Launchpad could not import my OpenPGP key
I'm unable to import my key to Launchpad. I enter its fingerprint, click "Import Key", and get the error message ("Launchpad could not import your OpenPGP key. Did you enter your complete fingerprint correctly? [etc]").
My key is on the ubuntu keyserver:
http://
I've tried the fingerprint with no spaces (0C0D10D5FC73D1
Several other people have had this problem due to the ubuntu->launchpad synchronization being slow, so I waited a couple of days, but Launchpad still won't import it.
Related items:
Faq 79: https:/
Similar unresolved question: https:/
Similar answered question: https:/
Bug describing this problem, but marked 'invalid': https:/
Question information
- Language:
- English Edit question
- Status:
- Answered
- Assignee:
- Canonical Launchpad Engineering Edit question
- Last query:
- 2012-03-21
- Last reply:
- 2012-03-21
- Whiteboard:
- 2011-09-28 thedac: Assigning back to Canonical Launchpad Engineering. LOSAs need more guidance on this issue. Where does the "internal" keyserver live. What mechanism syncs? etc.
| Max Bowsher (maxb) said : | #1 |
LOSAs, please could you look into whether there is a problem with the sync from keyserver.
Also note that this key is a version 3 PGP key (i.e. very old, PGP 2.6.x compatible), and so its key-id is *not* the suffix of the fingerprint as for v4 keys.
| Brad Crittenden (bac) said : | #3 |
Hi,
As mentioned towards the end of the report for https:/
I will ask the admins to take a look at the keyservers.
| Wim Lewis (wiml) said : | #4 |
Ah, my reading of 514704 was that there was a single (hidden) Launchpad keyserver which would occasionally stop synchronizing with Ubuntu's. (nslookup only returns one ip address for keyserver.
| Brad Crittenden (bac) said : | #5 |
First, let me say the admins have bounced the keyservers at keyserver.
Wim, you are correct in what you report from looking at the code that there is an internal keyserver that we maintain in our data center to eliminate the need to hit the public server all of the time.
In the code used for importing GPG keys that internal server is not in play. If you look at the code for browser/person.py you'll see:
def keyserver_
assert self.fingerprint
return getUtility(
If you trace that back to gpghandler.py you'll see the parameter public=True causes the request to go directly to the public key server not the internal one.
In the past when we've seen import problems (such as described in bug 514704) it was shown to be the public keyservers not synchronizing.
Also, the fact you only see one IP address for the keyserver is not an indication that there is only one true instance. The Wikipedia article on load balancing is quite good.
| Wim Lewis (wiml) said : | #6 |
My key is still on the Ubuntu keyserver as far as I can tell (it's visible at http://
| Brad Crittenden (bac) said : | #7 |
Hi Wim,
Thanks for reporting that you are still having problems. I'm sorry that the actions we took a while back didn't solve your issue.
Further investigation shows that the key you are trying to import is a v3 key, which we do not support. Here is the query Launchpad uses to retrieve your key:
http://
If you open that URL you'll see the error response generated by the key server.
The issue was raised a long time ago (but I was unaware of it) as bug 4746.
In that discussion you'll see that we have made the decision not to support v3 keys as they are not as secure.
I am going to convert this question into a bug, though, as the error message you received was misleading.
Can you help with this problem?
Provide an answer of your own, or ask Wim Lewis for more information if necessary.
