Using the "preferred keyserver URL" in GnuPG 1.4
David Shaw
dshaw at jabberwocky.com
Mon Dec 20 17:40:01 CET 2004
GnuPG has long had a feature where a missing key would be fetched from
the keyserver upon signature verification (turn this feature on with
the keyserver option "auto-key-retrieve"). However, this did not
handle the case where the key owner preferred one particular keyserver
(say, one that wasn't broken or one that supports subkeys and photo
IDs).
GnuPG 1.4 adds a new "preferred keyserver" feature, that lets you
include a URL with your key and/or with signatures you issue to help
the recipient know where and how to get your key.
To add a URL to your key, follow these steps:
1) gpg --edit-key (yourkey)
2) keyserver (yoururl)
3) save
The preferred keyserver URL lives on the user ID self-signature (along
with the other preferences), so if you want to get fancy, you can even
have a different preferred keyserver URL on each user ID. Just select
the user ID you want the preferred keyserver URL on before entering
"keyserver".
Once you have done this on your key, any user who uses
"--refresh-keys" on your key will automatically get your key from the
URL you have chosen. The keyserver option "honor-keyserver-url" turns
this features on, and "no-honor-keyserver-url" turns it off. It is on
by default.
To add a URL to your signatures, just stick this in your gpg.conf:
sig-keyserver-url (yoururl)
Once you have done this, any user who verifies your signature but does
not have your key can automatically fetch it if they have the both the
keyserver options "honor-keyserver-url" and "auto-key-retrieve" set.
Note that honor-keyserver-url is on by default, but auto-key-retrieve
is not.
The URLs can be:
hkp for HKP servers
for example: hkp://subkeys.pgp.net
ldap for LDAP servers
for example: ldap://keyserver.pgp.com
http for a file on the web
for example: http://www.jabberwocky.com/key.asc
finger for a finger plan:
for example: finger:wk at g10code.com
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 250 bytes
Desc: not available
Url : /pipermail/attachments/20041220/d277c21a/attachment.bin
More information about the Gnupg-users
mailing list