SYSTEM INFORMATION
OS type and version
Debian Linux 12
Webmin version
2.621
Usermin version
2.521
Virtualmin version
8.0.1 GPL
Theme version
26.22
Nginx version
1.22.1
Package updates
1 package update is available
users cannot enc emails, the key server is not responding, but from the server console all is ok but not from usermin modul, i have also try to change the key server domain in the modul config, but dit not help#gpg --keyserver https://keys.openpgp.org --search-keys (keyid)
also is there a error with the decryption
I don’t use this but just check usermin it uses a different server
and a search on that server, it seems to be decommissioned.
opened 03:18PM - 02 Mar 23 UTC
closed 12:58AM - 22 Aug 23 UTC
bug
needs-triage
dependency
Deprecation
**Description**
[Any `gpg.` modules](https://github.com/saltstack/salt/blob/mas… ter/salt/modules/gpg.py) that call to a keyserver, unless one is explicitly specified, will fail.
This is because SKS, the keyserver cluster that was commonly in use (and the cluster that the current default keyserver, `pgp.mit.edu`, was a part of), has been completely [obsoleted](https://www.spinics.net/lists/trinity-devel/msg01400.html) and [decommissioned](https://www.reddit.com/r/GnuPG/comments/o5tb6a/keyservers_are_gone/). Has been for about 2 years now.
Recently, `pgp.mit.edu` finally decommissioned as well (which was for the best; it wasn't receiving new peered keys anyways).
There are two alternatives, however, currently in wide usage:
* https://keys.openpgp.org/
* https://keyserver.ubuntu.com/
OpenPGP's keyserver runs [Hagrid](https://gitlab.com/keys.openpgp.org/hagrid). It offers email validation (and hides email addresses on key UIDs/makes email searching impossible until they are validated, with the option to hide email addresses post-validation but still make searchable. I believe it strips all other UID info e.g. photos).
Ubuntu/Canonical's keyserver runs [Hockeypuck](https://hockeypuck.io/), which essentially is a complete rewrite of SKS.
This said, I recommend using OpenPGP's keyserver as it's the compiled-in default now (from what I recall) and replacing all instances of `pgp.mit.edu` with `keys.openpgp.org`:
* https://github.com/saltstack/salt/blob/master/salt/modules/gpg.py#L219
* https://github.com/saltstack/salt/blob/master/salt/modules/gpg.py#L238
* https://github.com/saltstack/salt/blob/master/salt/modules/gpg.py#L884
* https://github.com/saltstack/salt/blob/master/salt/modules/gpg.py#L914
* https://github.com/saltstack/salt/blob/master/salt/modules/dockermod.py#L1719
* https://github.com/saltstack/salt/blob/master/doc/man/salt.7 (lines 164633, 187294, 187335)
(It may make sense to set the default keyserver as a dundered module-scoped "constant", e.g. `_default_keyserver = 'keys.openpgp.org'` in `salt/modules/gpg.py`.)
would this be the bug?
i have changed to openpgp
Looks hard coded, how did you do that?
usermin - module config - gpg
Still seems like a bug if you need to use cli, would a client know how to do that.
please can you check this @Joe @Jamie i have a few users they will use this option in usermin
Stegan
March 8, 2026, 12:24pm
9
linuxhus1:
8.1.0 Professional
why not raise a ticket? it is more likely to get a direct response
i don’t think many use/trust gpg (in these days of government control).
there is a open ticket, the issue is not only in the gpl version also in the pro version
Stegan
March 9, 2026, 3:10pm
11
but this could be why it is receiving no real attention?
i wonder if it is handled better/different by other client apps (Roundcube, Milersend, GMail, NodeMailer,etc) this afterall is a client-to-client problem
