dirmngr-client(1)


NAME

   dirmngr-client - Tool to access the Dirmngr services

SYNOPSIS

   dirmngr-client [options] [certfile|pattern]

DESCRIPTION

   The  dirmngr-client  is  a simple tool to contact a running dirmngr and
   test whether a certificate has been revoked --- either by being  listed
   in  the  corresponding  CRL  or  by  running  the OCSP protocol.  If no
   dirmngr is running, a new instances will be  started  but  this  is  in
   general not a good idea due to the huge performance overhead.

   The usual way to run this tool is either:

     dirmngr-client acert

   or

     dirmngr-client <acert

   Where  acert  is  one  DER  encoded  (binary)  X.509 certificates to be
   tested.

RETURN VALUE

   dirmngr-client returns these values:

   0      The certificate under question is valid; i.e. there is  a  valid
          CRL  available  and  it  is not listed there or the OCSP request
          returned that that certificate is valid.

   1      The certificate has been revoked

   2 (and other values)
          There was  a  problem  checking  the  revocation  state  of  the
          certificate.   A  message  to  stderr  has  given  more detailed
          information.  Most likely this is due to a  missing  or  expired
          CRL or due to a network problem.

OPTIONS

   dirmngr-client may be called with the following options:

   --version
          Print  the program version and licensing information.  Note that
          you cannot abbreviate this command.

   --help, -h
          Print a usage message summarizing the most  useful  command-line
          options.  Note that you cannot abbreviate this command.

   --quiet, -q
          Make  the  output  extra  brief by suppressing any informational
          messages.

   -v

   --verbose
          Outputs additional information while running.  You can  increase
          the  verbosity  by  giving  several verbose commands to dirmngr,
          such as '-vv'.

   --pem  Assume that the given certificate is in PEM (armored) format.

   --ocsp Do the check using the OCSP protocol and ignore any CRLs.

   --force-default-responder
          When checking using the OCSP  protocl,  force  the  use  of  the
          default  OCSP  responder.   That  is  not to use the Reponder as
          given by the certificate.

   --ping Check whether the dirmngr daemon is up and running.

   --cache-cert
          Put the given certificate into the cache of a  running  dirmngr.
          This is mainly useful for debugging.

   --validate
          Validate   the   given   certificate  using  dirmngr's  internal
          validation code.  This is mainly useful for debugging.

   --load-crl
          This command expects a list of filenames with  DER  encoded  CRL
          files.   With  the  option  --url  URLs are expected in place of
          filenames and they are loaded directly from the given  location.
          All CRLs will be validated and then loaded into dirmngr's cache.

   --lookup
          Take the remaining arguments and run a lookup command on each of
          them.  The results are Base-64 encoded outputs  (without  header
          lines).   This  may  be  used  to  retrieve  certificates from a
          server. However the output format is not  very  well  suited  if
          more than one certificate is returned.

   --url
   -u     Modify the lookup and load-crl commands to take an URL.

   --local
   -l     Let the lookup command only search the local cache.

   --squid-mode
          Run  dirmngr-client  in  a mode suitable as a helper program for
          Squid's external_acl_type option.

SEE ALSO

   dirmngr(8), gpgsm(1)

   The full documentation for this tool is maintained as a Texinfo manual.
   If  GnuPG and the info program are properly installed at your site, the
   command

     info gnupg

   should give  you  access  to  the  complete  manual  including  a  menu
   structure and an index.


More Linux Commands

manpages/addnwstr.3ncurses.html
addnwstr(3ncurses) - add a string of wide characters to a cu
These functions write the characters of the (null-terminated) wchar_t character string wstr on the given window. It is similar to constructing a cchar_t for eac

manpages/XkbAllocCompatMap.3.html
XkbAllocCompatMap(3) - Allocate a new compatibility map if y
xkb specifies the keyboard description for which compatibility maps are to be allocated. The compatibility map is the compat field in this structure. which spec

manpages/XpInputSelected.3x.html
XpInputSelected(3x) - Queries which X Print events the clien
XpInputSelected returns a bit mask describing which event classes the client has selected to receive. The value returned to all_event_mask_return is the union o

manpages/XkbAllocControls.3.html
XkbAllocControls(3) - Allocates an XkbControlsRec structure
The need to allocate an XkbControlsRec structure seldom arises; Xkb creates one when an application calls XkbGetControls or a related function. For those situat

manpages/gnutls_dtls_set_timeouts.3.html
gnutls_dtls_set_timeouts(3) - API function - Linux man page
This function will set the timeouts required for the DTLS handshake protocol. The retransmission timeout is the time after which a message from the peer is not

manpages/iwpriv.8.html
iwpriv(8) - configure optionals (private) parameters of a wi
Iwpriv is the companion tool to iwconfig(8). Iwpriv deals with parameters and setting specific to each driver (as opposed to iwconfig which deals with generic o

manpages/gitcli.7.html
gitcli(7) - git command line interface and conventions......
This manual describes the convention used throughout Git CLI. Many commands take revisions (most often commits, but sometimes tree-ish, depending on the context

manpages/gnutls_x509_crt_get_authority_key_id.3.html
gnutls_x509_crt_get_authority_key_id(3) - API function......
This function will return the X.509v3 certificate authoritys key identifier. This is obtained by the X.509 Authority Key identifier extension field (2.5.29.35).

manpages/chkconfig.8.html
chkconfig(8) - enable or disable system services (Man Page)
chkconfig is used to manipulate the runlevel links at boot time (see init.d(7)). It can be thought of as a frontend to insserv(8). Chkconfig can run in six diff

manpages/sqlite3.1.html
sqlite3(1) - A command line interface for SQLite version 3
To start a sqlite3 interactive session, invoke the sqlite3 command and optionally provide the name of a database file. If the database file does not exist, it w

manpages/XtToolkitThreadInitialize.3.html
XtToolkitThreadInitialize(3) - initialize the toolkit for mu
If XtToolkitThreadInitialize was previously called, it returns. The application programmer must ensure that two or more threads do not simultaneously attempt to

manpages/mdassembler.1.html
mdassembler(1) - Compile documentation for use in monodoc br
mdassembler has been obsoleted by mdoc(1). See the mdoc-assemble(1) man page. mdassembler is a program that creates .tree and .zip files for use in the monodoc





We can't live, work or learn in freedom unless the software we use is free.