Next: , Up: gpgconf   [Contents][Index]

10.4.1 Invoking gpgconf

One of the following commands must be given:


List all components. This is the default command used if none is specified.


List all available backend programs and test whether they are runnable.

--list-options component

List all options of the component component.

--change-options component

Change the options of the component component.

--check-options component

Check the options for the component component.

--apply-profile file

Apply the configuration settings listed in file to the configuration files. If file has no suffix and no slashes the command first tries to read a file with the suffix .prf from the data directory (gpgconf --list-dirs datadir) before it reads the file verbatim. A profile is divided into sections using the bracketed component name. Each section then lists the option which shall go into the respective configuration file.


Update all configuration files with values taken from the global configuration file (usually /etc/gnupg/gpgconf.conf). Note: This is a legacy mechanism. Please use global configuration files instead.

--list-dirs [names]

Lists the directories used by gpgconf. One directory is listed per line, and each line consists of a colon-separated list where the first field names the directory type (for example sysconfdir) and the second field contains the percent-escaped directory. Although they are not directories, the socket file names used by gpg-agent and dirmngr are printed as well. Note that the socket file names and the homedir lines are the default names and they may be overridden by command line switches. If names are given only the directories or file names specified by the list names are printed without any escaping.

--list-config [filename]

List the global configuration file in a colon separated format. If filename is given, check that file instead.

--check-config [filename]

Run a syntax check on the global configuration file. If filename is given, check that file instead.

--query-swdb package_name [version_string]

Returns the current version for package_name and if version_string is given also an indicator on whether an update is available. The actual file with the software version is automatically downloaded and checked by dirmngr. dirmngr uses a thresholds to avoid download the file too often and it does this by default only if it can be done via Tor. To force an update of that file this command can be used:

       gpg-connect-agent --dirmngr 'loadswdb --force' /bye
--reload [component]

Reload all or the given component. This is basically the same as sending a SIGHUP to the component. Components which don’t support reloading are ignored. Without component or by using "all" for component all components which are daemons are reloaded.

--launch [component]

If the component is not already running, start it. component must be a daemon. This is in general not required because the system starts these daemons as needed. However, external software making direct use of gpg-agent or dirmngr may use this command to ensure that they are started. Using "all" for component launches all components which are daemons.

--kill [component]

Kill the given component that runs as a daemon, including gpg-agent, dirmngr, and scdaemon. A component which does not run as a daemon will be ignored. Using "all" for component kills all components running as daemons. Note that as of now reload and kill have the same effect for scdaemon.


Create a directory for sockets below /run/user or /var/run/user. This is command is only required if a non default home directory is used and the /run based sockets shall be used. For the default home directory GnUPG creates a directory on the fly.


Remove a directory created with command --create-socketdir.

The following options may be used:

-o file
--output file

Write output to file. Default is to write to stdout.


Outputs additional information while running. Specifically, this extends numerical field values by human-readable descriptions.


Try to be as quiet as possible.

--homedir dir

Set the name of the home directory to dir. If this option is not used, the home directory defaults to ~/.gnupg. It is only recognized when given on the command line. It also overrides any home directory stated through the environment variable GNUPGHOME or (on Windows systems) by means of the Registry entry HKCU\Software\GNU\GnuPG:HomeDir.

On Windows systems it is possible to install GnuPG as a portable application. In this case only this command line option is considered, all other ways to set a home directory are ignored.

To install GnuPG as a portable application under Windows, create an empty file named gpgconf.ctl in the same directory as the tool gpgconf.exe. The root of the installation is then that directory; or, if gpgconf.exe has been installed directly below a directory named bin, its parent directory. You also need to make sure that the following directories exist and are writable: ROOT/home for the GnuPG home and ROOTAPPDATA/GNU/cache/gnupg for internal cache files.

--chuid uid

Change the current user to uid which may either be a number or a name. This can be used from the root account to get information on the GnuPG environment of the specified user or to start or kill daemons. If uid is not the current UID a standard PATH is set and the envvar GNUPGHOME is unset. To override the latter the option --homedir can be used. This option has currently no effect on Windows.


Do not actually change anything. This is currently only implemented for --change-options and can be used for testing purposes.


Only used together with --change-options. If one of the modified options can be changed in a running daemon process, signal the running daemon to ask it to reparse its configuration file after changing.

This means that the changes will take effect at run-time, as far as this is possible. Otherwise, they will take effect at the next start of the respective backend programs.

--status-fd n

Write special status strings to the file descriptor n. This program returns the status messages SUCCESS or FAILURE which are helpful when the caller uses a double fork approach and can’t easily get the return code of the process.

Next: , Up: gpgconf   [Contents][Index]