Find the cause of a problem with dirmngr [WIP]

What is dirmngr?

The thing called dirmngr (spoken: dirmanager) is a tool that comes with GnuPG. It is responsible for retrieving keys from keyservers and WKD-servers [1]. Hence it can create log files that can tell us what went wrong when we simply want to get somebody's key.

How to create log files?

1. Create a configuration file

When the dirmngr is starting it looks for a configuration file. When it finds the file it uses it. Otherwise the dirmngr uses default configurations. If we want to get a log file the easiest way is to tell the dirmngr to do so with in a configuration file.

Create a file called dirmngr.conf in the following path:
$HOME/.gnupg/

In this case $HOME is your home directory, e.g. "/home/jane/". Important: Use the file name mentioned above. Else the dirmngr won't find it.

2. Edit the configuration file

2.1 Path for log file

Now we can to tell the dirmngr what options it has to use. Therefore open the configuration file with an editor.
First we can decide where the dirmngr should create the log file. We are doing this by adding this line:
log-file $PATH/$FILENAME

The path and the name of the file are your choice but of course meaningful name helps you later to recognize the file ;-)

A concrete example is:
log-file /home/jane/dirmngr.log

2.2 Debug Level or Debug Flag

The dirmngr can create a log file that is more or less detailed. That depends on what debug level you set in the configuration file. You can set the debug level by adding the following line to the configuration file:
debug-level $LEVEL

In this case $LEVEL is one of the following:

The information that will appear in the log file grows from the top to the bottom. So when you choose basic you get little information about what happens in the dirmngr. When you choose guru you get as much information as possible. If you want to know more about the levels you can look here.

A concrete example is:
debug-level advanced



Internally the dirmngr converts debug levels to debug flags and the latter affect which information is shown in the log file. So you can use these flags alternatively to add more precision. The following flags are available:

For example the debug level advanced causes the dirmngr to enable the debug flags x509, ipc and lookup.
You can set debug flags with the following line in the configuration file:
debug $FLAGS

In this case $FLAGS is a list of the flags mentioned above separated by commas.

A concrete example is:
debug ipc,network

Note: If you enter both debug flags and a debug level the debug level has a higher priority. For example when the configuration file contains the following two lines

debug-level guru
debug ipc,network

the following flags will be enabled: x509 crypto memory cache memstat hashing ipc dns network lookup extprog

3. Restart the dirmngr

If you don't tell the dirmngr to read your edited configuration file it will be lazy and won't read it. To make it read the file and adapt the settings you have to restart it and you do this with the following command:
gpgconf reload dirmngr

Note: If you want to see which flags the dirmngr is using you can kill it first with

"killall dirmngr"

and then start it with

"dirmngr --daemon".

How to solve my problem with the log file?

Look into the log file

After you configurated the dirmngr and restarted it you can read the file (remember: you set the location in 2.1). Maybe this already helps you to find out what causes the problem.

Share your log file in the forums

Maybe the content of the log file doesn't tell you anything because you don't understand this gibberish. Or maybe you are just no "technical person". In any case you can upload your log file in the forums so other people can try to help you.

Please note two things:

[1] https://gnupg.org/documentation/manuals/gnupg/Invoking-DIRMNGR.html

TroubleShooting/DebugWithDirmngr (last edited 2022-06-24 18:27:44 by Christoph Klassen)