[Gpg4win-users-en] HKPS key servers? and other configuration questions...

Insert Real Name insertrealname at yahoo.ca
Sun Sep 20 23:58:07 CEST 2015

I've searched the email list, but haven't found any answers: does the
current gpg4win version 2.2.6 support hkps key servers?

In the hkps configuration instructions at
https://sks-keyservers.net/overview-of-pools.php these are the example
gpg.conf options:

keyserver hkps://hkps.pool.sks-keyservers.net
keyserver-options ca-cert-file=/path/to/CA/sks-keyservers.netCA.pem

On the Windows platform, how should a path like
"C:\Misc\Certs\gnupg\sks-keyservers.netCA.pem" be properly formatted?
Forward slashes and the colon replaced by something else?

On the same sks-keyservers.net page, there is also achange to be made to

hkp-cacert /path/to/CA/sks-keyservers.netCA.pem

Is that something necessary as well?

Finally, which recommended high security gpg.conf options for the
command line use of gpg2.exe on the OpenPGP Best Practices page at
will *interfere* with Kleopatra functioning correctly? Or
superfluous/unnecessary in the gpg4win default installation? I'm
thinking of only those options which are maybe justifiable to tighten
security defaults in a non-extreme/non-tinfoil manner:

keyserver-options no-honor-keyserver-url
keyid-format 0xlong
list-options show-uid-validity
verify-options show-uid-validity
personal-cipher-preferences AES256 AES192 AES CAST5
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES
CAST5 ZLIB BZIP2 ZIP Uncompressed

Any comments?

More information about the Gpg4win-users-en mailing list