I was doing a python script with gpg encryption and was debugging why some files not encrypted. During this debugging session I find this:
gpg: error retrieving '[email protected]' via WKD: Network is unreachable
gpg: [email protected]: skipped: Network is unreachable
[GNUPG:]INV_RECP 0 [email protected]
[GNUPG:]FAILURE encrypt 0123456
gpg: [stdin]: encryption failed: No data
So far as I understant its a problem with the pubkey (is invalid) and gpg invokes the dirmngr, which use WKD/WKS to find the missing key from a keyserver.
Well in my company its a security issue when some deamons trying to lookup something like keys to public keyserver. So my question is how can I deactives or limit the dirmngr deamon or perhaps the WKD/WKS?
So fas as saw in the documentation you have to create a ~/.gnupg/dirmngr.conf file and put some parameters in it, like this:
verbose
disable-ldap
disable-http
ignore-ldap-dp
ignore-http-dp
ignore-ocsp-service-url
no-use-tor
max-replies 0
trust-model direct
no-auto-key-locate
no-auto-key-retrieve
But my dirmngr ignores my config and is happily using WKD for some lookups, when he has a pubkey what is invalid. So what can I do to change the behaivor of the dirmngr/WKD? (no I dont want to change the script, because this dirmngr/WKD behaivor could happen on any server, so its an issue with this deamon)
To the system, its Ubuntu 20.04 focal.
