.\" Created from Texinfo source by yat2m 1.48-unknown .TH DIRMNGR-CLIENT 1 2024-03-04 "GnuPG 2.4.5" "GNU Privacy Guard 2.4" .SH NAME .B dirmngr-client \- Tool to access the Dirmngr services .SH SYNOPSIS .B dirmngr-client .RI [ options ] .RI [ certfile | pattern ] .SH DESCRIPTION The \fBdirmngr\-client\fP is a simple tool to contact a running dirmngr and test whether a certificate has been revoked \[em] either by being listed in the corresponding CRL or by running the OCSP protocol. If no dirmngr is running, a new instances will be started but this is in general not a good idea due to the huge performance overhead. The usual way to run this tool is either: .RS 2 .nf dirmngr\-client \fIacert\fP .fi .RE or .RS 2 .nf dirmngr\-client <\fIacert\fP .fi .RE Where \fIacert\fP is one DER encoded (binary) X.509 certificates to be tested. .SH RETURN VALUE \fBdirmngr\-client\fP returns these values: .TP .B 0 The certificate under question is valid; i.e. there is a valid CRL available and it is not listed there or the OCSP request returned that that certificate is valid. .TP .B 1 The certificate has been revoked .TP .B 2 (and other values) There was a problem checking the revocation state of the certificate. A message to stderr has given more detailed information. Most likely this is due to a missing or expired CRL or due to a network problem. .P .SH OPTIONS \fBdirmngr\-client\fP may be called with the following options: .TP .B \-\-version Print the program version and licensing information. Note that you cannot abbreviate this command. .TP .B \-\-help, \-h Print a usage message summarizing the most useful command-line options. Note that you cannot abbreviate this command. .TP .B \-\-quiet, \-q Make the output extra brief by suppressing any informational messages. .TP .B \-v .TP .B \-\-verbose Outputs additional information while running. You can increase the verbosity by giving several verbose commands to \fBdirmngr\fP, such as \(oq\-vv\(cq. .TP .B \-\-pem Assume that the given certificate is in PEM (armored) format. .TP .B \-\-ocsp Do the check using the OCSP protocol and ignore any CRLs. .TP .B \-\-force\-default\-responder When checking using the OCSP protocol, force the use of the default OCSP responder. That is not to use the Reponder as given by the certificate. .TP .B \-\-ping Check whether the dirmngr daemon is up and running. .TP .B \-\-cache\-cert Put the given certificate into the cache of a running dirmngr. This is mainly useful for debugging. .TP .B \-\-validate Validate the given certificate using dirmngr's internal validation code. This is mainly useful for debugging. .TP .B \-\-load\-crl This command expects a list of filenames with DER encoded CRL files. With the option \fB\-\-url\fP URLs are expected in place of filenames and they are loaded directly from the given location. All CRLs will be validated and then loaded into dirmngr's cache. .TP .B \-\-lookup Take the remaining arguments and run a lookup command on each of them. The results are Base-64 encoded outputs (without header lines). This may be used to retrieve certificates from a server. However the output format is not very well suited if more than one certificate is returned. .TP .B \-\-url .TQ .B \-u Modify the \fBlookup\fP and \fBload\-crl\fP commands to take an URL. .TP .B \-\-local .TQ .B \-l Let the \fBlookup\fP command only search the local cache. .TP .B \-\-squid\-mode Run \fBdirmngr-client\fP in a mode suitable as a helper program for Squid's \fBexternal_acl_type\fP option. .P .SH SEE ALSO \fBdirmngr\fP(8), \fBgpgsm\fP(1) The full documentation for this tool is maintained as a Texinfo manual. If GnuPG and the info program are properly installed at your site, the command .RS 2 .nf info gnupg .fi .RE should give you access to the complete manual including a menu structure and an index.