Please test :)
David Shaw
dshaw at jabberwocky.com
Fri Aug 14 20:25:16 CEST 2009
On Aug 14, 2009, at 5:46 AM, Jeroen Schot wrote:
> Hi,
>
> On Thu, Aug 13, 2009 at 10:21:46PM -0400, David Shaw wrote:
>> 2) HKPS - in other words regular old HKP over SSL (i.e. https). So
>> far as I
>> know, the only hkps server in existence right now is hkps://
>> zimmermann.mayfirst.org.
>
> I successfully tested HKPS, but encountered a lack of documentation.
> So here a
> short howto specifically for the zimmermann.mayfirst.org keyserver:
>
> Download the 'May First/People Link CA' certificate from
> <https://support.mayfirst.org/wiki/mfpl_certificate_authority> and
> store it in
> ~/.gnupg/ca.crt.
>
> Add the following two lines to your gpg.conf (or add them to the
> commandline):
> keyserver hkps://zimmermann.mayfirst.org
> keyserver-options ca-cert-file ~/.gnupg/ca.crt
>
> Test the keyserver with a '--search-keys' or '--recv-keys'.
>
> Note: The ca-cert-file option is not documented?
You're right. I'll fix that.
There is also a check-cert / no-check-cert option to enable checking
or not. It's actually a bit of a question whether the default should
be to check or not to check (it's currently defaulting to check).
Usually, you'd want to check by default, but in the case of OpenPGP
keys, the keys are not validated by the keyserver anyway.
David
More information about the Gnupg-devel
mailing list