Gnupg OpenPGP Keyserver – Are All OpenPGP Public Key Servers Equal?

gnupgkeyserveropenpgp

An error info occur when to execute apt-get update .

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used.

GPG error: http://download.virtualbox.org jessie InRelease: The following
signatures couldn't be verified because the public key is not available: 
NO_PUBKEY A2F683C52980AECF

I found an answer:

gpg --keyserver  key_server_name  --recv-keys  A2F683C52980AECF
gpg --armor --export A2F683C52980AECF| apt-key add -

There are two pool.sks-keyservers.net and keys.gnupg.net among many public key servers, are they equal?

gpg --keyserver  pool.sks-keyservers.net  --recv-keys  A2F683C52980AECF
gpg --keyserver  keys.gnupg.net  --recv-keys  A2F683C52980AECF

Do the two commands take same effect?

Best Answer

Most OpenPGP key servers are integrated in the SKS key server pool and exchange keys among each other. You can have a look at the pool status pages to get an overview of the contained servers. pool.sks-keysevers.net resolves to a (weighted) random choice of those servers.

Actually, keys.gnupg.net is a simple alias for pool.sks-keyservers.net (technically speaking, a CNAME to this domain):

$ host keys.gnupg.net
keys.gnupg.net is an alias for pool.sks-keyservers.net.
[...]

In the end, it does not matter which server you choose, as long as it is contained in the pool. Using pool.sks-keyservers.net is a safe choice, and keys.gnupg.net is equivalent.

A typical answer of a key server that is not synchronizing is the PGP Global Directory, which also performs a simple ownership verification of the mail addresses contained.

Related Question