-18 11:07
[forum:5140]
Hi Bernhard,

even with "debug-all" there is not a lot more information:

-----------------------------
dirmngr
dirmngr[7864]: NOTE: this is a development version!
dirmngr[7864]: enabled debug flags: x509 crypto memory cache memstat hashing ipc dns network lookup extprog
dirmngr[7864]: Fehler beim Öffnen von `C:\Users\Jan\AppData\Roaming\gnupg\dirmngr_ldapservers.conf': No such file or directory
dirmngr[7864]: DBG: number of certs loaded from store 'ROOT': 56
dirmngr[7864]: DBG: Zertifikat `CA' ist bereits im Zwischenspeicher
dirmngr[7864]: DBG: number of certs loaded from store 'CA': 32
dirmngr[7864]: Zertifikat `D:\SwissSign_Silver_CA_-_G2.pem' ist bereits im Zwischenspeicher
dirmngr[7864]: dauerhaft geladene Zertifikate: 89
dirmngr[7864]: zwischengespeicherte Zertifikate: 0
dirmngr[7864]: vertrauenswürdige Zertifikate: 89 (88,0,0,1)
dirmngr[7864]: DBG: chan_0x00000274 -> # Home: C:\Users\Jan\AppData\Roaming\gnupg
# Home: C:\Users\Jan\AppData\Roaming\gnupg
dirmngr[7864]: DBG: chan_0x00000274 -> # Config: C:\Users\Jan\AppData\Roaming\gnupg\dirmngr.conf
# Config: C:\Users\Jan\AppData\Roaming\gnupg\dirmngr.conf
dirmngr[7864]: DBG: chan_0x00000274 -> OK Dirmngr 2.2.1-beta9 at your service
OK Dirmngr 2.2.1-beta9 at your service
KEYSERVER --clear hkps://pgp.mailbox.org
dirmngr[7864]: DBG: chan_0x00000274 <- KEYSERVER --clear hkps://pgp.mailbox.org
dirmngr[7864]: DBG: chan_0x00000274 -> OK
OK
KS_SEARCH -- support@mailbox.org
dirmngr[7864]: DBG: chan_0x00000274 <- KS_SEARCH -- support@mailbox.org
dirmngr[7864]: DBG: dns: dnsserver[0] '134.34.3.2'
dirmngr[7864]: DBG: dns: dnsserver[1] '134.34.3.3'
dirmngr[7864]: DBG: dns: libdns initialized
dirmngr[7864]: DBG: dns: getsrv(_pgpkey-https._tcp.pgp.mailbox.org) -> 0 records
dirmngr[7864]: DBG: dns: resolve_dns_name(pgp.mailbox.org): Erfolg
dirmngr[7864]: resolve_dns_addr for 'pgp.mailbox.org': 'pgp.mailbox.org' [already known]
dirmngr[7864]: DBG: http.c:connect_server: trying name='pgp.mailbox.org' port=443
dirmngr[7864]: DBG: dns: resolve_dns_name(pgp.mailbox.org): Erfolg
dirmngr[7864]: DBG: http.c:1819:socket_new: object 0x03173228 for fd 844 created
dirmngr[7864]: DBG: ntbtls(1): is a fatal alert message (msg 40)
dirmngr[7864]: DBG: ntbtls(1): read_record returned: Fatale "Alert" Nachricht erhalten <TLS>
dirmngr[7864]: TLS handshake failed: Fatale "Alert" Nachricht erhalten <TLS>
dirmngr[7864]: Fehler beim Verbinden mit 'https://pgp.mailbox.org:443': Fatale "Alert" Nachricht erhalten
dirmngr[7864]: command 'KS_SEARCH' failed: Fatale "Alert" Nachricht erhalten <TLS>
dirmngr[7864]: DBG: chan_0x00000274 -> ERR 285212905 Fatale "Alert" Nachricht erhalten <TLS>
ERR 285212905 Fatale "Alert" Nachricht erhalten <TLS>
-------------------------

Hope that helps.

Best,
Jan

RE: gpg4win 2.3.3 and mailvelope key server [ Reply ]
By: Bernhard Reiter on 2017-09-18 09:56
[forum:5139]
Hi Jan,

please try to enable the debuging options in dirmngr.conf
to see more.

Best Regards,
Bernhard

RE: gpg4win 2.3.3 and mailvelope key server [ Reply ]
By: Jan Schmidt on 2017-09-18 07:04
[forum:5137]
Dear Bernhard,

thanks for that hint. I already tried that and it acutally works for me on ubuntu16.04 also!
But unfortunatly with gpg4win it doesn't.

-----------------------------------------------
dirmngr
dirmngr[13708]: NOTE: this is a development version!
dirmngr[13708]: Fehler beim Öffnen von `C:\Users\Jan\AppData\Roaming\gnupg\dirmngr_ldapservers.conf': No such file or directory
dirmngr[13708]: Zertifikat `D:\SwissSign_Silver_CA_-_G2.pem' ist bereits im Zwischenspeicher
dirmngr[13708]: dauerhaft geladene Zertifikate: 89
dirmngr[13708]: zwischengespeicherte Zertifikate: 0
dirmngr[13708]: vertrauenswürdige Zertifikate: 89 (88,0,0,1)
# Home: C:\Users\Jan\AppData\Roaming\gnupg
# Config: C:\Users\Jan\AppData\Roaming\gnupg\dirmngr.conf
OK Dirmngr 2.2.1-beta9 at your service
KEYSERVER --clear hkps://pgp.mailbox.org
OK
KS_SEARCH -- support@mailbox.org
dirmngr[13708]: resolve_dns_addr for 'pgp.mailbox.org': 'pgp.mailbox.org' [already known]
dirmngr[13708]: DBG: ntbtls(1): is a fatal alert message (msg 40)
dirmngr[13708]: DBG: ntbtls(1): read_record returned: Fatale "Alert" Nachricht erhalten <TLS>
dirmngr[13708]: TLS handshake failed: Fatale "Alert" Nachricht erhalten <TLS>
dirmngr[13708]: Fehler beim Verbinden mit 'https://pgp.mailbox.org:443': Fatale "Alert" Nachricht erhalten
dirmngr[13708]: command 'KS_SEARCH' failed: Fatale "Alert" Nachricht erhalten <TLS>
ERR 285212905 Fatale "Alert" Nachricht erhalten <TLS>
--------------------------------

Do you have any clue what "ntbtls(1): is a fatal alert message (msg 40)" means and how to solve it? It seems the dirmngr.conf is read and the CA-certficate is loaded.

Best regards,
Jan


RE: gpg4win 2.3.3 and mailvelope key server [ Reply ]
By: Bernhard Reiter on 2017-09-15 14:36
[forum:5134]
Dear Jan,

note that with GnuPG 2.2 dirmngr is the component to do the keyserver access.
On a GNU system with a modern gpg your command failed for me also, unless
I make the used root certificate known to dirmngr.

You could add the option 'hkp-cacert /path/to/root.pem'
and 'verbose' and 'gnutls-debug 1' into your dirmngr.conf.
This worked for me in one setting on a Debian system.

Best Regards,
Bernhard


RE: gpg4win 2.3.3 and mailvelope key server [ Reply ]
By: Jan Schmidt on 2017-09-15 13:15
[forum:5132]
Are there any news about gpg4win and TLS 1.2?

I tried to access the mailbox.org pgp server (hkps://pgp.mailbox.org) with gpg4win (2.3.4 and 3.0.0 beta 299) and I always do get an error. It works with GnuPG 1.4.0 on Ubuntu 16.04 and with OpenKeyChain on my Android smartphone.

I'm not 100% sure but it seems it is a problem with TLS1.2. I also tried to add the CA certificate in the gnupg.conf (or dirmngr.conf).

Thanks in advance,
Jan

-----------------------
gpg --debug-all --keyserver=hkps://pgp.mailbox.org --search support@mailbox.org
gpg: Hinweis: Keine voreingestellte Optionendatei 'C:/Users/Jan/AppData/Roaming/gnupg/gpg.conf' vorhanden
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_0x00000224 <- # Home: C:/Users/Jan/AppData/Roaming/gnupg
gpg: DBG: chan_0x00000224 <- # Config: [none]
gpg: DBG: chan_0x00000224 <- OK Dirmngr 2.2.0 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_0x00000224 -> GETINFO version
gpg: DBG: chan_0x00000224 <- D 2.2.0
gpg: DBG: chan_0x00000224 <- OK
gpg: DBG: chan_0x00000224 -> KEYSERVER --clear hkps://pgp.mailbox.org
gpg: DBG: chan_0x00000224 <- OK
gpg: DBG: chan_0x00000224 -> KS_SEARCH -- support@mailbox.org
gpg: DBG: chan_0x00000224 <- ERR 285212905 Fatale "Alert" Nachricht erhalten <TLS>
gpg: error searching keyserver: Fatale "Alert" Nachricht erhalten
gpg: Suche auf dem Schlüsselserver fehlgeschlagen: Fatale "Alert" Nachricht erhalten
gpg: DBG: chan_0x00000224 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x00000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks

RE: gpg4win 2.3.3 and mailvelope key server [ Reply ]
By: Bernhard Reiter on 2016-09-12 10:49
[forum:4671]
Hi D B,

unfortunately, TLS for dirmngr is currently missing in Gpg4win,
see https://bugs.gnupg.org/gnupg/issue1804

Best Regards,
Bernhard

gpg4win 2.3.3 and mailvelope key server [ Reply ]
By: D B on 2016-09-09 09:54
[forum:4667]
Hello,

I want to configure gpg4win 2.3.3 to work with the new mailvelope key server -> https://keys.mailvelope.com/
The key server supports HKPS but there is no option for HKPS in Kleopatra, only HKP. Additionally the key server supports a REST api over HTTPS but I do not know how to configure Kleopatra for this.

Thanks in advance!