[Gpg4win-users-en] How do I prevent dirmngr.exe from starting up and running in the background?

Andre Heinecke aheinecke at intevation.de
Thu Sep 4 11:16:40 CEST 2014


On Thursday, September 04, 2014 12:30:42 AM Chris Marlow wrote:
> Hi,
> The current stable version, gpg4win-2.2.1, exhibits a rather unsettling
> behavior when installed on a Microsoft Windows OS.

Every installation of gnupg2 does this, not Windows specific. Under Linux 
dirmngr also runs as a service with its own user account. Dirmngr is necessary 
to handle certificate revocation lists of S/MIME certificates and handles the 
trust in the root certificates.

> After installation even when gpg4win is not launched, dirmngr.exe is running
> in the background, consuming some system resources.

Yes it is launched as a system service. You can disable this like any other 
service in system settings / management / services. If you do not use S/MIME 
or disable CRL checks this might not affect functionality.

> It might even be sending data back to servers controlled by the NSA, GCHQ,
> KGB or German  BND.

Dirmngr will of course not send anything unrelated, but it will request CRL's 
from your trusted root CA's. This is traffic that can be monitored.

> Could the developers prevent dirmngr.exe from ever running in the background
> when gpg4win is not launched by the user?

Afaik dirmngr is launched as a service and not on demand as it controls the 
certificate trust decisions regarding S/MIME, a job traditionally controlled by 
the System Administrator and not the user.

I also think that it probably is run in the background so that it can fetch 
CRL's in the background so that you don't have to wait until a 5mb CRL is 
fetched when you want to sign a mail. But I'm not sure about this as I have 
faced some delays while waiting for CRL checks.

Best regards,

Andre Heinecke |  ++49-541-335083-262  |  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20140904/2674dd9b/attachment.sig>

More information about the Gpg4win-users-en mailing list