Preferred keyservers part II
dshaw at jabberwocky.com
Tue Jun 1 02:43:49 CEST 2004
On Sun, May 30, 2004 at 09:38:02PM -0400, David Shaw wrote:
> So now that 1.3.6 is out and people are playing with it, here's some
> info on preferred keyservers. There are actually two uses for
> preferred keyservers, but I'll cover the second use in a later mail.
Here's part II. The first mail covered how to put a preferred
keyserver on your key. Since this is located on the key, it doesn't
help anyone get the key for the first time (it's a chicken-and-the-egg
You're probably all familiar with the auto-key-retrieve feature which
automatically fetches the appropriate key when GnuPG verifies a
signature from a key it does not currently have in the keyring. This
is similar, except that the person making the signature gets to say
where to get the key from.
Way back in 1.3.3, the option --sig-preferred-keyserver was added.
This is an alternative to the common "x-pgp" mail headers that people
use to indicate where their key is. It allows you to specify a URL to
your key which is then embedded in any signature you make. If the
person verifying the signature does not have your key, a message pops
up telling them the URL so they can go get the key. As of 1.3.6,
retrieval of the key can happen automatically. In 1.2.x, the message
To use it, just set the keyserver-option "auto-key-retrieve" and
"honor-keyserver-url". Note that honor-keyserver-url is on by default
To add keyservers to your own signatures, use "sig-keyserver-url".
The keyserver URL can point to a keyserver:
or it can be a HTTP URL (this is what I use):
You can even point to CGIs on places like Biglumber:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 250 bytes
Desc: not available
Url : /pipermail/attachments/20040531/119a74d4/attachment-0001.bin
More information about the Gnupg-devel