mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
Minor style fixes.
-- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka
parent
227b3b14f4
commit
16b6b77532
@ -91,7 +91,7 @@ should not occur but sometimes things go wrong), run it using
|
||||
@item How to find the IP address of a keyserver
|
||||
|
||||
If a round robin URL of is used for a keyserver
|
||||
(e.g. subkeys.gnupg.org); it is not easy to see what server is actually
|
||||
(e.g., subkeys.gnupg.org); it is not easy to see what server is actually
|
||||
used. Using the keyserver debug option as in
|
||||
|
||||
@smallexample
|
||||
@ -130,7 +130,7 @@ but Dirmngr's OCSP feature has not been enabled using
|
||||
The far most common reason for this is that the environment variable
|
||||
@code{GPG_TTY} has not been set correctly. Make sure that it has been
|
||||
set to a real tty device and not just to @samp{/dev/tty};
|
||||
i.e. @samp{GPG_TTY=tty} is plainly wrong; what you want is
|
||||
i.e., @samp{GPG_TTY=tty} is plainly wrong; what you want is
|
||||
@samp{GPG_TTY=`tty`} --- note the back ticks. Also make sure that
|
||||
this environment variable gets exported, that is you should follow up
|
||||
the setting with an @samp{export GPG_TTY} (assuming a Bourne style
|
||||
|
||||
@ -180,7 +180,7 @@ available flags the sole word "help" can be used.
|
||||
This option is only useful for testing; it sets the system time back or
|
||||
forth to @var{epoch} which is the number of seconds elapsed since the year
|
||||
1970. Alternatively @var{epoch} may be given as a full ISO time string
|
||||
(e.g. "20070924T154812").
|
||||
(e.g., "20070924T154812").
|
||||
|
||||
@item --debug-level @var{level}
|
||||
@opindex debug-level
|
||||
@ -213,7 +213,7 @@ however carefully selected to best aid in debugging.
|
||||
@item --debug @var{flags}
|
||||
@opindex debug
|
||||
Set debug flags. All flags are or-ed and @var{flags} may be given in
|
||||
C syntax (e.g. 0x0042) or as a comma separated list of flag names. To
|
||||
C syntax (e.g., 0x0042) or as a comma separated list of flag names. To
|
||||
get a list of all supported flags the single word "help" can be used.
|
||||
This option is only useful for debugging and the behavior may change
|
||||
at any time without notice.
|
||||
@ -374,7 +374,7 @@ there for details; here is an example:
|
||||
as given. Replace USERNAME, PASSWORD, and the 'dc' parts
|
||||
according to the instructions received from your LDAP
|
||||
administrator. Note that only simple authentication
|
||||
(i.e. cleartext passwords) is supported and thus using ldaps is
|
||||
(i.e., cleartext passwords) is supported and thus using ldaps is
|
||||
strongly suggested (since 2.2.28 "ldaps" defaults to port 389
|
||||
and uses STARTTLS). On Windows authentication via AD can be
|
||||
requested by adding @code{gpgNtds=1} after the fourth question
|
||||
@ -465,7 +465,7 @@ Lines starting with a @samp{#} are comments.
|
||||
Note that as usual all strings entered are expected to be UTF-8 encoded.
|
||||
Obviously this will lead to problems if the password has originally been
|
||||
encoded as Latin-1. There is no other solution here than to put such a
|
||||
password in the binary encoding into the file (i.e. non-ascii characters
|
||||
password in the binary encoding into the file (i.e., non-ascii characters
|
||||
won't show up readable).@footnote{The @command{gpgconf} tool might be
|
||||
helpful for frontends as it enables editing this configuration file using
|
||||
percent-escaped strings.}
|
||||
@ -681,7 +681,7 @@ those certificates on startup and when given a SIGHUP. Certificates
|
||||
which are not readable or do not make up a proper X.509 certificate
|
||||
are ignored; see the log file for details.
|
||||
|
||||
Applications using dirmngr (e.g. gpgsm) can request these
|
||||
Applications using dirmngr (e.g., gpgsm) can request these
|
||||
certificates to complete a trust chain in the same way as with the
|
||||
extra-certs directory (see below).
|
||||
|
||||
@ -690,7 +690,7 @@ Note that for OCSP responses the certificate specified using the option
|
||||
|
||||
@item /etc/gnupg/extra-certs
|
||||
This directory may contain extra certificates which are preloaded
|
||||
into the internal cache on startup. Applications using dirmngr (e.g. gpgsm)
|
||||
into the internal cache on startup. Applications using dirmngr (e.g., gpgsm)
|
||||
can request cached certificates to complete a trust chain.
|
||||
This is convenient in cases you have a couple intermediate CA certificates
|
||||
or certificates usually used to sign OCSP responses.
|
||||
@ -799,7 +799,7 @@ Enter @code{HELP} at the prompt to see a list of commands and enter
|
||||
@node Dirmngr Signals
|
||||
@section Use of signals
|
||||
|
||||
A running @command{dirmngr} may be controlled by signals, i.e. using
|
||||
A running @command{dirmngr} may be controlled by signals, i.e., using
|
||||
the @command{kill} command to send a signal to the process.
|
||||
|
||||
Here is a list of supported signals:
|
||||
@ -1031,7 +1031,7 @@ includes a local certificate store as well as a list of trusted root
|
||||
certificates.
|
||||
|
||||
@noindent
|
||||
The return code is 0 for success; i.e. the certificate has not been
|
||||
The return code is 0 for success; i.e., the certificate has not been
|
||||
revoked or one of the usual error codes from libgpg-error.
|
||||
|
||||
@node Dirmngr CHECKOCSP
|
||||
@ -1066,7 +1066,7 @@ of the global option @option{--ignore-ocsp-service-url}.
|
||||
|
||||
|
||||
@noindent
|
||||
The return code is 0 for success; i.e. the certificate has not been
|
||||
The return code is 0 for success; i.e., the certificate has not been
|
||||
revoked or one of the usual error codes from libgpg-error.
|
||||
|
||||
@node Dirmngr CACHECERT
|
||||
@ -1088,7 +1088,7 @@ Thus the caller is expected to return the certificate for the request
|
||||
as a binary blob.
|
||||
|
||||
@noindent
|
||||
The return code is 0 for success; i.e. the certificate has not been
|
||||
The return code is 0 for success; i.e., the certificate has not been
|
||||
successfully cached or one of the usual error codes from libgpg-error.
|
||||
|
||||
@node Dirmngr VALIDATE
|
||||
@ -1188,7 +1188,7 @@ as a binary blob.
|
||||
@c does not yet end up in memory.
|
||||
@c * @code{crl_cache_insert} is called with that descriptor to
|
||||
@c actually read the CRL into the cache. See below for a
|
||||
@c description of this function. If there is any error (e.g. read
|
||||
@c description of this function. If there is any error (e.g., read
|
||||
@c problem, CRL not correctly signed or verification of signature
|
||||
@c not possible), this descriptor is rejected and we continue
|
||||
@c with the next name. If the CRL has been successfully loaded,
|
||||
@ -1214,7 +1214,7 @@ as a binary blob.
|
||||
@c a) An authorityKeyIdentifier with an issuer and serialno exits: The
|
||||
@c certificate is retrieved using @code{find_cert_bysn}. If
|
||||
@c the certificate is in the certificate cache, it is directly
|
||||
@c returned. Then the requester (i.e. the client who requested the
|
||||
@c returned. Then the requester (i.e., the client who requested the
|
||||
@c CRL check) is asked via the Assuan inquiry ``SENDCERT'' whether
|
||||
@c he can provide this certificate. If this succeed the returned
|
||||
@c certificate gets cached and returned. Note, that dirmngr does not
|
||||
@ -1293,7 +1293,7 @@ as a binary blob.
|
||||
@c expiration time of all certificates in the chain.
|
||||
@c
|
||||
@c We first check that the certificate may be used for the requested
|
||||
@c purpose (i.e. OCSP or CRL signing). If this is not the case
|
||||
@c purpose (i.e., OCSP or CRL signing). If this is not the case
|
||||
@c GPG_ERR_WRONG_KEY_USAGE is returned.
|
||||
@c
|
||||
@c The next step is to find the trust anchor (root certificate) and to
|
||||
@ -1317,7 +1317,7 @@ as a binary blob.
|
||||
@c Now the issuer's certificate is looked up: If an
|
||||
@c authorityKeyIdentifier is available, this one is used to locate the
|
||||
@c certificate either using issuer and serialnumber or subject DN
|
||||
@c (i.e. the issuer's DN) and the keyID. The functions
|
||||
@c (i.e., the issuer's DN) and the keyID. The functions
|
||||
@c @code{find_cert_bysn) and @code{find_cert_bysubject} are used
|
||||
@c respectively. The have already been described above under the
|
||||
@c description of @code{crl_cache_insert}. If no certificate was found
|
||||
@ -1331,13 +1331,13 @@ as a binary blob.
|
||||
@c actual certificate is checked and in case this fails the error
|
||||
@c #code{GPG_ERR_BAD_CERT_CHAIN} is returned. If the signature checks out, the
|
||||
@c maximum chain length of the issuing certificate is checked as well as
|
||||
@c the capability of the certificate (i.e. whether he may be used for
|
||||
@c the capability of the certificate (i.e., whether he may be used for
|
||||
@c certificate signing). Then the certificate is prepended to our list
|
||||
@c representing the certificate chain. Finally the loop is continued now
|
||||
@c with the issuer's certificate as the current certificate.
|
||||
@c
|
||||
@c After the end of the loop and if no error as been encountered
|
||||
@c (i.e. the certificate chain has been assempled correctly), a check is
|
||||
@c (i.e., the certificate chain has been assempled correctly), a check is
|
||||
@c done whether any certificate expired or a critical policy has not been
|
||||
@c met. In any of these cases the validation terminates with an
|
||||
@c appropriate error.
|
||||
|
||||
@ -72,7 +72,7 @@ the included Secure Shell Agent you may start the agent using:
|
||||
@c One way of enforcing this split is a per-key or per-session
|
||||
@c passphrase, known only by the owner, which must be supplied to the
|
||||
@c agent to permit the use of the secret key material. Another way is
|
||||
@c with an out-of-band permission mechanism (e.g. a button or GUI
|
||||
@c with an out-of-band permission mechanism (e.g@:. a button or GUI
|
||||
@c interface that the owner has access to, but the supplicant does not).
|
||||
@c
|
||||
@c The rationale for this separation is that it allows access to the
|
||||
@ -111,8 +111,8 @@ Please make sure that a proper pinentry program has been installed
|
||||
under the default filename (which is system dependent) or use the
|
||||
option @option{pinentry-program} to specify the full name of that program.
|
||||
It is often useful to install a symbolic link from the actual used
|
||||
pinentry (e.g. @file{@value{BINDIR}/pinentry-gtk}) to the expected
|
||||
one (e.g. @file{@value{BINDIR}/pinentry}).
|
||||
pinentry (e.g., @file{@value{BINDIR}/pinentry-gtk}) to the expected
|
||||
one (e.g., @file{@value{BINDIR}/pinentry}).
|
||||
|
||||
@manpause
|
||||
@noindent
|
||||
@ -178,7 +178,7 @@ If in @file{common.conf} the option @option{no-autostart} is set, any
|
||||
start attempts will be ignored.
|
||||
|
||||
In --supervised mode, different file descriptors can be provided for
|
||||
use as different socket types (e.g. ssh, extra) as long as they are
|
||||
use as different socket types (e.g., ssh, extra) as long as they are
|
||||
identified in the environment variable @code{LISTEN_FDNAMES} (see
|
||||
sd_listen_fds(3) on some Linux distributions for more information on
|
||||
this convention).
|
||||
@ -259,7 +259,7 @@ however carefully selected to best aid in debugging.
|
||||
@item --debug @var{flags}
|
||||
@opindex debug
|
||||
Set debug flags. All flags are or-ed and @var{flags} may be given
|
||||
in C syntax (e.g. 0x0042) or as a comma separated list of flag names.
|
||||
in C syntax (e.g., 0x0042) or as a comma separated list of flag names.
|
||||
To get a list of all supported flags the single word "help" can be
|
||||
used. This option is only useful for debugging and the behavior may
|
||||
change at any time without notice.
|
||||
@ -345,7 +345,7 @@ specify the logging output.
|
||||
@anchor{option --no-allow-mark-trusted}
|
||||
@item --no-allow-mark-trusted
|
||||
@opindex no-allow-mark-trusted
|
||||
Do not allow clients to mark keys as trusted, i.e. put them into the
|
||||
Do not allow clients to mark keys as trusted, i.e., put them into the
|
||||
@file{trustlist.txt} file. This makes it harder for users to inadvertently
|
||||
accept Root-CA keys.
|
||||
|
||||
@ -705,7 +705,7 @@ The order in which keys are presented to ssh are:
|
||||
|
||||
Editing the "Use-for-ssh" values can be done with an editor or using
|
||||
@command{gpg-connect-agent} and "KEYATTR" (Remember to append a colon
|
||||
to the key; i.e. use "Use-for-ssh:").
|
||||
to the key; i.e., use "Use-for-ssh:").
|
||||
|
||||
|
||||
@anchor{option --ssh-fingerprint-digest}
|
||||
@ -713,7 +713,7 @@ to the key; i.e. use "Use-for-ssh:").
|
||||
@opindex ssh-fingerprint-digest
|
||||
|
||||
Select the digest algorithm used to compute ssh fingerprints that are
|
||||
communicated to the user, e.g. in pinentry dialogs. OpenSSH has
|
||||
communicated to the user, e.g., in pinentry dialogs. OpenSSH has
|
||||
transitioned from using MD5 to the more secure SHA256.
|
||||
|
||||
|
||||
@ -819,7 +819,7 @@ It might even be advisable to change the permissions to read-only so
|
||||
that this file can't be changed inadvertently.
|
||||
|
||||
As a special feature a line @code{include-default} will include a global
|
||||
list of trusted certificates (e.g. @file{@value{SYSCONFDIR}/trustlist.txt}).
|
||||
list of trusted certificates (e.g., @file{@value{SYSCONFDIR}/trustlist.txt}).
|
||||
This global list is also used if the local list is not available;
|
||||
the @ref{option --no-user-trustlist} enforces the use of only
|
||||
this global list.
|
||||
@ -881,7 +881,7 @@ The keygrip may be prefixed with a @code{!} to disable an entry.
|
||||
|
||||
The following example lists exactly one key. Note that keys available
|
||||
through a OpenPGP smartcard in the active smartcard reader are
|
||||
implicitly added to this list; i.e. there is no need to list them.
|
||||
implicitly added to this list; i.e., there is no need to list them.
|
||||
|
||||
@cartouche
|
||||
@smallexample
|
||||
@ -914,7 +914,7 @@ a small helper script is provided to create these files (@pxref{addgnupghome}).
|
||||
@mansect signals
|
||||
@node Agent Signals
|
||||
@section Use of some signals
|
||||
A running @command{gpg-agent} may be controlled by signals, i.e. using
|
||||
A running @command{gpg-agent} may be controlled by signals, i.e., using
|
||||
the @command{kill} command to send a signal to the process.
|
||||
|
||||
Here is a list of supported signals:
|
||||
@ -1396,7 +1396,7 @@ convention either the hexified fingerprint of the key shall be used for
|
||||
calling application and a colon: Like @code{gpg:somestring}.
|
||||
|
||||
@var{error_message} is either a single @code{X} for no error message or
|
||||
a string to be shown as an error message like (e.g. "invalid
|
||||
a string to be shown as an error message like (e.g., "invalid
|
||||
passphrase"). Blanks must be percent escaped or replaced by @code{+}'.
|
||||
|
||||
@var{prompt} is either a single @code{X} for a default prompt or the
|
||||
|
||||
56
doc/gpg.texi
56
doc/gpg.texi
@ -330,21 +330,21 @@ The status of the verification is indicated by a flag directly
|
||||
following the "sig" tag (and thus before the flags described below. A
|
||||
"!" indicates that the signature has been successfully verified, a "-"
|
||||
denotes a bad signature and a "%" is used if an error occurred while
|
||||
checking the signature (e.g. a non supported algorithm). Signatures
|
||||
checking the signature (e.g., a non supported algorithm). Signatures
|
||||
where the public key is not available are not listed; to see their
|
||||
keyids the command @option{--list-sigs} can be used.
|
||||
|
||||
For each signature listed, there are several flags in between the
|
||||
signature status flag and keyid. These flags give additional
|
||||
information about each key signature. From left to right, they are
|
||||
the numbers 1-3 for certificate check level (see
|
||||
the numbers 1--3 for certificate check level (see
|
||||
@option{--ask-cert-level}), "L" for a local or non-exportable
|
||||
signature (see @option{--lsign-key}), "R" for a nonRevocable signature
|
||||
(see the @option{--edit-key} command "nrsign"), "P" for a signature
|
||||
that contains a policy URL (see @option{--cert-policy-url}), "N" for a
|
||||
signature that contains a notation (see @option{--cert-notation}), "X"
|
||||
for an eXpired signature (see @option{--ask-cert-expire}), and the
|
||||
numbers 1-9 or "T" for 10 and above to indicate trust signature levels
|
||||
numbers 1--9 or "T" for 10 and above to indicate trust signature levels
|
||||
(see the @option{--edit-key} command "tsign").
|
||||
|
||||
|
||||
@ -405,7 +405,7 @@ description, please see the Card HOWTO at
|
||||
https://gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO . Please
|
||||
note that the command "openpgp" can be used to switch to the OpenPGP
|
||||
application of cards which by default are presenting another
|
||||
application (e.g. PIV).
|
||||
application (e.g., PIV).
|
||||
|
||||
@item --card-status
|
||||
@opindex card-status
|
||||
@ -589,7 +589,7 @@ corrupted trustdb. Example:
|
||||
Update the trustdb with the ownertrust values stored in @code{files} (or
|
||||
STDIN if not given); existing values will be overwritten. In case of a
|
||||
severely damaged trustdb and if you have a recent backup of the
|
||||
ownertrust values (e.g. in the file @file{otrust.txt}), you may re-create
|
||||
ownertrust values (e.g., in the file @file{otrust.txt}), you may re-create
|
||||
the trustdb using these commands:
|
||||
@c man:.RS
|
||||
@example
|
||||
@ -893,7 +893,7 @@ signing.
|
||||
@item delsig
|
||||
@opindex keyedit:delsig
|
||||
Delete a signature. Note that it is not possible to retract a signature,
|
||||
once it has been send to the public (i.e. to a keyserver). In that case
|
||||
once it has been send to the public (i.e., to a keyserver). In that case
|
||||
you better use @code{revsig}.
|
||||
|
||||
@item revsig
|
||||
@ -927,7 +927,7 @@ signing.
|
||||
@opindex keyedit:deluid
|
||||
Delete a user ID or photographic user ID. Note that it is not
|
||||
possible to retract a user id, once it has been send to the public
|
||||
(i.e. to a keyserver). In that case you better use @code{revuid}.
|
||||
(i.e., to a keyserver). In that case you better use @code{revuid}.
|
||||
|
||||
@item revuid
|
||||
@opindex keyedit:revuid
|
||||
@ -1047,7 +1047,7 @@ signing.
|
||||
@item delkey
|
||||
@opindex keyedit:delkey
|
||||
Remove a subkey (secondary key). Note that it is not possible to retract
|
||||
a subkey, once it has been send to the public (i.e. to a keyserver). In
|
||||
a subkey, once it has been send to the public (i.e., to a keyserver). In
|
||||
that case you better use @code{revkey}. Also note that this only
|
||||
deletes the public part of a key.
|
||||
|
||||
@ -1099,7 +1099,7 @@ signing.
|
||||
@item clean
|
||||
@opindex keyedit:clean
|
||||
Compact (by removing all signatures except the selfsig) any user ID
|
||||
that is no longer usable (e.g. revoked, or expired). Then, remove any
|
||||
that is no longer usable (e.g., revoked, or expired). Then, remove any
|
||||
signatures that are not usable by the trust calculations.
|
||||
Specifically, this removes any signature that does not validate, any
|
||||
signature that is superseded by a later signature, revoked signatures,
|
||||
@ -1113,7 +1113,7 @@ signing.
|
||||
@item change-usage
|
||||
@opindex keyedit:change-usage
|
||||
Change the usage flags (capabilities) of the primary key or of
|
||||
subkeys. These usage flags (e.g. Certify, Sign, Authenticate,
|
||||
subkeys. These usage flags (e.g., Certify, Sign, Authenticate,
|
||||
Encrypt) are set during key creation. Sometimes it is useful to
|
||||
have the opportunity to change them (for example to add
|
||||
Authenticate) after they have been created. Please take care when
|
||||
@ -1538,9 +1538,9 @@ will be expanded to a filename containing the photo. "%I" does the
|
||||
same, except the file will not be deleted once the viewer exits.
|
||||
Other flags are "%k" for the key ID, "%K" for the long key ID, "%f"
|
||||
for the key fingerprint, "%t" for the extension of the image type
|
||||
(e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"),
|
||||
(e.g., "jpg"), "%T" for the MIME type of the image (e.g., "image/jpeg"),
|
||||
"%v" for the single-character calculated validity of the image being
|
||||
viewed (e.g. "f"), "%V" for the calculated validity as a string (e.g.
|
||||
viewed (e.g., "f"), "%V" for the calculated validity as a string (e.g.,
|
||||
"full"), "%U" for a base32 encoded hash of the user ID,
|
||||
and "%%" for an actual percent sign. If neither %i or %I are present,
|
||||
then the photo will be supplied to the viewer on standard input.
|
||||
@ -2019,7 +2019,7 @@ default), that keyserver is tried. Note that the creator of the
|
||||
signature uses the option @option{--sig-keyserver-url} to specify the
|
||||
preferred keyserver for data signatures.
|
||||
|
||||
3. If the signature has the Signer's UID set (e.g. using
|
||||
3. If the signature has the Signer's UID set (e.g., using
|
||||
@option{--sender} while creating the signature) a Web Key Directory
|
||||
(WKD) lookup is done. This is the default configuration but can be
|
||||
disabled by removing WKD from the auto-key-locate list or by using the
|
||||
@ -2267,7 +2267,7 @@ suppressed on the command line.
|
||||
@itemx --no-require-secmem
|
||||
@opindex require-secmem
|
||||
Refuse to run if GnuPG cannot get secure memory. Defaults to no
|
||||
(i.e. run, but give a warning).
|
||||
(i.e., run, but give a warning).
|
||||
|
||||
|
||||
@item --require-cross-certification
|
||||
@ -2397,7 +2397,7 @@ id used to make the signature and embeds that user ID into the created
|
||||
signature (using OpenPGP's ``Signer's User ID'' subpacket). If the
|
||||
option is given multiple times a suitable user ID is picked. However,
|
||||
if the signing key was specified directly by using a mail address
|
||||
(i.e. not by using a fingerprint or key ID) this option is used and
|
||||
(i.e., not by using a fingerprint or key ID) this option is used and
|
||||
the mail address is embedded in the created signature.
|
||||
|
||||
When verifying a signature @var{mbox} is used to restrict the
|
||||
@ -2506,7 +2506,7 @@ the @option{--status-fd} line ``PROGRESS'' to provide a value for
|
||||
@item --key-origin @var{string}[,@var{url}]
|
||||
@opindex key-origin
|
||||
gpg can track the origin of a key. Certain origins are implicitly
|
||||
known (e.g. keyserver, web key directory) and set. For a standard
|
||||
known (e.g., keyserver, web key directory) and set. For a standard
|
||||
import the origin of the keys imported can be set with this option.
|
||||
To list the possible values use "help" for @var{string}. Some origins
|
||||
can store an optional @var{url} argument. That URL can appended to
|
||||
@ -2674,13 +2674,13 @@ The available properties are:
|
||||
@itemx key_created_d
|
||||
The first is the timestamp a public key or subkey packet was
|
||||
created. The second is the same but given as an ISO string,
|
||||
e.g. "2016-08-17". (drop-subkey)
|
||||
e.g., "2016-08-17". (drop-subkey)
|
||||
|
||||
@item key_expires
|
||||
@itemx key_expires_d
|
||||
The expiration time of a public key or subkey or 0 if it does not
|
||||
expire. The second is the same but given as an ISO date string or
|
||||
an empty string e.g. "2038-01-19".
|
||||
an empty string e.g., "2038-01-19".
|
||||
|
||||
@item fpr
|
||||
The hexified fingerprint of the current subkey or primary key.
|
||||
@ -2713,7 +2713,7 @@ The available properties are:
|
||||
@itemx sig_created_d
|
||||
The first is the timestamp a signature packet was created. The
|
||||
second is the same but given as an ISO date string,
|
||||
e.g. "2016-08-17". (drop-sig)
|
||||
e.g., "2016-08-17". (drop-sig)
|
||||
|
||||
@item sig_algo
|
||||
A number with the public key algorithm of a signature packet. (drop-sig)
|
||||
@ -2833,7 +2833,7 @@ obsolete; it does not harm to use it though.
|
||||
@opindex legacy-list-mode
|
||||
Revert to the pre-2.1 public key list mode. This only affects the
|
||||
human readable output and not the machine interface
|
||||
(i.e. @code{--with-colons}). Note that the legacy format does not
|
||||
(i.e., @code{--with-colons}). Note that the legacy format does not
|
||||
convey suitable information for elliptic curves.
|
||||
|
||||
@item --with-fingerprint
|
||||
@ -2969,7 +2969,7 @@ to safely override the algorithm chosen by the recipient key
|
||||
preferences, as GPG will only select an algorithm that is usable by
|
||||
all recipients. The most highly ranked digest algorithm in this list
|
||||
is also used when signing without encryption
|
||||
(e.g. @option{--clear-sign} or @option{--sign}).
|
||||
(e.g., @option{--clear-sign} or @option{--sign}).
|
||||
|
||||
@item --personal-compress-preferences @var{string}
|
||||
@opindex personal-compress-preferences
|
||||
@ -2980,7 +2980,7 @@ allows the user to safely override the algorithm chosen by the
|
||||
recipient key preferences, as GPG will only select an algorithm that
|
||||
is usable by all recipients. The most highly ranked compression
|
||||
algorithm in this list is also used when there are no recipient keys
|
||||
to consider (e.g. @option{--symmetric}).
|
||||
to consider (e.g., @option{--symmetric}).
|
||||
|
||||
@item --s2k-cipher-algo @var{name}
|
||||
@opindex s2k-cipher-algo
|
||||
@ -3006,7 +3006,7 @@ of times (see @option{--s2k-count}).
|
||||
Specify how many times the passphrases mangling for symmetric
|
||||
encryption is repeated. This value may range between 1024 and
|
||||
65011712 inclusive. The default is inquired from gpg-agent. Note
|
||||
that not all values in the 1024-65011712 range are legal and if an
|
||||
that not all values in the 1024--65011712 range are legal and if an
|
||||
illegal value is selected, GnuPG will round up to the nearest legal
|
||||
value. This option is only meaningful if @option{--s2k-mode} is set
|
||||
to the default of 3.
|
||||
@ -3176,7 +3176,7 @@ however carefully selected to best aid in debugging.
|
||||
@item --debug @var{flags}
|
||||
@opindex debug
|
||||
Set debug flags. All flags are or-ed and @var{flags} may be given
|
||||
in C syntax (e.g. 0x0042) or as a comma separated list of flag names.
|
||||
in C syntax (e.g., 0x0042) or as a comma separated list of flag names.
|
||||
To get a list of all supported flags the single word "help" can be
|
||||
used. This option is only useful for debugging and the behavior may
|
||||
change at any time without notice.
|
||||
@ -3211,7 +3211,7 @@ only useful for certain regression tests.
|
||||
This option is only useful for testing; it sets the system time back
|
||||
or forth to @var{epoch} which is the number of seconds elapsed since
|
||||
the year 1970. Alternatively @var{epoch} may be given as a full ISO
|
||||
time string (e.g. "20070924T154812").
|
||||
time string (e.g., "20070924T154812").
|
||||
|
||||
If you suffix @var{epoch} with an exclamation mark (!), the system time
|
||||
will appear to be frozen at the specified time.
|
||||
@ -3537,7 +3537,7 @@ are:
|
||||
@opindex no-symkey-cache
|
||||
Disable the passphrase cache used for symmetrical en- and decryption.
|
||||
This cache is based on the message specific salt value
|
||||
(cf. @option{--s2k-mode}).
|
||||
(cf.@: @option{--s2k-mode}).
|
||||
|
||||
@item --request-origin @var{origin}
|
||||
@opindex request-origin
|
||||
@ -4606,7 +4606,7 @@ If you don't give any of them, no user ID is created.
|
||||
|
||||
@item Expire-Date: @var{iso-date}|(@var{number}[d|w|m|y])
|
||||
Set the expiration date for the key (and the subkey). It may either
|
||||
be entered in ISO date format (e.g. "20000815T145012") or as number of
|
||||
be entered in ISO date format (e.g., "20000815T145012") or as number of
|
||||
days, weeks, month or years after the creation date. The special
|
||||
notation "seconds=N" is also allowed to specify a number of seconds
|
||||
since creation. Without a letter days are assumed. Note that there
|
||||
@ -4631,7 +4631,7 @@ in the @option{--edit-key} menu.
|
||||
|
||||
@item Revoker: @var{algo}:@var{fpr} [sensitive]
|
||||
Add a designated revoker to the generated key. Algo is the public key
|
||||
algorithm of the designated revoker (i.e. RSA=1, DSA=17, etc.)
|
||||
algorithm of the designated revoker (i.e., RSA=1, DSA=17, etc.)
|
||||
@var{fpr} is the fingerprint of the designated revoker. The optional
|
||||
@samp{sensitive} flag marks the designated revoker as sensitive
|
||||
information. Only v4 keys may be designated revokers.
|
||||
|
||||
@ -136,7 +136,7 @@ Run in server mode and wait for commands on the @code{stdin}.
|
||||
Behave as a Dirmngr client issuing the request @var{command} with the
|
||||
optional list of @var{args}. The output of the Dirmngr is printed
|
||||
stdout. Please note that file names given as arguments should have an
|
||||
absolute file name (i.e. commencing with @code{/}) because they are
|
||||
absolute file name (i.e., commencing with @code{/}) because they are
|
||||
passed verbatim to the Dirmngr and the working directory of the
|
||||
Dirmngr might not be the same as the one of this client. Currently it
|
||||
is not possible to pass data via stdin to the Dirmngr. @var{command}
|
||||
@ -259,7 +259,7 @@ optional @var{pattern}. Those pattern consist of a list of user ids
|
||||
@option{--armor} option a few informational lines are prepended before
|
||||
each block. There is one limitation: As there is no commonly agreed
|
||||
upon way to pack more than one certificate into an ASN.1 structure,
|
||||
the binary export (i.e. without using @option{armor}) works only for
|
||||
the binary export (i.e., without using @option{armor}) works only for
|
||||
the export of one certificate. Thus it is required to specify a
|
||||
@var{pattern} which yields exactly one certificate. Ephemeral
|
||||
certificate are only exported if all @var{pattern} are given as
|
||||
@ -462,7 +462,7 @@ line of the @file{trustlist.txt}
|
||||
@opindex force-crl-refresh
|
||||
Tell the dirmngr to reload the CRL for each request. For better
|
||||
performance, the dirmngr will actually optimize this by suppressing
|
||||
the loading for short time intervals (e.g. 30 minutes). This option
|
||||
the loading for short time intervals (e.g., 30 minutes). This option
|
||||
is useful to make sure that a fresh CRL is available for certificates
|
||||
hold in the keybox. The suggested way of doing this is by using it
|
||||
along with the option @option{--with-validation} for a key listing
|
||||
@ -539,7 +539,7 @@ Create PEM encoded output. Default is binary output.
|
||||
|
||||
@item --base64
|
||||
@opindex base64
|
||||
Create Base-64 encoded output; i.e. PEM without the header lines.
|
||||
Create Base-64 encoded output; i.e., PEM without the header lines.
|
||||
|
||||
@item --assume-armor
|
||||
@opindex assume-armor
|
||||
@ -639,7 +639,7 @@ done with @code{--with-colons}.
|
||||
@item --no-pretty-dn
|
||||
@opindex no-pretty-dn
|
||||
By default gpgsm prints distinguished names (DNs) like the Issuer or
|
||||
Subject in a more readable format (e.g. using a well defined order of
|
||||
Subject in a more readable format (e.g., using a well defined order of
|
||||
the parts). However, this format can't be used as input strings.
|
||||
This option reverts printing to standard RFC-2253 format and thus
|
||||
avoids the need to use --dump-cert or --with-colons to get the
|
||||
@ -747,7 +747,7 @@ key database clear of unneeded certificates stored on smartcards.
|
||||
This option is only useful for testing; it sets the system time back or
|
||||
forth to @var{epoch} which is the number of seconds elapsed since the year
|
||||
1970. Alternatively @var{epoch} may be given as a full ISO time string
|
||||
(e.g. "20070924T154812").
|
||||
(e.g., "20070924T154812").
|
||||
|
||||
@item --with-ephemeral-keys
|
||||
@opindex with-ephemeral-keys
|
||||
@ -794,7 +794,7 @@ however carefully selected to best aid in debugging.
|
||||
@item --debug @var{flags}
|
||||
@opindex debug
|
||||
Set debug flags. All flags are or-ed and @var{flags} may be given
|
||||
in C syntax (e.g. 0x0042) or as a comma separated list of flag names.
|
||||
in C syntax (e.g., 0x0042) or as a comma separated list of flag names.
|
||||
To get a list of all supported flags the single word "help" can be
|
||||
used. This option is only useful for debugging and the behavior may
|
||||
change at any time without notice.
|
||||
@ -967,9 +967,9 @@ This is plain text file with a few help entries used with
|
||||
@command{gpg} and @command{gpgsm}. The standard file has English help
|
||||
texts; to install localized versions use filenames like @file{help.LL.txt}
|
||||
with LL denoting the locale. GnuPG comes with a set of predefined help
|
||||
files in the data directory (e.g. @file{@value{DATADIR}/gnupg/help.de.txt})
|
||||
files in the data directory (e.g., @file{@value{DATADIR}/gnupg/help.de.txt})
|
||||
and allows overriding of any help item by help files stored in the
|
||||
system configuration directory (e.g. @file{@value{SYSCONFDIR}/help.de.txt}).
|
||||
system configuration directory (e.g., @file{@value{SYSCONFDIR}/help.de.txt}).
|
||||
For a reference of the help file's syntax, please see the installed
|
||||
@file{help.txt} file.
|
||||
|
||||
@ -980,7 +980,7 @@ This file is a collection of common certificates used to populated a
|
||||
newly created @file{pubring.kbx}. An administrator may replace this
|
||||
file with a custom one. The format is a concatenation of PEM encoded
|
||||
X.509 certificates. This global file is installed in the data directory
|
||||
(e.g. @file{@value{DATADIR}/com-certs.pem}).
|
||||
(e.g., @file{@value{DATADIR}/com-certs.pem}).
|
||||
|
||||
@end table
|
||||
|
||||
@ -1093,7 +1093,7 @@ of a transfer error, a program error or tampering with the message).
|
||||
@end table
|
||||
|
||||
@item Error verifying a signature
|
||||
For some reason the signature could not be verified, i.e. it cannot be
|
||||
For some reason the signature could not be verified, i.e., it cannot be
|
||||
decided whether the signature is valid or invalid. A common reason for
|
||||
this is a missing certificate.
|
||||
|
||||
@ -1274,7 +1274,7 @@ provides a regular command line interface which exhibits a full client
|
||||
to this protocol (but uses internal linking). To start
|
||||
@command{gpgsm} as a server the command line the option
|
||||
@code{--server} must be used. Additional options are provided to
|
||||
select the communication method (i.e. the name of the socket).
|
||||
select the communication method (i.e., the name of the socket).
|
||||
|
||||
We assume that the connection has already been established; see the
|
||||
Assuan manual for details.
|
||||
@ -1338,7 +1338,7 @@ correct.
|
||||
OUTPUT FD[=@var{n}] [--armor|--base64]
|
||||
@end example
|
||||
|
||||
Set the file descriptor to be used for the output (i.e. the encrypted
|
||||
Set the file descriptor to be used for the output (i.e., the encrypted
|
||||
message). Obviously the pipe must be open at that point, the server
|
||||
establishes its own end. If the server returns an error the client
|
||||
should consider this session failed.
|
||||
@ -1382,7 +1382,7 @@ The decryption is done by using the command
|
||||
@end example
|
||||
|
||||
It performs the decrypt operation after doing some check on the internal
|
||||
state (e.g. that all needed data has been set). Because it utilizes
|
||||
state (e.g., that all needed data has been set). Because it utilizes
|
||||
the GPG-Agent for the session key decryption, there is no need to ask
|
||||
the client for a protecting passphrase - GpgAgent takes care of this by
|
||||
requesting this from the user.
|
||||
|
||||
@ -80,7 +80,7 @@ would anyway ignore such a request. Thus just hit enter.
|
||||
|
||||
If you want to create a client certificate for email encryption, this
|
||||
would be the place to enter your mail address
|
||||
(e.g. @email{joe@@example.org}). You may enter as many addresses as you like,
|
||||
(e.g., @email{joe@@example.org}). You may enter as many addresses as you like,
|
||||
however the CA may not accept them all or reject the entire request.
|
||||
|
||||
@cartouche
|
||||
|
||||
@ -161,7 +161,7 @@ helpers to debug problems.
|
||||
@item --debug @var{flags}
|
||||
@opindex debug
|
||||
Set debug flags. All flags are or-ed and @var{flags} may be given
|
||||
in C syntax (e.g. 0x0042) or as a comma separated list of flag names.
|
||||
in C syntax (e.g., 0x0042) or as a comma separated list of flag names.
|
||||
To get a list of all supported flags the single word "help" can be
|
||||
used. This option is only useful for debugging and the behavior may
|
||||
change at any time without notice.
|
||||
@ -238,7 +238,7 @@ this option only if you know what you are doing.
|
||||
Use @var{library} to access the smartcard reader. The current default
|
||||
on Unix is @file{libpcsclite.so} and on Windows @file{winscard.dll}.
|
||||
Instead of using this option you might also want to install a symbolic
|
||||
link to the default file name (e.g. from @file{libpcsclite.so.1}).
|
||||
link to the default file name (e.g., from @file{libpcsclite.so.1}).
|
||||
A Unicode file name may not be used on Windows.
|
||||
|
||||
@item --ctapi-driver @var{library}
|
||||
@ -505,7 +505,7 @@ will return an error when a card change has been detected and the use of
|
||||
this function is therefore required.
|
||||
|
||||
Background: We want to keep the client clear of handling card changes
|
||||
between operations; i.e. the client can assume that all operations are
|
||||
between operations; i.e., the client can assume that all operations are
|
||||
done on the same card unless he call this function.
|
||||
|
||||
@example
|
||||
@ -719,7 +719,7 @@ reset the card.
|
||||
|
||||
This is used by gpg-agent to reuse a primary pipe connection and
|
||||
may be used by clients to backup from a conflict in the serial
|
||||
command; i.e. to select another application.
|
||||
command; i.e., to select another application.
|
||||
|
||||
|
||||
|
||||
|
||||
@ -39,7 +39,7 @@ using the option @option{--with-colons}.
|
||||
@item By fingerprint.
|
||||
This format is deduced from the length of the string and its content or
|
||||
the @code{0x} prefix. Note, that only the 20 byte version fingerprint
|
||||
is available with @command{gpgsm} (i.e. the SHA-1 hash of the
|
||||
is available with @command{gpgsm} (i.e., the SHA-1 hash of the
|
||||
certificate).
|
||||
|
||||
When using @command{gpg} an exclamation mark (!) may be appended to
|
||||
@ -88,7 +88,7 @@ with left and right angles.
|
||||
@item By partial match on an email address.
|
||||
This is indicated by prefixing the search string with an @code{@@}.
|
||||
This uses a substring search but considers only the mail address
|
||||
(i.e. inside the angle brackets).
|
||||
(i.e., inside the angle brackets).
|
||||
|
||||
@cartouche
|
||||
@example
|
||||
|
||||
@ -124,7 +124,7 @@ $ watchgnupg --time-only
|
||||
@end example
|
||||
|
||||
This waits for connections on the local socket
|
||||
(e.g. @file{/var/run/user/1234/gnupg/S.log}) and shows all log
|
||||
(e.g., @file{/var/run/user/1234/gnupg/S.log}) and shows all log
|
||||
entries. To make this work the option @option{log-file} needs to be
|
||||
used with all modules which logs are to be shown. The suggested entry
|
||||
for the configuration files is:
|
||||
@ -1247,7 +1247,7 @@ Alternatively an arbitrary string may be used to identify a
|
||||
passphrase; it is suggested that such a string is prefixed with the
|
||||
name of the application (e.g @code{foo:12346}). Scripts should always
|
||||
use the option @option{--with-colons}, which provides the keygrip in a
|
||||
"grp" line (cf. @file{doc/DETAILS})/
|
||||
"grp" line (cf.@: @file{doc/DETAILS})/
|
||||
|
||||
@noindent
|
||||
One of the following command options must be given:
|
||||
@ -1728,7 +1728,7 @@ The return value of this command is
|
||||
@table @code
|
||||
|
||||
@item 0
|
||||
The certificate under question is valid; i.e. there is a valid CRL
|
||||
The certificate under question is valid; i.e., there is a valid CRL
|
||||
available and it is not listed there or the OCSP request returned that
|
||||
that certificate is valid.
|
||||
|
||||
@ -2051,9 +2051,9 @@ This option is deprecated in favor of option @option{--directory}.
|
||||
|
||||
@item --no-compress
|
||||
@opindex no-compress
|
||||
This option tells gpg to disable compression (i.e. using option -z0).
|
||||
This option tells gpg to disable compression (i.e., using option -z0).
|
||||
It is useful for archiving only large files which are are already
|
||||
compressed (e.g. a set of videos).
|
||||
compressed (e.g., a set of videos).
|
||||
|
||||
@item --gpg @var{gpgcmd}
|
||||
@opindex gpg
|
||||
|
||||
@ -212,7 +212,7 @@ The default is @file{openpgpkey}.
|
||||
@opindex blacklist
|
||||
This option is used to exclude certain mail addresses from a mirror
|
||||
operation. The format of @var{file} is one mail address (just the
|
||||
addrspec, e.g. "postel@@isi.edu") per line. Empty lines and lines
|
||||
addrspec, e.g., "postel@@isi.edu") per line. Empty lines and lines
|
||||
starting with a '#' are ignored.
|
||||
|
||||
@item --add-revocs
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user