mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
doc: Update from master.
--
This commit is contained in:
parent
8e39fe810d
commit
017c6f8fba
@ -372,13 +372,16 @@ seconds. The default is 1800 seconds.
|
|||||||
@opindex max-cache-ttl
|
@opindex max-cache-ttl
|
||||||
Set the maximum time a cache entry is valid to @var{n} seconds. After
|
Set the maximum time a cache entry is valid to @var{n} seconds. After
|
||||||
this time a cache entry will be expired even if it has been accessed
|
this time a cache entry will be expired even if it has been accessed
|
||||||
recently. The default is 2 hours (7200 seconds).
|
recently or has been set using @command{gpg-preset-passphrase}. The
|
||||||
|
default is 2 hours (7200 seconds).
|
||||||
|
|
||||||
@item --max-cache-ttl-ssh @var{n}
|
@item --max-cache-ttl-ssh @var{n}
|
||||||
@opindex max-cache-ttl-ssh
|
@opindex max-cache-ttl-ssh
|
||||||
Set the maximum time a cache entry used for SSH keys is valid to @var{n}
|
Set the maximum time a cache entry used for SSH keys is valid to
|
||||||
seconds. After this time a cache entry will be expired even if it has
|
@var{n} seconds. After this time a cache entry will be expired even
|
||||||
been accessed recently. The default is 2 hours (7200 seconds).
|
if it has been accessed recently or has been set using
|
||||||
|
@command{gpg-preset-passphrase}. The default is 2 hours (7200
|
||||||
|
seconds).
|
||||||
|
|
||||||
@item --enforce-passphrase-constraints
|
@item --enforce-passphrase-constraints
|
||||||
@opindex enforce-passphrase-constraints
|
@opindex enforce-passphrase-constraints
|
||||||
|
79
doc/gpg.texi
79
doc/gpg.texi
@ -408,7 +408,7 @@ removed first. In batch mode the key must be specified by fingerprint.
|
|||||||
@opindex export
|
@opindex export
|
||||||
Either export all keys from all keyrings (default keyrings and those
|
Either export all keys from all keyrings (default keyrings and those
|
||||||
registered via option @option{--keyring}), or if at least one name is given,
|
registered via option @option{--keyring}), or if at least one name is given,
|
||||||
those of the given name. The new keyring is written to STDOUT or to the
|
those of the given name. The exported keys are written to STDOUT or to the
|
||||||
file given with option @option{--output}. Use together with
|
file given with option @option{--output}. Use together with
|
||||||
@option{--armor} to mail those keys.
|
@option{--armor} to mail those keys.
|
||||||
|
|
||||||
@ -424,14 +424,30 @@ or changed by you. If no key IDs are given, @command{gpg} does nothing.
|
|||||||
@itemx --export-secret-subkeys
|
@itemx --export-secret-subkeys
|
||||||
@opindex export-secret-keys
|
@opindex export-secret-keys
|
||||||
@opindex export-secret-subkeys
|
@opindex export-secret-subkeys
|
||||||
Same as @option{--export}, but exports the secret keys instead. This is
|
Same as @option{--export}, but exports the secret keys instead. The
|
||||||
normally not very useful and a security risk. The second form of the
|
exported keys are written to STDOUT or to the file given with option
|
||||||
command has the special property to render the secret part of the
|
@option{--output}. This command is often used along with the option
|
||||||
primary key useless; this is a GNU extension to OpenPGP and other
|
@option{--armor} to allow easy printing of the key for paper backup;
|
||||||
implementations can not be expected to successfully import such a key.
|
however the external tool @command{paperkey} does a better job for
|
||||||
|
creating backups on paper. Note that exporting a secret key can be a
|
||||||
|
security risk if the exported keys are send over an insecure channel.
|
||||||
|
|
||||||
|
The second form of the command has the special property to render the
|
||||||
|
secret part of the primary key useless; this is a GNU extension to
|
||||||
|
OpenPGP and other implementations can not be expected to successfully
|
||||||
|
import such a key. Its intended use is to generated a full key with
|
||||||
|
an additional signing subkey on a dedicated machine and then using
|
||||||
|
this command to export the key without the primary key to the main
|
||||||
|
machine.
|
||||||
|
|
||||||
|
@ifset gpgtwoone
|
||||||
|
GnuPG may ask you to enter the passphrase for the key. This is
|
||||||
|
required because the internal protection method of the secret key is
|
||||||
|
different from the one specified by the OpenPGP protocol.
|
||||||
|
@end ifset
|
||||||
@ifclear gpgtwoone
|
@ifclear gpgtwoone
|
||||||
See the option @option{--simple-sk-checksum} if you want to import such
|
See the option @option{--simple-sk-checksum} if you want to import an
|
||||||
an exported key with an older OpenPGP implementation.
|
exported secret key into ancient OpenPGP implementations.
|
||||||
@end ifclear
|
@end ifclear
|
||||||
|
|
||||||
@item --import
|
@item --import
|
||||||
@ -2127,6 +2143,12 @@ of the output and may be used together with another command.
|
|||||||
@item --with-keygrip
|
@item --with-keygrip
|
||||||
@opindex with-keygrip
|
@opindex with-keygrip
|
||||||
Include the keygrip in the key listings.
|
Include the keygrip in the key listings.
|
||||||
|
|
||||||
|
@item --with-secret
|
||||||
|
@opindex with-secret
|
||||||
|
Include info about the presence of a secret key in public key listings
|
||||||
|
done with @code{--with-colons}.
|
||||||
|
|
||||||
@end ifset
|
@end ifset
|
||||||
|
|
||||||
@end table
|
@end table
|
||||||
@ -2310,9 +2332,11 @@ available, but the MIT release is a good common baseline.
|
|||||||
|
|
||||||
This option implies @option{--rfc1991 --disable-mdc
|
This option implies @option{--rfc1991 --disable-mdc
|
||||||
--no-force-v4-certs --escape-from-lines --force-v3-sigs
|
--no-force-v4-certs --escape-from-lines --force-v3-sigs
|
||||||
--allow-weak-digest-algos --cipher-algo IDEA --digest-algo MD5
|
@ifclear gpgone
|
||||||
--compress-algo ZIP}. It also disables @option{--textmode} when
|
--allow-weak-digest-algos
|
||||||
encrypting.
|
@end ifclear
|
||||||
|
--cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
|
||||||
|
It also disables @option{--textmode} when encrypting.
|
||||||
|
|
||||||
@item --pgp6
|
@item --pgp6
|
||||||
@opindex pgp6
|
@opindex pgp6
|
||||||
@ -2768,12 +2792,13 @@ necessary to get as much data as possible out of the corrupt message.
|
|||||||
However, be aware that a MDC protection failure may also mean that the
|
However, be aware that a MDC protection failure may also mean that the
|
||||||
message was tampered with intentionally by an attacker.
|
message was tampered with intentionally by an attacker.
|
||||||
|
|
||||||
|
@ifclear gpgone
|
||||||
@item --allow-weak-digest-algos
|
@item --allow-weak-digest-algos
|
||||||
@opindex allow-weak-digest-algos
|
@opindex allow-weak-digest-algos
|
||||||
Signatures made with the broken MD5 algorithm are normally rejected
|
Signatures made with the broken MD5 algorithm are normally rejected
|
||||||
with an ``invalid digest algorithm'' message. This option allows the
|
with an ``invalid digest algorithm'' message. This option allows the
|
||||||
verification of signatures made with such weak algorithms.
|
verification of signatures made with such weak algorithms.
|
||||||
|
@end ifclear
|
||||||
|
|
||||||
@item --no-default-keyring
|
@item --no-default-keyring
|
||||||
@opindex no-default-keyring
|
@opindex no-default-keyring
|
||||||
@ -3036,18 +3061,33 @@ files; They all live in in the current home directory (@pxref{option
|
|||||||
|
|
||||||
|
|
||||||
@table @file
|
@table @file
|
||||||
@item ~/.gnupg/secring.gpg
|
|
||||||
The secret keyring. You should backup this file.
|
|
||||||
|
|
||||||
@item ~/.gnupg/secring.gpg.lock
|
|
||||||
The lock file for the secret keyring.
|
|
||||||
|
|
||||||
@item ~/.gnupg/pubring.gpg
|
@item ~/.gnupg/pubring.gpg
|
||||||
The public keyring. You should backup this file.
|
The public keyring. You should backup this file.
|
||||||
|
|
||||||
@item ~/.gnupg/pubring.gpg.lock
|
@item ~/.gnupg/pubring.gpg.lock
|
||||||
The lock file for the public keyring.
|
The lock file for the public keyring.
|
||||||
|
|
||||||
|
@ifset gpgtwoone
|
||||||
|
@item ~/.gnupg/pubring.kbx
|
||||||
|
The public keyring using a different format. This file is sharred
|
||||||
|
with @command{gpgsm}. You should backup this file.
|
||||||
|
|
||||||
|
@item ~/.gnupg/pubring.kbx.lock
|
||||||
|
The lock file for @file{pubring.kbx}.
|
||||||
|
@end ifset
|
||||||
|
|
||||||
|
@item ~/.gnupg/secring.gpg
|
||||||
|
@ifclear gpgtwoone
|
||||||
|
The secret keyring. You should backup this file.
|
||||||
|
@end ifclear
|
||||||
|
@ifset gpgtwoone
|
||||||
|
A secret keyring as used by GnuPG versions before 2.1. It is not
|
||||||
|
used by GnuPG 2.1 and later.
|
||||||
|
|
||||||
|
@item ~/.gnupg/.gpg-v21-migrated
|
||||||
|
File indicating that a migration to GnuPG 2.1 has taken place.
|
||||||
|
@end ifset
|
||||||
|
|
||||||
@item ~/.gnupg/trustdb.gpg
|
@item ~/.gnupg/trustdb.gpg
|
||||||
The trust database. There is no need to backup this file; it is better
|
The trust database. There is no need to backup this file; it is better
|
||||||
to backup the ownertrust values (@pxref{option --export-ownertrust}).
|
to backup the ownertrust values (@pxref{option --export-ownertrust}).
|
||||||
@ -3058,6 +3098,9 @@ files; They all live in in the current home directory (@pxref{option
|
|||||||
@item ~/.gnupg/random_seed
|
@item ~/.gnupg/random_seed
|
||||||
A file used to preserve the state of the internal random pool.
|
A file used to preserve the state of the internal random pool.
|
||||||
|
|
||||||
|
@item ~/.gnupg/secring.gpg.lock
|
||||||
|
The lock file for the secret keyring.
|
||||||
|
|
||||||
@item /usr[/local]/share/gnupg/options.skel
|
@item /usr[/local]/share/gnupg/options.skel
|
||||||
The skeleton options file.
|
The skeleton options file.
|
||||||
|
|
||||||
|
@ -259,13 +259,26 @@ certificate are only exported if all @var{pattern} are given as
|
|||||||
fingerprints or keygrips.
|
fingerprints or keygrips.
|
||||||
|
|
||||||
@item --export-secret-key-p12 @var{key-id}
|
@item --export-secret-key-p12 @var{key-id}
|
||||||
@opindex export
|
@opindex export-secret-key-p12
|
||||||
Export the private key and the certificate identified by @var{key-id} in
|
Export the private key and the certificate identified by @var{key-id} in
|
||||||
a PKCS#12 format. When using along with the @code{--armor} option a few
|
a PKCS#12 format. When used with the @code{--armor} option a few
|
||||||
informational lines are prepended to the output. Note, that the PKCS#12
|
informational lines are prepended to the output. Note, that the PKCS#12
|
||||||
format is not very secure and this command is only provided if there is
|
format is not very secure and this command is only provided if there is
|
||||||
no other way to exchange the private key. (@pxref{option --p12-charset})
|
no other way to exchange the private key. (@pxref{option --p12-charset})
|
||||||
|
|
||||||
|
@ifset gpgtwoone
|
||||||
|
@item --export-secret-key-p8 @var{key-id}
|
||||||
|
@itemx --export-secret-key-raw @var{key-id}
|
||||||
|
@opindex export-secret-key-p8
|
||||||
|
@opindex export-secret-key-raw
|
||||||
|
Export the private key of the certificate identified by @var{key-id}
|
||||||
|
with any encryption stripped. The @code{...-raw} command exports in
|
||||||
|
PKCS#1 format; the @code{...-p8} command exports in PKCS#8 format.
|
||||||
|
When used with the @code{--armor} option a few informational lines are
|
||||||
|
prepended to the output. These commands are useful to prepare a key
|
||||||
|
for use on a TLS server.
|
||||||
|
@end ifset
|
||||||
|
|
||||||
@item --import [@var{files}]
|
@item --import [@var{files}]
|
||||||
@opindex import
|
@opindex import
|
||||||
Import the certificates from the PEM or binary encoded files as well as
|
Import the certificates from the PEM or binary encoded files as well as
|
||||||
@ -568,6 +581,13 @@ certificate.
|
|||||||
Include the keygrip in standard key listings. Note that the keygrip is
|
Include the keygrip in standard key listings. Note that the keygrip is
|
||||||
always listed in --with-colons mode.
|
always listed in --with-colons mode.
|
||||||
|
|
||||||
|
@ifset gpgtwoone
|
||||||
|
@item --with-secret
|
||||||
|
@opindex with-secret
|
||||||
|
Include info about the presence of a secret key in public key listings
|
||||||
|
done with @code{--with-colons}.
|
||||||
|
@end ifset
|
||||||
|
|
||||||
@end table
|
@end table
|
||||||
|
|
||||||
@c *******************************************
|
@c *******************************************
|
||||||
|
@ -1060,10 +1060,11 @@ may not be used and the passphrases for the to be used keys are given at
|
|||||||
machine startup.
|
machine startup.
|
||||||
|
|
||||||
Passphrases set with this utility don't expire unless the
|
Passphrases set with this utility don't expire unless the
|
||||||
@option{--forget} option is used to explicitly clear them from the cache
|
@option{--forget} option is used to explicitly clear them from the
|
||||||
--- or @command{gpg-agent} is either restarted or reloaded (by sending a
|
cache --- or @command{gpg-agent} is either restarted or reloaded (by
|
||||||
SIGHUP to it). It is necessary to allow this passphrase presetting by
|
sending a SIGHUP to it). Nite that the maximum cache time as set with
|
||||||
starting @command{gpg-agent} with the
|
@option{--max-cache-ttl} is still honored. It is necessary to allow
|
||||||
|
this passphrase presetting by starting @command{gpg-agent} with the
|
||||||
@option{--allow-preset-passphrase}.
|
@option{--allow-preset-passphrase}.
|
||||||
|
|
||||||
@menu
|
@menu
|
||||||
|
Loading…
x
Reference in New Issue
Block a user