mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-24 15:17:02 +01:00
About to release 1.4.3
This commit is contained in:
parent
4afa4eb10e
commit
256f67675f
@ -1,3 +1,7 @@
|
|||||||
|
2006-04-03 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
Released 1.4.3.
|
||||||
|
|
||||||
2006-03-30 David Shaw <dshaw@jabberwocky.com>
|
2006-03-30 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* README: Some more notes about building fat binaries.
|
* README: Some more notes about building fat binaries.
|
||||||
|
2
NEWS
2
NEWS
@ -1,4 +1,4 @@
|
|||||||
Noteworthy changes in version 1.4.3
|
Noteworthy changes in version 1.4.3 (2006-04-03)
|
||||||
------------------------------------------------
|
------------------------------------------------
|
||||||
|
|
||||||
* If available, cURL-based keyserver helpers are built that can
|
* If available, cURL-based keyserver helpers are built that can
|
||||||
|
1
THANKS
1
THANKS
@ -31,6 +31,7 @@ Christian Kurz shorty@debian.org
|
|||||||
Christian von Roques roques@pond.sub.org
|
Christian von Roques roques@pond.sub.org
|
||||||
Christopher Oliver oliver@fritz.traverse.net
|
Christopher Oliver oliver@fritz.traverse.net
|
||||||
Christian Recktenwald chris@citecs.de
|
Christian Recktenwald chris@citecs.de
|
||||||
|
Daiki Ueno ueno@unixuser.org
|
||||||
Dan Winship danw@helixcode.com
|
Dan Winship danw@helixcode.com
|
||||||
Daniel Eisenbud eisenbud@cs.swarthmore.edu
|
Daniel Eisenbud eisenbud@cs.swarthmore.edu
|
||||||
Daniel Koening dan@chaosdorf.de
|
Daniel Koening dan@chaosdorf.de
|
||||||
|
@ -26,7 +26,7 @@ min_automake_version="1.9.3"
|
|||||||
|
|
||||||
# Remember to change the version number immediately *after* a release
|
# Remember to change the version number immediately *after* a release
|
||||||
# and remove the "-cvs" or "rc" suffix immediately *before* a release.
|
# and remove the "-cvs" or "rc" suffix immediately *before* a release.
|
||||||
AC_INIT(gnupg, 1.4.3-cvs, bug-gnupg@gnu.org)
|
AC_INIT(gnupg, 1.4.3, bug-gnupg@gnu.org)
|
||||||
# Set development_version to yes if the minor number is odd or you
|
# Set development_version to yes if the minor number is odd or you
|
||||||
# feel that the default check for a development version is not
|
# feel that the default check for a development version is not
|
||||||
# sufficient.
|
# sufficient.
|
||||||
|
@ -422,6 +422,11 @@ more arguments in future versions.
|
|||||||
END_ENCRYPTION
|
END_ENCRYPTION
|
||||||
Mark the start and end of the actual encryption process.
|
Mark the start and end of the actual encryption process.
|
||||||
|
|
||||||
|
BEGIN_SIGNING
|
||||||
|
Mark the start of the actual signing process. This may be used
|
||||||
|
as an indication that all requested secret keys are ready for
|
||||||
|
use.
|
||||||
|
|
||||||
DELETE_PROBLEM reason_code
|
DELETE_PROBLEM reason_code
|
||||||
Deleting a key failed. Reason codes are:
|
Deleting a key failed. Reason codes are:
|
||||||
1 - No such key
|
1 - No such key
|
||||||
|
@ -1817,10 +1817,10 @@ $GNUPGHOME.
|
|||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>--pcsc-driver &ParmFile;</term>
|
<term>--pcsc-driver &ParmFile;</term>
|
||||||
<listitem><para>
|
<listitem><para>
|
||||||
Use &ParmFile; to access the smartcard reader. The current default
|
Use &ParmFile; to access the smartcard reader. The current default is
|
||||||
is `libpcsclite.so'. Instead of using this option you might also
|
`libpcsclite.so.1' for GLIBC based systems,
|
||||||
want to install a symbolic link to the default file name
|
`/System/Library/Frameworks/PCSC.framework/PCSC' for MAC OS X,
|
||||||
(e.g. from `libpcsclite.so.1').
|
`winscard.dll' for Windows and `libpcsclite.so' for other systems.
|
||||||
</para></listitem></varlistentry>
|
</para></listitem></varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
289
doc/gpg.texi
289
doc/gpg.texi
@ -43,27 +43,27 @@ a file containing keys is listed).
|
|||||||
|
|
||||||
@table @asis
|
@table @asis
|
||||||
|
|
||||||
@item -s, --sign
|
@item -s, --sign
|
||||||
Make a signature. This command may be combined with --encrypt (for a
|
Make a signature. This command may be combined with --encrypt (for a
|
||||||
signed and encrypted message), --symmetric (for a signed and
|
signed and encrypted message), --symmetric (for a signed and
|
||||||
symmetrically encrypted message), or --encrypt and --symmetric
|
symmetrically encrypted message), or --encrypt and --symmetric
|
||||||
together (for a signed message that may be decrypted via a secret key
|
together (for a signed message that may be decrypted via a secret key
|
||||||
or a passphrase).
|
or a passphrase).
|
||||||
|
|
||||||
@item --clearsign
|
@item --clearsign
|
||||||
Make a clear text signature.
|
Make a clear text signature.
|
||||||
|
|
||||||
@item -b, --detach-sign
|
@item -b, --detach-sign
|
||||||
Make a detached signature.
|
Make a detached signature.
|
||||||
|
|
||||||
@item -e, --encrypt
|
@item -e, --encrypt
|
||||||
Encrypt data. This option may be combined with --sign (for a signed
|
Encrypt data. This option may be combined with --sign (for a signed
|
||||||
and encrypted message), --symmetric (for a message that may be
|
and encrypted message), --symmetric (for a message that may be
|
||||||
decrypted via a secret key or a passphrase), or --sign and --symmetric
|
decrypted via a secret key or a passphrase), or --sign and --symmetric
|
||||||
together (for a signed message that may be decrypted via a secret key
|
together (for a signed message that may be decrypted via a secret key
|
||||||
or a passphrase).
|
or a passphrase).
|
||||||
|
|
||||||
@item -c, --symmetric
|
@item -c, --symmetric
|
||||||
Encrypt with a symmetric cipher using a passphrase. The default
|
Encrypt with a symmetric cipher using a passphrase. The default
|
||||||
symmetric cipher used is CAST5, but may be chosen with the
|
symmetric cipher used is CAST5, but may be chosen with the
|
||||||
--cipher-algo option. This option may be combined with --sign (for a
|
--cipher-algo option. This option may be combined with --sign (for a
|
||||||
@ -72,10 +72,10 @@ that may be decrypted via a secret key or a passphrase), or --sign and
|
|||||||
--encrypt together (for a signed message that may be decrypted via a
|
--encrypt together (for a signed message that may be decrypted via a
|
||||||
secret key or a passphrase).
|
secret key or a passphrase).
|
||||||
|
|
||||||
@item --store
|
@item --store
|
||||||
Store only (make a simple RFC1991 packet).
|
Store only (make a simple RFC1991 packet).
|
||||||
|
|
||||||
@item --decrypt
|
@item -d, --decrypt
|
||||||
Decrypt @code{file} (or stdin if no file is specified) and
|
Decrypt @code{file} (or stdin if no file is specified) and
|
||||||
write it to stdout (or the file specified with
|
write it to stdout (or the file specified with
|
||||||
--output). If the decrypted file is signed, the
|
--output). If the decrypted file is signed, the
|
||||||
@ -317,9 +317,10 @@ preferences, without including any implied preferences.
|
|||||||
|
|
||||||
@item showpref
|
@item showpref
|
||||||
More verbose preferences listing for the selected user ID. This shows
|
More verbose preferences listing for the selected user ID. This shows
|
||||||
the preferences in effect by including the implied preferences of
|
the preferences in effect by including the implied preferences of 3DES
|
||||||
3DES (cipher), SHA-1 (digest), and Uncompressed (compression) if they
|
(cipher), SHA-1 (digest), and Uncompressed (compression) if they are
|
||||||
are not already included in the preference list.
|
not already included in the preference list. In addition, the
|
||||||
|
preferred keyserver and signature notations (if any) are shown.
|
||||||
|
|
||||||
@item setpref @code{string}
|
@item setpref @code{string}
|
||||||
Set the list of user ID preferences to @code{string} for all (or just
|
Set the list of user ID preferences to @code{string} for all (or just
|
||||||
@ -335,33 +336,37 @@ used by GnuPG.
|
|||||||
@item keyserver
|
@item keyserver
|
||||||
Set a preferred keyserver for the specified user ID(s). This allows
|
Set a preferred keyserver for the specified user ID(s). This allows
|
||||||
other users to know where you prefer they get your key from. See
|
other users to know where you prefer they get your key from. See
|
||||||
--keyserver-option honor-keyserver-url for more on how this works.
|
--keyserver-options honor-keyserver-url for more on how this works.
|
||||||
Note that some versions of PGP interpret the presence of a keyserver
|
Setting a value of "none" removes an existing preferred keyserver.
|
||||||
URL as an instruction to enable PGP/MIME mail encoding. Setting a
|
|
||||||
value of "none" removes a existing preferred keyserver.
|
@item notation
|
||||||
|
Set a name=value notation for the specified user ID(s). See
|
||||||
|
--cert-notation for more on how this works. Setting a value of "none"
|
||||||
|
removes all notations, setting a notation prefixed with a minus sign
|
||||||
|
(-) removes that notation, and setting a notation name (without the
|
||||||
|
=value) prefixed with a minus sign removes all notations with that
|
||||||
|
name.
|
||||||
|
|
||||||
@item toggle
|
@item toggle
|
||||||
Toggle between public and secret key listing.
|
Toggle between public and secret key listing.
|
||||||
|
|
||||||
@item clean
|
@item clean
|
||||||
Cleans keys by removing unusable pieces. This command can be used to
|
|
||||||
keep keys neat and clean, and it has no effect aside from that.
|
|
||||||
|
|
||||||
@table @asis
|
|
||||||
|
|
||||||
@item sigs
|
|
||||||
Remove any signatures that are not usable by the trust calculations.
|
|
||||||
For example, this removes any signature that does not validate. It
|
|
||||||
also removes any signature that is superceded by a later signature, or
|
|
||||||
signatures that were revoked.
|
|
||||||
|
|
||||||
@item uids
|
|
||||||
Compact (by removing all signatures except the selfsig) any user ID
|
Compact (by removing all signatures except the selfsig) any user ID
|
||||||
that is no longer usable (e.g. revoked, or expired).
|
that is no longer usable (e.g. revoked, or expired). Then, remove any
|
||||||
@end table
|
signatures that are not usable by the trust calculations.
|
||||||
|
Specifically, this removes any signature that does not validate, any
|
||||||
|
signature that is superceded by a later signature, revoked signatures,
|
||||||
|
and signatures issued by keys that are not present on the keyring.
|
||||||
|
|
||||||
@noindent
|
@item minimize
|
||||||
If invoked with no arguments, both `sigs' and `uids' are cleaned.
|
Make the key as small as possible. This removes all signatures from
|
||||||
|
each user ID except for the most recent self-signature.
|
||||||
|
|
||||||
|
@item cross-certify
|
||||||
|
Add cross-certification signatures to signing subkeys that may not
|
||||||
|
currently have them. Cross-certification signatures protect against a
|
||||||
|
subtle attack against signing subkeys. See
|
||||||
|
--require-cross-certification.
|
||||||
|
|
||||||
@item save
|
@item save
|
||||||
Save all changes to the key rings and quit.
|
Save all changes to the key rings and quit.
|
||||||
@ -480,7 +485,7 @@ Import/merge keys. This adds the given keys to the
|
|||||||
keyring. The fast version is currently just a synonym.
|
keyring. The fast version is currently just a synonym.
|
||||||
|
|
||||||
There are a few other options which control how this command works.
|
There are a few other options which control how this command works.
|
||||||
Most notable here is the --keyserver-option merge-only option which
|
Most notable here is the --keyserver-options merge-only option which
|
||||||
does not insert new keys but does only the merging of new signatures,
|
does not insert new keys but does only the merging of new signatures,
|
||||||
user-IDs and subkeys.
|
user-IDs and subkeys.
|
||||||
|
|
||||||
@ -494,9 +499,9 @@ local keyring. This is useful for updating a key with the latest
|
|||||||
signatures, user IDs, etc. Calling this with no arguments will
|
signatures, user IDs, etc. Calling this with no arguments will
|
||||||
refresh the entire keyring. Option --keyserver must be used to give
|
refresh the entire keyring. Option --keyserver must be used to give
|
||||||
the name of the keyserver for all keys that do not have preferred
|
the name of the keyserver for all keys that do not have preferred
|
||||||
keyservers set (see --keyserver-option honor-keyserver-url).
|
keyservers set (see --keyserver-options honor-keyserver-url).
|
||||||
|
|
||||||
@item --search-keys
|
@item --search-keys @code{names}
|
||||||
Search the keyserver for the given names. Multiple names given here
|
Search the keyserver for the given names. Multiple names given here
|
||||||
will be joined together to create the search string for the keyserver.
|
will be joined together to create the search string for the keyserver.
|
||||||
Option --keyserver must be used to give the name of this keyserver.
|
Option --keyserver must be used to give the name of this keyserver.
|
||||||
@ -505,6 +510,11 @@ syntax specified in "How to specify a user ID" below. Note that
|
|||||||
different keyserver types support different search methods. Currently
|
different keyserver types support different search methods. Currently
|
||||||
only LDAP supports them all.
|
only LDAP supports them all.
|
||||||
|
|
||||||
|
@item --fetch-keys @code{URIs}
|
||||||
|
Retrieve keys located at the specified URIs. Note that different
|
||||||
|
installations of GnuPG may support different protocols (HTTP, FTP,
|
||||||
|
LDAP, etc.)
|
||||||
|
|
||||||
@item --update-trustdb
|
@item --update-trustdb
|
||||||
Do trust database maintenance. This command iterates over all keys
|
Do trust database maintenance. This command iterates over all keys
|
||||||
and builds the Web of Trust. This is an interactive command because it
|
and builds the Web of Trust. This is an interactive command because it
|
||||||
@ -775,14 +785,15 @@ don't want to keep your secret keys (or one of them)
|
|||||||
online but still want to be able to check the validity of a given
|
online but still want to be able to check the validity of a given
|
||||||
recipient's or signator's key.
|
recipient's or signator's key.
|
||||||
|
|
||||||
@item --trust-model @code{pgp|classic|always}
|
@item --trust-model @code{pgp|classic|direct|always|auto}
|
||||||
Set what trust model GnuPG should follow. The models are:
|
Set what trust model GnuPG should follow. The models are:
|
||||||
|
|
||||||
@table @asis
|
@table @asis
|
||||||
|
|
||||||
@item pgp
|
@item pgp
|
||||||
This is the Web of Trust combined with trust signatures as used in PGP
|
This is the Web of Trust combined with trust signatures as used in PGP
|
||||||
5.x and later. This is the default trust model.
|
5.x and later. This is the default trust model when creating a new
|
||||||
|
trust database.
|
||||||
|
|
||||||
@item classic
|
@item classic
|
||||||
This is the standard Web of Trust as used in PGP 2.x and earlier.
|
This is the standard Web of Trust as used in PGP 2.x and earlier.
|
||||||
@ -793,38 +804,76 @@ Web of Trust.
|
|||||||
|
|
||||||
@item always
|
@item always
|
||||||
Skip key validation and assume that used keys are always fully
|
Skip key validation and assume that used keys are always fully
|
||||||
trusted. You won't use this unless you have installed some external
|
trusted. You generally won't use this unless you are using some
|
||||||
validation scheme. This option also suppresses the "[uncertain]" tag
|
external validation scheme. This option also suppresses the
|
||||||
printed with signature checks when there is no evidence that the user
|
"[uncertain]" tag printed with signature checks when there is no
|
||||||
ID is bound to the key.
|
evidence that the user ID is bound to the key.
|
||||||
|
|
||||||
|
@item auto
|
||||||
|
Select the trust model depending on whatever the internal trust
|
||||||
|
database says. This is the default model if such a database already
|
||||||
|
exists.
|
||||||
@end table
|
@end table
|
||||||
|
|
||||||
@item --always-trust
|
@item --always-trust
|
||||||
Identical to `--trust-model always'. This option is deprecated.
|
Identical to `--trust-model always'. This option is deprecated.
|
||||||
|
|
||||||
|
@item --auto-key-locate @code{parameters}
|
||||||
|
@itemx --no-auto-key-locate
|
||||||
|
GnuPG can automatically locate and retrieve keys as needed using this
|
||||||
|
option. This happens when encrypting to an email address (in the
|
||||||
|
"user@@example.com" form), and there are no user@@example.com keys on
|
||||||
|
the local keyring. This option takes any number of the following
|
||||||
|
arguments, in the order they are to be tried:
|
||||||
|
|
||||||
|
@table @asis
|
||||||
|
|
||||||
|
@item cert
|
||||||
|
locate a key using DNS CERT, as specified in 2538bis (currently in
|
||||||
|
draft): http://www.josefsson.org/rfc2538bis/
|
||||||
|
|
||||||
|
@item pka
|
||||||
|
locate a key using DNS PKA.
|
||||||
|
|
||||||
|
@item ldap
|
||||||
|
locate a key using the PGP Universal method of checking
|
||||||
|
"ldap://keys.(thedomain)".
|
||||||
|
|
||||||
|
@item keyserver
|
||||||
|
locate a key using whatever keyserver is defined using the --keyserver
|
||||||
|
option.
|
||||||
|
|
||||||
|
@item (keyserver URL)
|
||||||
|
In addition, a keyserver URL as used in the --keyserver option may be
|
||||||
|
used here to query that particular keyserver.
|
||||||
|
@end table
|
||||||
|
|
||||||
@item --keyid-format @code{short|0xshort|long|0xlong}
|
@item --keyid-format @code{short|0xshort|long|0xlong}
|
||||||
Select how to display key IDs. "short" is the traditional 8-character
|
Select how to display key IDs. "short" is the traditional 8-character
|
||||||
key ID. "long" is the more accurate (but less convenient)
|
key ID. "long" is the more accurate (but less convenient)
|
||||||
16-character key ID. Add an "0x" to either to include an "0x" at the
|
16-character key ID. Add an "0x" to either to include an "0x" at the
|
||||||
beginning of the key ID, as in 0x99242560.
|
beginning of the key ID, as in 0x99242560.
|
||||||
|
|
||||||
@item --keyserver @code{name}
|
@item --keyserver @code{name}
|
||||||
Use @code{name} as your keyserver. This is the server that
|
Use @code{name} as your keyserver. This is the server that
|
||||||
--recv-keys, --send-keys, and --search-keys will communicate with to
|
--recv-keys, --send-keys, and --search-keys will communicate with to
|
||||||
receive keys from, send keys to, and search for keys on. The format
|
receive keys from, send keys to, and search for keys on. The format
|
||||||
of the @code{name} is a URI: `scheme:[//]keyservername[:port]' The
|
of the @code{name} is a URI: `scheme:[//]keyservername[:port]' The
|
||||||
scheme is the type of keyserver: "hkp" for the HTTP (or compatible)
|
scheme is the type of keyserver: "hkp" for the HTTP (or compatible)
|
||||||
keyservers, "ldap" for the NAI LDAP keyserver, or "mailto" for the
|
keyservers, "ldap" for the LDAP keyservers, or "mailto" for the Graff
|
||||||
Graff email keyserver. Note that your particular installation of
|
email keyserver. Note that your particular installation of GnuPG may
|
||||||
GnuPG may have other keyserver types available as well. Keyserver
|
have other keyserver types available as well. Keyserver schemes are
|
||||||
schemes are case-insensitive.
|
case-insensitive. After the keyserver name, optional keyserver
|
||||||
|
configuration options may be provided. These are the same as the
|
||||||
|
global --keyserver-options from below, but apply only to this
|
||||||
|
particular keyserver.
|
||||||
|
|
||||||
Most keyservers synchronize with each other, so there is generally no
|
Most keyservers synchronize with each other, so there is generally no
|
||||||
need to send keys to more than one server. The keyserver
|
need to send keys to more than one server. The keyserver
|
||||||
"hkp://subkeys.pgp.net" uses round robin DNS to give a different
|
"hkp://subkeys.pgp.net" uses round robin DNS to give a different
|
||||||
keyserver each time you use it.
|
keyserver each time you use it.
|
||||||
|
|
||||||
@item --keyserver-options @code{parameters}
|
@item --keyserver-options @code{name=value1 }
|
||||||
This is a space or comma delimited string that gives options for the
|
This is a space or comma delimited string that gives options for the
|
||||||
keyserver. Options can be prepended with a `no-' to give the opposite
|
keyserver. Options can be prepended with a `no-' to give the opposite
|
||||||
meaning. Valid import-options or export-options may be used here as
|
meaning. Valid import-options or export-options may be used here as
|
||||||
@ -841,17 +890,35 @@ differentiate between revoked and unrevoked keys, and for such
|
|||||||
keyservers this option is meaningless. Note also that most keyservers
|
keyservers this option is meaningless. Note also that most keyservers
|
||||||
do not have cryptographic verification of key revocations, and so
|
do not have cryptographic verification of key revocations, and so
|
||||||
turning this option off may result in skipping keys that are
|
turning this option off may result in skipping keys that are
|
||||||
incorrectly marked as revoked. Defaults to on.
|
incorrectly marked as revoked.
|
||||||
|
|
||||||
@item include-disabled
|
@item include-disabled
|
||||||
When searching for a key with --search-keys, include keys that are
|
When searching for a key with --search-keys, include keys that are
|
||||||
marked on the keyserver as disabled. Note that this option is not
|
marked on the keyserver as disabled. Note that this option is not
|
||||||
used with HKP keyservers.
|
used with HKP keyservers.
|
||||||
|
|
||||||
|
@item auto-key-retrieve
|
||||||
|
This option enables the automatic retrieving of keys from a keyserver
|
||||||
|
when verifying signatures made by keys that are not on the local
|
||||||
|
keyring.
|
||||||
|
|
||||||
|
Note that this option makes a "web bug" like behavior possible.
|
||||||
|
Keyserver operators can see which keys you request, so by sending you
|
||||||
|
a message signed by a brand new key (which you naturally will not have
|
||||||
|
on your local keyring), the operator can tell both your IP address and
|
||||||
|
the time when you verified the signature.
|
||||||
|
|
||||||
@item honor-keyserver-url
|
@item honor-keyserver-url
|
||||||
When using --refresh-keys, if the key in question has a preferred
|
When using --refresh-keys, if the key in question has a preferred
|
||||||
keyserver set, then use that preferred keyserver to refresh the key
|
keyserver URL, then use that preferred keyserver to refresh the key
|
||||||
from. Defaults to yes.
|
from. In addition, if auto-key-retrieve is set, and the signature
|
||||||
|
being verified has a preferred keyserver URL, then use that preferred
|
||||||
|
keyserver to fetch the key from. Defaults to yes.
|
||||||
|
|
||||||
|
@item honor-pka-record
|
||||||
|
If auto-key-retrieve is set, and the signature being verified has a
|
||||||
|
PKA record, then use the PKA information to fetch the key. Defaults
|
||||||
|
to yes.
|
||||||
|
|
||||||
@item include-subkeys
|
@item include-subkeys
|
||||||
When receiving a key, include subkeys as potential targets. Note that
|
When receiving a key, include subkeys as potential targets. Note that
|
||||||
@ -885,19 +952,12 @@ timeout applies separately to each key retrieval, and not to the
|
|||||||
For HTTP-like keyserver schemes that (such as HKP and HTTP itself),
|
For HTTP-like keyserver schemes that (such as HKP and HTTP itself),
|
||||||
try to access the keyserver over a proxy. If a @code{value} is
|
try to access the keyserver over a proxy. If a @code{value} is
|
||||||
specified, use this as the HTTP proxy. If no @code{value} is
|
specified, use this as the HTTP proxy. If no @code{value} is
|
||||||
specified, try to use the value of the environment variable
|
specified, the value of the environment variable "http_proxy", if any,
|
||||||
"http_proxy".
|
will be used.
|
||||||
|
|
||||||
@item auto-key-retrieve
|
@item max-cert-size
|
||||||
This option enables the automatic retrieving of keys from a keyserver
|
When retrieving a key via DNS CERT, only accept keys up to this size.
|
||||||
when verifying signatures made by keys that are not on the local
|
Defaults to 16384 bytes.
|
||||||
keyring.
|
|
||||||
|
|
||||||
Note that this option makes a "web bug" like behavior possible.
|
|
||||||
Keyserver operators can see which keys you request, so by sending you
|
|
||||||
a message signed by a brand new key (which you naturally will not have
|
|
||||||
on your local keyring), the operator can tell both your IP address and
|
|
||||||
the time when you verified the signature.
|
|
||||||
@end table
|
@end table
|
||||||
|
|
||||||
@item --import-options @code{parameters}
|
@item --import-options @code{parameters}
|
||||||
@ -924,18 +984,19 @@ yes for keyserver --recv-keys.
|
|||||||
During import, allow key updates to existing keys, but do not allow
|
During import, allow key updates to existing keys, but do not allow
|
||||||
any new keys to be imported. Defaults to no.
|
any new keys to be imported. Defaults to no.
|
||||||
|
|
||||||
@item import-clean-sigs
|
|
||||||
After import, remove any signatures from the new key that are not
|
|
||||||
usable. This is the same as running the --edit-key command "clean
|
|
||||||
sigs" after import. Defaults to no.
|
|
||||||
|
|
||||||
@item import-clean-uids
|
|
||||||
After import, compact (remove all signatures from) any user IDs from
|
|
||||||
the new key that are not usable. This is the same as running the
|
|
||||||
--edit-key command "clean uids" after import. Defaults to no.
|
|
||||||
|
|
||||||
@item import-clean
|
@item import-clean
|
||||||
Identical to "import-clean-sigs import-clean-uids".
|
After import, compact (remove all signatures except the
|
||||||
|
self-signature) any user IDs from the new key that are not usable.
|
||||||
|
Then, remove any signatures from the new key that are not usable.
|
||||||
|
This includes signatures that were issued by keys that are not present
|
||||||
|
on the keyring. This option is the same as running the --edit-key
|
||||||
|
command "clean" after import. Defaults to no.
|
||||||
|
|
||||||
|
@item import-minimal
|
||||||
|
Import the smallest key possible. This removes all signatures except
|
||||||
|
the most recent self-signature on each user ID. This option is the
|
||||||
|
same as running the --edit-key command "minimize" after import.
|
||||||
|
Defaults to no.
|
||||||
@end table
|
@end table
|
||||||
|
|
||||||
@item --export-options @code{parameters}
|
@item --export-options @code{parameters}
|
||||||
@ -959,25 +1020,26 @@ program that does not accept attribute user IDs. Defaults to yes.
|
|||||||
Include designated revoker information that was marked as
|
Include designated revoker information that was marked as
|
||||||
"sensitive". Defaults to no.
|
"sensitive". Defaults to no.
|
||||||
|
|
||||||
@item export-minimal
|
|
||||||
Export the smallest key possible. Currently this is done by leaving
|
|
||||||
out any signatures that are not self-signatures. Defaults to no.
|
|
||||||
|
|
||||||
@item export-clean-sigs
|
|
||||||
Do not export any signatures that are not usable. This is the same as
|
|
||||||
running the --edit-key command "clean sigs" before export. Defaults
|
|
||||||
to no.
|
|
||||||
|
|
||||||
@item export-clean-uids
|
|
||||||
Compact (remove all signatures from) user IDs on the key being
|
|
||||||
exported if the user IDs are not usable. This is the same as running
|
|
||||||
the --edit-key command "clean uids" before export. Defaults to no.
|
|
||||||
|
|
||||||
@item export-reset-subkey-passwd
|
@item export-reset-subkey-passwd
|
||||||
When using the "--export-secret-subkeys" command, this option resets
|
When using the "--export-secret-subkeys" command, this option resets
|
||||||
the passphrases for all exported subkeys to empty. This is useful
|
the passphrases for all exported subkeys to empty. This is useful
|
||||||
when the exported subkey is to be used on an unattended machine where
|
when the exported subkey is to be used on an unattended machine where
|
||||||
a passphrase doesn't necessarily make sense. Defaults to no.
|
a passphrase doesn't necessarily make sense. Defaults to no.
|
||||||
|
|
||||||
|
@item export-clean
|
||||||
|
Compact (remove all signatures from) user IDs on the key being
|
||||||
|
exported if the user IDs are not usable. Also, do not export any
|
||||||
|
signatures that are not usable. This includes signatures that were
|
||||||
|
issued by keys that are not present on the keyring. This option is
|
||||||
|
the same as running the --edit-key command "clean" before export
|
||||||
|
except that the local copy of the key is not modified. Defaults to
|
||||||
|
no.
|
||||||
|
|
||||||
|
@item export-minimal
|
||||||
|
Export the smallest key possible. This removes all signatures except
|
||||||
|
the most recent self-signature on each user ID. This option is the
|
||||||
|
same as running the --edit-key command "minimize" before export except
|
||||||
|
that the local copy of the key is not modified. Defaults to no.
|
||||||
@end table
|
@end table
|
||||||
|
|
||||||
@item --list-options @code{parameters}
|
@item --list-options @code{parameters}
|
||||||
@ -1065,6 +1127,17 @@ the signature. Defaults to no.
|
|||||||
@item show-unusable-uids
|
@item show-unusable-uids
|
||||||
Show revoked and expired user IDs during signature verification.
|
Show revoked and expired user IDs during signature verification.
|
||||||
Defaults to no.
|
Defaults to no.
|
||||||
|
|
||||||
|
@item pka-lookups
|
||||||
|
Enable PKA lookups to verify sender addresses. Note that PKA is based
|
||||||
|
on DNS, and so enabling this option may disclose information on when
|
||||||
|
and what signatures are verified or to whom data is encrypted. This
|
||||||
|
is similar to the "web bug" described for the auto-key-retrieve
|
||||||
|
feature.
|
||||||
|
|
||||||
|
@item pka-trust-increase
|
||||||
|
Raise the trust in a signature to full if the signature passes PKA
|
||||||
|
validation. This option is only meaningful if pka-lookups is set.
|
||||||
@end table
|
@end table
|
||||||
|
|
||||||
@item --show-photos
|
@item --show-photos
|
||||||
@ -1135,10 +1208,10 @@ a options file. This also overrides the environment variable
|
|||||||
$GNUPGHOME.
|
$GNUPGHOME.
|
||||||
|
|
||||||
@item --pcsc-driver @code{file}
|
@item --pcsc-driver @code{file}
|
||||||
Use @code{file} to access the smartcard reader. The current default
|
Use @code{file} to access the smartcard reader. The current default is
|
||||||
is `libpcsclite.so'. Instead of using this option you might also
|
`libpcsclite.so.1' for GLIBC based systems,
|
||||||
want to install a symbolic link to the default file name
|
`/System/Library/Frameworks/PCSC.framework/PCSC' for MAC OS X,
|
||||||
(e.g. from `libpcsclite.so.1').
|
`winscard.dll' for Windows and `libpcsclite.so' for other systems.
|
||||||
|
|
||||||
@item --ctapi-driver @code{file}
|
@item --ctapi-driver @code{file}
|
||||||
Use @code{file} to access the smartcard reader. The current default
|
Use @code{file} to access the smartcard reader. The current default
|
||||||
@ -1485,21 +1558,21 @@ signature. Note that all other PGP versions do it this way too.
|
|||||||
Enabled by default. --no-escape-from-lines disables this option.
|
Enabled by default. --no-escape-from-lines disables this option.
|
||||||
|
|
||||||
@item --passphrase-fd @code{n}
|
@item --passphrase-fd @code{n}
|
||||||
Read the passphrase from file descriptor @code{n}. If you use
|
Read the passphrase from file descriptor @code{n}. If you use 0 for
|
||||||
0 for @code{n}, the passphrase will be read from stdin. This
|
@code{n}, the passphrase will be read from stdin. This can only be
|
||||||
can only be used if only one passphrase is supplied.
|
used if only one passphrase is supplied.
|
||||||
Don't use this option if you can avoid it.
|
|
||||||
|
|
||||||
@item --passphrase-file @code{file}
|
@item --passphrase-file @code{file}
|
||||||
Read the passphrase from file @code{file}. This can only be used if
|
Read the passphrase from file @code{file}. This can only be used if
|
||||||
only one passphrase is supplied. Obviously, a passphrase stored in a
|
only one passphrase is supplied. Obviously, a passphrase stored in a
|
||||||
file is of questionable security. Don't use this option if you can
|
file is of questionable security if other users can read this file.
|
||||||
avoid it.
|
Don't use this option if you can avoid it.
|
||||||
|
|
||||||
@item --passphrase @code{string}
|
@item --passphrase @code{string}
|
||||||
Use @code{string} as the passphrase. This can only be used if only one
|
Use @code{string} as the passphrase. This can only be used if only one
|
||||||
passphrase is supplied. Obviously, this is of very questionable
|
passphrase is supplied. Obviously, this is of very questionable
|
||||||
security. Don't use this option if you can avoid it.
|
security on a multi-user system. Don't use this option if you can
|
||||||
|
avoid it.
|
||||||
|
|
||||||
@item --command-fd @code{n}
|
@item --command-fd @code{n}
|
||||||
This is a replacement for the deprecated shared-memory IPC mode.
|
This is a replacement for the deprecated shared-memory IPC mode.
|
||||||
@ -1788,19 +1861,29 @@ of one specific message without compromising all messages ever
|
|||||||
encrypted for one secret key. DON'T USE IT UNLESS YOU ARE REALLY
|
encrypted for one secret key. DON'T USE IT UNLESS YOU ARE REALLY
|
||||||
FORCED TO DO SO.
|
FORCED TO DO SO.
|
||||||
|
|
||||||
@item --override-session-key @code{string}
|
@item --override-session-key @code{string}
|
||||||
Don't use the public key but the session key @code{string}. The format of this
|
Don't use the public key but the session key @code{string}. The format of this
|
||||||
string is the same as the one printed by --show-session-key. This option
|
string is the same as the one printed by --show-session-key. This option
|
||||||
is normally not used but comes handy in case someone forces you to reveal the
|
is normally not used but comes handy in case someone forces you to reveal the
|
||||||
content of an encrypted message; using this option you can do this without
|
content of an encrypted message; using this option you can do this without
|
||||||
handing out the secret key.
|
handing out the secret key.
|
||||||
|
|
||||||
|
@item --require-cross-certification
|
||||||
|
@itemx --no-require-certification
|
||||||
|
When verifying a signature made from a subkey, ensure that the cross
|
||||||
|
certification "back signature" on the subkey is present and valid.
|
||||||
|
This protects against a subtle attack against subkeys that can sign.
|
||||||
|
Currently defaults to --no-require-cross-certification, but will be
|
||||||
|
changed to --require-cross-certification in the future.
|
||||||
|
|
||||||
@item --ask-sig-expire
|
@item --ask-sig-expire
|
||||||
@itemx --no-ask-sig-expire
|
@itemx --no-ask-sig-expire
|
||||||
When making a data signature, prompt for an expiration time. If this
|
When making a data signature, prompt for an expiration time. If this
|
||||||
option is not specified, the expiration time set via
|
option is not specified, the expiration time set via
|
||||||
--default-sig-expire is used. --no-ask-sig-expire disables this
|
--default-sig-expire is used. --no-ask-sig-expire disables this
|
||||||
option.
|
option. Note that by default, --force-v3-sigs is set which also
|
||||||
|
disables this option. If you want signature expiration, you must set
|
||||||
|
--no-force-v3-sigs as well as turning --ask-sig-expire on.
|
||||||
|
|
||||||
@item --default-sig-expire
|
@item --default-sig-expire
|
||||||
The default expiration time to use for signature expiration. Valid
|
The default expiration time to use for signature expiration. Valid
|
||||||
@ -1843,6 +1926,12 @@ behaviour as used by anonymous recipients (created by using
|
|||||||
--throw-keyids) and might come handy in case where an encrypted
|
--throw-keyids) and might come handy in case where an encrypted
|
||||||
message contains a bogus key ID.
|
message contains a bogus key ID.
|
||||||
|
|
||||||
|
@item --allow-multisig-verification
|
||||||
|
Allow verification of concatenated signed messages. This will run a
|
||||||
|
signature verification for each data+signature block. There are some
|
||||||
|
security issues with this option thus it is off by default. Note that
|
||||||
|
versions of gpg rpior to version 1.4.3 implicityly allowed for this.
|
||||||
|
|
||||||
@item --enable-special-filenames
|
@item --enable-special-filenames
|
||||||
This options enables a mode in which filenames of the form
|
This options enables a mode in which filenames of the form
|
||||||
@file{-&n}, where n is a non-negative decimal number,
|
@file{-&n}, where n is a non-negative decimal number,
|
||||||
@ -2017,10 +2106,6 @@ starting the gpg-agent as described in its documentation, this
|
|||||||
variable is set to the correct value. The option --gpg-agent-info can
|
variable is set to the correct value. The option --gpg-agent-info can
|
||||||
be used to override it.
|
be used to override it.
|
||||||
|
|
||||||
@item http_proxy
|
|
||||||
Only honored when the keyserver-option
|
|
||||||
honor-http-proxy is set.
|
|
||||||
|
|
||||||
@item COLUMNS
|
@item COLUMNS
|
||||||
@itemx LINES
|
@itemx LINES
|
||||||
Used to size some displays to the full size of the screen.
|
Used to size some displays to the full size of the screen.
|
||||||
|
@ -1,3 +1,15 @@
|
|||||||
|
2006-04-03 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* import.c (check_prefs_warning): Merged strings for better
|
||||||
|
translation.
|
||||||
|
|
||||||
|
* gpg.c (main) [__GLIBC__]: Default to libpcsclite.so.1.
|
||||||
|
|
||||||
|
* status.h, status.c (STATUS_BEGIN_SIGNING): New. Suggested by
|
||||||
|
Daiki Ueno.
|
||||||
|
* textfilter.c (copy_clearsig_text): Issue new status code.
|
||||||
|
* sign.c (sign_file, sign_symencrypt_file): Ditto.
|
||||||
|
|
||||||
2006-03-31 David Shaw <dshaw@jabberwocky.com>
|
2006-03-31 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* getkey.c (get_pubkey_byname): Fix missing auto_key_retrieve
|
* getkey.c (get_pubkey_byname): Fix missing auto_key_retrieve
|
||||||
@ -17,6 +29,11 @@
|
|||||||
This will need to come out once the standard for DSA2 is firmed
|
This will need to come out once the standard for DSA2 is firmed
|
||||||
up.
|
up.
|
||||||
|
|
||||||
|
2006-03-28 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* openfile.c (overwrite_filep): Fix small cpr issue. Noted by
|
||||||
|
Daiki Ueno.
|
||||||
|
|
||||||
2006-03-22 David Shaw <dshaw@jabberwocky.com>
|
2006-03-22 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* getkey.c (parse_auto_key_locate): Silently strip out duplicates
|
* getkey.c (parse_auto_key_locate): Silently strip out duplicates
|
||||||
|
@ -1726,6 +1726,8 @@ main (int argc, char **argv )
|
|||||||
opt.pcsc_driver = "winscard.dll";
|
opt.pcsc_driver = "winscard.dll";
|
||||||
#elif defined(__APPLE__)
|
#elif defined(__APPLE__)
|
||||||
opt.pcsc_driver = "/System/Library/Frameworks/PCSC.framework/PCSC";
|
opt.pcsc_driver = "/System/Library/Frameworks/PCSC.framework/PCSC";
|
||||||
|
#elif defined(__GLIBC__)
|
||||||
|
opt.pcsc_driver = "libpcsclite.so.1";
|
||||||
#else
|
#else
|
||||||
opt.pcsc_driver = "libpcsclite.so";
|
opt.pcsc_driver = "libpcsclite.so";
|
||||||
#endif
|
#endif
|
||||||
|
@ -563,9 +563,8 @@ print_import_check (PKT_public_key * pk, PKT_user_id * id)
|
|||||||
static void
|
static void
|
||||||
check_prefs_warning(PKT_public_key *pk)
|
check_prefs_warning(PKT_public_key *pk)
|
||||||
{
|
{
|
||||||
log_info(_("WARNING: key %s contains preferences for unavailable\n"),
|
log_info(_("WARNING: key %s contains preferences for unavailable\n"
|
||||||
keystr_from_pk(pk));
|
"algorithms on these user IDs:\n"), keystr_from_pk(pk));
|
||||||
log_info(_("algorithms on these user IDs:\n"));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
@ -84,6 +84,8 @@ overwrite_filep( const char *fname )
|
|||||||
return 0; /* do not overwrite */
|
return 0; /* do not overwrite */
|
||||||
|
|
||||||
tty_printf(_("File `%s' exists. "), fname);
|
tty_printf(_("File `%s' exists. "), fname);
|
||||||
|
if( cpr_enabled () )
|
||||||
|
tty_printf ("\n");
|
||||||
if( cpr_get_answer_is_yes("openfile.overwrite.okay",
|
if( cpr_get_answer_is_yes("openfile.overwrite.okay",
|
||||||
_("Overwrite? (y/N) ")) )
|
_("Overwrite? (y/N) ")) )
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -917,7 +917,9 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
|
|||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* setup the inner packet */
|
write_status (STATUS_BEGIN_SIGNING);
|
||||||
|
|
||||||
|
/* Setup the inner packet. */
|
||||||
if( detached ) {
|
if( detached ) {
|
||||||
if( multifile ) {
|
if( multifile ) {
|
||||||
STRLIST sl;
|
STRLIST sl;
|
||||||
@ -1283,6 +1285,8 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
|
|||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
write_status (STATUS_BEGIN_SIGNING);
|
||||||
|
|
||||||
/* Pipe data through all filters; i.e. write the signed stuff */
|
/* Pipe data through all filters; i.e. write the signed stuff */
|
||||||
/*(current filters: zip - encrypt - armor)*/
|
/*(current filters: zip - encrypt - armor)*/
|
||||||
rc = write_plaintext_packet (out, inp, fname, opt.textmode ? 't':'b');
|
rc = write_plaintext_packet (out, inp, fname, opt.textmode ? 't':'b');
|
||||||
|
@ -165,6 +165,7 @@ get_status_string ( int no )
|
|||||||
case STATUS_BACKUP_KEY_CREATED:s="BACKUP_KEY_CREATED"; break;
|
case STATUS_BACKUP_KEY_CREATED:s="BACKUP_KEY_CREATED"; break;
|
||||||
case STATUS_PKA_TRUST_BAD : s = "PKA_TRUST_BAD"; break;
|
case STATUS_PKA_TRUST_BAD : s = "PKA_TRUST_BAD"; break;
|
||||||
case STATUS_PKA_TRUST_GOOD : s = "PKA_TRUST_GOOD"; break;
|
case STATUS_PKA_TRUST_GOOD : s = "PKA_TRUST_GOOD"; break;
|
||||||
|
case STATUS_BEGIN_SIGNING : s = "BEGIN_SIGNING"; break;
|
||||||
default: s = "?"; break;
|
default: s = "?"; break;
|
||||||
}
|
}
|
||||||
return s;
|
return s;
|
||||||
|
@ -118,6 +118,8 @@
|
|||||||
#define STATUS_PKA_TRUST_BAD 82
|
#define STATUS_PKA_TRUST_BAD 82
|
||||||
#define STATUS_PKA_TRUST_GOOD 83
|
#define STATUS_PKA_TRUST_GOOD 83
|
||||||
|
|
||||||
|
#define STATUS_BEGIN_SIGNING 84
|
||||||
|
|
||||||
|
|
||||||
/*-- status.c --*/
|
/*-- status.c --*/
|
||||||
void set_status_fd ( int fd );
|
void set_status_fd ( int fd );
|
||||||
|
@ -33,6 +33,7 @@
|
|||||||
#include "filter.h"
|
#include "filter.h"
|
||||||
#include "i18n.h"
|
#include "i18n.h"
|
||||||
#include "options.h"
|
#include "options.h"
|
||||||
|
#include "status.h"
|
||||||
|
|
||||||
#ifdef HAVE_DOSISH_SYSTEM
|
#ifdef HAVE_DOSISH_SYSTEM
|
||||||
#define LF "\r\n"
|
#define LF "\r\n"
|
||||||
@ -177,6 +178,8 @@ copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md,
|
|||||||
if( !escape_dash )
|
if( !escape_dash )
|
||||||
escape_from = 0;
|
escape_from = 0;
|
||||||
|
|
||||||
|
write_status (STATUS_BEGIN_SIGNING);
|
||||||
|
|
||||||
for(;;) {
|
for(;;) {
|
||||||
maxlen = MAX_LINELEN;
|
maxlen = MAX_LINELEN;
|
||||||
n = iobuf_read_line( inp, &buffer, &bufsize, &maxlen );
|
n = iobuf_read_line( inp, &buffer, &bufsize, &maxlen );
|
||||||
|
773
po/pt_BR.po
773
po/pt_BR.po
File diff suppressed because it is too large
Load Diff
779
po/zh_CN.po
779
po/zh_CN.po
File diff suppressed because it is too large
Load Diff
779
po/zh_TW.po
779
po/zh_TW.po
File diff suppressed because it is too large
Load Diff
@ -1,3 +1,7 @@
|
|||||||
|
2006-04-03 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* autogen.sh: Unsupport mingw32/cpd.
|
||||||
|
|
||||||
2006-03-09 Werner Koch <wk@g10code.com>
|
2006-03-09 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
* config.sub, config.guess: Updated.
|
* config.sub, config.guess: Updated.
|
||||||
|
@ -63,15 +63,17 @@ if test "$1" = "--build-w32"; then
|
|||||||
echo "We need at least version 0.3 of MingW32/CPD" >&2
|
echo "We need at least version 0.3 of MingW32/CPD" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
crossbindir=`mingw32 --install-dir`/bin
|
echo "MingW32/CPD is no longer supported" >&2
|
||||||
# Old autoconf version required us to setup the environment
|
exit 1
|
||||||
# with the proper tool names.
|
# crossbindir=`mingw32 --install-dir`/bin
|
||||||
CC=`mingw32 --get-path gcc`
|
# # Old autoconf version required us to setup the environment
|
||||||
CPP=`mingw32 --get-path cpp`
|
# # with the proper tool names.
|
||||||
AR=`mingw32 --get-path ar`
|
# CC=`mingw32 --get-path gcc`
|
||||||
RANLIB=`mingw32 --get-path ranlib`
|
# CPP=`mingw32 --get-path cpp`
|
||||||
export CC CPP AR RANLIB
|
# AR=`mingw32 --get-path ar`
|
||||||
conf_CC=""
|
# RANLIB=`mingw32 --get-path ranlib`
|
||||||
|
# export CC CPP AR RANLIB
|
||||||
|
# conf_CC=""
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f "$tsdir/config.log" ]; then
|
if [ -f "$tsdir/config.log" ]; then
|
||||||
|
Loading…
x
Reference in New Issue
Block a user