security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-27 02:02:45 +02:00
Code Activity

* gpg.sgml: Add "edit/addrevoker". Document --desig-revoke. Note that -z

Browse Source 
and --compress are the same option.  Note that --digest-algo can no longer
violate OpenPGP with a non-160 bit hash with DSA.  Document
--cert-digest-algo with suitable warnings not to use it.  Note the default
s2k-cipher-algo is now CAST5. Note that --force-v3-sigs overrides
--ask-sig-expire.  Revise --expert documentation, as it is now definitely
legal to have more than one photo ID on a key.  --preference-list is now
--default-preference-list with the new meaning.  Document
--personal-preference-list.

* DETAILS: Document "Revoker" for batch key generation.
This commit is contained in:
David Shaw 2002-05-31 22:34:16 +00:00
parent 5f3acaffa9
commit 1848ef6950
3 changed files with 83 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
doc/ChangeLog
View File

@ -1,3 +1,18 @@
2002-05-31 David Shaw <dshaw@jabberwocky.com>
* gpg.sgml: Add "edit/addrevoker". Document --desig-revoke. Note
that -z and --compress are the same option. Note that
--digest-algo can no longer violate OpenPGP with a non-160 bit
hash with DSA. Document --cert-digest-algo with suitable warnings
not to use it. Note the default s2k-cipher-algo is now CAST5.
Note that --force-v3-sigs overrides --ask-sig-expire. Revise
--expert documentation, as it is now definitely legal to have more
than one photo ID on a key. --preference-list is now
--default-preference-list with the new meaning. Document
--personal-preference-list.
* DETAILS: Document "Revoker" for batch key generation.
2002-05-22 Werner Koch <wk@gnupg.org> 2002-05-22 Werner Koch <wk@gnupg.org>
* gpg.sgml: sgml syntax fix. * gpg.sgml: sgml syntax fix.

7
doc/DETAILS
View File

@ -463,6 +463,13 @@ The format of this file is as follows:
Set the cipher, hash, and compression preference values for Set the cipher, hash, and compression preference values for
this key. This expects the same type of string as "setpref" this key. This expects the same type of string as "setpref"
in the --edit menu. in the --edit menu.
Revoker: <algo>:<fpr> [sensitive]
Add a designated revoker to the generated key. Algo is the
public key algorithm of the designated revoker (i.e. RSA=1,
DSA=17, etc.) Fpr is the fingerprint of the designated
revoker. The optional "sensitive" flag marks the designated
revoker as sensitive information. Only v4 keys may be
designated revokers.
Here is an example: Here is an example:
$ cat >foo <<EOF $ cat >foo <<EOF

95
doc/gpg.sgml
View File

@ -345,6 +345,10 @@ Add a subkey to this key.</para></listitem></varlistentry>
<term>delkey</term> <term>delkey</term>
<listitem><para> <listitem><para>
Remove a subkey.</para></listitem></varlistentry> Remove a subkey.</para></listitem></varlistentry>
<varlistentry>
<term>addrevoker</term>
<listitem><para>
Add a designated revoker.</para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>revkey</term> <term>revkey</term>
<listitem><para> <listitem><para>
@ -494,6 +498,13 @@ Generate a revocation certificate for the complete key. To revoke
a subkey or a signature, use the --edit command. a subkey or a signature, use the --edit command.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry>
<term>--desig-revoke</term>
<listitem><para>
Generate a designated revocation certificate for a key. This allows a
user (with the permission of the keyholder) to revoke someone elses
key.
</para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--export &OptParmNames;</term> <term>--export &OptParmNames;</term>
@ -788,7 +799,7 @@ Try to be as quiet as possible.
<varlistentry> <varlistentry>
<term>-z &ParmN;</term> <term>-z &ParmN;, --compress &ParmN;</term>
<listitem><para> <listitem><para>
Set compression level to &ParmN;. A value of 0 for &ParmN; Set compression level to &ParmN;. A value of 0 for &ParmN;
disables compression. Default is to use the default disables compression. Default is to use the default
@ -1336,25 +1347,32 @@ selected from the preferences stored with the key.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--digest-algo &ParmName;</term> <term>--digest-algo &ParmName;</term>
<listitem><para> <listitem><para>
Use &ParmName; as message digest algorithm. Running the Use &ParmName; as the message digest algorithm. Running the program
program with the command --version yields a list of with the command --version yields a list of supported algorithms.
supported algorithms. Please note that using this </para></listitem></varlistentry>
option may violate the OpenPGP requirement, that a
160 bit hash is to be used for DSA.
<varlistentry>
<term>--cert-digest-algo &ParmName;</term>
<listitem><para>
Use &ParmName; as the message digest algorithm used when signing a
key. Running the program with the command --version yields a list of
supported algorithms. Be aware that if you choose an algorithm that
GnuPG supports but other OpenPGP implementations do not, then some
users will not be able to use the key signatures you make, or quite
possibly your entire key.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--s2k-cipher-algo &ParmName;</term> <term>--s2k-cipher-algo &ParmName;</term>
<listitem><para> <listitem><para>
Use &ParmName; as the cipher algorithm used to protect secret Use &ParmName; as the cipher algorithm used to protect secret keys.
keys. The default cipher is BLOWFISH. This cipher is The default cipher is CAST5. This cipher is also used for
also used for conventional encryption if --cipher-algo conventional encryption if --cipher-algo is not given.
is not given.
</para></listitem></varlistentry> </para></listitem></varlistentry>
@ -1591,23 +1609,22 @@ Resets the --pgp7 option.
<varlistentry> <varlistentry>
<term>--openpgp</term> <term>--openpgp</term>
<listitem><para> <listitem><para>
Reset all packet, cipher and digest options to OpenPGP Reset all packet, cipher and digest options to OpenPGP behavior. Use
behavior. Use this option to reset all previous this option to reset all previous options like --rfc1991,
options like --rfc1991, --force-v3-sigs, --s2k-*, --force-v3-sigs, --s2k-*, --cipher-algo, --digest-algo and
--cipher-algo, --digest-algo and --compress-algo to --compress-algo to OpenPGP compliant values. All PGP workarounds are
OpenPGP compliant values. All PGP workarounds are also also disabled.
disabled.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--force-v3-sigs</term> <term>--force-v3-sigs</term>
<listitem><para> <listitem><para>
OpenPGP states that an implementation should generate OpenPGP states that an implementation should generate v4 signatures
v4 signatures but PGP versions 5 and higher do only recognizes but PGP versions 5 and higher only recognize v4 signatures on key
v4 signatures material. This option forces v3 signatures for signatures on data.
on key material. This option forces v3 signatures for Note that this option overrides --ask-sig-expire, as v3 signatures
signatures on data. cannot have expiration dates.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
@ -1633,9 +1650,9 @@ Reset the --force-v4-certs option.
<varlistentry> <varlistentry>
<term>--force-mdc</term> <term>--force-mdc</term>
<listitem><para> <listitem><para>
Force the use of encryption with appended manipulation Force the use of encryption with appended manipulation code. This is
code. This is always used with the newer ciphers (those always used with the newer ciphers (those with a blocksize greater
with a blocksize greater than 64 bit). than 64 bit).
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
@ -1899,11 +1916,11 @@ Resets the --ask-cert-expire option.
<varlistentry> <varlistentry>
<term>--expert</term> <term>--expert</term>
<listitem><para> <listitem><para>
Allow the user to do certain nonsenical or "silly" things like signing Allow the user to do certain nonsensical or "silly" things like
an expired or revoked key, or certain potentially incompatible things signing an expired or revoked key, or certain potentially incompatible
like adding more than one photo ID to a single key. In general, this things like generating deprecated key types. In general, this option
option is for experts only. If you don't really understand what it is is for experts only. If you don't fully understand the implications
doing, leave this off. of what it allows you to do, leave this off.
</para></listitem></varlistentry </para></listitem></varlistentry
<varlistentry> <varlistentry>
@ -1955,11 +1972,21 @@ read/write only. Use this option only if you really know what you are doing.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--preference-list &ParmString</term> <term>--personal-preference-list &ParmString</term>
<listitem><para> <listitem><para>
Set the list of preferences to &ParmString;, this list should be Set the list of personal preferences to &ParmString;, this list should
a string similar to the one printed by the command "pref" in the edit be a string similar to the one printed by the command "pref" in the
menu. edit menu. This allows the user to factor in their own preferred
algorithms when algorithms are chosen via recipient key preferences.
</para></listitem></varlistentry>
<varlistentry>
<term>--default-preference-list &ParmString</term>
<listitem><para>
Set the list of default preferences to &ParmString;, this list should
be a string similar to the one printed by the command "pref" in the
edit menu. This affects both key generation and "updpref" in the edit
menu.
</para></listitem></varlistentry> </para></listitem></varlistentry>