• Start
• Documentation
  • PostgreSQL
  • mnoGoSearch
  • Apache 2.4
  • FreeBSD handbook
  • FreeBSD Manual
  • FreeBSD Source
• Tools
• Search
• Protected Area

plain

FreeBSD manual

keyword 1 2 3 4 5 6 7 8 9 n l

download PDF document: dirmngr-client.1.pdf

DIRMNGR-CLIENT(1) GNU Privacy Guard 2.4 DIRMNGR-CLIENT(1)
NAME dirmngr-client - Tool to access the Dirmngr services
SYNOPSIS dirmngr-client [options] [certfile|pattern]

DESCRIPTION The dirmngr-client is a simple tool to contact a running dirmngr and test whether a certificate has been revoked --- either by being listed in the corresponding CRL or by running the OCSP protocol. If no dirmngr is running, a new instances will be started but this is in general not a good idea due to the huge performance overhead.

The usual way to run this tool is either:
dirmngr-client acert

or
dirmngr-client <acert
Where acert is one DER encoded (binary) X.509 certificates to be tested.

RETURN VALUE dirmngr-client returns these values:

0 The certificate under question is valid; i.e. there is a valid CRL available and it is not listed there or the OCSP request returned that that certificate is valid.

1 The certificate has been revoked

2 (and other values) There was a problem checking the revocation state of the certificate. A message to stderr has given more detailed information. Most likely this is due to a missing or expired CRL or due to a network problem.

OPTIONS dirmngr-client may be called with the following options:


--version Print the program version and licensing information. Note that you cannot abbreviate this command.

messages.

-v
--verbose Outputs additional information while running. You can increase the verbosity by giving several verbose commands to dirmngr, such as `-vv'.

--pem Assume that the given certificate is in PEM (armored) format.

--ocsp Do the check using the OCSP protocol and ignore any CRLs.

--force-default-responder When checking using the OCSP protocol, force the use of the default OCSP responder. That is not to use the Reponder as given by the certificate.

--ping Check whether the dirmngr daemon is up and running.

--cache-cert Put the given certificate into the cache of a running dirmngr. This is mainly useful for debugging.

--validate Validate the given certificate using dirmngr's internal validation code. This is mainly useful for debugging.

--load-crl This command expects a list of filenames with DER encoded CRL files. With the option --url URLs are expected in place of filenames and they are loaded directly from the given location. All CRLs will be validated and then loaded into dirmngr's cache.

--lookup Take the remaining arguments and run a lookup command on each of them. The results are Base-64 encoded outputs (without header lines). This may be used to retrieve certificates from a server. However the output format is not very well suited if more than one certificate is returned.

--url -u Modify the lookup and load-crl commands to take an URL.

--local -l Let the lookup command only search the local cache.

dirmngr(8), gpgsm(1)
The full documentation for this tool is maintained as a Texinfo manual. If GnuPG and the info program are properly installed at your site, the command
info gnupg
should give you access to the complete manual including a menu structure and an index.



GnuPG 2.4.3 2023-12-14 DIRMNGR-CLIENT(1)