Web lists-archives.com

Re: gpg ca-cert-file=[which file???]




On 7/15/2017 1:40 PM, Lee wrote:

[snip]
> in my ~/.gnupg/gpg.conf so I can do auto-key-retrieve securely ... or
> at least over an encrypted channel.  But what file should I be using
> as the ca-cert file?

You should be using the "system" files.

On Cygwin that means installing the ca-certificates package (currently
version 2.14-1).  They are installed in a location where the SSL package
expects them, you don't have to go look for them, and shouldn't need to
specify its location (a directory) on your gpg.conf

[snip]
> $ grep "^keyserver" ~/.gnupg/gpg.conf
> keyserver hkps://pgp.mit.edu/
> keyserver-options check-cert=on
> keyserver-options ca-cert-file=/etc/pki/tls/cert.pem

Wrong cert actually, I don't know why you say it worked.

The cert that should have matched is the one used by the key server, not
by you.
-- 
R. Berber


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple