gpgconf - Modify .gnupg home directories
gpgconf [options] --list-components gpgconf [options] --list-options component gpgconf [options] --change-options component
The gpgconf is a utility to automatically and reasonable safely query and modify configuration files in the '.gnupg' home directory. It is designed not to be invoked manually by the user, but automatically by graphical user interfaces (GUI). ([Please note that currently no locking is done, so concurrent access should be avoided. There are some precautions to avoid corruption with concurrent usage, but results may be inconsistent and some changes may get lost. The stateless design makes it difficult to provide more guarantees.]) gpgconf provides access to the configuration of one or more components of the GnuPG system. These components correspond more or less to the programs that exist in the GnuPG framework, like GnuPG, GPGSM, DirMngr, etc. But this is not a strict one-to-one relationship. Not all configuration options are available through gpgconf. gpgconf provides a generic and abstract method to access the most important configuration options that can feasibly be controlled via such a mechanism. gpgconf can be used to gather and change the options available in each component, and can also provide their default values. gpgconf will give detailed type information that can be used to restrict the user's input without making an attempt to commit the changes. gpgconf provides the backend of a configuration editor. The configuration editor would usually be a graphical user interface program that displays the current options, their default values, and allows the user to make changes to the options. These changes can then be made active with gpgconf again. Such a program that uses gpgconf in this way will be called GUI throughout this section.
One of the following commands must be given: --list-components List all components. This is the default command used if none is specified. --check-programs List all available backend programs and test whether they are runnable. --list-options component List all options of the component component. --change-options component Change the options of the component component. --check-options component Check the options for the component component. --apply-defaults Update all configuration files with values taken from the global configuration file (usually '/etc/gnupg/gpgconf.conf'). --list-dirs [names] Lists the directories used by gpgconf. One directory is listed per line, and each line consists of a colon-separated list where the first field names the directory type (for example sysconfdir) and the second field contains the percent-escaped directory. Although they are not directories, the socket file names used by gpg-agent and dirmngr are printed as well. Note that the socket file names and the homedir lines are the default names and they may be overridden by command line switches. If names are given only the directories or file names specified by the list names are printed without any escaping. --list-config [filename] List the global configuration file in a colon separated format. If filename is given, check that file instead. --check-config [filename] Run a syntax check on the global configuration file. If filename is given, check that file instead. --reload [component] Reload all or the given component. This is basically the same as sending a SIGHUP to the component. Components which don't support reloading are ignored. --launch [component] If the component is not already running, start it. component must be a daemon. This is in general not required because the system starts these daemons as needed. However, external software making direct use of gpg-agent or dirmngr may use this command to ensure that they are started. --kill [component] Kill the given component. Components which support killing are gpg-agent and scdaemon. Components which don't support reloading are ignored. Note that as of now reload and kill have the same effect for scdaemon. --create-socketdir Create a directory for sockets below /run/user or /var/run/user. This is command is only required if a non default home directory is used and the /run based sockets shall be used. For the default home directory GnUPG creates a directory on the fly. --remove-socketdir Remove a directory created with command --create-socketdir.
The following options may be used: -o file --output file Write output to file. Default is to write to stdout. -v --verbose Outputs additional information while running. Specifically, this extends numerical field values by human-readable descriptions. -q --quiet Try to be as quiet as possible. -n --dry-run Do not actually change anything. This is currently only implemented for --change-options and can be used for testing purposes. -r --runtime Only used together with --change-options. If one of the modified options can be changed in a running daemon process, signal the running daemon to ask it to reparse its configuration file after changing. This means that the changes will take effect at run-time, as far as this is possible. Otherwise, they will take effect at the next start of the respective backend programs.
The command --list-components will list all components that can be configured with gpgconf. Usually, one component will correspond to one GnuPG-related program and contain the options of that programs configuration file that can be modified using gpgconf. However, this is not necessarily the case. A component might also be a group of selected options from several programs, or contain entirely virtual options that have a special effect rather than changing exactly one option in one configuration file. A component is a set of configuration options that semantically belong together. Furthermore, several changes to a component can be made in an atomic way with a single operation. The GUI could for example provide a menu with one entry for each component, or a window with one tabulator sheet per component. The command argument --list-components lists all available components, one per line. The format of each line is: name:description:pgmname: name This field contains a name tag of the component. The name tag is used to specify the component in all communication with gpgconf. The name tag is to be used verbatim. It is thus not in any escaped format. description The string in this field contains a human-readable description of the component. It can be displayed to the user of the GUI for informational purposes. It is percent-escaped and localized. pgmname The string in this field contains the absolute name of the program's file. It can be used to unambiguously invoke that program. It is percent-escaped. Example: $ gpgconf --list-components gpg:GPG for OpenPGP:/usr/local/bin/gpg2: gpg-agent:GPG Agent:/usr/local/bin/gpg-agent: scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon: gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm: dirmngr:Directory Manager:/usr/local/bin/dirmngr: Checking programs The command --check-programs is similar to --list-components but works on backend programs and not on components. It runs each program to test whether it is installed and runnable. This also includes a syntax check of all config file options of the program. The command argument --check-programs lists all available programs, one per line. The format of each line is: name:description:pgmname:avail:okay:cfgfile:line:error: name This field contains a name tag of the program which is identical to the name of the component. The name tag is to be used verbatim. It is thus not in any escaped format. This field may be empty to indicate a continuation of error descriptions for the last name. The description and pgmname fields are then also empty. description The string in this field contains a human-readable description of the component. It can be displayed to the user of the GUI for informational purposes. It is percent-escaped and localized. pgmname The string in this field contains the absolute name of the program's file. It can be used to unambiguously invoke that program. It is percent-escaped. avail The boolean value in this field indicates whether the program is installed and runnable. okay The boolean value in this field indicates whether the program's config file is syntactically okay. cfgfile If an error occurred in the configuration file (as indicated by a false value in the field okay), this field has the name of the failing configuration file. It is percent-escaped. line If an error occurred in the configuration file, this field has the line number of the failing statement in the configuration file. It is an unsigned number. error If an error occurred in the configuration file, this field has the error text of the failing statement in the configuration file. It is percent-escaped and localized. In the following example the dirmngr is not runnable and the configuration file of scdaemon is not okay. $ gpgconf --check-programs gpg:GPG for OpenPGP:/usr/local/bin/gpg2:1:1: gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:1:1: scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:1:0: gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:1:1: dirmngr:Directory Manager:/usr/local/bin/dirmngr:0:0: The command configuration file in the same manner as --check-programs, but only for the component component. Listing options Every component contains one or more options. Options may be gathered into option groups to allow the GUI to give visual hints to the user about which options are related. The command argument lists all options (and the groups they belong to) in the component component, one per line. component must be the string in the field name in the output of the --list-components command. There is one line for each option and each group. First come all options that are not in any group. Then comes a line describing a group. Then come all options that belong into each group. Then comes the next group and so on. There does not need to be any group (and in this case the output will stop after the last non-grouped option). The format of each line is: name:flags:level:description:type:alt-type:argname:default:argdef:value name This field contains a name tag for the group or option. The name tag is used to specify the group or option in all communication with gpgconf. The name tag is to be used verbatim. It is thus not in any escaped format. flags The flags field contains an unsigned number. Its value is the OR-wise combination of the following flag values: group (1) If this flag is set, this is a line describing a group and not an option. The following flag values are only defined for options (that is, if the group flag is not used). optional arg (2) If this flag is set, the argument is optional. This is never set for type 0 (none) options. list (4) If this flag is set, the option can be given multiple times. runtime (8) If this flag is set, the option can be changed at runtime. default (16) If this flag is set, a default value is available. default desc (32) If this flag is set, a (runtime) default is available. This and the default flag are mutually exclusive. no arg desc (64) If this flag is set, and the optional arg flag is set, then the option has a special meaning if no argument is given. no change (128) If this flag is set, gpgconf ignores requests to change the value. GUI frontends should grey out this option. Note, that manual changes of the configuration files are still possible. level This field is defined for options and for groups. It contains an unsigned number that specifies the expert level under which this group or option should be displayed. The following expert levels are defined for options (they have analogous meaning for groups): basic (0) This option should always be offered to the user. advanced (1) This option may be offered to advanced users. expert (2) This option should only be offered to expert users. invisible (3) This option should normally never be displayed, not even to expert users. internal (4) This option is for internal use only. Ignore it. The level of a group will always be the lowest level of all options it contains. description This field is defined for options and groups. The string in this field contains a human-readable description of the option or group. It can be displayed to the user of the GUI for informational purposes. It is percent-escaped and localized. type This field is only defined for options. It contains an unsigned number that specifies the type of the option's argument, if any. The following types are defined: Basic types: none (0) No argument allowed. string (1) An unformatted string. int32 (2) A signed number. uint32 (3) An unsigned number. Complex types: pathname (32) A string that describes the pathname of a file. The file does not necessarily need to exist. ldap server (33) A string that describes an LDAP server in the format: hostname:port:username:password:base_dn key fingerprint (34) A string with a 40 digit fingerprint specifying a certificate. pub key (35) A string that describes a certificate by user ID, key ID or fingerprint. sec key (36) A string that describes a certificate with a key by user ID, key ID or fingerprint. alias list (37) A string that describes an alias list, like the one used with gpg's group option. The list consists of a key, an equal sign and space separated values. More types will be added in the future. Please see the alt-type field for information on how to cope with unknown types. alt-type This field is identical to type, except that only the types 0 to 31 are allowed. The GUI is expected to present the user the option in the format specified by type. But if the argument type type is not supported by the GUI, it can still display the option in the more generic basic type alt-type. The GUI must support all the defined basic types to be able to display all options. More basic types may be added in future versions. If the GUI encounters a basic type it doesn't support, it should report an error and abort the operation. argname This field is only defined for options with an argument type type that is not 0. In this case it may contain a percent- escaped and localised string that gives a short name for the argument. The field may also be empty, though, in which case a short name is not known. default This field is defined only for options for which the default or default desc flag is set. If the default flag is set, its format is that of an option argument (see: [Format conventions], for details). If the default value is empty, then no default is known. Otherwise, the value specifies the default value for this option. If the default desc flag is set, the field is either empty or contains a description of the effect if the option is not given. argdef This field is defined only for options for which the optional arg flag is set. If the no arg desc flag is not set, its format is that of an option argument (see: [Format conventions], for details). If the default value is empty, then no default is known. Otherwise, the value specifies the default argument for this option. If the no arg desc flag is set, the field is either empty or contains a description of the effect of this option if no argument is given. value This field is defined only for options. Its format is that of an option argument. If it is empty, then the option is not explicitly set in the current configuration, and the default applies (if any). Otherwise, it contains the current value of the option. Note that this field is also meaningful if the option itself does not take a real argument (in this case, it contains the number of times the option appears). Changing options The command to change the options of the component component to the specified values. component must be the string in the field name in the output of the --list-components command. You have to provide the options that shall be changed in the following format on standard input: name:flags:new-value name This is the name of the option to change. name must be the string in the field name in the output of the --list-options command. flags The flags field contains an unsigned number. Its value is the OR-wise combination of the following flag values: default (16) If this flag is set, the option is deleted and the default value is used instead (if applicable). new-value The new value for the option. This field is only defined if the default flag is not set. The format is that of an option argument. If it is empty (or the field is omitted), the default argument is used (only allowed if the argument is optional for this option). Otherwise, the option will be set to the specified value. The output of the command is the same as that of --check-options for the modified configuration file. Examples: To set the force option, which is of basic type none (0): $ echo 'force:0:1' | gpgconf --change-options dirmngr To delete the force option: $ echo 'force:16:' | gpgconf --change-options dirmngr The --runtime option can influence when the changes take effect. Listing global options Sometimes it is useful for applications to look at the global options file 'gpgconf.conf'. The colon separated listing format is record oriented and uses the first field to identify the record type: k This describes a key record to start the definition of a new ruleset for a user/group. The format of a key record is: k:user:group: user This is the user field of the key. It is percent escaped. See the definition of the gpgconf.conf format for details. group This is the group field of the key. It is percent escaped. r This describes a rule record. All rule records up to the next key record make up a rule set for that key. The format of a rule record is: r:::component:option:flags:value: component This is the component part of a rule. It is a plain string. option This is the option part of a rule. It is a plain string. flag This is the flags part of a rule. There may be only one flag per rule but by using the same component and option, several flags may be assigned to an option. It is a plain string. value This is the optional value for the option. It is a percent escaped string with a single quotation mark to indicate a string. The quotation mark is only required to distinguish between no value specified and an empty string. Unknown record types should be ignored. Note that there is intentionally no feature to change the global option file through gpgconf.
/etc/gnupg/gpgconf.conf If this file exists, it is processed as a global configuration file. A commented example can be found in the 'examples' directory of the distribution.
gpg(1), gpgsm(1), gpg-agent(1), scdaemon(1), dirmngr(1) The full documentation for this tool is maintained as a Texinfo manual. If GnuPG and the info program are properly installed at your site, the command info gnupg should give you access to the complete manual including a menu structure and an index.
Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.
Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.
Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.
Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.
The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.
Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.
Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.
Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.