1DIRMNGR-CLIENT(1) GNU Privacy Guard 2.3 DIRMNGR-CLIENT(1)
2
3
4
6 dirmngr-client - Tool to access the Dirmngr services
7
9 dirmngr-client [options] [certfile|pattern]
10
11
13 The dirmngr-client is a simple tool to contact a running dirmngr and
14 test whether a certificate has been revoked --- either by being listed
15 in the corresponding CRL or by running the OCSP protocol. If no dirm‐
16 ngr is running, a new instances will be started but this is in general
17 not a good idea due to the huge performance overhead.
18
19
20 The usual way to run this tool is either:
21
22 dirmngr-client acert
23
24
25 or
26
27 dirmngr-client <acert
28
29 Where acert is one DER encoded (binary) X.509 certificates to be
30 tested.
31
32
34 dirmngr-client returns these values:
35
36
37 0 The certificate under question is valid; i.e. there is a valid
38 CRL available and it is not listed there or the OCSP request re‐
39 turned that that certificate is valid.
40
41
42 1 The certificate has been revoked
43
44
45 2 (and other values)
46 There was a problem checking the revocation state of the cer‐
47 tificate. A message to stderr has given more detailed informa‐
48 tion. Most likely this is due to a missing or expired CRL or
49 due to a network problem.
50
51
53 dirmngr-client may be called with the following options:
54
55
56
57 --version
58 Print the program version and licensing information. Note that
59 you cannot abbreviate this command.
60
61
62 --help, -h
63 Print a usage message summarizing the most useful command-line
64 options. Note that you cannot abbreviate this command.
65
66
67 --quiet, -q
68 Make the output extra brief by suppressing any informational
69 messages.
70
71
72 -v
73
74 --verbose
75 Outputs additional information while running. You can increase
76 the verbosity by giving several verbose commands to dirmngr,
77 such as ‘-vv’.
78
79
80 --pem Assume that the given certificate is in PEM (armored) format.
81
82
83 --ocsp Do the check using the OCSP protocol and ignore any CRLs.
84
85
86 --force-default-responder
87 When checking using the OCSP protocol, force the use of the de‐
88 fault OCSP responder. That is not to use the Reponder as given
89 by the certificate.
90
91
92 --ping Check whether the dirmngr daemon is up and running.
93
94
95 --cache-cert
96 Put the given certificate into the cache of a running dirmngr.
97 This is mainly useful for debugging.
98
99
100 --validate
101 Validate the given certificate using dirmngr's internal valida‐
102 tion code. This is mainly useful for debugging.
103
104
105 --load-crl
106 This command expects a list of filenames with DER encoded CRL
107 files. With the option --url URLs are expected in place of
108 filenames and they are loaded directly from the given location.
109 All CRLs will be validated and then loaded into dirmngr's cache.
110
111
112 --lookup
113 Take the remaining arguments and run a lookup command on each of
114 them. The results are Base-64 encoded outputs (without header
115 lines). This may be used to retrieve certificates from a
116 server. However the output format is not very well suited if
117 more than one certificate is returned.
118
119
120 --url
121 -u Modify the lookup and load-crl commands to take an URL.
122
123
124 --local
125 -l Let the lookup command only search the local cache.
126
127
128 --squid-mode
129 Run dirmngr-client in a mode suitable as a helper program for
130 Squid's external_acl_type option.
131
132
133
135 dirmngr(8), gpgsm(1)
136
137 The full documentation for this tool is maintained as a Texinfo manual.
138 If GnuPG and the info program are properly installed at your site, the
139 command
140
141 info gnupg
142
143 should give you access to the complete manual including a menu struc‐
144 ture and an index.
145
146
147
148
149
150
151GnuPG 2.3.8 2022-10-07 DIRMNGR-CLIENT(1)