[Gpg4win-users-en] HKPS key servers? and other configuration questions...

Juan Miguel Navarro Martínez juanmi.3000 at gmail.com
Mon Sep 21 04:05:48 CEST 2015


> In the hkps configuration instructions at
> https://sks-keyservers.net/overview-of-pools.php these are the example
> gpg.conf options:
> 
> keyserver hkps://hkps.pool.sks-keyservers.net
> keyserver-options ca-cert-file=/path/to/CA/sks-keyservers.netCA.pem
> 
> On the Windows platform, how should a path like
> "C:\Misc\Certs\gnupg\sks-keyservers.netCA.pem" be properly formatted?
> Forward slashes and the colon replaced by something else?
> 

As I have it

keyserver-options
ca-cert-file=C:\Users\[User]\AppData\Roaming\gnupg\sks-keyservers.netCA.pem

> On the same sks-keyservers.net page, there is also achange to be made to
> dirmngr.conf:
> 
> hkp-cacert /path/to/CA/sks-keyservers.netCA.pem
> 
> Is that something necessary as well?

Only if you use GnuPG 2.1.x (no what Gpg4Win provides), but anyways HKPS
is not supported on GnuPG from GnuPG 2.1.x oficial windows binaries. Not
sure if it's possible to compile it with HKPS. I heard it needs to be
compiled against GnuTLS but I heard they moved to another tool or
mechanism for that.

> 
> Finally, which recommended high security gpg.conf options for the
> command line use of gpg2.exe on the OpenPGP Best Practices page at
> https://help.riseup.net/en/security/message-security/openpgp/best-practices
> and
> https://raw.githubusercontent.com/ioerror/duraconf/master/configs/gnupg/gpg.conf
> will *interfere* with Kleopatra functioning correctly? Or
> superfluous/unnecessary in the gpg4win default installation? I'm
> thinking of only those options which are maybe justifiable to tighten
> security defaults in a non-extreme/non-tinfoil manner:
> 

It shouldn't interfere with Kleopatra in any way, as for the options,
some say part of the options are a bit redundant or may be incompatible
with other clients (I guess PGP ones?), but I think they should be okay.
I think the redundant ones are:

list-options show-uid-validity
verify-options show-uid-validity

-- 
Juan Miguel Navarro Martínez

GPG Keyfingerprint:
5A91 90D4 CF27 9D52 D62A
BC58 88E2 947F 9BC6 B3CF

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20150921/0767222f/attachment.sig>


More information about the Gpg4win-users-en mailing list