mirror of
git://git.gnupg.org/gnupg.git
synced 2025-03-20 21:29:58 +01:00
* gpg.sgml: Note that --throw-keyid is --throw-keyids. Note changes in
--pgp8. Rephrase the "don't play algorithm games" warning now that PGP has blowfish, zlib, and bzip2.
This commit is contained in:
parent
1d8e25695f
commit
0e964631c5
@ -1,3 +1,9 @@
|
||||
2004-09-14 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* gpg.sgml: Note that --throw-keyid is --throw-keyids. Note
|
||||
changes in --pgp8. Rephrase the "don't play algorithm games"
|
||||
warning now that PGP has blowfish, zlib, and bzip2.
|
||||
|
||||
2004-08-07 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* gpg.sgml: Remove show-long-keyids since it is replaced by
|
||||
|
60
doc/gpg.sgml
60
doc/gpg.sgml
@ -1986,18 +1986,14 @@ disables this option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--throw-keyid</term>
|
||||
<term>--throw-keyids</term>
|
||||
<term>--no-throw-keyids</term>
|
||||
<listitem><para>
|
||||
Do not put the keyids into encrypted packets. This option hides the
|
||||
receiver of the message and is a countermeasure against traffic
|
||||
analysis. It may slow down the decryption process because all
|
||||
available secret keys are tried.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-throw-keyid</term>
|
||||
<listitem><para>
|
||||
Resets the --throw-keyid option.
|
||||
Do not put the recipient keyid into encrypted packets. This option
|
||||
hides the receiver of the message and is a countermeasure against
|
||||
traffic analysis. It may slow down the decryption process because all
|
||||
available secret keys are tried. --no-throw-keyids disables this
|
||||
option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -2012,7 +2008,6 @@ line, patch files don't have this. A special armor header
|
||||
line tells GnuPG about this cleartext signature option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>--escape-from-lines</term>
|
||||
<term>--no-escape-from-lines</term>
|
||||
@ -2128,7 +2123,7 @@ Set up all options to be as PGP 6 compliant as possible. This
|
||||
restricts you to the ciphers IDEA (if the IDEA plugin is installed),
|
||||
3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160, and the
|
||||
compression algorithms none and ZIP. This also disables
|
||||
--throw-keyid, and making signatures with signing subkeys as PGP 6
|
||||
--throw-keyids, and making signatures with signing subkeys as PGP 6
|
||||
does not understand signatures made by signing subkeys.
|
||||
</para><para>
|
||||
This option implies `--disable-mdc --no-sk-comment --escape-from-lines
|
||||
@ -2149,9 +2144,8 @@ TWOFISH.
|
||||
<listitem><para>
|
||||
Set up all options to be as PGP 8 compliant as possible. PGP 8 is a
|
||||
lot closer to the OpenPGP standard than previous versions of PGP, so
|
||||
all this does is disable --throw-keyid and set --escape-from-lines.
|
||||
The allowed algorithms list is the same as --pgp7 with the addition of
|
||||
the SHA-256 digest algorithm.
|
||||
all this does is disable --throw-keyids and set --escape-from-lines.
|
||||
All algorithms are allowed except for the SHA384 and SHA512 digests.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
</variablelist></para></listitem></varlistentry>
|
||||
@ -2481,10 +2475,11 @@ This is an obsolete option and is not used anywhere.
|
||||
<varlistentry>
|
||||
<term>--try-all-secrets</term>
|
||||
<listitem><para>
|
||||
Don't look at the key ID as stored in the message but try all secret keys in
|
||||
turn to find the right decryption key. This option forces the behaviour as
|
||||
used by anonymous recipients (created by using --throw-keyid) and might come
|
||||
handy in case where an encrypted message contains a bogus key ID.
|
||||
Don't look at the key ID as stored in the message but try all secret
|
||||
keys in turn to find the right decryption key. This option forces the
|
||||
behaviour as used by anonymous recipients (created by using
|
||||
--throw-keyids) and might come handy in case where an encrypted
|
||||
message contains a bogus key ID.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -2860,8 +2855,8 @@ is *very* easy to spy out your passphrase!
|
||||
</para>
|
||||
<para>
|
||||
If you are going to verify detached signatures, make sure that the
|
||||
program knows about it; either be giving both filenames on the
|
||||
command line or using <literal>-</literal> to specify stdin.
|
||||
program knows about it; either give both filenames on the command line
|
||||
or use <literal>-</literal> to specify stdin.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
@ -2869,8 +2864,8 @@ command line or using <literal>-</literal> to specify stdin.
|
||||
<title>INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS</title>
|
||||
<para>
|
||||
GnuPG tries to be a very flexible implementation of the OpenPGP
|
||||
standard. In particular, GnuPG implements many of the "optional"
|
||||
parts of the standard, such as the RIPEMD/160 hash, and the ZLIB
|
||||
standard. In particular, GnuPG implements many of the optional parts
|
||||
of the standard, such as the SHA-512 hash, and the ZLIB and BZIP2
|
||||
compression algorithms. It is important to be aware that not all
|
||||
OpenPGP programs implement these optional algorithms and that by
|
||||
forcing their use via the --cipher-algo, --digest-algo,
|
||||
@ -2880,14 +2875,15 @@ cannot be read by the intended recipient.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
For example, as of this writing, no (unhacked) version of PGP supports
|
||||
the BLOWFISH cipher algorithm. If you use it, no PGP user will be
|
||||
able to decrypt your message. The same thing applies to the ZLIB
|
||||
compression algorithm. By default, GnuPG uses the standard OpenPGP
|
||||
preferences system that will always do the right thing and create
|
||||
messages that are usable by all recipients, regardless of which
|
||||
OpenPGP program they use. Only override this safe default if you know
|
||||
what you are doing.
|
||||
There are dozens of variations of OpenPGP programs available, and each
|
||||
supports a slightly different subset of these optional algorithms.
|
||||
For example, until recently, no (unhacked) version of PGP supported
|
||||
the BLOWFISH cipher algorithm. A message using BLOWFISH simply could
|
||||
not be read by a PGP user. By default, GnuPG uses the standard
|
||||
OpenPGP preferences system that will always do the right thing and
|
||||
create messages that are usable by all recipients, regardless of which
|
||||
OpenPGP program they use. Only override this safe default if you
|
||||
really know what you are doing.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
|
Loading…
x
Reference in New Issue
Block a user