diff --git a/common/asshelp.c b/common/asshelp.c
index 0d903fd5f..172c7d998 100644
--- a/common/asshelp.c
+++ b/common/asshelp.c
@@ -278,6 +278,7 @@ lock_spawning (lock_spawn_t *lock, const char *homedir, const char *name,
     (homedir,
      !strcmp (name, "agent")?   "gnupg_spawn_agent_sentinel":
      !strcmp (name, "dirmngr")? "gnupg_spawn_dirmngr_sentinel":
+     !strcmp (name, "keyboxd")? "gnupg_spawn_keyboxd_sentinel":
      /*                    */   "gnupg_spawn_unknown_sentinel",
      NULL);
   if (!fname)
diff --git a/common/homedir.c b/common/homedir.c
index ee9585d66..f0e5362ba 100644
--- a/common/homedir.c
+++ b/common/homedir.c
@@ -971,6 +971,18 @@ dirmngr_socket_name (void)
 }
 
 
+/* Return the user socket name used by Keyboxd.  */
+const char *
+keyboxd_socket_name (void)
+{
+  static char *name;
+
+  if (!name)
+    name = make_filename (gnupg_socketdir (), KEYBOXD_SOCK_NAME, NULL);
+  return name;
+}
+
+
 /* Return the default pinentry name.  If RESET is true the internal
    cache is first flushed.  */
 static const char *
@@ -1122,7 +1134,7 @@ gnupg_module_name (int which)
 #ifdef GNUPG_DEFAULT_KEYBOXD
       return GNUPG_DEFAULT_KEYBOXD;
 #else
-      X(bindir, "kbx", KEYBOXD_NAME);
+      X(libexecdir, "kbx", KEYBOXD_NAME);
 #endif
 
     case GNUPG_MODULE_NAME_PROTECT_TOOL:
diff --git a/common/util.h b/common/util.h
index f39093566..7217a5208 100644
--- a/common/util.h
+++ b/common/util.h
@@ -273,6 +273,7 @@ const char *gnupg_localedir (void);
 const char *gnupg_cachedir (void);
 const char *gpg_agent_socket_name (void);
 const char *dirmngr_socket_name (void);
+const char *keyboxd_socket_name (void);
 
 char *_gnupg_socketdir_internal (int skip_checks, unsigned *r_info);
 
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 4dae7b49d..3583abe57 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -101,6 +101,7 @@ gc_error (int status, int errnum, const char *fmt, ...)
 static void gpg_agent_runtime_change (int killflag);
 static void scdaemon_runtime_change (int killflag);
 static void dirmngr_runtime_change (int killflag);
+static void keyboxd_runtime_change (int killflag);
 
 
 
@@ -490,6 +491,18 @@ static known_option_t known_options_dirmngr[] =
    { NULL }
  };
 
+/* The known options of the GC_COMPONENT_KEYBOXD component.  */
+static known_option_t known_options_keyboxd[] =
+ {
+   { "verbose",           GC_OPT_FLAG_LIST, GC_LEVEL_BASIC },
+   { "quiet",             GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
+   { "log-file",          GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+                          GC_ARG_TYPE_FILENAME },
+   { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
+
+   { NULL }
+ };
+
 
 /* The known options of the GC_COMPONENT_PINENTRY component.  */
 static known_option_t known_options_pinentry[] =
@@ -610,6 +623,10 @@ static struct
      GNUPG_MODULE_NAME_GPGSM, GPGSM_NAME ".conf",
      known_options_gpgsm },
 
+   { KEYBOXD_NAME, KEYBOXD_DISP_NAME, "gnupg", N_("Public Keys"),
+     GNUPG_MODULE_NAME_KEYBOXD, KEYBOXD_NAME ".conf",
+     known_options_keyboxd, keyboxd_runtime_change },
+
    { GPG_AGENT_NAME, GPG_AGENT_DISP_NAME, "gnupg", N_("Private Keys"),
      GNUPG_MODULE_NAME_AGENT, GPG_AGENT_NAME ".conf",
      known_options_gpg_agent, gpg_agent_runtime_change },
@@ -776,6 +793,38 @@ dirmngr_runtime_change (int killflag)
 }
 
 
+static void
+keyboxd_runtime_change (int killflag)
+{
+  gpg_error_t err = 0;
+  const char *pgmname;
+  const char *argv[6];
+  pid_t pid = (pid_t)(-1);
+
+  pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
+  argv[0] = "--no-autostart";
+  argv[1] = "--keyboxd";
+  argv[2] = killflag? "KILLKEYBOXD" : "RELOADKEYBOXD";
+  if (gnupg_default_homedir_p ())
+    argv[3] = NULL;
+  else
+    {
+      argv[3] = "--homedir";
+      argv[4] = gnupg_homedir ();
+      argv[5] = NULL;
+    }
+
+  if (!err)
+    err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
+  if (!err)
+    err = gnupg_wait_process (pgmname, pid, 1, NULL);
+  if (err)
+    gc_error (0, 0, "error running '%s %s': %s",
+              pgmname, argv[2], gpg_strerror (err));
+  gnupg_release_process (pid);
+}
+
+
 /* Launch the gpg-agent or the dirmngr if not already running.  */
 gpg_error_t
 gc_component_launch (int component)
@@ -789,12 +838,15 @@ gc_component_launch (int component)
   if (component < 0)
     {
       err = gc_component_launch (GC_COMPONENT_GPG_AGENT);
+      if (!err)
+        err = gc_component_launch (GC_COMPONENT_KEYBOXD);
       if (!err)
         err = gc_component_launch (GC_COMPONENT_DIRMNGR);
       return err;
     }
 
   if (!(component == GC_COMPONENT_GPG_AGENT
+        || component == GC_COMPONENT_KEYBOXD
         || component == GC_COMPONENT_DIRMNGR))
     {
       log_error ("%s\n", _("Component not suitable for launching"));
@@ -820,6 +872,8 @@ gc_component_launch (int component)
     }
   if (component == GC_COMPONENT_DIRMNGR)
     argv[i++] = "--dirmngr";
+  else if (component == GC_COMPONENT_KEYBOXD)
+    argv[i++] = "--keyboxd";
   argv[i++] = "NOP";
   argv[i] = NULL;
 
@@ -829,7 +883,8 @@ gc_component_launch (int component)
   if (err)
     gc_error (0, 0, "error running '%s%s%s': %s",
               pgmname,
-              component == GC_COMPONENT_DIRMNGR? " --dirmngr":"",
+              component == GC_COMPONENT_DIRMNGR? " --dirmngr"
+              : component == GC_COMPONENT_KEYBOXD? " --keyboxd":"",
               " NOP",
               gpg_strerror (err));
   gnupg_release_process (pid);
diff --git a/tools/gpgconf.c b/tools/gpgconf.c
index 346a6585d..f5f57f577 100644
--- a/tools/gpgconf.c
+++ b/tools/gpgconf.c
@@ -249,6 +249,7 @@ list_dirs (estream_t fp, char **names)
     { "localedir",          gnupg_localedir,  NULL },
     { "socketdir",          gnupg_socketdir,  NULL },
     { "dirmngr-socket",     dirmngr_socket_name, NULL,},
+    { "keyboxd-socket",     keyboxd_socket_name, NULL,},
     { "agent-ssh-socket",   gnupg_socketdir,  GPG_AGENT_SSH_SOCK_NAME },
     { "agent-extra-socket", gnupg_socketdir,  GPG_AGENT_EXTRA_SOCK_NAME },
     { "agent-browser-socket",gnupg_socketdir, GPG_AGENT_BROWSER_SOCK_NAME },
@@ -732,6 +733,8 @@ main (int argc, char **argv)
                     names[0] = "agent-socket";
                   else if (idx == GC_COMPONENT_DIRMNGR)
                     names[0] = "dirmngr-socket";
+                  else if (idx == GC_COMPONENT_KEYBOXD)
+                    names[0] = "keyboxd-socket";
                   else
                     names[0] = NULL;
                   names[1] = NULL;
@@ -891,6 +894,7 @@ main (int argc, char **argv)
                   GPG_AGENT_BROWSER_SOCK_NAME,
                   GPG_AGENT_SSH_SOCK_NAME,
                   SCDAEMON_SOCK_NAME,
+                  KEYBOXD_SOCK_NAME,
                   DIRMNGR_SOCK_NAME
                 };
                 int i;
diff --git a/tools/gpgconf.h b/tools/gpgconf.h
index 83aee9a09..79f33da35 100644
--- a/tools/gpgconf.h
+++ b/tools/gpgconf.h
@@ -58,6 +58,9 @@ typedef enum
     /* GPG for S/MIME.  */
     GC_COMPONENT_GPGSM,
 
+    /* The optional public key daermon.  */
+    GC_COMPONENT_KEYBOXD,
+
     /* The GPG Agent.  */
     GC_COMPONENT_GPG_AGENT,