John A. Wallace jw72253 at
Sat Nov 19 05:09:02 CET 2011

> -----Original Message-----
> From: John A. Wallace [mailto:jw72253 at]
> Sent: Friday, November 18, 2011 9:08 PM
> To: 'gnupg-users at'
> Subject:
> Hello.  In my web browser I am looking at the url of,
> which has the following title on top of its page: SKS OpenPGP
> Keyserver at This site allows me to check or
> submit public keys.  On that page there are some instructions in a
> section called "Access", and it states:
> To use this server directly via HKP add this to your .PGP keyserver
> list:
> 	x-hkp://
> 	For users of GnuPG, add the following to ~/.gnupg/gpg.conf:
> 	keyserver hkp://
> Now when I went to look at the site noted above (i.e.,
>, it appears to be exactly the same as
> the first page, the one with a url of "".  So, is this an
> officialy sanctioned site by gnupg, one which is simply redirected?
> Secondly, regarding the instructions, already in my gpg.conf file I
> have this line: "keyserver hkp://"; so, would there be
> any point in changing it?
> More importantly, in the same instructions it states this:
> 	"This server is also available secured by TLS (via hkps).... You
> can use HKPS by dropping 	the May First/People Link Certificate
> Authority's certificate into ~/.gnupg/mfpl.crt, and 	then adding the
> following lines to ~/.gnupg/gpg.conf:
> 	keyserver hkps://
> 	keyserver-options ca-cert-file=/home/YOURNAME/.gnupg/mfpl.crt"
> Therefore, if this is in fact an officially sanctioned site, I should
> prefer to have this latter option for use as it supports encrypted key
> transfer processes.  I am assuming that there should be only one entry
> for the "keyserver" name option although the online instructions do not
> explicitly state so? Thanks.
> John
In addition, it seems to imply to me from the instructions online at
ions.html, that I could in fact use more than one "keyserver 'name'" option
in my 'gpg.conf' file; and that I could use different options for different
keyservers.  At least that is how I understand these instructions:

" After the keyserver name, optional keyserver configuration options may be
provided. These are the same as the global --keyserver-options from below,
but apply only to this particular keyserver."

Or is this instruction referring only to different options for different
"types" (e.g., hkp, ldap or mailto) of keyservers? I mean, if I am
interpreting it right, I could, theoretically, use these lines in gpg.conf:

keyserver hkp://
keyserver hkps:// ca-cert-file=<path to
keyserver-options verbose



More information about the Gnupg-users mailing list