.B gpg-wks-client
.RI [ options ]
.B \-\-read
+.br
+.B gpg-wks-client
+.RI [ options ]
+.B \-\-mirror
+.br
+.B gpg-wks-client
+.RI [ options ]
+.B \-\-install-key
+.br
+.B gpg-wks-client
+.RI [ options ]
+.B \-\-remove-key
+.br
+.B gpg-wks-client
+.RI [ options ]
+.B \-\-print-wkd-hash
+.br
+.B gpg-wks-client
+.RI [ options ]
+.B \-\-print-wkd-url
@end ifset
@mansect description
The @command{gpg-wks-client} is used to send requests to a Web Key
-Service provider. This is usuallay done to upload a key into a Web
+Service provider. This is usually done to upload a key into a Web
Key Directory.
With the @option{--supported} command the caller can test whether a
-site supports the Web Key Service. The argument is an arbitray
+site supports the Web Key Service. The argument is an arbitrary
address in the to be tested domain. For example
@file{foo@@example.net}. The command returns success if the Web Key
Service is supported. The operation is silent; to get diagnostic
@option{--remove-key} removes a key from that directory, its only
argument is a user-id.
-@command{gpg-wks-client} is not commonly invoked directly and thus it
-is not installed in the bin directory. Here is an example how it can
-be invoked manually to check for a Web Key Directory entry for
-@file{foo@@example.org}:
+The command @option{--mirror} is similar to @option{--install-key} but
+takes the keys from the the LDAP server configured for Dirmngr. If no
+arguments are given all keys and user ids are installed. If arguments
+are given they are taken as domain names to limit the to be installed
+keys. The option @option{--blacklist} may be used to further limit
+the to be installed keys.
-@example
-$(gpgconf --list-dirs libexecdir)/gpg-wks-client --check foo@@example.net
-@end example
+The command @option{--print-wkd-hash} prints the WKD user-id identifiers
+and the corresponding mailboxes from the user-ids given on the command
+line or via stdin (one user-id per line).
+
+The command @option{--print-wkd-url} prints the URLs used to fetch the
+key for the given user-ids from WKD. The meanwhile preferred format
+with sub-domains is used here.
@mansect options
@noindent
@item --with-colons
@opindex with-colons
This option has currently only an effect on the @option{--supported}
-command. If it is used all arguimenst on the command line are taken
+command. If it is used all arguments on the command line are taken
as domain names and tested for WKD support. The output format is one
line per domain with colon delimited fields. The currently specified
fields are (future versions may specify additional fields):
@itemx --directory @var{dir}
@opindex directory
Use @var{dir} as top level directory for the commands
-@option{--install-key} and @option{--remove-key}. The default is
-@file{openpgpkey}.
+@option{--mirror}, @option{--install-key} and @option{--remove-key}.
+The default is @file{openpgpkey}.
+
+
+@item --blacklist @var{file}
+@opindex blacklist
+This option is used to exclude certain mail addresses from a mirror
+operation. The format of @var{file} is one mail address (just the
+addrspec, e.g. "postel@@isi.edu") per line. Empty lines and lines
+starting with a '#' are ignored.
@item --verbose
@opindex verbose
@end ifset
@mansect description
-The @command{gpg-wks-server} is a server site implementation of the
+The @command{gpg-wks-server} is a server side implementation of the
Web Key Service. It receives requests for publication, sends
confirmation requests, receives confirmations, and published the key.
It also has features to ease the setup and maintenance of a Web Key
When used with the command @option{--receive} a single Web Key Service
mail is processed. Commonly this command is used with the option
-@option{--send} to directly send the crerated mails back. See below
+@option{--send} to directly send the created mails back. See below
for an installation example.
-The command @option{--cron} is used for regualr cleanup tasks. For
+The command @option{--cron} is used for regular cleanup tasks. For
example non-confirmed requested should be removed after their expire
time. It is best to run this command once a day from a cronjob.
$ echo key-submission@@example.net >submission-address
@end example
-The protocol requires that the key to be published is send with an
+The protocol requires that the key to be published is sent with an
encrypted mail to the service. Thus you need to create a key for
the submission address:
The output of the last command looks similar to this:
@example
- sec rsa2048 2016-08-30 [SC]
+ sec rsa3072 2016-08-30 [SC]
C0FCF8642D830C53246211400346653590B3795B
uid [ultimate] key-submission@@example.net
- ssb rsa2048 2016-08-30 [E]
+ bxzcxpxk8h87z1k7bzk86xn5aj47intu@@example.net
+ ssb rsa3072 2016-08-30 [E]
@end example
Take the fingerprint from that output and manually publish the key:
projects / platform / upstream / gpg2.git / blobdiff