X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:date:message-id:references :mime-version:content-type:content-transfer-encoding :in-reply-to; q=dns; s=default; b=tiKCTdAkSVjR5QYnJL2vZYaMAeFQsG EP2iAiGGeYEVVw1tgKajZ2KGpFWgH1FeaCvb/mQhckkTCQ0o3/BjOJplf7ypRFec am9o1XlIAl6YCWUc2KAX7sFfPb4jWz9ZlvK0CibAxWQ8tnculJBj0t0PNEVLAVSS XhW2ucHfsSTnk= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:date:message-id:references :mime-version:content-type:content-transfer-encoding :in-reply-to; s=default; bh=gpTpPzHzDuF/w0zK4tVUp6N2RaM=; b=Ik3x lP1JhCutlaEi2Gj3nwcII7xkYfEDwrKIe+XpTYHo29JUX5oItzTbobeMt4CIvG+4 nuTxFTvth6UhDTEZuVMlHMcfZMx9KnwVLgnT2czMXyfOln9v6trcE6Xgz68tgrHP gU8tdiyZCrci8UWAx64GZ9vC4AkX/6HM5ZhKUa0= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 spammy=H*UA:en-US, H*u:en-US, H*u:5.1, UD:mit.edu X-HELO: blaine.gmane.org To: cygwin AT cygwin DOT com From: =?UTF-8?Q?Ren=c3=a9_Berber?= Subject: Re: gpg ca-cert-file=[which file???] Date: Sat, 15 Jul 2017 20:24:11 -0500 Lines: 26 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081209 Lightning/0.9 Thunderbird/2.0.0.19 Mnenhy/0.7.6.0 In-Reply-To: X-IsSubscribed: yes On 7/15/2017 1:40 PM, Lee wrote: [snip] > in my ~/.gnupg/gpg.conf so I can do auto-key-retrieve securely ... or > at least over an encrypted channel. But what file should I be using > as the ca-cert file? You should be using the "system" files. On Cygwin that means installing the ca-certificates package (currently version 2.14-1). They are installed in a location where the SSL package expects them, you don't have to go look for them, and shouldn't need to specify its location (a directory) on your gpg.conf [snip] > $ grep "^keyserver" ~/.gnupg/gpg.conf > keyserver hkps://pgp.mit.edu/ > keyserver-options check-cert=on > keyserver-options ca-cert-file=/etc/pki/tls/cert.pem Wrong cert actually, I don't know why you say it worked. The cert that should have matched is the one used by the key server, not by you. -- R. Berber -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple