Confused about gpg files

Folks, I’m trying to rationalise the openpgp keys on a new install. To that end I’ve created in T’bird, exported to gpg added an address/ id and then re-imported to T’bird. So, far so good.

Then, I’ve tried to confirm that gpg is using hkps:// as the default, as described here: Gnupg2 changes from upstream and this where I’ve run into confusion. As a quick check I looked in seahorse and discovered ldap:// set as default - it won’t accept hkps:// and responds ‘Not a valid Key Server address’… Hmm, so I looked for ~/.gnupg/gpg.conf - as per man gpg - and, it doesn’t exist… And, I’ve looked for ~/.gnupg/dirmngr.conf as described here: Gnupg2 changes from upstream but, it doesn’t exist either. Then I thought I just run grep -r "ldap://" to find the relevant file - but, nothing is returned… Ditto if I run that on /etc.

I wonder if someone could tell me where I’m going wrong configuring gnupg?

$ uname -a
Linux jenny-hppavilionnotebook 5.10.0-8-amd64 #1 SMP Debian 5.10.46-2 (2021-07-20) x86_64 GNU/Linux

$ gpg --version
gpg (GnuPG) 2.2.27
libgcrypt 1.8.8
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/xyz/.gnupg
Supported algorithms:
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

7.7 GiB
Intel® Core™ i3-5157U CPU @ 2.50GHz × 4
Mesa Intel® Iris® Graphics 6100 (BDW GT3)
500.1 GB

what version of Thunderbird is used here? Is it later than 68?
Thunderbird later than 68 f***ed up the whole thing about seahorse and gnupg etc.

I am not yet familiar with PureOS (wait for my Phone). So I don’t know what you see.

The rest sounds familiar …

My recommendation:

  • can you first make sure the whole gpg gnupg stuff on the CLI works?
    What I mean is here: man gpg
  • does seahorse know your key? Other keys?
    Most key servers are dysfunctional nowadays.
    On the other hand you’ll experience huge trouble seeing your own kee from your machine (in my personal experience). Better ssh to a different machine to find out, if a key server knows the key you think should be there.
  • does Thunderbird <68 show the key?

T’bird >68 leaves everything behind I knew to be standard. With t’b >68 I expect a kind of McDonalds-PGP (is my personal view).

Didn’t help much, right?

Not sure about the ‘whole stuff’, but I imported, added an id and exported (see original post). It seemed to work as expected.

Yes, there’s only one key at the moment and it reflects what went in and out of gpg.

The issue is changing the keyserver - in either seahorse of gpg.

Don’t know. I waited until this was resolved before upgrading my Debian install of T’bird. This is a fresh install for a friend and can’t see any need to install old software for her.

I have had difficulty getting remote keys using GUIs for some reason, no matter what server I try. I am more familiar with Kleopatra, so I use it, but I have tried Seahorse too. (My version,, will not take hkps, at least in the Preferences GUI.)

I think the previous suggestion was to try the CLI. Do something like:

gpg --keyserver hkps:// --list-keys Adele

You should see something like:

pub dsa1024 2002-03-06 [SCA]
**** DD878C06E8C2BEDDD4A440D3E573346992AB3FF7****
uid [ unknown] Adele (The friendly OpenPGP email robot)
uid [ unknown] Adele (Der freundliche E-Mail-Roboter)
sub elg1024 2002-03-06 [E]

That will tell you if you can at least get to the suggested server ok.

As for Thunderbird, I agree with @lithosphere9 that Mozilla completely screwed it up with the integration and dispensing with Enigmail. I was not happy, and I pretty much do not use the encryption implementation anymore. After version 68, it keeps its own list of keys, etc., it does not integrate with anything else that I can tell, and it is more difficult to use. (If you read through this forum, you’ll see a suggestion that the Master Password for that keystore is not really secured. I confirmed this elsewhere, but it may have been fixed by now.)

EDIT: I was able to use hkps:// with Kleopatra (Settings->Configure Kleopatra->OpenPGP Keyserver) and get an OpenVPN key back using F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7. Maybe try that instead of Seahorse, especially if you are using amber like I am.

@Wayne 's answer is far better than mine and brings it to the point.
When the CLI steps work you have a very good chance seahorse and GUI follow.
Except Thunderbird >68. Nevertheless this cloaks an issue with the key servers: Man y do not replicate, many do not have the info you look for and some even do not answer. Distinct issues.
Life on CLI is easier if you quickly try helpful commands (try the examples) like:

gpg --help

gpg --search-keys --keyserver
[actually works this way for a few addresses ]

gpg --search-keys --keyserver 8C5BA6990BDB26E19F2A1A801161AE6945719A39
[ one line! ]

gpg --search-keys --keyserver 8C3B E96A F230 9184 DA5C 0DAE 3B49 DF2A 0608 B895
[ one line! ]

gpg --recv-keys --keyserver 3B49DF2A0608B895

Get it?
OK, you need to try manually
all key servers you find (stupid crap. design and architecture said something completely different, worked until few years ago; broken by stupid ignorant destructive people)

and so on.
The gist of this is: Your issue might have two main reasons: issues about reaching and retrieving because of remote servers and incomplete or wrong config locally.
The first you have to sort out first to get a clear platform to stand on. Then explore the local tools.

As mentioned before: T>68 is bullshit in terms of pgp, incompatible. Not mentioned before: Enigmail and Seahorse and GPG, GPG2, GnuPG sometimes have issues interacting.
And configs are difficult to turn back so better use a test machine for basic learning.

Just a remark based on experience.

I made a mistake in my CLI. The --listkeys option also uses the local store, in which I have Adele from old Thunderbird experiments. Try --search-keys instead and use the fingerprint. Sorry. (@lithosphere9 suggested the correct option.)