mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-03 22:56:33 +02:00
Merge branch 'STABLE-BRANCH-2-2'
This commit is contained in:
Werner Koch
commit
20539ea5ca
30 changed files with 654 additions and 336 deletions
|
|
@ -6,6 +6,7 @@ default-new-key-algo rsa3072/cert,sign+rsa3072/encr
|
|||
|
||||
[gpgsm]
|
||||
enable-crl-checks
|
||||
compliance de-vs
|
||||
|
||||
[gpg-agent]
|
||||
enable-extended-key-format
|
||||
|
|
|
|||
13
doc/gpg.texi
13
doc/gpg.texi
|
|
@ -3829,6 +3829,19 @@ If you are going to verify detached signatures, make sure that the
|
|||
program knows about it; either give both filenames on the command line
|
||||
or use @samp{-} to specify STDIN.
|
||||
|
||||
For scripted or other unattended use of @command{gpg} make sure to use
|
||||
the machine-parseable interface and not the default interface which is
|
||||
intended for direct use by humans. The machine-parseable interface
|
||||
provides a stable and well documented API independent of the locale or
|
||||
future changes of @command{gpg}. To enable this interface use the
|
||||
options @option{--with-colons} and @option{--status-fd}. For certain
|
||||
operations the option @option{--command-fd} may come handy too. See
|
||||
this man page and the file @file{DETAILS} for the specification of the
|
||||
interface. Note that the GnuPG ``info'' pages as well as the PDF
|
||||
version of the GnuPG manual features a chapter on unattended use of
|
||||
GnuPG. As an alternative the library @command{GPGME} can be used as a
|
||||
high-level abstraction on top of that interface.
|
||||
|
||||
@mansect interoperability
|
||||
@chapheading INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS
|
||||
|
||||
|
|
|
|||
|
|
@ -257,10 +257,10 @@ fingerprints or keygrips.
|
|||
@item --export-secret-key-p12 @var{key-id}
|
||||
@opindex export-secret-key-p12
|
||||
Export the private key and the certificate identified by @var{key-id} in
|
||||
a PKCS#12 format. When used with the @code{--armor} option a few
|
||||
using the PKCS#12 format. When used with the @code{--armor} option a few
|
||||
informational lines are prepended to the output. Note, that the PKCS#12
|
||||
format is not very secure and this command is only provided if there is
|
||||
no other way to exchange the private key. (@xref{option --p12-charset}.)
|
||||
format is not very secure and proper transport security should be used
|
||||
to convey the exported key. (@xref{option --p12-charset}.)
|
||||
|
||||
@item --export-secret-key-p8 @var{key-id}
|
||||
@itemx --export-secret-key-raw @var{key-id}
|
||||
|
|
|
|||
26
doc/wks.texi
26
doc/wks.texi
|
|
@ -181,6 +181,7 @@ Display a brief help page and exit.
|
|||
.RI [ options ]
|
||||
.B \-\-install-key
|
||||
.I file
|
||||
.I user-id
|
||||
.br
|
||||
.B gpg-wks-server
|
||||
.RI [ options ]
|
||||
|
|
@ -221,14 +222,19 @@ the process returns failure; to suppress the diagnostic, use option
|
|||
@option{-q}. More than one user-id can be given; see also option
|
||||
@option{with-file}.
|
||||
|
||||
The command @option{--install-key} manually installs a key into the
|
||||
WKD. The arguments are a file with the keyblock and the user-id to
|
||||
install. If the first argument resembles a fingerprint the key is
|
||||
taken from the current keyring; to force the use of a file, prefix the
|
||||
first argument with "./".
|
||||
|
||||
The command @option{--remove-key} uninstalls a key from the WKD. The
|
||||
process return success in this case; to also print a diagnostic, use
|
||||
option @option{-v}. If the key is not installed a diagnostics is
|
||||
process returns success in this case; to also print a diagnostic, use
|
||||
option @option{-v}. If the key is not installed a diagnostic is
|
||||
printed and the process returns failure; to suppress the diagnostic,
|
||||
use option @option{-q}.
|
||||
|
||||
The commands @option{--install-key} and @option{--revoke-key} are not
|
||||
yet functional.
|
||||
The command @option{--revoke-key} is not yet functional.
|
||||
|
||||
|
||||
@mansect options
|
||||
|
|
@ -326,7 +332,7 @@ the submission address:
|
|||
|
||||
@example
|
||||
$ gpg --batch --passphrase '' --quick-gen-key key-submission@@example.net
|
||||
$ gpg --with-wkd-hash -K key-submission@@example.net
|
||||
$ gpg -K key-submission@@example.net
|
||||
@end example
|
||||
|
||||
The output of the last command looks similar to this:
|
||||
|
|
@ -339,17 +345,13 @@ The output of the last command looks similar to this:
|
|||
ssb rsa3072 2016-08-30 [E]
|
||||
@end example
|
||||
|
||||
Take the hash of the string "key-submission", which is
|
||||
"bxzcxpxk8h87z1k7bzk86xn5aj47intu" and manually publish that key:
|
||||
Take the fingerprint from that output and manually publish the key:
|
||||
|
||||
@example
|
||||
$ gpg --export-options export-minimal --export \
|
||||
> -o /var/lib/gnupg/wks/example.net/hu/bxzcxpxk8h87z1k7bzk86xn5aj47intu \
|
||||
> key-submission@@example.new
|
||||
$ gpg-wks-server --install-key C0FCF8642D830C53246211400346653590B3795B \
|
||||
> key-submission@@example.net
|
||||
@end example
|
||||
|
||||
Make sure that the created file is world readable.
|
||||
|
||||
Finally that submission address needs to be redirected to a script
|
||||
running @command{gpg-wks-server}. The @command{procmail} command can
|
||||
be used for this: Redirect the submission address to the user "webkey"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue