#726 new
steve

workaround large key upload issue

Reported by steve | March 29th, 2019 @ 02:51 PM

Reproduce

Upload public team key to sks hkps cluster. Current key size 1,2MB.

Currently

Upload fails with unspecific error message. Problem is, that gpg does not give a precise error message for this case. Talked to werner and aheinecke and a fix for that is already commited to gpg: https://dev.gnupg.org/rG21b674097442a54ae889a90d708639b257ba43db
dirmngr: Better for error code for http status 413.

* dirmngr/ks-engine-hkp.c (send_request): New case for 413.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.

Expected

Once that is in place, we should workaround the upload limit. gpg devs are not looking to fix stuff around key servers as autocrpyt or wkd will be the way to go. If a workaround is possible without too much effort, we probably should implement it.

aheinecke suggested the following:

aheinecke@esus ~> export GNUPGHOME=$(mktemp -d)
aheinecke@esus ~> gpg --import-filter drop-sig='sig_created_d < 2018-01-01' --import /tmp/gpgtools.gpg            
gpg: keybox '/tmp/tmp.mAda9VfVfK/pubring.kbx' created
gpg: key 76D78F0500D026C4: 1862 signatures not checked due to missing keys
gpg: /tmp/tmp.mAda9VfVfK/trustdb.gpg: trustdb created
gpg: key 76D78F0500D026C4: public key "GPGTools Team <team@gpgtools.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: no ultimately trusted keys found
aheinecke@esus ~> gpg --list-sigs 76D78F0500D026C4 | wc -l
212
aheinecke@esus ~> gpg --send-key 76D78F0500D026C4                                                     
aheinecke@esus ~> gpg --import-filter drop-sig='sig_created_d  2018-01-01' --import /tmp/gpgtools.gpg 
aheinecke@esus ~> export GNUPGHOME=$(mktemp -d)
aheinecke@esus ~> gpg --import-filter drop-sig='sig_created_d >= 2018-01-01' --import /tmp/gpgtools.gpg
gpg: key 76D78F0500D026C4: 1862 signatures not checked due to missing keys
gpg: /tmp/tmp.CfEzV1X7pE/trustdb.gpg: trustdb created
gpg: key 76D78F0500D026C4: public key "GPGTools Team <team@gpgtools.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: no ultimately trusted keys found
aheinecke@esus ~> gpg --list-sigs 76D78F0500D026C4 | wc -l                                             
730
aheinecke@esus ~> gpg --send-key 76D78F0500D026C4                                                      
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: sending key 76D78F0500D026C4 to hkps://hkps.pool.sks-keyservers.net
aheinecke@esus ~>

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Shared Ticket Bins

People watching this ticket

Pages