security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

Finished preparations for 2.0.17

This commit is contained in:
Werner Koch 2011-01-13 16:01:21 +01:00
parent eb3d99a716
commit 1f874f860c
22 changed files with 1104 additions and 346 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -44,7 +44,6 @@ common/t-percent
common/t-session-env
common/t-sexputil
common/t-sysutils
doc/FAQ
doc/addgnupghome.8
doc/applygnupgdefaults.8
doc/faq.html

4
ChangeLog
View File

@ -1,3 +1,7 @@
2011-01-13 Werner Koch <wk@g10code.com>
Release 2.0.17.
2011-01-11 Werner Koch <wk@g10code.com>
* configure.ac: Add option --enable-gpgtar.

2
NEWS
View File

@ -1,4 +1,4 @@
Noteworthy changes in version 2.0.17 (unreleased)
Noteworthy changes in version 2.0.17 (2011-01-13)
-------------------------------------------------
* Allow more hash algorithms with the OpenPGP v2 card.

2
configure.ac
View File

@ -25,7 +25,7 @@ min_automake_version="1.10"
# Set my_issvn to "yes" for non-released code. Remember to run an
# "svn up" and "autogen.sh" right before creating a distribution.
m4_define([my_version], [2.0.17])
m4_define([my_issvn], [yes])
m4_define([my_issvn], [no])
m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \
| sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))

6
doc/ChangeLog
View File

@ -1,3 +1,9 @@
2011-01-13 Werner Koch <wk@g10code.com>
* FAQ: Make it a static file with a pointer to the online location.
* Makefile.am (EXTRA_DIST): Remove faq.raw and faq.html.
(FAQ, faq.html): Remove these targets
2010-03-05 Werner Koch <wk@g10code.com>
* gpg.texi (GPG Configuration Options): Mention that

52
doc/DETAILS
View File

@ -34,7 +34,7 @@ record; gpg2 does this by default and the option is a dummy.
rev = revocation signature
fpr = fingerprint: (fingerprint is in field 10)
pkd = public key data (special field format, see below)
grp = reserved for gpgsm
grp = keygrip
rvk = revocation key
tru = trust database information
spk = signature subpacket
@ -221,12 +221,13 @@ more arguments in future versions.
GOODSIG <long_keyid_or_fpr> <username>
The signature with the keyid is good. For each signature only
one of the three codes GOODSIG, BADSIG or ERRSIG will be
emitted and they may be used as a marker for a new signature.
The username is the primary one encoded in UTF-8 and %XX
escaped. The fingerprint may be used instead of the long keyid
if it is available. This is the case with CMS and might
eventually also be available for OpenPGP.
one of the codes GOODSIG, BADSIG, EXPSIG, EXPKEYSIG, REVKEYSIG
or ERRSIG will be emitted. In the past they were used as a
marker for a new signature; new code should use the NEWSIG
status instead. The username is the primary one encoded in
UTF-8 and %XX escaped. The fingerprint may be used instead of
the long keyid if it is available. This is the case with CMS
and might eventually also be available for OpenPGP.
EXPSIG <long_keyid_or_fpr> <username>
The signature with the keyid is good, but the signature is
@ -464,7 +465,8 @@ more arguments in future versions.
4 := "Error storing certificate".
IMPORT_RES <count> <no_user_id> <imported> <imported_rsa> <unchanged>
<n_uids> <n_subk> <n_sigs> <n_revoc> <sec_read> <sec_imported> <sec_dups> <not_imported>
<n_uids> <n_subk> <n_sigs> <n_revoc> <sec_read> <sec_imported>
<sec_dups> <skipped_new_keys> <not_imported>
Final statistics on import process (this is one long line)
FILE_START <what> <filename>
@ -585,7 +587,8 @@ more arguments in future versions.
8 := "Policy mismatch"
9 := "Not a secret key"
10 := "Key not trusted"
11 := "Missing certificate" (e.g. intermediate or root cert.)
11 := "Missing certificate"
12 := "Missing issuer certificate"
Note that for historical reasons the INV_RECP status is also
used for gpgsm's SIGNER command where it relates to signer's
@ -616,6 +619,12 @@ more arguments in future versions.
prefixed with a numerical error code and an underscore; e.g.:
"151011327_EOF".
SUCCESS [<location>]
Postive confirimation that an operation succeeded. <location>
is optional but if given should not contain spaces.
Used only with a few commands.
ATTRIBUTE <fpr> <octets> <type> <index> <count>
<timestamp> <expiredate> <flags>
This is one long line issued for each attribute subpacket when
@ -680,6 +689,11 @@ more arguments in future versions.
A backup key named FNAME has been created for the key with
KEYID.
MOUNTPOINT <name>
NAME is a percent-plus escaped filename describing the
mountpoint for the current operation (e.g. g13 --mount). This
may either be the specified mountpoint or one randomly choosen
by g13.
Format of the "--attribute-fd" output
@ -724,7 +738,9 @@ version: the third field contains the version of GnuPG.
pubkey: the third field contains the public key algorithmdcaiphers
this version of GnuPG supports, separated by semicolons. The
algorithm numbers are as specified in RFC-4880.
algorithm numbers are as specified in RFC-4880. Note that in
contrast to the --status-fd interface these are _not_ the
Libgcrypt identifiers.
cfg:pubkey:1;2;3;16;17
@ -801,7 +817,8 @@ The format of this file is as follows:
The filename is used until a new filename is used (at commit points)
and all keys are written to that file. If a new filename is given,
this file is created (and overwrites an existing one).
Both control statements must be given.
GnuPG < 2.1: Both control statements must be given.
GnuPG >= 2.1: "%secring" is now a no-op.
%ask-passphrase
Enable a mode where the command "passphrase" is ignored and
instead the usual passphrase dialog is used. This does not
@ -811,6 +828,19 @@ The format of this file is as follows:
entry code. This is a global option.
%no-ask-passphrase
Disable the ask-passphrase mode.
%no-protection
With GnuPG 2.1 it is not anymore possible to specify a
passphrase for unattended key generation. The passphrase
command is simply ignored and %ask-passpharse is thus
implicitly enabled. Using this option allows to the creation
of keys without any passphrases. This option is mainly
intended for regression tests.
%transient-key
If given the keys are created using a faster and a somewhat
less secure random number generator. This option may be used
for keys which are only used for a short time and do not
require full cryptographic strength. It takes only effect if
used together with the option no-protection.
o The order of the parameters does not matter except for "Key-Type"
which must be the first parameter. The parameters are only for the

13
doc/FAQ Normal file
View File

@ -0,0 +1,13 @@
GnuPG Frequently Asked Questions
A FAQ is a fast moving target and thus we don't distribute it anymore
with GnuPG. You may retrieve the current FAQ in HTML format at
http://www.gnupg.org/faq/GnuPG-FAQ.html
or in plain text format at the FTP server:
ftp://ftp.gnupg.org/gcrypt/gnupg/GnuPG-FAQ.txt

32
doc/Makefile.am
View File

@ -32,12 +32,12 @@ EXTRA_DIST = samplekeys.asc \
gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png \
gnupg-card-architecture.eps gnupg-card-architecture.png \
gnupg-card-architecture.pdf \
faq.raw FAQ faq.html gnupg7.texi \
FAQ gnupg7.texi \
opt-homedir.texi see-also-note.texi specify-user-id.texi \
gpgv.texi texi.css yat2m.c
BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \
gnupg-card-architecture.pdf FAQ faq.html
gnupg-card-architecture.pdf
info_TEXINFOS = gnupg.texi
@ -46,8 +46,6 @@ dist_pkgdata_DATA = qualified.txt com-certs.pem $(helpfiles)
nobase_dist_doc_DATA = FAQ DETAILS HACKING TRANSLATE OpenPGP KEYSERVER \
$(examples)
dist_html_DATA = faq.html
gnupg_TEXINFOS = \
gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi instguide.texi \
@ -75,7 +73,7 @@ noinst_MANS = gnupg.7
watchgnupg_SOURCE = gnupg.texi
CLEANFILES = faq.raw.xref yat2m
CLEANFILES = yat2m faq.txt
DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
$(myman_pages) gnupg.7
@ -83,7 +81,6 @@ DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
yat2m: yat2m.c
$(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c
.fig.png:
fig2dev -L png `test -f '$<' || echo '$(srcdir)/'`$< $@
@ -96,32 +93,15 @@ yat2m: yat2m.c
.fig.pdf:
fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@
FAQ : faq.raw
if WORKING_FAQPROG
$(FAQPROG) -f $< $@ || $(FAQPROG) -f $< $@
else
: Warning: missing faqprog.pl, cannot make $@
echo "No $@ due to missing faqprog.pl" > $@
echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@
endif
faq.html : faq.raw
if WORKING_FAQPROG
$(FAQPROG) -h -f $< $@ 2>&1 || $(FAQPROG) -h -f $< $@
else
: Warning: missing faqprog.pl, cannot make $@
echo "No $@ due to missing faqprog.pl" > $@
echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@
endif
# Note that yatm --store has a bug in that the @ifset gpgtwoone still
# creates a dirmngr-client page from tools.texi.
yat2m-stamp: $(myman_sources)
@rm -f yat2m-stamp.tmp
@touch yat2m-stamp.tmp
for file in $(myman_sources) ; do \
./yat2m $(YAT2M_OPTIONS) --store \
`test -f '$$file' || echo '$(srcdir)/'`$$file ; done
@test -f dirmngr-client.1 && rm dirmngr-client.1
@mv -f yat2m-stamp.tmp $@
yat2m-stamp: yat2m

2
doc/contrib.texi
View File

@ -97,7 +97,7 @@ IIDA, Yoshihiro Kajiki and Gerlinde Klaes.
This software has been made possible by the previous work of Chris
Wedgwood, Jean-loup Gailly, Jon Callas, Mark Adler, Martin Hellmann
Paul Kendall, Philip R. Zimmermann, Peter Gutmann, Philip A. Nelson,
Taher ElGamal, Torbjorn Granlund, Whitfield Diffie, some unknown NSA
Taher Elgamal, Torbjorn Granlund, Whitfield Diffie, some unknown NSA
mathematicians and all the folks who have worked hard to create
complete and free operating systems.

13
doc/debugging.texi
View File

@ -103,6 +103,17 @@ used. Using the keyserver debug option as in
is thus often helpful. Note that the actual output depends on the
backend and may change from release to release.
@ifset gpgtwoone
@item Logging on WindowsCE
For development, the best logging method on WindowsCE is the use of
remote debugging using a log file name of @file{tcp://<ip-addr>:<port>}.
The command @command{watchgnupg} may be used on the remote host to listen
on the given port. (@pxref{option watchgnupg --tcp}). For in the field
tests it is better to make use of the logging facility provided by the
@command{gpgcedev} driver (part of libassuan); this is enabled by using
a log file name of @file{GPG2:}. (@pxref{option --log-file}).
@end ifset
@end itemize
@ -194,7 +205,7 @@ or other purposes and don't have a corresponding certificate.
@item A root certificate does not verify
A common problem is that the root certificate misses the required
basicConstrains attribute and thus @command{gpgsm} rejects this
basicConstraints attribute and thus @command{gpgsm} rejects this
certificate. An error message indicating ``no value'' is a sign for
such a certificate. You may use the @code{relax} flag in
@file{trustlist.txt} to accept the certificate anyway. Note that the

25
doc/gnupg.texi
View File

@ -34,7 +34,7 @@ Published by the Free Software Foundation@*
Boston, MA 02110-1301 USA
@end iftex
Copyright @copyright{} 2002, 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
Copyright @copyright{} 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc.
@quotation
Permission is granted to copy, distribute and/or modify this document
@ -50,6 +50,11 @@ section entitled ``Copying''.
@direntry
* gpg2: (gnupg). OpenPGP encryption and signing tool.
* gpgsm: (gnupg). S/MIME encryption and signing tool.
* gpg-agent: (gnupg). The secret key daemon.
@ifset gpgtwoone
* dirmngr: (gnupg). X.509 CRL and OCSP server.
* dirmngr-client: (gnupg). X.509 CRL and OCSP client.
@end ifset
@end direntry
@ -121,6 +126,9 @@ the administration and the architecture.
* Installation:: A short installation guide.
* Invoking GPG-AGENT:: How to launch the secret key daemon.
@ifset gpgtwoone
* Invoking DIRMNGR:: How to launch the CRL and OCSP daemon.
@end ifset
* Invoking GPG:: Using the OpenPGP protocol.
* Invoking GPGSM:: Using the S/MIME protocol.
* Invoking SCDAEMON:: How to handle Smartcards.
@ -152,6 +160,9 @@ the administration and the architecture.
@include instguide.texi
@include gpg-agent.texi
@ifset gpgtwoone
@include dirmngr.texi
@end ifset
@include gpg.texi
@include gpgsm.texi
@include scdaemon.texi
@ -194,6 +205,18 @@ the administration and the architecture.
@c Epilogue
@c ---------------------------------------------------------------------
@c @node History
@c @unnumbered History
@c
@c Here are the notices from the old dirmngr manual:
@c
@c @itemize
@c @item Using DirMngr, 2002, Steffen Hansen, Klar"alvdalens Datakonsult AB.
@c @item Using DirMngr, 2004, 2005, 2006, 2008 Werner Koch, g10 Code GmbH.
@c @end itemize
@c
@bye

1
doc/gnupg7.texi
View File

@ -23,6 +23,7 @@ daemon which may also emulate the @command{ssh-agent}.
@command{gpgv}(1),
@command{gpgsm}(1),
@command{gpg-agent}(1),
@command{dirmngr}(8),
@command{scdaemon}(1)
@include see-also-note.texi
@end ifset

94
doc/gpg-agent.texi
View File

@ -2,6 +2,11 @@
@c This is part of the GnuPG manual.
@c For copying conditions, see the file gnupg.texi.
@c Note that we use this texinfo file for all versions of GnuPG:
@c 2.0 and 2.1. The macro "gpgtwoone" controls parts which are only
@c valid for GnuPG 2.1 and later.
@node Invoking GPG-AGENT
@chapter Invoking GPG-AGENT
@cindex GPG-AGENT command options
@ -47,13 +52,24 @@ independently from any protocol. It is used as a backend for
@command{gpg} and @command{gpgsm} as well as for a couple of other
utilities.
@ifset gpgtwoone
The agent is usualy started on demand by @command{gpg}, @command{gpgsm},
@command{gpgconf} or @command{gpg-connect-agent}. Thus there is no
reason to start it manually. In case you want to use the included
Secure Shell Agent you may start the agent using:
@example
gpg-connect-agent /bye
@end example
@end ifset
@ifclear gpgtwoone
@noindent
The usual way to run the agent is from the @code{~/.xsession} file:
@example
eval $(gpg-agent --daemon)
@end example
@noindent
If you don't use an X server, you can also put this into your regular
startup file @code{~/.profile} or @code{.bash_profile}. It is best not
@ -83,13 +99,13 @@ if [ -f "$@{HOME@}/.gpg-agent-info" ]; then
. "$@{HOME@}/.gpg-agent-info"
export GPG_AGENT_INFO
export SSH_AUTH_SOCK
export SSH_AGENT_PID
fi
@end smallexample
@noindent
It reads the data out of the file and exports the variables. If you
don't use Secure Shell, you don't need the last two export statements.
@end ifclear
@noindent
You should always add the following lines to your @code{.bashrc} or
@ -136,18 +152,18 @@ only one command is allowed.
@table @gnupgtabopt
@item --version
@opindex version
Print the program version and licensing information. Not that you can
Print the program version and licensing information. Note that you cannot
abbreviate this command.
@item --help
@itemx -h
@opindex help
Print a usage message summarizing the most useful command-line options.
Not that you can abbreviate this command.
Note that you cannot abbreviate this command.
@item --dump-options
@opindex dump-options
Print a list of all available options and commands. Not that you can
Print a list of all available options and commands. Note that you cannot
abbreviate this command.
@item --server
@ -315,10 +331,15 @@ eval $(cut -d= -f 1 < @var{file} | xargs echo export)
Tell the pinentry not to grab the keyboard and mouse. This option
should in general not be used to avoid X-sniffing attacks.
@anchor{option --log-file}
@item --log-file @var{file}
@opindex log-file
Append all logging output to @var{file}. This is very helpful in
seeing what the agent actually does.
Append all logging output to @var{file}. This is very helpful in seeing
what the agent actually does. If neither a log file nor a log file
descriptor has been set on a Windows platform, the Registry entry
@code{HKCU\Software\GNU\GnuPG:DefaultLogFile}, if set, is used to specify
the logging output.
@anchor{option --allow-mark-trusted}
@item --allow-mark-trusted
@ -399,7 +420,7 @@ This option does nothing yet.
@item --pinentry-program @var{filename}
@opindex pinentry-program
Use program @var{filename} as the PIN entry. The default is installation
dependent and can be shown with the @code{--version} command.
dependent.
@item --pinentry-touch-file @var{filename}
@opindex pinentry-touch-file
@ -415,7 +436,7 @@ modification and access time.
@item --scdaemon-program @var{filename}
@opindex scdaemon-program
Use program @var{filename} as the Smartcard daemon. The default is
installation dependent and can be shown with the @code{--version}
installation dependent and can be shown with the @command{gpgconf}
command.
@item --disable-scdaemon
@ -435,13 +456,20 @@ a random socket below a temporary directory. Tools connecting to
environment variable @var{GPG_AGENT_INFO} and then fall back to this
socket. This option may not be used if the home directory is mounted on
a remote file system which does not support special files like fifos or
sockets. Note, that @option{--use-standard-socket} is the
default on Windows systems. The default may be changed at build time.
It is possible to test at runtime whether the agent has been configured
for use with the standard socket by issuing the command
@command{gpg-agent --use-standard-socket-p} which returns success if the
standard socket option has been enabled.
sockets.
@ifset gpgtwoone
Note, that @option{--use-standard-socket} is the default on all
systems since GnuPG 2.1.
@end ifset
@ifclear gpgtwoone
Note, that @option{--use-standard-socket} is the default on
Windows systems.
@end ifclear
The default may be changed at build time. It is
possible to test at runtime whether the agent has been configured for
use with the standard socket by issuing the command @command{gpg-agent
--use-standard-socket-p} which returns success if the standard socket
option has been enabled.
@item --display @var{string}
@itemx --ttyname @var{string}
@ -470,7 +498,7 @@ pinentry to pop up at the @code{tty} or display you started the agent.
@item --enable-ssh-support
@opindex enable-ssh-support
Enable emulation of the OpenSSH Agent protocol.
Enable the OpenSSH Agent protocol.
In this mode of operation, the agent does not only implement the
gpg-agent protocol, but also the agent protocol used by OpenSSH
@ -497,10 +525,20 @@ has been started. To switch this display to the current one, the
following command may be used:
@smallexample
echo UPDATESTARTUPTTY | gpg-connect-agent
gpg-connect-agent updatestartuptty /bye
@end smallexample
Although all GnuPG components try to start the gpg-agent as needed, this
is not possible for the ssh support because ssh does not know about it.
Thus if no GnuPG tool which accesses the agent has been run, there is no
guarantee that ssh is abale to use gpg-agent for authentication. To fix
this you may start gpg-agent if needed using this simple command:
@smallexample
gpg-connect-agent /bye
@end smallexample
Adding the @option{--verbose} shows the progress of starting the agent.
@end table
@ -573,10 +611,13 @@ It is possible to add further flags after the @code{S} for use by the
caller:
@table @code
@item relax
Relax checking of some root certificate requirements. This is for
example required if the certificate is missing the basicConstraints
attribute (despite that it is a MUST for CA certificates).
@cindex relax
Relax checking of some root certificate requirements. As of now this
flag allows the use of root certificates with a missing basicConstraints
attribute (despite that it is a MUST for CA certificates) and disables
CRL checking for the root certificate.
@item cm
If validation of a certificate finally issued by a CA with this flag set
@ -586,7 +627,7 @@ fails, try again using the chain validation model.
@item sshcontrol
@cindex sshcontrol
This file is used when support for the secure shell agent protocol has
been enabled (@pxref{option --enable-ssh-support}). Only keys present in
this file are used in the SSH protocol. You should backup this file.
@ -709,7 +750,6 @@ and add something like (for Bourne shells)
. "$@{HOME@}/.gpg-agent-info"
export GPG_AGENT_INFO
export SSH_AUTH_SOCK
export SSH_AGENT_PID
fi
@end example
@end cartouche
@ -1149,11 +1189,13 @@ This can be used to see whether a secret key is available. It does
not return any information on whether the key is somehow protected.
@example
HAVEKEY @var{keygrip}
HAVEKEY @var{keygrips}
@end example
The Agent answers either with OK or @code{No_Secret_Key} (208). The
caller may want to check for other error codes as well.
The agent answers either with OK or @code{No_Secret_Key} (208). The
caller may want to check for other error codes as well. More than one
keygrip may be given. In this case the command returns success if at
least one of the keygrips corresponds to an available secret key.
@node Agent LEARN

59
doc/gpg.texi
View File

@ -3,6 +3,11 @@
@c This is part of the GnuPG manual.
@c For copying conditions, see the file gnupg.texi.
@c Note that we use this texinfo file for all versions of GnuPG: 1.4.x,
@c 2.0 and 2.1. The macro "gpgone" controls parts which are only valid
@c for GnuPG 1.4, the macro "gpgtwoone" controls parts which are only
@c valid for GnupG 2.1 and later.
@node Invoking GPG
@chapter Invoking GPG
@cindex GPG command options
@ -68,18 +73,19 @@ implementation.
@ifset gpgone
This is the standalone version of @command{gpg}. For desktop use you
should consider using @command{gpg2}.
should consider using @command{gpg2} @footnote{On some platforms gpg2 is
installed under the name @command{gpg}}.
@end ifset
@ifclear gpgone
In contrast to the standalone version @command{gpg}, which is more
suited for server and embedded platforms, this version is installed
under the name @command{gpg2} and more targeted to the desktop as it
requires several other modules to be installed. The standalone version
will be kept maintained and it is possible to install both versions on
the same system. If you need to use different configuration files, you
should make use of something like @file{gpg.conf-2} instead of just
@file{gpg.conf}.
suited for server and embedded platforms, this version is commonly
installed under the name @command{gpg2} and more targeted to the desktop
as it requires several other modules to be installed. The standalone
version will be kept maintained and it is possible to install both
versions on the same system. If you need to use different configuration
files, you should make use of something like @file{gpg.conf-2} instead
of just @file{gpg.conf}.
@end ifclear
@manpause
@ -1023,9 +1029,11 @@ give the opposite meaning. The options are:
@item show-photos
@opindex list-options:show-photos
Causes @option{--list-keys}, @option{--list-sigs},
@option{--list-public-keys}, and @option{--list-secret-keys} to display
any photo IDs attached to the key. Defaults to no. See also
@option{--photo-viewer}.
@option{--list-public-keys}, and @option{--list-secret-keys} to
display any photo IDs attached to the key. Defaults to no. See also
@option{--photo-viewer}. Does not work with @option{--with-colons}:
see @option{--attribute-fd} for the appropriate way to get photo data
for scripts and other frontends.
@item show-policy-urls
@opindex list-options:show-policy-urls
@ -1135,6 +1143,9 @@ same, except the file will not be deleted once the viewer exits.
Other flags are "%k" for the key ID, "%K" for the long key ID, "%f"
for the key fingerprint, "%t" for the extension of the image type
(e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"),
"%v" for the single-character calculated validity of the image being
viewed (e.g. "f"), "%V" for the calculated validity as a string (e.g.
"full"),
and "%%" for an actual percent sign. If neither %i or %I are present,
then the photo will be supplied to the viewer on standard input.
@ -1773,13 +1784,27 @@ Remove all entries from the @option{--group} list.
Use @var{name} as the key to sign with. Note that this option overrides
@option{--default-key}.
@ifset gpgtwoone
@item --try-secret-key @var{name}
@opindex try-secret-key
For hidden recipients GPG needs to know the keys to use for trial
decryption. The key set with @option{--default-key} is always tried
first, but this is often not sufficient. This option allows to set more
keys to be used for trial decryption. Although any valid user-id
specification may be used for @var{name} it makes sense to use at least
the long keyid to avoid ambiguities. Note that gpg-agent might pop up a
pinentry for a lot keys to do the trial decryption. If you want to stop
all further trial decryption you may use close-window button instead of
the cancel button.
@end ifset
@item --try-all-secrets
@opindex try-all-secrets
Don't look at the key ID as stored in the message but try all secret
keys in turn to find the right decryption key. This option forces the
behaviour as used by anonymous recipients (created by using
@option{--throw-keyids}) and might come handy in case where an encrypted
message contains a bogus key ID.
@option{--throw-keyids} or @option{--hidden-recipient}) and might come
handy in case where an encrypted message contains a bogus key ID.
@item --skip-hidden-recipients
@itemx --no-skip-hidden-recipients
@ -1939,6 +1964,11 @@ obsolete; it does not harm to use it though.
Same as the command @option{--fingerprint} but changes only the format
of the output and may be used together with another command.
@ifset gpgtwoone
@item --with-keygrip
@opindex with-keygrip
Include the keygrip in the key listings.
@end ifset
@end table
@ -2014,8 +2044,7 @@ to safely override the algorithm chosen by the recipient key
preferences, as GPG will only select an algorithm that is usable by
all recipients. The most highly ranked digest algorithm in this list
is also used when signing without encryption
(e.g. @option{--clearsign} or @option{--sign}). The default value is
SHA-1.
(e.g. @option{--clearsign} or @option{--sign}).
@item --personal-compress-preferences @code{string}
Set the list of personal compression preferences to @code{string}.

6
doc/gpgsm.texi
View File

@ -450,7 +450,7 @@ However the standard model (shell) is in that case always tried first.
@opindex ignore-cert-extension
Add @var{oid} to the list of ignored certificate extensions. The
@var{oid} is expected to be in dotted decimal form, like
@code{2.5.29.3}. This option may used more than once. Critical
@code{2.5.29.3}. This option may be used more than once. Critical
flagged certificate extensions matching one of the OIDs in the list
are treated as if they are actually handled and thus the certificate
won't be rejected due to an unknown critical extension. Use this
@ -554,6 +554,10 @@ This option is therefore useful to simply verify a certificate.
For standard key listings, also print the MD5 fingerprint of the
certificate.
@item --with-keygrip
Include the keygrip in standard key listings. Note that the keygrip is
always listed in --with-colons mode.
@end table
@c *******************************************

26
doc/instguide.texi
View File

@ -6,7 +6,6 @@
@node Installation
@chapter A short installation guide.
Unfortunately the installation guide has not been finished in time.
Instead of delaying the release of GnuPG 2.0 even further, I decided to
release without that guide. The chapter on gpg-agent and gpgsm do
@ -16,6 +15,31 @@ meantime you may search the GnuPG mailing list archives or ask on the
gnupg-users mailing listsfor advise on how to solve problems or how to
get that whole thing up and running.
** Building the software
Building the software is decribed in the file @file{INSTALL}. Given
that you are already reading this documentation we can only give some
extra hints
To comply with the rules on GNU systems you should have build time
configured @command{dirmngr} using:
@example
./configure --sysconfdir=/etc --localstatedir=/var
@end example
This is to make sure that system wide configuration files are searched
in the directory @file{/etc/gnupg} and variable data below @file{/var};
the default would be to also install them below @file{/usr/local} where
the binaries get installed. If you selected to use the
@option{--prefix=/} you obviously don't need those option as they are
the default then.
** Explain how to setup a root CA key as trusted
Such questions may also help to write a proper installation guide.
[to be written]

227
doc/tools.texi
View File

@ -16,6 +16,9 @@ GnuPG comes with a couple of smaller tools:
* gpgsm-gencert.sh:: Generate an X.509 certificate request.
* gpg-preset-passphrase:: Put a passphrase into the cache.
* gpg-connect-agent:: Communicate with a running agent.
@ifset gpgtwoone
* dirmngr-client:: How to use the Dirmngr client tool.
@end ifset
* gpgparsemail:: Parse a mail message into an annotated format
* symcryptrun:: Call a simple symmetric encryption tool.
* gpg-zip:: Encrypt or sign files into an archive.
@ -41,11 +44,12 @@ GnuPG comes with a couple of smaller tools:
@end ifset
@mansect description
Most of the main utilities are able to write their log files to a
Unix Domain socket if configured that way. @command{watchgnupg} is a simple
listener for such a socket. It ameliorates the output with a time
stamp and makes sure that long lines are not interspersed with log
output from other utilities.
Most of the main utilities are able to write their log files to a Unix
Domain socket if configured that way. @command{watchgnupg} is a simple
listener for such a socket. It ameliorates the output with a time stamp
and makes sure that long lines are not interspersed with log output from
other utilities. This tool is not available for Windows.
@noindent
@command{watchgnupg} is commonly invoked as
@ -69,6 +73,11 @@ This starts it on the current terminal for listening on the socket
@opindex force
Delete an already existing socket file.
@anchor{option watchgnupg --tcp}
@item --tcp @var{n}
Instead of reading from a local socket, listen for connects on TCP port
@var{n}.
@item --verbose
@opindex verbose
Enable extra informational output.
@ -83,6 +92,41 @@ Display a brief help page and exit.
@end table
@noindent
@mansect examples
@chapheading Examples
@example
$ watchgnupg --force /home/foo/.gnupg/S.log
@end example
This waits for connections on the local socket
@file{/home/foo/.gnupg/S.log} and shows all log entries. To make this
work the option @option{log-file} needs to be used with all modules
which logs are to be shown. The value for that option must be given
with a special prefix (e.g. in the conf file):
@example
log-file socket:///home/foo/.gnupg/S.log
@end example
For debugging purposes it is also possible to do remote logging. Take
care if you use this feature because the information is send in the
clear over the network. Use this syntax in the conf files:
@example
log-file tcp://192.168.1.1:4711
@end example
You may use any port and not just 4711 as shown above; only IP addresses
are supported (v4 and v6) and no host names. You need to start
@command{watchgnupg} with the @option{tcp} option. Note that under
Windows the registry entry @var{HKCU\Software\GNU\GnuPG:DefaultLogFile}
can be used to change the default log output from @code{stderr} to
whatever is given by that entry. However the only useful entry is a TCP
name for remote debugging.
@mansect see also
@ifset isman
@command{gpg}(1),
@ -255,6 +299,12 @@ List the global configuration file in a colon separated format. If
Run a syntax check on the global configuration file. If @var{filename}
is given, check that file instead.
@item --reload [@var{component}]
@opindex reload
Reload all or the given component. This is basically the sam as sending
a SIGHUP to the component. Components which don't support reloading are
ignored.
@end table
@ -1129,6 +1179,11 @@ Try to be as quiet as possible.
@include opt-homedir.texi
@item --agent-program @var{file}
@opindex agent-program
Specify the agent program to be started if none is running.
@item -S
@itemx --raw-socket @var{name}
@opindex S
@ -1381,6 +1436,168 @@ Print a list of available control commands.
@include see-also-note.texi
@end ifset
@ifset gpgtwoone
@c
@c DIRMNGR-CLIENT
@c
@node dirmngr-client
@section The Dirmngr Client Tool
@manpage dirmngr-client.1
@ifset manverb
.B dirmngr-client
\- Tool to access the Dirmngr services
@end ifset
@mansect synopsis
@ifset manverb
.B dirmngr-client
.RI [ options ]
.RI [ certfile | pattern ]
@end ifset
@mansect description
The @command{dirmngr-client} is a simple tool to contact a running
dirmngr and test whether a certificate has been revoked --- either by
being listed in the corresponding CRL or by running the OCSP protocol.
If no dirmngr is running, a new instances will be started but this is
in general not a good idea due to the huge performance overhead.
@noindent
The usual way to run this tool is either:
@example
dirmngr-client @var{acert}
@end example
@noindent
or
@example
dirmngr-client <@var{acert}
@end example
Where @var{acert} is one DER encoded (binary) X.509 certificates to be
tested.
@ifclear isman
The return value of this command is
@end ifclear
@mansect return value
@ifset isman
@command{dirmngr-client} returns these values:
@end ifset
@table @code
@item 0
The certificate under question is valid; i.e. there is a valid CRL
available and it is not listed tehre or teh OCSP request returned that
that certificate is valid.
@item 1
The certificate has been revoked
@item 2 (and other values)
There was a problem checking the revocation state of the certificate.
A message to stderr has given more detailed information. Most likely
this is due to a missing or expired CRL or due to a network problem.
@end table
@mansect options
@noindent
@command{dirmngr-client} may be called with the following options:
@table @gnupgtabopt
@item --version
@opindex version
Print the program version and licensing information. Note that you cannot
abbreviate this command.
@item --help, -h
@opindex help
Print a usage message summarizing the most useful command-line options.
Note that you cannot abbreviate this command.
@item --quiet, -q
@opindex quiet
Make the output extra brief by suppressing any informational messages.
@item -v
@item --verbose
@opindex v
@opindex verbose
Outputs additional information while running.
You can increase the verbosity by giving several
verbose commands to @sc{dirmngr}, such as @samp{-vv}.
@item --pem
@opindex pem
Assume that the given certificate is in PEM (armored) format.
@item --ocsp
@opindex ocsp
Do the check using the OCSP protocol and ignore any CRLs.
@item --force-default-responder
@opindex force-default-responder
When checking using the OCSP protocl, force the use of the default OCSP
responder. That is not to use the Reponder as given by the certificate.
@item --ping
@opindex ping
Check whether the dirmngr daemon is up and running.
@item --cache-cert
@opindex cache-cert
Put the given certificate into the cache of a running dirmngr. This is
mainly useful for debugging.
@item --validate
@opindex validate
Validate the given certificate using dirmngr's internal validation code.
This is mainly useful for debugging.
@item --load-crl
@opindex load-crl
This command expects a list of filenames with DER encoded CRL files.
With the option @option{--url} URLs are expected in place of filenames
and they are loaded directly from the given location. All CRLs will be
validated and then loaded into dirmngr's cache.
@item --lookup
@opindex lookup
Take the remaining arguments and run a lookup command on each of them.
The results are Base-64 encoded outputs (without header lines). This
may be used to retrieve certificates from a server. However the output
format is not very well suited if more than one certificate is returned.
@item --url
@itemx -u
@opindex url
Modify the @command{lookup} and @command{load-crl} commands to take an URL.
@item --local
@itemx -l
@opindex url
Let the @command{lookup} command only search the local cache.
@item --squid-mode
@opindex squid-mode
Run @sc{dirmngr-client} in a mode suitable as a helper program for
Squid's @option{external_acl_type} option.
@end table
@ifset isman
@mansect see also
@command{dirmngr}(8),
@command{gpgsm}(1)
@include see-also-note.texi
@end ifset
@end ifset
@c
@c GPGPARSEMAIL

30
po/cs.po
View File

@ -30,10 +30,10 @@ msgstr ""
"PO-Revision-Date: 2011-01-11 22:55+0100\n"
"Last-Translator: Petr Pisar <petr.pisar@atlas.cz>\n"
"Language-Team: Czech <translations.cs@gnupg.cz>\n"
"Language: cs\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: cs\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
#, c-format
@ -130,8 +130,8 @@ msgstr "nalezena karta se sériovým číslem: %s\n"
#, c-format
msgid "error getting default authentication keyID of card: %s\n"
msgstr ""
"chyba při získání identifikátoru implicitního autentizačního klíče karty: "
"%s\n"
"chyba při získání identifikátoru implicitního autentizačního klíče karty: %"
"s\n"
#, c-format
msgid "no suitable card key found: %s\n"
@ -154,11 +154,11 @@ msgstr "Prosím, vložte toto heslo znovu"
#, c-format
msgid ""
"Please enter a passphrase to protect the received secret key%%0A %s"
"%%0Awithin gpg-agent's key storage"
"Please enter a passphrase to protect the received secret key%%0A %s%%"
"0Awithin gpg-agent's key storage"
msgstr ""
"Prosím, vložte heslo, abyste ochránil(a) přijatý tajný klíč%%0A %s"
"%%0Auvnitř úložiště klíčů gpg-agenta"
"Prosím, vložte heslo, abyste ochránil(a) přijatý tajný klíč%%0A %s%%"
"0Auvnitř úložiště klíčů gpg-agenta"
msgid "does not match - try again"
msgstr "neshodují se  zkuste to znovu"
@ -249,14 +249,14 @@ msgid_plural ""
"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
"contain at least %u digits or%%0Aspecial characters."
msgstr[0] ""
"Varování: Zadali jste nebezpečné heslo.%%0AHeslo by mělo obsahovat alespoň "
"%u číslici nebo %%0Azvláštní znak."
"Varování: Zadali jste nebezpečné heslo.%%0AHeslo by mělo obsahovat alespoň %"
"u číslici nebo %%0Azvláštní znak."
msgstr[1] ""
"Varování: Zadali jste nebezpečné heslo.%%0AHeslo by mělo obsahovat alespoň "
"%u číslice nebo %%0Azvláštní znaky."
"Varování: Zadali jste nebezpečné heslo.%%0AHeslo by mělo obsahovat alespoň %"
"u číslice nebo %%0Azvláštní znaky."
msgstr[2] ""
"Varování: Zadali jste nebezpečné heslo.%%0AHeslo by mělo obsahovat alespoň "
"%u číslic nebo %%0Azvláštních znaků."
"Varování: Zadali jste nebezpečné heslo.%%0AHeslo by mělo obsahovat alespoň %"
"u číslic nebo %%0Azvláštních znaků."
#, c-format
msgid ""
@ -5141,8 +5141,8 @@ msgstr "požadováno %d částečné důvěry a %d úplné důvěry, model %s\n"
msgid ""
"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
msgstr ""
"hloubka: %d platných: %3d podepsaných: %3d důvěra: %d-, %dq, %dn, %dm, "
"%df, %du\n"
"hloubka: %d platných: %3d podepsaných: %3d důvěra: %d-, %dq, %dn, %dm, %"
"df, %du\n"
#, c-format
msgid "unable to update trustdb version record: write failed: %s\n"

60
po/pl.po
View File

@ -47,7 +47,9 @@ msgstr "Jako
#. translate this entry, a default english text (see source)
#. will be used.
msgid "pinentry.qualitybar.tooltip"
msgstr "Jakość wpisanego wyżej tekstu.\nKryteria jakości można uzyskać od administratora."
msgstr ""
"Jakość wpisanego wyżej tekstu.\n"
"Kryteria jakości można uzyskać od administratora."
msgid ""
"Please enter your PIN, so that the secret key can be unlocked for this "
@ -1593,7 +1595,9 @@ msgid "|USER-ID|encrypt for USER-ID"
msgstr "|U¯YTKOWNIK|szyfrowanie dla odbiorcy o tym identyfikatorze"
msgid "|USER-ID|use USER-ID to sign or decrypt"
msgstr "|UŻYTKOWNIK|użycie tego identyfikatora użytkownika do podpisania lub odszyfrowania"
msgstr ""
"|UŻYTKOWNIK|użycie tego identyfikatora użytkownika do podpisania lub "
"odszyfrowania"
msgid "|N|set compress level to N (0 disables)"
msgstr "|N|ustawienie poziomu kompresji N (0 - bez)"
@ -3654,7 +3658,8 @@ msgid ""
"Please enter a passphrase to protect the off-card backup of the new "
"encryption key."
msgstr ""
"Proszę wprowadzić hasło do zabezpieczenia kopii zapasowej poza kartą nowego klucza szyfrującego."
"Proszę wprowadzić hasło do zabezpieczenia kopii zapasowej poza kartą nowego "
"klucza szyfrującego."
#, c-format
msgid "%s.\n"
@ -5327,26 +5332,34 @@ msgid "||Please enter the PIN for the standard keys."
msgstr "||Proszê wprowadziæ PIN dla zwyk³ych kluczy."
msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
msgstr "|NP|Proszę wprowadzić nowy kod oblokowujący PIN (PUK) dla zwykłych kluczy."
msgstr ""
"|NP|Proszę wprowadzić nowy kod oblokowujący PIN (PUK) dla zwykłych kluczy."
msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
msgstr "|P|Proszê wprowadziæ kod odblokowuj±cy PIN (PUK) dla zwyk³ych kluczy."
msgid "|N|Please enter a new PIN for the key to create qualified signatures."
msgstr "|N|Proszę wprowadzić nowy PIN dla klucza do tworzenia podpisów kwalifikowanych."
msgstr ""
"|N|Proszę wprowadzić nowy PIN dla klucza do tworzenia podpisów "
"kwalifikowanych."
msgid "||Please enter the PIN for the key to create qualified signatures."
msgstr "||Proszę wprowadzić PIN PIN dla klucza do tworzenia podpisów kwalifikowanych."
msgstr ""
"||Proszę wprowadzić PIN PIN dla klucza do tworzenia podpisów kwalifikowanych."
msgid ""
"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
"qualified signatures."
msgstr "|NP|Proszę wprowadzić nowy kod odblokowujący PIN (PUK) dla klucza do tworzenia podpisów kwalifikowanych."
msgstr ""
"|NP|Proszę wprowadzić nowy kod odblokowujący PIN (PUK) dla klucza do "
"tworzenia podpisów kwalifikowanych."
msgid ""
"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
"qualified signatures."
msgstr "|P|Proszę wprowadzić kod odblokowujący PIN (PUK) dla klucza do tworzenia podpisów kwalifikowanych."
msgstr ""
"|P|Proszę wprowadzić kod odblokowujący PIN (PUK) dla klucza do tworzenia "
"podpisów kwalifikowanych."
#, c-format
msgid "error getting new PIN: %s\n"
@ -5379,7 +5392,9 @@ msgstr "u
#, c-format
msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr "nie udało się użyć domyślnego PIN-u jako %s: %s - wyłączenie dalszego domyślnego użycia\n"
msgstr ""
"nie udało się użyć domyślnego PIN-u jako %s: %s - wyłączenie dalszego "
"domyślnego użycia\n"
#, c-format
msgid "||Please enter the PIN%%0A[sigs done: %lu]"
@ -5404,7 +5419,8 @@ msgstr "karta zosta
#, c-format
msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
msgstr "Zostało %d prób PIN-u administracyjnego do trwałego zablokowania karty\n"
msgstr ""
"Zostało %d prób PIN-u administracyjnego do trwałego zablokowania karty\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
#. the start of the string. Use %%0A to force a linefeed.
@ -5490,7 +5506,8 @@ msgstr "dotychczas stworzono podpis
msgid ""
"verification of Admin PIN is currently prohibited through this command\n"
msgstr ""
"weryfikacja PIN-u administracyjnego tym poleceniem jest aktualnie zabroniona\n"
"weryfikacja PIN-u administracyjnego tym poleceniem jest aktualnie "
"zabroniona\n"
#, c-format
msgid "can't access %s - invalid OpenPGP card?\n"
@ -5624,7 +5641,8 @@ msgstr "liczba pasuj
#, c-format
msgid "dirmngr cache-only key lookup failed: %s\n"
msgstr "wyszukiwanie klucza tylko w pamięci podręcznej dirmngr nie powiodło się: %s\n"
msgstr ""
"wyszukiwanie klucza tylko w pamięci podręcznej dirmngr nie powiodło się: %s\n"
msgid "failed to allocated keyDB handle\n"
msgstr "nie uda³o siê przydzieliæ uchwytu keyDB\n"
@ -5857,7 +5875,9 @@ msgstr "linia %d: generowanie klucza nie powiod
msgid ""
"To complete this certificate request please enter the passphrase for the key "
"you just created once more.\n"
msgstr "Aby zakończyć to żądanie certyfikatu proszę wprowadzić jeszcze raz hasło dla utworzonego klucza.\n"
msgstr ""
"Aby zakończyć to żądanie certyfikatu proszę wprowadzić jeszcze raz hasło dla "
"utworzonego klucza.\n"
#, c-format
msgid " (%d) RSA\n"
@ -5951,7 +5971,8 @@ msgid "Now creating certificate request. This may take a while ...\n"
msgstr "Tworzenie ¿±dania certyfikatu. Mo¿e to chwilê potrwaæ...\n"
msgid "Ready. You should now send this request to your CA.\n"
msgstr "Gotowe. Teraz należy wysłać to żądanie do własnego centrum certyfikacji.\n"
msgstr ""
"Gotowe. Teraz należy wysłać to żądanie do własnego centrum certyfikacji.\n"
msgid "resource problem: out of core\n"
msgstr "problem z zasobami: brak pamiêci\n"
@ -6234,7 +6255,9 @@ msgstr ""
#, c-format
msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
msgstr "algorytm skrótu %d (%s) dla podpisującego %d nie jest obsługiwany; użycie %s\n"
msgstr ""
"algorytm skrótu %d (%s) dla podpisującego %d nie jest obsługiwany; użycie %"
"s\n"
#, c-format
msgid "hash algorithm used for signer %d: %s (%s)\n"
@ -6256,8 +6279,7 @@ msgstr " przy u
msgid ""
"invalid signature: message digest attribute does not match computed one\n"
msgstr ""
"błędny podpis: atrybut skrótu wiadomości nie zgadza się z obliczonym\n"
msgstr "błędny podpis: atrybut skrótu wiadomości nie zgadza się z obliczonym\n"
msgid "Good signature from"
msgstr "Poprawny podpis z³o¿ony przez"
@ -6401,7 +6423,9 @@ msgid "allow PKA lookups (DNS requests)"
msgstr "zezwolenie na wyszukiwania PKA (¿±dania DNS)"
msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
msgstr "|MECHANIZMY|wykorzystaj MECHANIZMY do wyszukiwania kluczy na podstawie adresów e-mail"
msgstr ""
"|MECHANIZMY|wykorzystaj MECHANIZMY do wyszukiwania kluczy na podstawie "
"adresów e-mail"
msgid "disable all access to the dirmngr"
msgstr "zablokuj dostêp do dirmngr"

2
po/sk.po
View File

@ -2,7 +2,7 @@
# Copyright (C) 1998 - 2004 Free Software Foundation, Inc.
# Michal Majer <mmajer@econ.umb.sk>, 2002 - 2004
# !-- bounces (2011-01-11)
#
#
# Designated-Translator: none
#
msgid ""

589
po/sv.po
View File

File diff suppressed because it is too large Load Diff

204
po/zh_TW.po
View File

@ -54,10 +54,14 @@ msgstr ""
"輸入在上面的文字的品質.\n"
"關於此規範的細節, 請洽你的系統管理者."
msgid "Please enter your PIN, so that the secret key can be unlocked for this session"
msgid ""
"Please enter your PIN, so that the secret key can be unlocked for this "
"session"
msgstr "請輸入你的個人識別碼 (PIN) 以便在此階段作業中解開密鑰"
msgid "Please enter your passphrase, so that the secret key can be unlocked for this session"
msgid ""
"Please enter your passphrase, so that the secret key can be unlocked for "
"this session"
msgstr "請輸入你的密語以便在此階段作業中解開私鑰"
#, c-format
@ -129,7 +133,9 @@ msgid "Please re-enter this passphrase"
msgstr "請再次輸入密語"
#, c-format
msgid "Please enter a passphrase to protect the received secret key%%0A %s%%0Awithin gpg-agent's key storage"
msgid ""
"Please enter a passphrase to protect the received secret key%%0A %s%%"
"0Awithin gpg-agent's key storage"
msgstr "請輸入密語以保護收到的私鑰%%0A %s%%0A於 gpg-agent 的金鑰存放處"
msgid "does not match - try again"
@ -197,26 +203,44 @@ msgid "Take this one anyway"
msgstr "無論如何還是要用這個"
#, c-format
msgid "Warning: You have entered an insecure passphrase.%%0AA passphrase should be at least %u character long."
msgid_plural "Warning: You have entered an insecure passphrase.%%0AA passphrase should be at least %u characters long."
msgid ""
"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
"at least %u character long."
msgid_plural ""
"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
"at least %u characters long."
msgstr[0] "警告: 你輸入了不安全的密語.%%0A密語至少得要有 %u 個字符長."
#, c-format
msgid "Warning: You have entered an insecure passphrase.%%0AA passphrase should contain at least %u digit or%%0Aspecial character."
msgid_plural "Warning: You have entered an insecure passphrase.%%0AA passphrase should contain at least %u digits or%%0Aspecial characters."
msgstr[0] "警告: 你輸入了不安全的密語.%%0A密語至少得要含有 %u 個數字或特別字符."
msgid ""
"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
"contain at least %u digit or%%0Aspecial character."
msgid_plural ""
"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
"contain at least %u digits or%%0Aspecial characters."
msgstr[0] ""
"警告: 你輸入了不安全的密語.%%0A密語至少得要含有 %u 個數字或特別字符."
#, c-format
msgid "Warning: You have entered an insecure passphrase.%%0AA passphrase may not be a known term or match%%0Acertain pattern."
msgstr "警告: 你輸入了不安全的密語.%%0A密語不得含有已知的詞彙, 亦不得與確知的樣式吻合."
msgid ""
"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
"a known term or match%%0Acertain pattern."
msgstr ""
"警告: 你輸入了不安全的密語.%%0A密語不得含有已知的詞彙, 亦不得與確知的樣式吻"
"合."
#, c-format
msgid "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
msgid ""
"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
msgstr "你還沒有輸入密語!%0A空密語是不行的."
#, c-format
msgid "You have not entered a passphrase - this is in general a bad idea!%0APlease confirm that you do not want to have any protection on your key."
msgstr "你還沒有輸入密語 - 通常這可不是個好主意!%0A請確認你不想要對你的金鑰做任何保護."
msgid ""
"You have not entered a passphrase - this is in general a bad idea!%0APlease "
"confirm that you do not want to have any protection on your key."
msgstr ""
"你還沒有輸入密語 - 通常這可不是個好主意!%0A請確認你不想要對你的金鑰做任何保"
"護."
msgid "Yes, protection is not needed"
msgstr "是, 不需要任何保護"
@ -466,7 +490,9 @@ msgstr "請輸入密語來取消 PKCS#12 物件的保護."
msgid "Please enter the passphrase to protect the new PKCS#12 object."
msgstr "請輸入密語來保護新的 PKCS#12 物件."
msgid "Please enter the passphrase to protect the imported object within the GnuPG system."
msgid ""
"Please enter the passphrase to protect the imported object within the GnuPG "
"system."
msgstr "請輸入密語以保護匯入至 GnuPG 系統內的物件."
msgid ""
@ -526,7 +552,9 @@ msgstr "讀取已信任根憑證清單時出錯\n"
#. "%s" gets replaced by the name as stored in the
#. certificate.
#, c-format
msgid "Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user certificates?"
msgid ""
"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
"certificates?"
msgstr "請問你是否徹底信任%%0A \"%s\"%%0A正確驗證使用者憑證的能力?"
msgid "Yes"
@ -544,7 +572,9 @@ msgstr "No"
#. fingerprint string whereas the first one receives the name
#. as stored in the certificate.
#, c-format
msgid "Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the fingerprint:%%0A %s"
msgid ""
"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
"fingerprint:%%0A %s"
msgstr "請驗證憑證與此完全相同:%%0A \"%s\"%%0A其指紋為:%%0A %s"
#. TRANSLATORS: "Correct" is the label of a button and intended
@ -561,7 +591,9 @@ msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr "請注意: 密語從未變更過.%0A請現在就變更."
#, c-format
msgid "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change it now."
msgid ""
"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
"it now."
msgstr "密語從下列時刻起就沒有變更過:%%0A%.4s-%.2s-%.2s. 請現在就變更."
msgid "Change passphrase"
@ -891,10 +923,13 @@ msgstr "找不到有效的 OpenPGP 資料.\n"
msgid "invalid armor: line longer than %d characters\n"
msgstr "無效的封裝: 列長超出 %d 字符\n"
msgid "quoted printable character in armor - probably a buggy MTA has been used\n"
msgid ""
"quoted printable character in armor - probably a buggy MTA has been used\n"
msgstr "封裝裡出現被引號括住的可列印字符 - 可能是有瑕疵的送信程式造成的\n"
msgid "a notation name must have only printable characters or spaces, and end with an '='\n"
msgid ""
"a notation name must have only printable characters or spaces, and end with "
"an '='\n"
msgstr "標記名稱一定要採用可印出的字符或空白, 並以一個 '=' 來結尾\n"
msgid "a user notation name must contain the '@' character\n"
@ -1254,15 +1289,19 @@ msgstr "在 --pgp2 模式中, 你祇能以 2048 位元以下的 RSA 金鑰加密
msgid "reading from `%s'\n"
msgstr "正在從 `%s' 讀取中\n"
msgid "unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
msgid ""
"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
msgstr "你正要用來加密的所有金鑰都不能使用 IDEA 編密法.\n"
#, c-format
msgid "WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
msgid ""
"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
msgstr "警告: 強迫使用 %s (%d) 對稱式編密法會違反收件者偏好設定\n"
#, c-format
msgid "WARNING: forcing compression algorithm %s (%d) violates recipient preferences\n"
msgid ""
"WARNING: forcing compression algorithm %s (%d) violates recipient "
"preferences\n"
msgstr "警告: 強迫使用 %s (%d) 壓縮演算法會違反收件者偏好設定\n"
#, c-format
@ -1285,7 +1324,8 @@ msgstr "%s 已加密的資料\n"
msgid "encrypted with unknown algorithm %d\n"
msgstr "以 %d 未知演算法所加密\n"
msgid "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
msgid ""
"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
msgstr "警告: 訊息已用對稱式編密法的弱金鑰加密了.\n"
msgid "problem handling encrypted packet\n"
@ -1294,7 +1334,8 @@ msgstr "處理已加密封包有問題\n"
msgid "no remote program execution supported\n"
msgstr "沒有支援的遠端程式執行\n"
msgid "external program calls are disabled due to unsafe options file permissions\n"
msgid ""
"external program calls are disabled due to unsafe options file permissions\n"
msgstr "因為不安全的檔案權限選項, 而禁用了外部程式叫用\n"
msgid "this platform requires temporary files when calling external programs\n"
@ -1633,7 +1674,8 @@ msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
msgstr "警告: 家目錄 `%s' 的封入目錄所有權並不安全\n"
#, c-format
msgid "WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
msgid ""
"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
msgstr "警告: 組態檔案 `%s' 的封入目錄所有權並不安全\n"
#, c-format
@ -1645,7 +1687,8 @@ msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
msgstr "警告: 家目錄 `%s' 的封入目錄權限並不安全\n"
#, c-format
msgid "WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
msgid ""
"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
msgstr "警告: 組態檔案 `%s' 的封入目錄權限並不安全\n"
#, c-format
@ -2430,8 +2473,10 @@ msgid "%d user IDs without valid self-signatures detected\n"
msgstr "偵測到 %d 個沒有有效自我簽章的使用者 ID\n"
msgid ""
"Please decide how far you trust this user to correctly verify other users' keys\n"
"(by looking at passports, checking fingerprints from different sources, etc.)\n"
"Please decide how far you trust this user to correctly verify other users' "
"keys\n"
"(by looking at passports, checking fingerprints from different sources, "
"etc.)\n"
msgstr ""
"請判斷你有多信任這位使用者確實驗證其他使用者的金鑰\n"
"(像是查對身份證, 或從不同的來源檢查指紋等...)的能力\n"
@ -2539,14 +2584,17 @@ msgstr "這把金鑰將在 %s 過期.\n"
msgid "Do you want your signature to expire at the same time? (Y/n) "
msgstr "你想要讓你的簽章也在同一個時候過期嗎? (Y/n) "
msgid "You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 mode.\n"
msgid ""
"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
"mode.\n"
msgstr "你不能在 --pgp2 模式下, 拿 PGP 2.x 金鑰做出 OpenPGP 簽章.\n"
msgid "This would make the key unusable in PGP 2.x.\n"
msgstr "這會讓這把金鑰在 PGP 2.x 模式下無法使用.\n"
msgid ""
"How carefully have you verified the key you are about to sign actually belongs\n"
"How carefully have you verified the key you are about to sign actually "
"belongs\n"
"to the person named above? If you don't know what to answer, enter \"0\".\n"
msgstr ""
"你有多謹慎檢查正要簽署的金鑰確實屬於上面那個人的名字呢?\n"
@ -2780,7 +2828,8 @@ msgid "Please use the command \"toggle\" first.\n"
msgstr "請先使用 \"toggle\" 指令.\n"
msgid ""
"* The `sign' command may be prefixed with an `l' for local signatures (lsign),\n"
"* The `sign' command may be prefixed with an `l' for local signatures "
"(lsign),\n"
" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
msgstr ""
@ -2975,7 +3024,8 @@ msgstr ""
" 導致不同的使用者 ID 被當成主要 ID.\n"
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some versions\n"
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
" of PGP to reject this key.\n"
msgstr ""
"警告: 這是一把 PGP2 型態的金鑰.\n"
@ -3034,7 +3084,8 @@ msgid "User ID \"%s\": already clean\n"
msgstr "使用者 ID \"%s\": 已經是乾淨的了\n"
msgid ""
"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may cause\n"
"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
"cause\n"
" some versions of PGP to reject this key.\n"
msgstr ""
"警告: 這是一把 PGP2 型態的金鑰.\n"
@ -3061,7 +3112,8 @@ msgstr "已指定這把金鑰為撤銷者了\n"
msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
msgstr "警告: 一旦把某把金鑰指派為指定撤銷者後, 就無法反悔了!\n"
msgid "Are you sure you want to appoint this key as a designated revoker? (y/N) "
msgid ""
"Are you sure you want to appoint this key as a designated revoker? (y/N) "
msgstr "你確定要指派這把金鑰為指定撤銷者嗎? (y/N) "
msgid "Please remove selections from the secret keys.\n"
@ -3222,7 +3274,8 @@ msgstr "金鑰尺寸無效; 改用 %u 位元\n"
msgid "keysize rounded up to %u bits\n"
msgstr "金鑰尺寸增大到 %u 位元\n"
msgid "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
msgid ""
"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
msgstr "警告: 某些 OpenPGP 程式無法處理具有此摘要尺寸的 DSA 金鑰\n"
msgid "Sign"
@ -3403,7 +3456,8 @@ msgstr ""
#. be used.
msgid ""
"\n"
"You need a user ID to identify your key; the software constructs the user ID\n"
"You need a user ID to identify your key; the software constructs the user "
"ID\n"
"from the Real Name, Comment and Email Address in this form:\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
"\n"
@ -3488,7 +3542,9 @@ msgstr ""
"你需要一個密語來保護你的私鑰.\n"
"\n"
msgid "Please enter a passphrase to protect the off-card backup of the new encryption key."
msgid ""
"Please enter a passphrase to protect the off-card backup of the new "
"encryption key."
msgstr "請輸入密語以保護新加密金鑰的卡片外備份."
#, c-format
@ -3562,11 +3618,13 @@ msgid "Key generation failed: %s\n"
msgstr "產生金鑰失敗: %s\n"
#, c-format
msgid "key has been created %lu second in future (time warp or clock problem)\n"
msgid ""
"key has been created %lu second in future (time warp or clock problem)\n"
msgstr "金鑰已經在 %lu 秒後的未來製妥 (可能是因為時光旅行或時鐘的問題)\n"
#, c-format
msgid "key has been created %lu seconds in future (time warp or clock problem)\n"
msgid ""
"key has been created %lu seconds in future (time warp or clock problem)\n"
msgstr "金鑰已經在 %lu 秒後的未來製妥 (可能是因為時光旅行或時鐘的問題)\n"
msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
@ -3950,7 +4008,8 @@ msgstr "無法檢查簽章: %s\n"
msgid "not a detached signature\n"
msgstr "不是一份分離的簽章\n"
msgid "WARNING: multiple signatures detected. Only the first will be checked.\n"
msgid ""
"WARNING: multiple signatures detected. Only the first will be checked.\n"
msgstr "警告: 偵測到多重簽章. 祇有第一個簽章纔會被核選.\n"
#, c-format
@ -4090,7 +4149,8 @@ msgstr " (主要金鑰 ID %s)"
#, c-format
msgid ""
"Please enter the passphrase to unlock the secret key for the OpenPGP certificate:\n"
"Please enter the passphrase to unlock the secret key for the OpenPGP "
"certificate:\n"
"\"%.*s\"\n"
"%u-bit %s key, ID %s,\n"
"created %s%s.\n"
@ -4191,7 +4251,8 @@ msgstr "下列項目沒有對應的信任值:\n"
msgid " aka \"%s\"\n"
msgstr " 亦即 \"%s\"\n"
msgid "How much do you trust that this key actually belongs to the named user?\n"
msgid ""
"How much do you trust that this key actually belongs to the named user?\n"
msgstr "你有多信任這把金鑰真的屬於叫這個名字的使用者?\n"
#, c-format
@ -4299,7 +4360,8 @@ msgstr "請注意: 這把金鑰已經過期了!\n"
msgid "WARNING: This key is not certified with a trusted signature!\n"
msgstr "警告: 這把金鑰並非以受信任的簽章所認證!\n"
msgid " There is no indication that the signature belongs to the owner.\n"
msgid ""
" There is no indication that the signature belongs to the owner.\n"
msgstr " 沒有證據指出這個簽章屬於這個持有者.\n"
msgid "WARNING: We do NOT trust this key!\n"
@ -4308,7 +4370,8 @@ msgstr "警告: 我們 *不* 信任這把金鑰!\n"
msgid " The signature is probably a FORGERY.\n"
msgstr " 這個簽章很有可能是 *偽造的*.\n"
msgid "WARNING: This key is not certified with sufficiently trusted signatures!\n"
msgid ""
"WARNING: This key is not certified with sufficiently trusted signatures!\n"
msgstr "警告: 這把金鑰並非以足夠信任的簽章所認證!\n"
msgid " It is not certain that the signature belongs to the owner.\n"
@ -4568,11 +4631,13 @@ msgid "public key %s is %lu seconds newer than the signature\n"
msgstr "公鑰 %s 比簽章還要新了 %lu 秒\n"
#, c-format
msgid "key %s was created %lu second in the future (time warp or clock problem)\n"
msgid ""
"key %s was created %lu second in the future (time warp or clock problem)\n"
msgstr "金鑰 %s 已經在 %lu 秒後的未來製妥 (可能是因為時光旅行或時鐘的問題)\n"
#, c-format
msgid "key %s was created %lu seconds in the future (time warp or clock problem)\n"
msgid ""
"key %s was created %lu seconds in the future (time warp or clock problem)\n"
msgstr "金鑰 %s 已經在 %lu 秒後的未來製妥 (可能是因為時光旅行或時鐘的問題)\n"
#, c-format
@ -4600,11 +4665,14 @@ msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
msgstr "警告: 註記 %% 無法擴張 (太大了). 現在使用未擴張的.\n"
#, c-format
msgid "WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
msgid ""
"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
msgstr "警告: 原則 URL 的 %% 無法擴張 (太大了). 現在使用未擴張的.\n"
#, c-format
msgid "WARNING: unable to %%-expand preferred keyserver URL (too large). Using unexpanded.\n"
msgid ""
"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
"unexpanded.\n"
msgstr "警告: 偏好金鑰伺服器 URL 的 %% 無法擴張 (太大了). 現在使用未擴張的.\n"
#, c-format
@ -4619,7 +4687,8 @@ msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
msgstr "你在 --pgp2 模式下祇能夠使用 PGP 2.x 型態的金鑰來做分離簽署\n"
#, c-format
msgid "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
msgid ""
"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
msgstr "警告: 強迫使用 %s (%d) 摘要演算法會違反收件者偏好設定\n"
msgid "signing:"
@ -4920,7 +4989,8 @@ msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
msgstr "%d 個勉強信任以及 %d 個完全信任是 %s 信任模型的最小需求\n"
#, c-format
msgid "depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
msgid ""
"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
msgstr "深度: %d 有效: %3d 已簽署: %3d 信任: %d-, %dq, %dn, %dm, %df, %du\n"
#, c-format
@ -5094,10 +5164,14 @@ msgstr "|N|請輸入金鑰的新個人識別碼 (PIN) 以建立完善的簽章."
msgid "||Please enter the PIN for the key to create qualified signatures."
msgstr "||請輸入金鑰的個人識別碼 (PIN) 以建立完善的簽章."
msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create qualified signatures."
msgid ""
"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
"qualified signatures."
msgstr "|NP|請輸入金鑰的新 PIN 重設碼 (PUK) 以建立完善的簽章."
msgid "|P|Please enter the PIN Unblocking Code (PUK) for the key to create qualified signatures."
msgid ""
"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
"qualified signatures."
msgstr "|P|請輸入金鑰的 PIN 重設碼 (PUK) 以建立完善的簽章."
#, c-format
@ -5239,7 +5313,8 @@ msgstr "卡片不支援 %s 摘要演算法\n"
msgid "signatures created so far: %lu\n"
msgstr "目前建立的簽章: %lu\n"
msgid "verification of Admin PIN is currently prohibited through this command\n"
msgid ""
"verification of Admin PIN is currently prohibited through this command\n"
msgstr "目前在此指令中的管理者 PIN 驗證被禁止了\n"
#, c-format
@ -5531,7 +5606,8 @@ msgstr "[錯誤 - 無效的 DN]"
#, c-format
msgid ""
"Please enter the passphrase to unlock the secret key for the X.509 certificate:\n"
"Please enter the passphrase to unlock the secret key for the X.509 "
"certificate:\n"
"\"%s\"\n"
"S/N %s, ID 0x%08lX,\n"
"created %s, expires %s.\n"
@ -5602,7 +5678,9 @@ msgstr "第 %d 列: 以金鑰鑰柄 `%s' 取得金鑰時出錯: %s\n"
msgid "line %d: key generation failed: %s <%s>\n"
msgstr "第 %d 列: 金鑰產生失敗: %s <%s>\n"
msgid "To complete this certificate request please enter the passphrase for the key you just created once more.\n"
msgid ""
"To complete this certificate request please enter the passphrase for the key "
"you just created once more.\n"
msgstr "如欲完成此憑證請求, 請再輸入一次你剛才建立的金鑰密語.\n"
#, c-format
@ -5947,7 +6025,8 @@ msgstr "無效的國家代碼於 `%s', 第 %d 列\n"
msgid ""
"You are about to create a signature using your certificate:\n"
"\"%s\"\n"
"This will create a qualified signature by law equated to a handwritten signature.\n"
"This will create a qualified signature by law equated to a handwritten "
"signature.\n"
"\n"
"%s%sAre you really sure that you want to do this?"
msgstr ""
@ -5957,7 +6036,9 @@ msgstr ""
"\n"
"%s%s請問你是否真的確定要這樣做了?"
msgid "Note, that this software is not officially approved to create or verify such signatures.\n"
msgid ""
"Note, that this software is not officially approved to create or verify such "
"signatures.\n"
msgstr "請注意, 本軟體並未正式被認可來建立或驗證這樣的簽章.\n"
#, c-format
@ -5992,7 +6073,8 @@ msgstr "[ 未給定日期 ]"
msgid " using certificate ID 0x%08lX\n"
msgstr " 以憑證 ID 0x%08lX\n"
msgid "invalid signature: message digest attribute does not match computed one\n"
msgid ""
"invalid signature: message digest attribute does not match computed one\n"
msgstr "無效的簽章: 訊息摘要屬性與計算而得的不吻合\n"
msgid "Good signature from"
@ -6261,10 +6343,12 @@ msgid "Usage: symcryptrun [options] (-h for help)"
msgstr "用法: symcryptrun [選項] (或用 -h 求助)"
msgid ""
"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE [options...] COMMAND [inputfile]\n"
"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
"[options...] COMMAND [inputfile]\n"
"Call a simple symmetric encryption tool\n"
msgstr ""
"語法: symcryptrun --class 型別 --program 程式 --keyfile 金鑰檔案 [選項...] 指令 [輸入檔案]\n"
"語法: symcryptrun --class 型別 --program 程式 --keyfile 金鑰檔案 [選項...] 指"
"令 [輸入檔案]\n"
"叫用單純對稱式加密工具\n"
#, c-format