One of the following commands must be given:
List all components. This is the default command used if none is specified.
List all available backend programs and test whether they are runnable.
List all options of the component component.
Change the options of the component component.
Check the options for the component component.
Apply the configuration settings listed in file to the
configuration files. If file has no suffix and no slashes the
command first tries to read a file with the suffix
the data directory (
gpgconf --list-dirs datadir) before it
reads the file verbatim. A profile is divided into sections using the
bracketed component name. Each section then lists the option which
shall go into the respective configuration file.
Update all configuration files with values taken from the global configuration file (usually /etc/gnupg/gpgconf.conf). Note: This is a legacy mechanism. Please use global configuration files instead.
Lists the directories used by
gpgconf. One directory is
listed per line, and each line consists of a colon-separated list where
the first field names the directory type (for example
and the second field contains the percent-escaped directory. Although
they are not directories, the socket file names used by
dirmngr are printed as well. Note
that the socket file names and the
homedir lines are the default
names and they may be overridden by command line switches. If
names are given only the directories or file names specified by
the list names are printed without any escaping.
List the global configuration file in a colon separated format. If filename is given, check that file instead.
Run a syntax check on the global configuration file. If filename is given, check that file instead.
--query-swdb package_name [version_string]
Returns the current version for package_name and if
version_string is given also an indicator on whether an update
is available. The actual file with the software version is
automatically downloaded and checked by
dirmngr uses a thresholds to avoid download the file too
often and it does this by default only if it can be done via Tor. To
force an update of that file this command can be used:
gpg-connect-agent --dirmngr 'loadswdb --force' /bye
Reload all or the given component. This is basically the same as sending a SIGHUP to the component. Components which don’t support reloading are ignored. Without component or by using "all" for component all components which are daemons are reloaded.
If the component is not already running, start it.
component must be a daemon. This is in general not required
because the system starts these daemons as needed. However, external
software making direct use of
may use this command to ensure that they are started. Using "all" for
component launches all components which are daemons.
Kill the given component that runs as a daemon, including
component which does not run as a daemon will be ignored.
Using "all" for component kills all components running as
daemons. Note that as of now reload and kill have the same effect for
Create a directory for sockets below /run/user or /var/run/user. This is command is only required if a non default home directory is used and the /run based sockets shall be used. For the default home directory GnUPG creates a directory on the fly.
Remove a directory created with command --create-socketdir.
The following options may be used:
Write output to file. Default is to write to stdout.
Outputs additional information while running. Specifically, this extends numerical field values by human-readable descriptions.
Try to be as quiet as possible.
Set the name of the home directory to dir. If this option is not
used, the home directory defaults to ~/.gnupg. It is only
recognized when given on the command line. It also overrides any home
directory stated through the environment variable
(on Windows systems) by means of the Registry entry
On Windows systems it is possible to install GnuPG as a portable application. In this case only this command line option is considered, all other ways to set a home directory are ignored.
To install GnuPG as a portable application under Windows, create an empty file named gpgconf.ctl in the same directory as the tool gpgconf.exe. The root of the installation is then that directory; or, if gpgconf.exe has been installed directly below a directory named bin, its parent directory. You also need to make sure that the following directories exist and are writable: ROOT/home for the GnuPG home and ROOTAPPDATA/GNU/cache/gnupg for internal cache files.
Change the current user to uid which may either be a number or a name. This can be used from the root account to get information on the GnuPG environment of the specified user or to start or kill daemons. If uid is not the current UID a standard PATH is set and the envvar GNUPGHOME is unset. To override the latter the option --homedir can be used. This option has currently no effect on Windows.
Do not actually change anything. This is currently only implemented
--change-options and can be used for testing purposes.
Only used together with
--change-options. If one of the
modified options can be changed in a running daemon process, signal
the running daemon to ask it to reparse its configuration file after
This means that the changes will take effect at run-time, as far as this is possible. Otherwise, they will take effect at the next start of the respective backend programs.
Write special status strings to the file descriptor n. This program returns the status messages SUCCESS or FAILURE which are helpful when the caller uses a double fork approach and can’t easily get the return code of the process.