Damien Goutte-Gattat dgouttegattat at
Tue Feb 28 00:35:31 CET 2017


On 02/27/2017 04:07 PM, rsvx at wrote:
> I'll use my master key offline. Following this guidelines:
> I also implemented the Appelbaum's config.(Riseup Best Practices) Will
> it work properly if the Master Key isn't on my machine?

It should.

Note, however, that Riseup's Best Practices [1] and proposed 
configuration file [2] are partially obsolete, *especially* if you are 
using GnuPG 2.1. Many of the proposed options and advices are not needed 
anymore, as GnuPG already does The Right Thing.

> And the following faults are coming:
>  gpg: keyserver option 'ca-cert-file' is obsolete; please use
> 'hkp-cacert' in dirmngr.conf

If you're using the pool you no longer need to 
provide GnuPG with the CA certificate file, as it is now bundled with 
GnuPG (>= 2.1.11) and automatically used when needed. (And with GnuPG >= 
2.1.16 you will no longer even need to explicity set the keyserver 
option, as is already the default.)

> gpg: keyserver option 'no-try-dns-srv' is unknown

This option no longer exists, but I *think* that if you really want to, 
you can disable SRV lookups by explicitly specifying a port number when 
setting the keyserver, as in:




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170228/1e2d231a/attachment.sig>

More information about the Gnupg-users mailing list