I forgot to send it to the list as well...
-------- Forwarded Message -------- Subject: Re: regular update of all keys from a keyserver Date: Mon, 17 Oct 2016 16:20:00 +0000 From: Stephan Beck <st...@mailbox.org> Reply-To: st...@mailbox.org To: Martin T <m4rtn...@gmail.com> Hi Martin, Martin T: > Hi, > > I am aware that one can update all the keys in local-keyring from a > keyserver using "gpg --refresh-keys". Are there any disadvantages to > simply put this command into user crontab and execute for example once > a day? Yes. To protect you and your contacts from an eavesdropper (may it be the ISP or someone else), you may refresh your keyring over the Tor Network, using Parcimonie (1), which opens another circuit for every single refreshing action (one refreshing action, one refreshed key), thus slowly refreshing the whole keyring. Actually, it works with gpg v1, I've never got it working with gpg2, though. If someone out there knows how to adapt it for use with gpg2, go ahead and tell us! Well, you don't tell us anything about your system or your gpg version, but another way (with gpg 2.1.10 or later) is using the in-built support for refreshing your keyring via Tor using --use-tor option. Quote from the 2.1.10 announce mail (2): * dirmngr: New option --use-tor. For full support this requires libassuan version 2.4.2 and a patched version of libadns (e.g. adns-1.4-g10-7 as used by the standard Windows installer). If you do not use or do not want to use Tor, I'd recommend using at least https in any case, retrieving the certificate of sks-keyservers.netCA.pem first (3), verifying it and copying it into your gnupg home directory, and adding it to the keyserver section in gpg.conf. I'd never refresh my keyring over plain http, because, yes, we "should all have something to hide" (4), whatever the threats may be that are already knocking on our doors and whoever might tell us that this battle is lost or useless. (1) https://gaffer.ptitcanardnoir.org/intrigeri/code/parcimonie/ (2) https://lists.gnupg.org/pipermail/gnupg-announce/2015q4/000381.html (3) https://sks-keyservers.net/sks-keyservers.netCA.pe (4) https://moxie.org/blog/we-should-all-have-something-to-hide/ Cheers Stephan
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupgfirstname.lastname@example.org http://lists.gnupg.org/mailman/listinfo/gnupg-users