1GPG-WKS-CLIENT(1)            GNU Privacy Guard 2.4           GPG-WKS-CLIENT(1)
2
3
4

NAME

6       gpg-wks-client - Client for the Web Key Service
7

SYNOPSIS

9       gpg-wks-client [options] --supported user-id
10       gpg-wks-client [options] --check user-id
11       gpg-wks-client [options] --create fingerprint user-id
12       gpg-wks-client [options] --receive
13       gpg-wks-client [options] --read
14       gpg-wks-client [options] --mirror
15       gpg-wks-client [options] --install-key
16       gpg-wks-client [options] --remove-key
17       gpg-wks-client [options] --print-wkd-hash
18       gpg-wks-client [options] --print-wkd-url
19
20

DESCRIPTION

22       The  gpg-wks-client  is  used  to  send  requests  to a Web Key Service
23       provider.  This is usually done to upload a key into a Web  Key  Direc‐
24       tory.
25
26       With  the  --supported  command the caller can test whether a site sup‐
27       ports the Web Key Service.  The argument is an arbitrary address in the
28       to  be  tested  domain. For example ‘foo@example.net’.  The command re‐
29       turns success if the Web Key Service is supported.   The  operation  is
30       silent;  to get diagnostic output use the option --verbose.  See option
31       --with-colons for a variant of this command.
32
33       With the --check command the caller can test whether a key exists for a
34       supplied  mail address.  The command returns success if a key is avail‐
35       able.
36
37       The --create command is used to send a request for publication  in  the
38       Web  Key  Directory.   The arguments are the fingerprint of the key and
39       the user id to publish.  The output from the command is a properly for‐
40       matted  mail  with all standard headers.  This mail can be fed to send‐
41       mail(8) or any other tool to actually send that mail.   If  sendmail(8)
42       is installed the option --send can be used to directly send the created
43       request.  If the provider request a 'mailbox-only' user id and no  such
44       user id is found, gpg-wks-client will try an additional user id.
45
46       The  --receive  and  --read  commands  are used to process confirmation
47       mails as send from the service provider.  The  former  expects  an  en‐
48       crypted  MIME  messages,  the latter an already decrypted MIME message.
49       The result of these commands are another mail which can be send in  the
50       same way as the mail created with --create.
51
52       The  command  --install-key manually installs a key into a local direc‐
53       tory (see option -C) reflecting the structure of a WKD.  The  arguments
54       are  a file with the keyblock and the user-id to install.  If the first
55       argument resembles a fingerprint the key  is  taken  from  the  current
56       keyring;  to  force  the  use of a file, prefix the first argument with
57       "./".  If no arguments are given the parameters are  read  from  stdin;
58       the expected format are lines with the fingerprint and the mailbox sep‐
59       arated by a space.  The command --remove-key removes a  key  from  that
60       directory, its only argument is a user-id.
61
62       The  command  --mirror  is  similar to --install-key but takes the keys
63       from the the LDAP server configured for Dirmngr.  If no  arguments  are
64       given all keys and user ids are installed.  If arguments are given they
65       are taken as domain names to limit the to be installed keys.   The  op‐
66       tion --blacklist may be used to further limit the to be installed keys.
67
68       The command --print-wkd-hash prints the WKD user-id identifiers and the
69       corresponding mailboxes from the user-ids given on the command line  or
70       via stdin (one user-id per line).
71
72       The  command  --print-wkd-url prints the URLs used to fetch the key for
73       the given user-ids from WKD.  The meanwhile preferred format with  sub-
74       domains is used here.
75
76

OPTIONS

78       gpg-wks-client understands these options:
79
80
81
82       --send Directly  send  created  mails  using the sendmail command.  Re‐
83              quires installation of that command.
84
85
86       --with-colons
87              This option has currently only an effect on the --supported com‐
88              mand.  If it is used all arguments on the command line are taken
89              as domain names and tested for WKD support.  The  output  format
90              is  one  line  per domain with colon delimited fields.  The cur‐
91              rently specified fields are (future versions may  specify  addi‐
92              tional fields):
93
94
95
96              1 - domain
97                     This  is  the  domain  name.  Although quoting is not re‐
98                     quired for valid domain names this field is specified  to
99                     be quoted in standard C manner.
100
101
102              2 - WKD
103                     If  the value is true the domain supports the Web Key Di‐
104                     rectory.
105
106
107              3 - WKS
108                     If the value is true the domain supports the Web Key Ser‐
109                     vice protocol to upload keys to the directory.
110
111
112              4 - error-code
113                     This  may  contain  an gpg-error code to describe certain
114                     failures.  Use ‘gpg-error CODE’ to explain the code.
115
116
117              5 - protocol-version
118                     The minimum protocol version supported by the server.
119
120
121              6 - auth-submit
122                     The auth-submit flag from the policy file of the server.
123
124
125              7 - mailbox-only
126                     The mailbox-only flag from the policy file of the server.
127
128
129
130
131       --output file
132       -o     Write the created mail to file instead of stdout.  Note that the
133              value  - for file is the same as writing to stdout.  If this op‐
134              tion is used with the --check command and a key was found it  is
135              written to the given file.
136
137
138       --status-fd n
139              Write  special  status  strings  to the file descriptor n.  This
140              program returns only the  status  messages  SUCCESS  or  FAILURE
141              which  are  helpful  when the caller uses a double fork approach
142              and can't easily get the return code of the process.
143
144
145       -C dir
146       --directory dir
147              Use dir as top level directory for the commands --mirror,  --in‐
148              stall-key and --remove-key.  The default is ‘openpgpkey’.
149
150
151
152       --blacklist file
153              This  option  is  used  to exclude certain mail addresses from a
154              mirror operation.  The format of file is one mail address  (just
155              the  addrspec, e.g. "postel@isi.edu") per line.  Empty lines and
156              lines starting with a '#' are ignored.
157
158
159       --add-revocs
160       --no-add-revocs
161              If enabled append revocation certificates for the same  addrspec
162              as  used  in the WKD to the key.  Modern gpg version are able to
163              import and apply them for existing keys.  Note  that  when  used
164              with the --mirror command the revocation are searched in the lo‐
165              cal keyring and not in an LDAP directory.  The default is --add-
166              revocs.
167
168
169       --verbose
170              Enable extra informational output.
171
172
173       --quiet
174              Disable almost all informational output.
175
176
177       --version
178              Print version of the program and exit.
179
180
181       --help Display a brief help page and exit.
182
183

SEE ALSO

185       gpg-wks-server(1)
186
187
188
189
190
191
192GnuPG 2.4.3                       2023-06-21                 GPG-WKS-CLIENT(1)
Impressum