System wide configuration of the GnuPG system
Open, HighPublic

Description

I think there must be an issue about this already but I could not find it.

My most important wish for a "professional" Gpg4win product is that it should be easier to deploy a configuration of GnuPG. For Example the compliance de-vs option. Currently our institutional deployment runs a login script for this.

Kleopatra uses the library KConfig to have a very nice configuration interface.
https://userbase.kde.org/KDE_System_Administration/Kiosk/Introduction

For GnuPG my proposal is:

  1. Read config from /etc/gnupg/

-> No new magic please like the profiles and all that stuff. Just read a "gpg.conf" "gpg-agent.conf" etc. from that location. Treat it as normal config files.

  1. Afterwards read the config from the GnuPG home dir.

If an option in the system wide configuration is marked with a "=" sign or something like that at the beginning of the line treat it as immutable. Otherwise prefer the user option.

E.g. if =enable-crl-checks is in the system wide config a "disable-crl-checks" should be ignored in the user config. Without an equal sign CRL checks should be disabled because the user has explicitly set it.

I'm mostly interested in Windows for this.

werner raised the priority of this task from Wishlist to High.