workaround large key upload issue
Reported by steve | March 29th, 2019 @ 02:51 PM | in 2.2.17 (closed)
Reproduce
Upload public team key to sks hkps cluster. Current key size 1,2MB.
Currently
Upload fails with unspecific error message. Problem is, that gpg
does not give a precise error message for this case. Talked to
werner and aheinecke and a fix for that is already commited to gpg:
https://dev.gnupg.org/rG21b674097442a54ae889a90d708639b257ba43db
dirmngr: Better for error code for http status 413.
* dirmngr/ks-engine-hkp.c (send_request): New case for 413.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
Expected
Once that is in place, we should workaround the upload limit. gpg devs are not looking to fix stuff around key servers as autocrpyt or wkd will be the way to go. If a workaround is possible without too much effort, we probably should implement it.
aheinecke suggested the following:
aheinecke@esus ~> export GNUPGHOME=$(mktemp -d)
aheinecke@esus ~> gpg --import-filter drop-sig='sig_created_d < 2018-01-01' --import /tmp/gpgtools.gpg
gpg: keybox '/tmp/tmp.mAda9VfVfK/pubring.kbx' created
gpg: key 76D78F0500D026C4: 1862 signatures not checked due to missing keys
gpg: /tmp/tmp.mAda9VfVfK/trustdb.gpg: trustdb created
gpg: key 76D78F0500D026C4: public key "GPGTools Team <team@gpgtools.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
aheinecke@esus ~> gpg --list-sigs 76D78F0500D026C4 | wc -l
212
aheinecke@esus ~> gpg --send-key 76D78F0500D026C4
aheinecke@esus ~> gpg --import-filter drop-sig='sig_created_d 2018-01-01' --import /tmp/gpgtools.gpg
aheinecke@esus ~> export GNUPGHOME=$(mktemp -d)
aheinecke@esus ~> gpg --import-filter drop-sig='sig_created_d >= 2018-01-01' --import /tmp/gpgtools.gpg
gpg: key 76D78F0500D026C4: 1862 signatures not checked due to missing keys
gpg: /tmp/tmp.CfEzV1X7pE/trustdb.gpg: trustdb created
gpg: key 76D78F0500D026C4: public key "GPGTools Team <team@gpgtools.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
aheinecke@esus ~> gpg --list-sigs 76D78F0500D026C4 | wc -l
730
aheinecke@esus ~> gpg --send-key 76D78F0500D026C4
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: sending key 76D78F0500D026C4 to hkps://hkps.pool.sks-keyservers.net
aheinecke@esus ~>
Comments and changes to this ticket
-
-
steve July 3rd, 2019 @ 08:28 PM
- State changed from “new” to “invalid”
- Milestone set to “2.2.17”
Invalid after switching to keys.openpgp.org
key_upload_problem.png
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
Luke Le
steve
Attachments
-
key_upload_problem.png
66.3 KB