S/MIME Proxy Configuration

This guide explains how to set up an S/MIME proxy using an HTTP proxy as an example. If certificate revocation lists (CRLs) are not available via HTTP, refer to the Registry Settings (Reference) for additional options to configure an LDAP proxy or exclude a protocol.

To configure the HTTP proxy, create the entry HttpProxy in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\GNU\GnuPG. Set this string value to the address of your proxy, optionally including the port and/or password.

Windows Registry

Make sure that the entry is created in the correct place in the registry, there are several nodes with the name "GnuPG". To check, you can display which configuration values are taken into account at runtime by entering on the command line: 

gpgconf -X | findstr HttpProxy

If possible, you should avoid mixing registry settings and those in Kleopatra: The registry settings are valid globally on the computer, the settings in Kleopatra are valid locally for the user. They are stored in files under %APPDATA%\gnupg, which may take precedence over registry entries. In this case, the entry "http-proxy" would be stored in %APPDATA%\gnupg\dirmngr.conf and the registry value HttpProxy would be ignored if you use the default configuration of GnuPG VS-Desktop. This usually makes sense, as different proxy settings may be necessary at different locations.

In this regard, please note that http-proxy and some other options in the detailed description of registry settings are marked with superscript [user]. They can all be individually adjusted in addition to the registry settings in Kleopatra by the user.

Unless otherwise noted, these web pages are: Copyright 2025 g10 Code GmbH. Verbatim copying and distribution is permitted in any medium, provided this notice is preserved. See the Legal Notice & Privacy Policy for details. This page was last changed on 2025-02-25.