Central keyring (gnupg-2.0.x)

In institutions it may be useful to centralize key management so that only administrators can edit the public keyring or modify the trustdb.

To set this up:

primary-keyring \\networkshare\folder\\pubring.gpg
trustdb-name    \\networkshare\folder\trustdb.gpg
keyring         \\networkshare\folder\pubring.gpg

Optionally add secret-keyring \\networkshare\folder\secring.gpg

lock-never may lead to errors when multiple users are trying to modify the keyring at the same time. Remove that option in the config files of your gpg-admins if you have multiple admins.

  mkdir %APPDATA%\gnupg
  copy \\networkshare\folder\gpg.conf %APPDATA%\gnupg

And done. Your users can now read access the central pubring and all will see the same public keyring.

To centralize trust management you may want to set the Ownertrust to Ultimate for the public keys of your gpg-admins. So that a key signed by a gpg-admin is autmatically trustworthy for all other users.

Gpg4win/SetupHints (last edited 2016-06-17 09:48:14 by AndreHeinecke)