Hi, On 02/27/2017 04:07 PM, r...@riseup.net wrote:
I'll use my master key offline. Following this guidelines: https://incenp.org/notes/2015/using-an-offline-gnupg-master-key.htmlI also implemented the Appelbaum's config.(Riseup Best Practices) Will it work properly if the Master Key isn't on my machine?
It should.Note, however, that Riseup's Best Practices [1] and proposed configuration file [2] are partially obsolete, *especially* if you are using GnuPG 2.1. Many of the proposed options and advices are not needed anymore, as GnuPG already does The Right Thing.
And the following faults are coming: gpg: keyserver option 'ca-cert-file' is obsolete; please use 'hkp-cacert' in dirmngr.conf
If you're using the sks-keyservers.net pool you no longer need to provide GnuPG with the CA certificate file, as it is now bundled with GnuPG (>= 2.1.11) and automatically used when needed. (And with GnuPG >= 2.1.16 you will no longer even need to explicity set the keyserver option, as hkps.pool.sks-keyservers.net is already the default.)
gpg: keyserver option 'no-try-dns-srv' is unknown
This option no longer exists, but I *think* that if you really want to, you can disable SRV lookups by explicitly specifying a port number when setting the keyserver, as in:
keyserver hkps.pool.sks-keyservers.net:443 Damien -- [1] https://riseup.net/en/security/message-security/openpgp/best-practices[2] https://raw.githubusercontent.com/ioerror/duraconf/master/configs/gnupg/gpg.conf
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users