NAME

       dirmngr-client - Tool to access the Dirmngr services

SYNOPSIS

       dirmngr-client [options] [certfile|pattern]

DESCRIPTION

       The  dirmngr-client is a simple tool to contact a running dirmngr and test whether a certificate has been
       revoked --- either by being listed in the corresponding CRL or by  running  the  OCSP  protocol.   If  no
       dirmngr  is  running,  a  new instances will be started but this is in general not a good idea due to the
       huge performance overhead.

       The usual way to run this tool is either:

         dirmngr-client acert

       or

         dirmngr-client <acert

       Where acert is one DER encoded (binary) X.509 certificates to be tested.

RETURN VALUE

       dirmngr-client returns these values:

       0      The certificate under question is valid; i.e. there is a valid CRL available and it is not  listed
              there or the OCSP request returned that that certificate is valid.

       1      The certificate has been revoked

       2 (and other values)
              There  was  a  problem  checking the revocation state of the certificate.  A message to stderr has
              given more detailed information.  Most likely this is due to a missing or expired CRL or due to  a
              network problem.

OPTIONS

       dirmngr-client may be called with the following options:

       --version
              Print  the  program  version  and  licensing  information.   Note  that you cannot abbreviate this
              command.

       --help, -h
              Print a usage message summarizing the most useful command-line  options.   Note  that  you  cannot
              abbreviate this command.

       --quiet, -q
              Make the output extra brief by suppressing any informational messages.

       -v

       --verbose
              Outputs  additional  information  while running.  You can increase the verbosity by giving several
              verbose commands to dirmngr, such as '-vv'.

       --pem  Assume that the given certificate is in PEM (armored) format.

       --ocsp Do the check using the OCSP protocol and ignore any CRLs.

       --force-default-responder
              When checking using the OCSP protocol, force the use of the default OCSP responder.  That  is  not
              to use the Reponder as given by the certificate.

       --ping Check whether the dirmngr daemon is up and running.

       --cache-cert
              Put  the  given  certificate  into  the  cache  of  a  running dirmngr.  This is mainly useful for
              debugging.

       --validate
              Validate the given certificate using dirmngr's internal validation code.  This  is  mainly  useful
              for debugging.

       --load-crl
              This  command  expects a list of filenames with DER encoded CRL files.  With the option --url URLs
              are expected in place of filenames and they are loaded directly from the given location.  All CRLs
              will be validated and then loaded into dirmngr's cache.

       --lookup
              Take  the  remaining  arguments and run a lookup command on each of them.  The results are Base-64
              encoded outputs (without header lines).  This may be used to retrieve certificates from a  server.
              However the output format is not very well suited if more than one certificate is returned.

       --url
       -u     Modify the lookup and load-crl commands to take an URL.

       --local
       -l     Let the lookup command only search the local cache.

       --squid-mode
              Run dirmngr-client in a mode suitable as a helper program for Squid's external_acl_type option.

SEE ALSO

       dirmngr(8), gpgsm(1)

       The  full  documentation  for this tool is maintained as a Texinfo manual.  If GnuPG and the info program
       are properly installed at your site, the command

         info gnupg

       should give you access to the complete manual including a menu structure and an index.