From 03c95c69a05d20a666c5c582a5f12d43684abe04 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Fri, 11 Jan 2002 23:42:49 +0000 Subject: [PATCH] Add documentation for --{no-}ask-cert-expire and --{no-}ask-sig-expire Revise --expire (it doesn't switch on the expiration prompt any longer) Revise --default-check-level to be clearer as to what makes a good key check before signing --- doc/ChangeLog | 7 ++++++ doc/gpg.sgml | 67 ++++++++++++++++++++++++++++++++++++++++----------- 2 files changed, 60 insertions(+), 14 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 63f15a812..37a856c88 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,10 @@ +2002-01-11 David Shaw + + * gpg.sgml: Added documentation for --{no-}ask-cert-expire, + --{no-}ask-sig-expire, and revise --expert (it doesn't switch on + the expiration prompt anymore) and --default-check-level (to be + clearer as to what makes a good key check before signing). + 2002-01-07 Werner Koch * DETAILS: Removed the comment that unattended key generation is diff --git a/doc/gpg.sgml b/doc/gpg.sgml index 911cdb85e..3711c563a 100644 --- a/doc/gpg.sgml +++ b/doc/gpg.sgml @@ -475,16 +475,28 @@ This is a shortcut version of the subcommand "nrsign" from --edit. The default to use for the check level when signing a key. 0 means you make no particular claim as to how carefully you verified -the key. 1 means you believe the key is owned by the person who -claims to own it but you could not, or did not verify the key at all. -This is useful for a "persona" verification, where you sign the key of -a pseudonymous user. 2 means you did casual verification of the key. -For example, this could mean that you verified that the key -fingerprint and checked the user ID on the key against a photo ID. 3 -means you did extensive verification of the key. For example, this -could mean that you verified the key fingerprint and checked the user -ID on the key against a photo ID, and also verified the email address -on the key belongs to the key owner. +the key. + +1 means you believe the key is owned by the person who claims to own +it but you could not, or did not verify the key at all. This is +useful for a "persona" verification, where you sign the key of a +pseudonymous user. + +2 means you did casual verification of the key. For example, this +could mean that you verified that the key fingerprint and checked the +user ID on the key against a photo ID. + +3 means you did extensive verification of the key. For example, this +could mean that you verified the key fingerprint with the owner of the +key in person, and that you checked, by means of a hard to forge +document with a photo ID (such as a passport) that the name of the key +owner matches the name in the user ID on the key, and finally that you +verified (by exchange of email) that the email address on the key +belongs to the key owner. + +Note that the examples given above for levels 2 and 3 are just that: +examples. In the end, it is up to you to decide just what "casual" +and "extensive" mean to you. This option defaults to 0. @@ -1735,13 +1747,40 @@ content of an encrypted message; using this option you can do this without handing out the secret key. + +--ask-sig-expire + +When making a data signature, prompt for an expiration time. If this +option is not specified, the expiration time is "never". + +--no-ask-sig-expire + +Resets the --ask-sig-expire option. + +--ask-cert-expire + +When making a key signature, prompt for an expiration time. If this +option is not specified, the expiration time is "never". + +--no-ask-cert-expire + +Resets the --ask-cert-expire option. + --expert -Enable certain options, such as prompting for a signature expiration -date, that are not frequently used by regular users. Also permits the -user to do certain "silly" things like signing an expired or revoked -key. +Allow the user to do certain nonsenical or "silly" things like signing +an expired or revoked key, or certain potentially incompatible things +like adding more than one photo ID to a single key. In general, this +option is for experts only. If you don't really understand what it is +doing, leave this off.