1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-24 15:17:02 +01:00

Give hints on files to backup.

This commit is contained in:
Werner Koch 2009-07-22 10:24:46 +00:00
parent 5d310a8de7
commit 02e05e28e7
5 changed files with 67 additions and 59 deletions

View File

@ -1,3 +1,8 @@
2009-07-22 Werner Koch <wk@g10code.com>
* gpg.texi (GPG Configuration Options): Tell what files to backup.
* sysnotes.texi: Remove some warning notes for W32.
2009-07-20 Werner Koch <wk@g10code.com> 2009-07-20 Werner Koch <wk@g10code.com>
* gpg.texi (Operational GPG Commands): Add a note for --send-keys. * gpg.texi (Operational GPG Commands): Add a note for --send-keys.

View File

@ -515,15 +515,18 @@ agent. By default they may all be found in the current home directory
This file is also read after a @code{SIGHUP} however only a few This file is also read after a @code{SIGHUP} however only a few
options will actually have an effect. This default name may be options will actually have an effect. This default name may be
changed on the command line (@pxref{option --options}). changed on the command line (@pxref{option --options}).
You should backup this file.
@item trustlist.txt @item trustlist.txt
This is the list of trusted keys. Comment lines, indicated by a leading This is the list of trusted keys. You should backup this file.
hash mark, as well as empty lines are ignored. To mark a key as trusted
you need to enter its fingerprint followed by a space and a capital Comment lines, indicated by a leading hash mark, as well as empty
letter @code{S}. Colons may optionally be used to separate the bytes of lines are ignored. To mark a key as trusted you need to enter its
a fingerprint; this allows to cut and paste the fingerprint from a key fingerprint followed by a space and a capital letter @code{S}. Colons
listing output. If the line is prefixed with a @code{!} the key is may optionally be used to separate the bytes of a fingerprint; this
explicitly marked as not trusted. allows to cut and paste the fingerprint from a key listing output. If
the line is prefixed with a @code{!} the key is explicitly marked as
not trusted.
Here is an example where two keys are marked as ultimately trusted Here is an example where two keys are marked as ultimately trusted
and one as not trusted: and one as not trusted:
@ -574,15 +577,16 @@ fails, try again using the chain validation model.
@item sshcontrol @item sshcontrol
This file is used when support for the secure shell agent protocol has This file is used when support for the secure shell agent protocol has
been enabled (@pxref{option --enable-ssh-support}). Only keys present been enabled (@pxref{option --enable-ssh-support}). Only keys present in
in this file are used in the SSH protocol. The @command{ssh-add} tool this file are used in the SSH protocol. You should backup this file.
may be used to add new entries to this file; you may also add them
manually. Comment lines, indicated by a leading hash mark, as well as The @command{ssh-add} tool may be used to add new entries to this file;
empty lines are ignored. An entry starts with optional whitespace, you may also add them manually. Comment lines, indicated by a leading
followed by the keygrip of the key given as 40 hex digits, optionally hash mark, as well as empty lines are ignored. An entry starts with
followed by the caching TTL in seconds and another optional field for optional whitespace, followed by the keygrip of the key given as 40 hex
arbitrary flags. A non-zero TTL overrides the global default as digits, optionally followed by the caching TTL in seconds and another
set by @option{--default-cache-ttl-ssh}. optional field for arbitrary flags. A non-zero TTL overrides the global
default as set by @option{--default-cache-ttl-ssh}.
The keygrip may be prefixed with a @code{!} to disable an entry entry. The keygrip may be prefixed with a @code{!} to disable an entry entry.
@ -599,7 +603,8 @@ implicitly added to this list; i.e. there is no need to list them.
This is the directory where gpg-agent stores the private keys. Each This is the directory where gpg-agent stores the private keys. Each
key is stored in a file with the name made up of the keygrip and the key is stored in a file with the name made up of the keygrip and the
suffix @file{key}. suffix @file{key}. You should backup all files in this directory
and take great care to keep this backup closed away.
@end table @end table

View File

@ -485,16 +485,34 @@ For use with cron jobs, this command can be used together with
a check is needed. To force a run even in batch mode add the option a check is needed. To force a run even in batch mode add the option
@option{--yes}. @option{--yes}.
@anchor{option --export-ownertrust}
@item --export-ownertrust @item --export-ownertrust
@opindex export-ownertrust @opindex export-ownertrust
Send the ownertrust values to STDOUT. This is useful for backup purposes Send the ownertrust values to STDOUT. This is useful for backup purposes
as these values are the only ones which can't be re-created from a as these values are the only ones which can't be re-created from a
corrupted trust DB. corrupted trustdb. Example:
@c man:.RS
@example
@gpgname{} --export-ownertrust > otrust.txt
@end example
@c man:.RE
@item --import-ownertrust @item --import-ownertrust
@opindex import-ownertrust @opindex import-ownertrust
Update the trustdb with the ownertrust values stored in @code{files} (or Update the trustdb with the ownertrust values stored in @code{files} (or
STDIN if not given); existing values will be overwritten. STDIN if not given); existing values will be overwritten. In case of a
severely damaged trustdb and if you have a recent backup of the
ownertrust values (e.g. in the file @file{otrust.txt}, you may re-create
the trustdb using these commands:
@c man:.RS
@example
cd ~/.gnupg
rm trustdb.gpg
@gpgname{} --import-ownertrust < otrust.txt
@end example
@c man:.RE
@item --rebuild-keydb-caches @item --rebuild-keydb-caches
@opindex rebuild-keydb-caches @opindex rebuild-keydb-caches
@ -2614,12 +2632,12 @@ current home directory (@pxref{option --homedir}).
@table @file @table @file
@item gpg.conf @item gpg.conf
@cindex gpgsm.conf @cindex gpg.conf
This is the standard configuration file read by @command{@gpgname} on This is the standard configuration file read by @command{@gpgname} on
startup. It may contain any valid long option; the leading two dashes startup. It may contain any valid long option; the leading two dashes
may not be entered and the option may not be abbreviated. This default may not be entered and the option may not be abbreviated. This default
name may be changed on the command line (@pxref{option name may be changed on the command line (@pxref{option --options}).
--options}). You should backup this file.
@end table @end table
@ -2639,31 +2657,32 @@ files; They all live in in the current home directory (@pxref{option
@table @file @table @file
@item ~/.gnupg/secring.gpg @item ~/.gnupg/secring.gpg
The secret keyring. The secret keyring. You should backup this file.
@item ~/.gnupg/secring.gpg.lock @item ~/.gnupg/secring.gpg.lock
and the lock file The lock file for teh secret keyring.
@item ~/.gnupg/pubring.gpg @item ~/.gnupg/pubring.gpg
The public keyring The public keyring. You should backup this file.
@item ~/.gnupg/pubring.gpg.lock @item ~/.gnupg/pubring.gpg.lock
and the lock file The lock file for the public keyring.
@item ~/.gnupg/trustdb.gpg @item ~/.gnupg/trustdb.gpg
The trust database The trust database. There is no need to backup this file; it is better
to backup the ownertrust values (@pxref{option --export-ownertrust}).
@item ~/.gnupg/trustdb.gpg.lock @item ~/.gnupg/trustdb.gpg.lock
and the lock file The lock file for the trust database.
@item ~/.gnupg/random_seed @item ~/.gnupg/random_seed
used to preserve the internal random pool A file used to preserve the state of theinternal random pool.
@item /usr[/local]/share/gnupg/options.skel @item /usr[/local]/share/gnupg/options.skel
Skeleton options file The skeleton options file.
@item /usr[/local]/lib/gnupg/ @item /usr[/local]/lib/gnupg/
Default location for extensions Default location for extensions.
@end table @end table

View File

@ -734,7 +734,8 @@ This is the standard configuration file read by @command{gpgsm} on
startup. It may contain any valid long option; the leading two dashes startup. It may contain any valid long option; the leading two dashes
may not be entered and the option may not be abbreviated. This default may not be entered and the option may not be abbreviated. This default
name may be changed on the command line (@pxref{option name may be changed on the command line (@pxref{option
--options}). --options}). You should backup this file.
@item policies.txt @item policies.txt
@cindex policies.txt @cindex policies.txt
@ -743,7 +744,8 @@ object identifiers of the policies line by line. Empty lines and
lines starting with a hash mark are ignored. Policies missing in this lines starting with a hash mark are ignored. Policies missing in this
file and not marked as critical in the certificate will print only a file and not marked as critical in the certificate will print only a
warning; certificates with policies marked as critical and not listed warning; certificates with policies marked as critical and not listed
in this file will fail the signature verification. in this file will fail the signature verification. You should backup
this file.
For example, to allow only the policy 2.289.9.9, the file should look For example, to allow only the policy 2.289.9.9, the file should look
like this: like this:
@ -831,7 +833,8 @@ they all live in in the current home directory (@pxref{option
@cindex pubring.kbx @cindex pubring.kbx
This a database file storing the certificates as well as meta This a database file storing the certificates as well as meta
information. For debugging purposes the tool @command{kbxutil} may be information. For debugging purposes the tool @command{kbxutil} may be
used to show the internal structure of this file. used to show the internal structure of this file. You should backup
this file.
@item random_seed @item random_seed
@cindex random_seed @cindex random_seed

View File

@ -60,30 +60,10 @@ API (called here @emph{W32}) will be supported to some extend.
@node W32 Notes @node W32 Notes
@section Microsoft Windows Notes @section Microsoft Windows Notes
The port to Microsoft Windows based OSes is pretty new and has some
limitations we might remove over time. Note, that we have not yet done
any security audit and you should not use any valuable private key. In
particular, @strong{using it on a box with more than one user, might
lead to a key compromise}.
@strong{It is quite possible that the current version does not even
build.}
@noindent @noindent
Current limitations are: Current limitations are:
@itemize @itemize
@item
The @code{LISTKEYS} Assuan command of @command{gpgsm} is not supported.
Using the command line options @option{--list-keys} or
@option{--list-secret-keys} does however work.
@item
No support for CRL checks. By default the option
@option{--disable-crl-checks} has been turned on and the log will show
an appropriate warning message. The reason for this is that the
separate CRL checking daemin (@command{dirmngr}) has not been ported to
W32.
@item @item
@command{gpgconf} does not create backup files, so in case of trouble @command{gpgconf} does not create backup files, so in case of trouble
@ -97,10 +77,6 @@ possible.
The periodical smartcard status checking done by @command{scdaemon} is The periodical smartcard status checking done by @command{scdaemon} is
not yet supported. not yet supported.
@item
Detached running of the gpg-agent is not directly supported. It needs
to be started in a console and left alone then.
@end itemize @end itemize