1GPGCONF(1) GNU Privacy Guard GPGCONF(1)
2
6 gpgconf - Modify .gnupg home directories
7
9 gpgconf [options] --list-components
10 gpgconf [options] --list-options component
11 gpgconf [options] --change-options component
12
16 The gpgconf is a utility to automatically and reasonable safely query
17 and modify configuration files in the `.gnupg' home directory. It is
18 designed not to be invoked manually by the user, but automatically by
19 graphical user interfaces (GUI). ([Please note that currently no lock‐
20 ing is done, so concurrent access should be avoided. There are some
21 precautions to avoid corruption with concurrent usage, but results may
22 be inconsistent and some changes may get lost. The stateless design
23 makes it difficult to provide more guarantees.])
24 gpgconf provides access to the configuration of one or more components
26 of the GnuPG system. These components correspond more or less to the
27 programs that exist in the GnuPG framework, like GnuPG, GPGSM, DirMngr,
28 etc. But this is not a strict one-to-one relationship. Not all con‐
29 figuration options are available through gpgconf. gpgconf provides a
30 generic and abstract method to access the most important configuration
31 options that can feasibly be controlled via such a mechanism.
32 gpgconf can be used to gather and change the options available in each
34 component, and can also provide their default values. gpgconf will
35 give detailed type information that can be used to restrict the user's
36 input without making an attempt to commit the changes.
37 gpgconf provides the backend of a configuration editor. The configura‐
39 tion editor would usually be a graphical user interface program, that
40 allows to display the current options, their default values, and allows
41 the user to make changes to the options. These changes can then be
42 made active with gpgconf again. Such a program that uses gpgconf in
43 this way will be called GUI throughout this section.
44
48 One of the following commands must be given:
49 --list-components
53 List all components. This is the default command used if none
54 is specified.
55 --check-programs
58 List all available backend programs and test whether they are
59 runnable.
60 --list-options component
63 List all options of the component component.
64 --change-options component
67 Change the options of the component component.
68 --apply-defaults
71 Update all configuration files with values taken from the global
72 configuration file (usually `/etc/gnupg/gpgconf.conf').
73 --list-config [filename]
76 List the global configuration file in a colon separated format.
77 If filename is given, check that file instead.
78 --check-config [filename]
81 Run a syntax check on the global configuration file. If file‐
82 name is given, check that file instead.
83
88 The following options may be used:
89 -v
93 --verbose
95 Outputs additional information while running. Specifically,
96 this extends numerical field values by human-readable descrip‐
97 tions.
98 -r
102 --runtime
104 Only used together with --change-options. If one of the modi‐
105 fied options can be changed in a running daemon process, signal
106 the running daemon to ask it to reparse its configuration file
107 after changing.
108 This means that the changes will take effect at run-time, as far
110 as this is possible. Otherwise, they will take effect at the
111 next start of the respective backend programs.
112
114 The command --list-components will list all components that can be con‐
115 figured with gpgconf. Usually, one component will correspond to one
116 GnuPG-related program and contain the options of that programs configu‐
117 ration file that can be modified using gpgconf. However, this is not
118 necessarily the case. A component might also be a group of selected
119 options from several programs, or contain entirely virtual options that
120 have a special effect rather than changing exactly one option in one
121 configuration file.
122 A component is a set of configuration options that semantically belong
124 together. Furthermore, several changes to a component can be made in
125 an atomic way with a single operation. The GUI could for example pro‐
126 vide a menu with one entry for each component, or a window with one
127 tabulator sheet per component.
128 The command argument --list-components lists all available components,
130 one per line. The format of each line is:
131 name:description:pgmname:
133 name This field contains a name tag of the component. The name tag
136 is used to specify the component in all communication with gpg‐
137 conf. The name tag is to be used verbatim. It is thus not in
138 any escaped format.
139 description
142 The string in this field contains a human-readable description
143 of the component. It can be displayed to the user of the GUI
144 for informational purposes. It is percent-escaped and local‐
145 ized.
146 pgmname
149 The string in this field contains the absolute name of the pro‐
150 gram's file. It can be used to unambiguously invoke that pro‐
151 gram. It is percent-escaped.
152 Example:
154 $ gpgconf --list-components
155 gpg:GPG for OpenPGP:/usr/local/bin/gpg2:
156 gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:
157 scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:
158 gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:
159 dirmngr:Directory Manager:/usr/local/bin/dirmngr:
160 Checking programs
166 The command --check-programs is similar to --list-components but works
169 on backend programs and not on components. It runs each program to
170 test wether it is installed and runnable. This also includes a syntax
171 check of all config file options of the program.
172 The command argument --check-programs lists all available programs, one
174 per line. The format of each line is:
175 name:description:pgmname:avail:okay:cfgfile:line:error:
177 name This field contains a name tag of the program which is identical
180 to the name of the component. The name tag is to be used verba‐
181 tim. It is thus not in any escaped format. This field may be
182 empty to indicate a continuation of error descriptions for the
183 last name. The description and pgmname fields are then also
184 empty.
185 description
188 The string in this field contains a human-readable description
189 of the component. It can be displayed to the user of the GUI
190 for informational purposes. It is percent-escaped and local‐
191 ized.
192 pgmname
195 The string in this field contains the absolute name of the pro‐
196 gram's file. It can be used to unambiguously invoke that pro‐
197 gram. It is percent-escaped.
198 avail The boolean value in this field indicates whether the program is
201 installed and runnable.
202 okay The boolean value in this field indicates whether the program's
205 config file is syntactically okay.
206 cfgfile
209 If an error occured in the configuraion file (as indicated by a
210 false value in the field okay), this field has the name of the
211 failing configuration file. It is percent-escaped.
212 line If an error occured in the configuration file, this field has
215 the line number of the failing statement in the configuration
216 file. It is an unsigned number.
217 error If an error occured in the configuration file, this field has
220 the error text of the failing statement in the configuration
221 file. It is percent-escaped and localized.
222 In the following example the dirmngr is not runnable and the
226 configuration file of scdaemon is not okay.
227 $ gpgconf --check-programs
229 gpg:GPG for OpenPGP:/usr/local/bin/gpg2:1:1:
230 gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:1:1:
231 scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:1:0:
232 gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:1:1:
233 dirmngr:Directory Manager:/usr/local/bin/dirmngr:0:0:
234 Listing options
239 Every component contains one or more options. Options may be gathered
242 into option groups to allow the GUI to give visual hints to the user
243 about which options are related.
244 The command argument lists all options (and the groups they belong to)
246 in the component component, one per line. component must be the string
247 in the field name in the output of the --list-components command.
248 There is one line for each option and each group. First come all
250 options that are not in any group. Then comes a line describing a
251 group. Then come all options that belong into each group. Then comes
252 the next group and so on. There does not need to be any group (and in
253 this case the output will stop after the last non-grouped option).
254 The format of each line is:
256 name:flags:level:description:type:alt-type:argname:default:argdef:value
258 name This field contains a name tag for the group or option. The
261 name tag is used to specify the group or option in all communi‐
262 cation with gpgconf. The name tag is to be used verbatim. It
263 is thus not in any escaped format.
264 flags The flags field contains an unsigned number. Its value is the
267 OR-wise combination of the following flag values:
268 group (1)
271 If this flag is set, this is a line describing a group
272 and not an option.
273 The following flag values are only defined for options (that is, if the
275 group flag is not used).
276 optional arg (2)
279 If this flag is set, the argument is optional. This is
280 never set for type 0 (none) options.
281 list (4)
284 If this flag is set, the option can be given multiple
285 times.
286 runtime (8)
289 If this flag is set, the option can be changed at run‐
290 time.
291 default (16)
294 If this flag is set, a default value is available.
295 default desc (32)
298 If this flag is set, a (runtime) default is available.
299 This and the default flag are mutually exclusive.
300 no arg desc (64)
303 If this flag is set, and the optional arg flag is set,
304 then the option has a special meaning if no argument is
305 given.
306 no change (128)
309 If this flag is set, gpgconf ignores requests to change
310 the value. GUI frontends should grey out this option.
311 Note, that manual changes of the configuration files are
312 still possible.
313 level This field is defined for options and for groups. It contains
316 an unsigned number that specifies the expert level under which
317 this group or option should be displayed. The following expert
318 levels are defined for options (they have analogous meaning for
319 groups):
320 basic (0)
323 This option should always be offered to the user.
324 advanced (1)
327 This option may be offered to advanced users.
328 expert (2)
331 This option should only be offered to expert users.
332 invisible (3)
335 This option should normally never be displayed, not even
336 to expert users.
337 internal (4)
340 This option is for internal use only. Ignore it.
341 The level of a group will always be the lowest level of all options it
343 contains.
344 description
347 This field is defined for options and groups. The string in
348 this field contains a human-readable description of the option
349 or group. It can be displayed to the user of the GUI for infor‐
350 mational purposes. It is percent-escaped and localized.
351 type This field is only defined for options. It contains an unsigned
354 number that specifies the type of the option's argument, if any.
355 The following types are defined:
356 Basic types:
358 none (0)
361 No argument allowed.
362 string (1)
365 An unformatted string.
366 int32 (2)
369 A signed number.
370 uint32 (3)
373 An unsigned number.
374 Complex types:
376 pathname (32)
379 A string that describes the pathname of a file. The file
380 does not necessarily need to exist.
381 ldap server (33)
384 A string that describes an LDAP server in the format:
385 hostname:port:username:password:base_dn
387 More types will be added in the future. Please see the alt-type field
389 for information on how to cope with unknown types.
390 alt-type
393 This field is identical to type, except that only the types 0 to
394 31 are allowed. The GUI is expected to present the user the
395 option in the format specified by type. But if the argument
396 type type is not supported by the GUI, it can still display the
397 option in the more generic basic type alt-type. The GUI must
398 support all the defined basic types to be able to display all
399 options. More basic types may be added in future versions. If
400 the GUI encounters a basic type it doesn't support, it should
401 report an error and abort the operation.
402 argname
405 This field is only defined for options with an argument type
406 type that is not 0. In this case it may contain a percent-
407 escaped and localised string that gives a short name for the
408 argument. The field may also be empty, though, in which case a
409 short name is not known.
410 default
413 This field is defined only for options. Its format is that of
414 an option argument (see: [Format conventions], for details). If
415 the default value is empty, then no default is known. Other‐
416 wise, the value specifies the default value for this option.
417 Note that this field is also meaningful if the option itself
418 does not take a real argument.
419 argdef This field is defined only for options for which the optional
422 arg flag is set. If the no arg desc flag is not set, its format
423 is that of an option argument (see: [Format conventions], for
424 details). If the default value is empty, then no default is
425 known. Otherwise, the value specifies the default value for
426 this option. If the no arg desc flag is set, the field is
427 either empty or contains a description of the effect of this
428 option if no argument is given. Note that this field is also
429 meaningful if the option itself does not take a real argument.
430 value This field is defined only for options. Its format is that of
433 an option argument. If it is empty, then the option is not
434 explicitely set in the current configuration, and the default
435 applies (if any). Otherwise, it contains the current value of
436 the option. Note that this field is also meaningful if the
437 option itself does not take a real argument.
438 Changing options
443 The command to change the options of the component component to the
446 specified values. component must be the string in the field name in
447 the output of the --list-components command. You have to provide the
448 options that shall be changed in the following format on standard
449 input:
450 name:flags:new-value
452 name This is the name of the option to change. name must be the
455 string in the field name in the output of the --list-options
456 command.
457 flags The flags field contains an unsigned number. Its value is the
460 OR-wise combination of the following flag values:
461 default (16)
464 If this flag is set, the option is deleted and the
465 default value is used instead (if applicable).
466 new-value
469 The new value for the option. This field is only defined if the
470 default flag is not set. The format is that of an option argu‐
471 ment. If it is empty (or the field is omitted), the default
472 argument is used (only allowed if the argument is optional for
473 this option). Otherwise, the option will be set to the speci‐
474 fied value.
475 Examples:
477 To set the force option, which is of basic type none (0):
479 $ echo 'force:0:1' | gpgconf --change-options dirmngr
481 To delete the force option:
483 $ echo 'force:16:' | gpgconf --change-options dirmngr
485 The --runtime option can influence when the changes take effect.
487 Listing global options
492 Sometimes it is useful for applications to look at the global options
495 file `gpgconf.conf'. The colon separated listing format is record ori‐
496 ented and uses the first field to identify the record type:
497 k This describes a key record to start the definition of a new
500 ruleset for a user/group. The format of a key record is:
501 k:user:group:
503 user This is the user field of the key. It is percent
506 escaped. See the definition of the gpgconf.conf format
507 for details.
508 group This is the group field of the key. It is percent
511 escaped.
512 r This describes a rule record. All rule records up to the next
515 key record make up a rule set for that key. The format of a
516 rule record is:
517 r:::component:option:flags:value:
519 component
522 This is the component part of a rule. It is a plain
523 string.
524 option This is the option part of a rule. It is a plain string.
527 flag This is the flags part of a rule. There may be only one
530 flag per rule but by using the same component and option,
531 several flags may be assigned to an option. It is a
532 plain string.
533 value This is the optional value for the option. It is a per‐
536 cent escaped string with a single quotation mark to indi‐
537 cate a string. The quotation mark is only required to
538 distinguish between no value specified and an empty
539 string.
540 Unknown record typs should be ignored. Note that there is intention‐
544 ally no feature to change the global option file through gpgconf.
545
550 /etc/gnupg/gpgconf.conf
551 If this file exists, it is processed as a global configuration
552 file.
553 A commented example can be found in the `examples' directory
554 of
555 the distribution.
556
560 gpg(1), gpgsm(1), gpg-agent(1), scdaemon(1), dirmngr(1)
561 The full documentation for this tool is maintained as a Texinfo manual.
563 If GnuPG and the info program are properly installed at your site, the
564 command
565 info gnupg
567 should give you access to the complete manual including a menu struc‐
569 ture and an index.
570GnuPG 2.0.8 2008-01-24 GPGCONF(1)