diff --git a/g10/dirmngr-conf.skel b/g10/dirmngr-conf.skel index fbb730bae..e2885e659 100644 --- a/g10/dirmngr-conf.skel +++ b/g10/dirmngr-conf.skel @@ -1,69 +1,73 @@ # dirmngr-conf.skel - Skeleton to create dirmngr.conf. # (Note that the first three lines are not copied.) # # dirmngr.conf - Options for Dirmngr # Written in 2015 by The GnuPG Project # # To the extent possible under law, the authors have dedicated all # copyright and related and neighboring rights to this file to the # public domain worldwide. This file is distributed without any # warranty. You should have received a copy of the CC0 Public Domain # Dedication along with this file. If not, see # . # # # Unless you specify which option file to use (with the command line # option "--options filename"), the file ~/.gnupg/dirmngr.conf is used # by dirmngr. The file can contain any long options which are valid # for Dirmngr. If the first non white space character of a line is a # '#', the line is ignored. Empty lines are also ignored. See the # dirmngr man page or the manual for a list of options. # # --keyserver URI # # GPG can send and receive keys to and from a keyserver. These # servers can be HKP, Email, or LDAP (if GnuPG is built with LDAP # support). # # Example HKP keyservers: # hkp://keys.gnupg.net # # Example HKP keyserver using a Tor OnionBalance service # hkp://jirk5u4osbsr34t5.onion # # Example HKPS keyservers (see --hkp-cacert below): # hkps://hkps.pool.sks-keyservers.net # # Example LDAP keyservers: # ldap://pgp.surfnet.nl:11370 # # Regular URL syntax applies, and you can set an alternate port # through the usual method: # hkp://keyserver.example.net:22742 # -# Most users just set the name and type of their preferred keyserver. # Note that most servers (with the notable exception of # ldap://keyserver.pgp.com) synchronize changes with each other. Note # also that a single server name may actually point to multiple -# servers via DNS round-robin. hkp://keys.gnupg.net is an example of -# such a "server", which spreads the load over a number of physical -# servers. +# servers via DNS round-robin or service records. # # If exactly two keyservers are configured and only one is a Tor hidden # service, Dirmngr selects the keyserver to use depending on whether -# Tor is locally running or not (on a per session base). +# Tor is locally running or not (on a per session base). Example: +# +# keyserver hkp://jirk5u4osbsr34t5.onion +# keyserver hkps://hkps.pool.sks-keyservers.net +# +# If no keyserver is specified GnuPG uses +# hkps://hkps.pool.sks-keyservers.net -keyserver hkp://jirk5u4osbsr34t5.onion -keyserver hkp://keys.gnupg.net # --hkp-cacert FILENAME # # For the "hkps" scheme (keyserver access over TLS), Dirmngr needs to # know the root certificates for verification of the TLS certificates # used for the connection. Enter the full name of a file with the # root certificates here. If that file is in PEM format a ".pem" # suffix is expected. This option may be given multiple times to add # more root certificates. Tilde expansion is supported. +# This is not required when the default server +# hkps://hkps.pool.sks-keyservers.net +# is used. #hkp-cacert /path/to/CA/sks-keyservers.netCA.pem