gpg keyserver address not available

Question

It's a good practice nowadays to verify a hash sum of downloaded tarballs via gnupg with the help of key servers. One of the most used keyserver in my experience is ha.pool.sks-keyservers.net (reports 5M added keys). Very often I get the following error with this key server gpg: keyserver receive failed: Address not available.

It's super annoying. Is this a problem of just sks-keyservers.net? If so, why people keep using it?

chingis · Accepted Answer

Seems to be a common error, the solution is to use multiple key servers. There's a simple script how you can do it gpg_verify:

#!/usr/bin/env bash

set -e

if [[ -n "${DEBUG}" ]]; then
    set -x
fi

signature="${1}"
file="${2}"
found="";

declare -a keyservers=(
    "ha.pool.sks-keyservers.net"
    "hkp://keyserver.ubuntu.com:80"
    "hkp://p80.pool.sks-keyservers.net:80"
    "pgp.mit.edu"
)

export GNUPGHOME="$(mktemp -d)"

IFS=';' read -ra keys <<< "${GPG_KEYS}"

for key in "${keys[@]}"; do
    for server in "${keyservers[@]}"; do
        echo "Fetching GPG key ${key} from ${server}"
        gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "${key}" && found="yes" && break 2
    done
done

if [[ -z "${found}" ]]; then
    echo >&2 "error: failed to fetch GPG key ${GPG_KEYS}"
    exit 1
fi

gpg --batch --verify "${signature}" "${file}"
rm -rf "${GNUPGHOME}" "${signature}"

Usage:

export GPG_KEYS=[YOUR GPG KEY]
gpg_verify archive.tar.gz.asc archive.tar.gz

gpg keyserver address not available

Answers (1)

Related Questions