Next: Dirmngr CHECKCRL, Previous: Dirmngr LOOKUP, Up: Dirmngr Protocol
ISVALID [--only-ocsp] [--force-default-responder] certid|certfpr
Check whether the certificate described by the certid has been revoked. Due to caching, the Dirmngr is able to answer immediately in most cases.
The certid is a hex encoded string consisting of two parts, delimited by a single dot. The first part is the SHA-1 hash of the issuer name and the second part the serial number.
Alternatively the certificate's SHA-1 fingerprint certfpr may be given in which case an OCSP request is done before consulting the CRL. If the option --only-ocsp is given, no fallback to a CRL check will be used. If the option --force-default-responder is given, only the default OCSP responder will be used and any other methods of obtaining an OCSP responder URL won't be used.
Common return values are:
GPG_ERR_NO_ERROR (0)
GPG_ERR_CERT_REVOKED
GPG_ERR_NO_CRL_KNOWN
GPG_ERR_NO_DATA
GPG_ERR_NOT_SUPPORTED
If DirMngr has not enough information about the given certificate (which is the case for not yet cached certificates), it will will inquire the missing data:
S: INQUIRE SENDCERT <CertID> C: D <DER encoded certificate> C: END
A client should be aware that DirMngr may ask for more than one certificate.