Using the "preferred keyserver URL" in GnuPG 1.4

David Shaw dshaw at
Mon Dec 20 17:40:01 CET 2004

GnuPG has long had a feature where a missing key would be fetched from
the keyserver upon signature verification (turn this feature on with
the keyserver option "auto-key-retrieve").  However, this did not
handle the case where the key owner preferred one particular keyserver
(say, one that wasn't broken or one that supports subkeys and photo

GnuPG 1.4 adds a new "preferred keyserver" feature, that lets you
include a URL with your key and/or with signatures you issue to help
the recipient know where and how to get your key.

To add a URL to your key, follow these steps:

1) gpg --edit-key (yourkey)
2) keyserver (yoururl)
3) save

The preferred keyserver URL lives on the user ID self-signature (along
with the other preferences), so if you want to get fancy, you can even
have a different preferred keyserver URL on each user ID.  Just select
the user ID you want the preferred keyserver URL on before entering

Once you have done this on your key, any user who uses
"--refresh-keys" on your key will automatically get your key from the
URL you have chosen.  The keyserver option "honor-keyserver-url" turns
this features on, and "no-honor-keyserver-url" turns it off.  It is on
by default.

To add a URL to your signatures, just stick this in your gpg.conf:

  sig-keyserver-url (yoururl)

Once you have done this, any user who verifies your signature but does
not have your key can automatically fetch it if they have the both the
keyserver options "honor-keyserver-url" and "auto-key-retrieve" set.
Note that honor-keyserver-url is on by default, but auto-key-retrieve
is not.

The URLs can be:

  hkp for HKP servers
      for example: hkp://
  ldap for LDAP servers
      for example: ldap://
  http for a file on the web
      for example:
  finger for a finger plan:
      for example: finger:wk at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 250 bytes
Desc: not available
Url : /pipermail/attachments/20041220/d277c21a/attachment.bin

More information about the Gnupg-users mailing list