1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

doc: Improve the warning section of the gpg man page.

* doc/gpg.texi: Update return valeu and warning sections.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2020-02-10 17:11:53 +01:00
parent 6aff8a1328
commit 113a8288b8
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -3933,20 +3933,26 @@ or "Alpha" but not the string "test".
@mansect return value
@chapheading RETURN VALUE
The program returns 0 if everything was fine, 1 if at least
a signature was bad, and other error codes for fatal errors.
The program returns 0 if there are no severe errors, 1 if at least a
signature was bad, and other error codes for fatal errors.
Note that signature verification requires exact knowledge of what has
been signed and by whom it has beensigned. Using only the return code
is thus not an appropriate way to verify a signature by a script.
Either make proper use or the status codes or use the @command{gpgv}
tool which has been designed to make signature verification easy for
scripts.
@mansect warnings
@chapheading WARNINGS
Use a *good* password for your user account and a *good* passphrase
to protect your secret key. This passphrase is the weakest part of the
whole system. Programs to do dictionary attacks on your secret keyring
are very easy to write and so you should protect your "~/.gnupg/"
directory very well.
Keep in mind that, if this program is used over a network (telnet), it
is *very* easy to spy out your passphrase!
Use a good password for your user account and make sure that all
security issues are always fixed on your machine. Also employ
diligent physical protection to your machine. Consider to use a good
passphrase as a last resort protection to your secret key in the case
your machine gets stolen. It is important that your secret key is
never leaked. Using an easy to carry around token or smartcard with
the secret key is often a advisable.
If you are going to verify detached signatures, make sure that the
program knows about it; either give both filenames on the command line