Preferred keyservers part II

David Shaw dshaw at
Tue Jun 1 02:43:49 CEST 2004

On Sun, May 30, 2004 at 09:38:02PM -0400, David Shaw wrote:
> So now that 1.3.6 is out and people are playing with it, here's some
> info on preferred keyservers.  There are actually two uses for
> preferred keyservers, but I'll cover the second use in a later mail.

Here's part II.  The first mail covered how to put a preferred
keyserver on your key.  Since this is located on the key, it doesn't
help anyone get the key for the first time (it's a chicken-and-the-egg

You're probably all familiar with the auto-key-retrieve feature which
automatically fetches the appropriate key when GnuPG verifies a
signature from a key it does not currently have in the keyring.  This
is similar, except that the person making the signature gets to say
where to get the key from.

Way back in 1.3.3, the option --sig-preferred-keyserver was added.
This is an alternative to the common "x-pgp" mail headers that people
use to indicate where their key is.  It allows you to specify a URL to
your key which is then embedded in any signature you make.  If the
person verifying the signature does not have your key, a message pops
up telling them the URL so they can go get the key.  As of 1.3.6,
retrieval of the key can happen automatically.  In 1.2.x, the message

To use it, just set the keyserver-option "auto-key-retrieve" and
"honor-keyserver-url".  Note that honor-keyserver-url is on by default
in 1.3.6.

To add keyservers to your own signatures, use "sig-keyserver-url".
The keyserver URL can point to a keyserver:

 sig-keyserver-url hkp://
 sig-keyserver-url ldap://

or it can be a HTTP URL (this is what I use):


You can even point to CGIs on places like Biglumber:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 250 bytes
Desc: not available
Url : /pipermail/attachments/20040531/119a74d4/attachment-0001.bin

More information about the Gnupg-devel mailing list