Gpg encryption in usermin

linuxhus1 · March 3, 2026, 5:24pm

SYSTEM INFORMATION
OS type and version	Debian Linux 12
Webmin version	2.621
Usermin version	2.521
Virtualmin version	8.0.1 GPL
Theme version	26.22
Nginx version	1.22.1
Package updates	1 package update is available

users cannot enc emails, the key server is not responding, but from the server console all is ok but not from usermin modul, i have also try to change the key server domain in the modul config, but dit not help
when i try
#gpg --keyserver https://keys.openpgp.org --search-keys (keyid)
then he founds the key

also is there a error with the decryption

stefan1959 · March 3, 2026, 9:58pm

I don’t use this but just check usermin it uses a different server

and a search on that server, it seems to be decommissioned.

github.com/saltstack/salt

[BUG] pgp.mit.edu is no longer active

opened 03:18PM - 02 Mar 23 UTC

closed 12:58AM - 22 Aug 23 UTC

johnnybubonic

bug needs-triage dependency Deprecation

**Description** [Any `gpg.` modules](https://github.com/saltstack/salt/blob/mas…ter/salt/modules/gpg.py) that call to a keyserver, unless one is explicitly specified, will fail. This is because SKS, the keyserver cluster that was commonly in use (and the cluster that the current default keyserver, `pgp.mit.edu`, was a part of), has been completely [obsoleted](https://www.spinics.net/lists/trinity-devel/msg01400.html) and [decommissioned](https://www.reddit.com/r/GnuPG/comments/o5tb6a/keyservers_are_gone/). Has been for about 2 years now. Recently, `pgp.mit.edu` finally decommissioned as well (which was for the best; it wasn't receiving new peered keys anyways). There are two alternatives, however, currently in wide usage: * https://keys.openpgp.org/ * https://keyserver.ubuntu.com/ OpenPGP's keyserver runs [Hagrid](https://gitlab.com/keys.openpgp.org/hagrid). It offers email validation (and hides email addresses on key UIDs/makes email searching impossible until they are validated, with the option to hide email addresses post-validation but still make searchable. I believe it strips all other UID info e.g. photos). Ubuntu/Canonical's keyserver runs [Hockeypuck](https://hockeypuck.io/), which essentially is a complete rewrite of SKS. This said, I recommend using OpenPGP's keyserver as it's the compiled-in default now (from what I recall) and replacing all instances of `pgp.mit.edu` with `keys.openpgp.org`: * https://github.com/saltstack/salt/blob/master/salt/modules/gpg.py#L219 * https://github.com/saltstack/salt/blob/master/salt/modules/gpg.py#L238 * https://github.com/saltstack/salt/blob/master/salt/modules/gpg.py#L884 * https://github.com/saltstack/salt/blob/master/salt/modules/gpg.py#L914 * https://github.com/saltstack/salt/blob/master/salt/modules/dockermod.py#L1719 * https://github.com/saltstack/salt/blob/master/doc/man/salt.7 (lines 164633, 187294, 187335) (It may make sense to set the default keyserver as a dundered module-scoped "constant", e.g. `_default_keyserver = 'keys.openpgp.org'` in `salt/modules/gpg.py`.)

would this be the bug?

linuxhus1 · March 4, 2026, 8:28am

i have changed to openpgp

stefan1959 · March 4, 2026, 9:39am

Looks hard coded, how did you do that?

linuxhus1 · March 4, 2026, 9:44am

usermin - module config - gpg

stefan1959 · March 4, 2026, 9:47am

Still seems like a bug if you need to use cli, would a client know how to do that.

linuxhus1 · March 8, 2026, 9:59am

please can you check this @Joe @Jamie i have a few users they will use this option in usermin

linuxhus1 · March 8, 2026, 11:20am

SYSTEM INFORMATION
OS type and version	Debian Linux 12
Webmin version	2.621
Usermin version	2.521
Virtualmin version	8.1.0 Professional
Theme version	26.22
Nginx version	1.22.1
Package updates	9 package updates are available

Stegan · March 8, 2026, 12:24pm

why not raise a ticket? it is more likely to get a direct response

i don’t think many use/trust gpg (in these days of government control).

linuxhus1 · March 9, 2026, 2:02pm

there is a open ticket, the issue is not only in the gpl version also in the pro version

Stegan · March 9, 2026, 3:10pm

but this could be why it is receiving no real attention?

i wonder if it is handled better/different by other client apps (Roundcube, Milersend, GMail, NodeMailer,etc) this afterall is a client-to-client problem

Ilia · March 20, 2026, 9:22pm

Use hkps://keys.openpgp.org instead in the “Keyserver to send and receive keys from” field in “Configurable options for GnuPG Encryption” page.

The “No keyserver available” error happens when GPG doesn’t recognize the keyserver URL format, and without a protocol prefix like hkps://, newer GPG versions don’t know how to connect.

Lastly, the test command you try should use the --recv-key flag instead of --search-keys:

gpg --keyserver hkps://keys.openpgp.org --recv-key KEY_ID

linuxhus1 · March 21, 2026, 3:32pm

openpgp is not working for me when i try keyserver.ubuntu.com like this
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 0x8916F2A2 then i have 1 result, but when i will send emails using usermin and pgp then i have still the:

gpg: public key decryption failed: Screen or window too small
i have send a enc mail to my own email

linuxhus1 · March 21, 2026, 3:45pm

so i have created a new key using the pgp in usermin, uploaded them to the keyserver.ubuntu.com and send a test mail to myself, then i have the gpg: public key decryption failed: Screen or window too small

Ilia · March 21, 2026, 4:04pm

Why did you suddenly use the hkps://keyserver.ubuntu.com server instead of the one we discussed earlier? Did hkps://keys.openpgp.org work for you?

And what does “not working” actually mean?

What about the following command output—does it work for you?

gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 1719003ACE3E5A41E2DE70DFD97A3AE911F63C51

linuxhus1 · March 21, 2026, 4:51pm

ok this was my fault with the openpgp.com but openpgp.org was correct

gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 1719003ACE3E5A41E2DE70DFD97A3AE911F63C51
gpg: Schlüssel D97A3AE911F63C51: 1 doppelte Signatur entfernt
gpg: Schlüssel D97A3AE911F63C51: “Jamie Cameron jcameron@webmin.com” nicht geändert
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg: unverändert: 1

linuxhus1 · March 21, 2026, 5:55pm

now i have startet over again new email and new keys both publickeys uploadet to keyserver, send test emails and on the server wehn i try to open a email i have
gpg: public key decryption failed: Screen or window too small

but the keys are importet to the user, i can encrypt and send emails with this user but not decrypt emails

Ilia · March 24, 2026, 9:40pm

Why exactly doesn’t the description work for you? Do you see any error messages?

linuxhus1 · March 25, 2026, 8:14am

there is the one message:
gpg: public key decryption failed: Screen or window too small
and the email is not decryptet, i cannot read the messages in the email body

there is also a error when i will sign the email and encrypt

when i will sign a key, itakes very long time, never ends

Ilia · March 25, 2026, 11:00am

To fix the warning about the screen or window being too small, run this command:

sudo sed -i.bak '/^sub decrypt_data$/,/pty_process_exec/ s|\$gpgpath \$pflag --output |\$gpgpath --pinentry-mode loopback \$pflag --output |' /usr/share/usermin/gnupg/gnupg-lib.pl
sudo systemctl restart usermin

Please let me know if it solves the issue for you.