DIRMNGR-CLIENT(1)	     GNU Privacy Guard 2.4	     DIRMNGR-CLIENT(1)

NAME
       dirmngr-client - Tool to access the Dirmngr services

SYNOPSIS
       dirmngr-client [options] [certfile|pattern]


DESCRIPTION
       The dirmngr-client is a simple tool to contact a running dirmngr and
       test whether a certificate has been revoked — either by being listed in
       the corresponding CRL or by running the OCSP protocol.  If no dirmngr
       is running, a new instances will be started but this is in general not
       a good idea due to the huge performance overhead.


       The usual way to run this tool is either:

	 dirmngr-client acert


       or

	 dirmngr-client <acert

       Where acert is one DER encoded (binary) X.509 certificates to be
       tested.


RETURN VALUE
       dirmngr-client returns these values:


       0      The certificate under question is valid; i.e. there is a valid
	      CRL available and it is not listed there or the OCSP request
	      returned that that certificate is valid.


       1      The certificate has been revoked


       2 (and other values)
	      There was a problem checking the revocation state of the
	      certificate.  A message to stderr has given more detailed
	      information.  Most likely this is due to a missing or expired
	      CRL or due to a network problem.


OPTIONS
       dirmngr-client may be called with the following options:



       --version
	      Print the program version and licensing information.  Note that
	      you cannot abbreviate this command.


       --help, -h
	      Print a usage message summarizing the most useful command-line
	      options.	Note that you cannot abbreviate this command.


       --quiet, -q
	      Make the output extra brief by suppressing any informational
	      messages.


       -v

       --verbose
	      Outputs additional information while running.  You can increase
	      the verbosity by giving several verbose commands to dirmngr,
	      such as ‘-vv’.


       --pem  Assume that the given certificate is in PEM (armored) format.


       --ocsp Do the check using the OCSP protocol and ignore any CRLs.


       --force-default-responder
	      When checking using the OCSP protocol, force the use of the
	      default OCSP responder.  That is not to use the Reponder as
	      given by the certificate.


       --ping Check whether the dirmngr daemon is up and running.


       --cache-cert
	      Put the given certificate into the cache of a running dirmngr.
	      This is mainly useful for debugging.


       --validate
	      Validate the given certificate using dirmngr's internal
	      validation code.	This is mainly useful for debugging.


       --load-crl
	      This command expects a list of filenames with DER encoded CRL
	      files.  With the option --url URLs are expected in place of
	      filenames and they are loaded directly from the given location.
	      All CRLs will be validated and then loaded into dirmngr's cache.


       --lookup
	      Take the remaining arguments and run a lookup command on each of
	      them.  The results are Base-64 encoded outputs (without header
	      lines).  This may be used to retrieve certificates from a
	      server. However the output format is not very well suited if
	      more than one certificate is returned.


       --url
       -u     Modify the lookup and load-crl commands to take an URL.


       --local
       -l     Let the lookup command only search the local cache.


       --squid-mode
	      Run dirmngr-client in a mode suitable as a helper program for
	      Squid's external_acl_type option.



SEE ALSO
       dirmngr(8), gpgsm(1)

       The full documentation for this tool is maintained as a Texinfo manual.
       If GnuPG and the info program are properly installed at your site, the
       command

	 info gnupg

       should give you access to the complete manual including a menu
       structure and an index.




GnuPG 2.4.8			  2025-02-19		     DIRMNGR-CLIENT(1)