security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-18 14:17:03 +01:00
Code Activity

doc: Improve the warning section of the gpg man page.

Browse Source 
* doc/gpg.texi: Update return value and warning sections.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 113a8288b85725f7726bb2952431deea745997d8)
This commit is contained in:
Werner Koch 2020-02-10 17:11:53 +01:00
parent 21d9bd8b87
commit 146dacd3b1
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
doc/gpg.texi
View File

@ -3426,7 +3426,7 @@ Allow processing of multiple OpenPGP messages contained in a single file
or stream. Some programs that call GPG are not prepared to deal with or stream. Some programs that call GPG are not prepared to deal with
multiple messages being processed together, so this option defaults to multiple messages being processed together, so this option defaults to
no. Note that versions of GPG prior to 1.4.7 always allowed multiple no. Note that versions of GPG prior to 1.4.7 always allowed multiple
messages. messages. Future versions of GnUPG will remove this option.
Warning: Do not use this option unless you need it as a temporary Warning: Do not use this option unless you need it as a temporary
workaround! workaround!
@ -3868,20 +3868,26 @@ or "Alpha" but not the string "test".
@mansect return value @mansect return value
@chapheading RETURN VALUE @chapheading RETURN VALUE
The program returns 0 if everything was fine, 1 if at least The program returns 0 if there are no severe errors, 1 if at least a
a signature was bad, and other error codes for fatal errors. signature was bad, and other error codes for fatal errors.
Note that signature verification requires exact knowledge of what has
been signed and by whom it has beensigned. Using only the return code
is thus not an appropriate way to verify a signature by a script.
Either make proper use or the status codes or use the @command{gpgv}
tool which has been designed to make signature verification easy for
scripts.
@mansect warnings @mansect warnings
@chapheading WARNINGS @chapheading WARNINGS
Use a *good* password for your user account and a *good* passphrase Use a good password for your user account and make sure that all
to protect your secret key. This passphrase is the weakest part of the security issues are always fixed on your machine. Also employ
whole system. Programs to do dictionary attacks on your secret keyring diligent physical protection to your machine. Consider to use a good
are very easy to write and so you should protect your "~/.gnupg/" passphrase as a last resort protection to your secret key in the case
directory very well. your machine gets stolen. It is important that your secret key is
never leaked. Using an easy to carry around token or smartcard with
Keep in mind that, if this program is used over a network (telnet), it the secret key is often a advisable.
is *very* easy to spy out your passphrase!
If you are going to verify detached signatures, make sure that the If you are going to verify detached signatures, make sure that the
program knows about it; either give both filenames on the command line program knows about it; either give both filenames on the command line