mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-09 12:54:23 +01:00
About to release 1.4.3
This commit is contained in:
parent
4afa4eb10e
commit
256f67675f
@ -1,3 +1,7 @@
|
||||
2006-04-03 Werner Koch <wk@g10code.com>
|
||||
|
||||
Released 1.4.3.
|
||||
|
||||
2006-03-30 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* README: Some more notes about building fat binaries.
|
||||
|
2
NEWS
2
NEWS
@ -1,4 +1,4 @@
|
||||
Noteworthy changes in version 1.4.3
|
||||
Noteworthy changes in version 1.4.3 (2006-04-03)
|
||||
------------------------------------------------
|
||||
|
||||
* If available, cURL-based keyserver helpers are built that can
|
||||
|
1
THANKS
1
THANKS
@ -31,6 +31,7 @@ Christian Kurz shorty@debian.org
|
||||
Christian von Roques roques@pond.sub.org
|
||||
Christopher Oliver oliver@fritz.traverse.net
|
||||
Christian Recktenwald chris@citecs.de
|
||||
Daiki Ueno ueno@unixuser.org
|
||||
Dan Winship danw@helixcode.com
|
||||
Daniel Eisenbud eisenbud@cs.swarthmore.edu
|
||||
Daniel Koening dan@chaosdorf.de
|
||||
|
@ -26,7 +26,7 @@ min_automake_version="1.9.3"
|
||||
|
||||
# Remember to change the version number immediately *after* a release
|
||||
# and remove the "-cvs" or "rc" suffix immediately *before* a release.
|
||||
AC_INIT(gnupg, 1.4.3-cvs, bug-gnupg@gnu.org)
|
||||
AC_INIT(gnupg, 1.4.3, bug-gnupg@gnu.org)
|
||||
# Set development_version to yes if the minor number is odd or you
|
||||
# feel that the default check for a development version is not
|
||||
# sufficient.
|
||||
|
@ -422,6 +422,11 @@ more arguments in future versions.
|
||||
END_ENCRYPTION
|
||||
Mark the start and end of the actual encryption process.
|
||||
|
||||
BEGIN_SIGNING
|
||||
Mark the start of the actual signing process. This may be used
|
||||
as an indication that all requested secret keys are ready for
|
||||
use.
|
||||
|
||||
DELETE_PROBLEM reason_code
|
||||
Deleting a key failed. Reason codes are:
|
||||
1 - No such key
|
||||
|
@ -1817,10 +1817,10 @@ $GNUPGHOME.
|
||||
<varlistentry>
|
||||
<term>--pcsc-driver &ParmFile;</term>
|
||||
<listitem><para>
|
||||
Use &ParmFile; to access the smartcard reader. The current default
|
||||
is `libpcsclite.so'. Instead of using this option you might also
|
||||
want to install a symbolic link to the default file name
|
||||
(e.g. from `libpcsclite.so.1').
|
||||
Use &ParmFile; to access the smartcard reader. The current default is
|
||||
`libpcsclite.so.1' for GLIBC based systems,
|
||||
`/System/Library/Frameworks/PCSC.framework/PCSC' for MAC OS X,
|
||||
`winscard.dll' for Windows and `libpcsclite.so' for other systems.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
289
doc/gpg.texi
289
doc/gpg.texi
@ -43,27 +43,27 @@ a file containing keys is listed).
|
||||
|
||||
@table @asis
|
||||
|
||||
@item -s, --sign
|
||||
@item -s, --sign
|
||||
Make a signature. This command may be combined with --encrypt (for a
|
||||
signed and encrypted message), --symmetric (for a signed and
|
||||
symmetrically encrypted message), or --encrypt and --symmetric
|
||||
together (for a signed message that may be decrypted via a secret key
|
||||
or a passphrase).
|
||||
|
||||
@item --clearsign
|
||||
@item --clearsign
|
||||
Make a clear text signature.
|
||||
|
||||
@item -b, --detach-sign
|
||||
@item -b, --detach-sign
|
||||
Make a detached signature.
|
||||
|
||||
@item -e, --encrypt
|
||||
@item -e, --encrypt
|
||||
Encrypt data. This option may be combined with --sign (for a signed
|
||||
and encrypted message), --symmetric (for a message that may be
|
||||
decrypted via a secret key or a passphrase), or --sign and --symmetric
|
||||
together (for a signed message that may be decrypted via a secret key
|
||||
or a passphrase).
|
||||
|
||||
@item -c, --symmetric
|
||||
@item -c, --symmetric
|
||||
Encrypt with a symmetric cipher using a passphrase. The default
|
||||
symmetric cipher used is CAST5, but may be chosen with the
|
||||
--cipher-algo option. This option may be combined with --sign (for a
|
||||
@ -72,10 +72,10 @@ that may be decrypted via a secret key or a passphrase), or --sign and
|
||||
--encrypt together (for a signed message that may be decrypted via a
|
||||
secret key or a passphrase).
|
||||
|
||||
@item --store
|
||||
@item --store
|
||||
Store only (make a simple RFC1991 packet).
|
||||
|
||||
@item --decrypt
|
||||
@item -d, --decrypt
|
||||
Decrypt @code{file} (or stdin if no file is specified) and
|
||||
write it to stdout (or the file specified with
|
||||
--output). If the decrypted file is signed, the
|
||||
@ -317,9 +317,10 @@ preferences, without including any implied preferences.
|
||||
|
||||
@item showpref
|
||||
More verbose preferences listing for the selected user ID. This shows
|
||||
the preferences in effect by including the implied preferences of
|
||||
3DES (cipher), SHA-1 (digest), and Uncompressed (compression) if they
|
||||
are not already included in the preference list.
|
||||
the preferences in effect by including the implied preferences of 3DES
|
||||
(cipher), SHA-1 (digest), and Uncompressed (compression) if they are
|
||||
not already included in the preference list. In addition, the
|
||||
preferred keyserver and signature notations (if any) are shown.
|
||||
|
||||
@item setpref @code{string}
|
||||
Set the list of user ID preferences to @code{string} for all (or just
|
||||
@ -335,33 +336,37 @@ used by GnuPG.
|
||||
@item keyserver
|
||||
Set a preferred keyserver for the specified user ID(s). This allows
|
||||
other users to know where you prefer they get your key from. See
|
||||
--keyserver-option honor-keyserver-url for more on how this works.
|
||||
Note that some versions of PGP interpret the presence of a keyserver
|
||||
URL as an instruction to enable PGP/MIME mail encoding. Setting a
|
||||
value of "none" removes a existing preferred keyserver.
|
||||
--keyserver-options honor-keyserver-url for more on how this works.
|
||||
Setting a value of "none" removes an existing preferred keyserver.
|
||||
|
||||
@item notation
|
||||
Set a name=value notation for the specified user ID(s). See
|
||||
--cert-notation for more on how this works. Setting a value of "none"
|
||||
removes all notations, setting a notation prefixed with a minus sign
|
||||
(-) removes that notation, and setting a notation name (without the
|
||||
=value) prefixed with a minus sign removes all notations with that
|
||||
name.
|
||||
|
||||
@item toggle
|
||||
Toggle between public and secret key listing.
|
||||
|
||||
@item clean
|
||||
Cleans keys by removing unusable pieces. This command can be used to
|
||||
keep keys neat and clean, and it has no effect aside from that.
|
||||
|
||||
@table @asis
|
||||
|
||||
@item sigs
|
||||
Remove any signatures that are not usable by the trust calculations.
|
||||
For example, this removes any signature that does not validate. It
|
||||
also removes any signature that is superceded by a later signature, or
|
||||
signatures that were revoked.
|
||||
|
||||
@item uids
|
||||
Compact (by removing all signatures except the selfsig) any user ID
|
||||
that is no longer usable (e.g. revoked, or expired).
|
||||
@end table
|
||||
that is no longer usable (e.g. revoked, or expired). Then, remove any
|
||||
signatures that are not usable by the trust calculations.
|
||||
Specifically, this removes any signature that does not validate, any
|
||||
signature that is superceded by a later signature, revoked signatures,
|
||||
and signatures issued by keys that are not present on the keyring.
|
||||
|
||||
@noindent
|
||||
If invoked with no arguments, both `sigs' and `uids' are cleaned.
|
||||
@item minimize
|
||||
Make the key as small as possible. This removes all signatures from
|
||||
each user ID except for the most recent self-signature.
|
||||
|
||||
@item cross-certify
|
||||
Add cross-certification signatures to signing subkeys that may not
|
||||
currently have them. Cross-certification signatures protect against a
|
||||
subtle attack against signing subkeys. See
|
||||
--require-cross-certification.
|
||||
|
||||
@item save
|
||||
Save all changes to the key rings and quit.
|
||||
@ -480,7 +485,7 @@ Import/merge keys. This adds the given keys to the
|
||||
keyring. The fast version is currently just a synonym.
|
||||
|
||||
There are a few other options which control how this command works.
|
||||
Most notable here is the --keyserver-option merge-only option which
|
||||
Most notable here is the --keyserver-options merge-only option which
|
||||
does not insert new keys but does only the merging of new signatures,
|
||||
user-IDs and subkeys.
|
||||
|
||||
@ -494,9 +499,9 @@ local keyring. This is useful for updating a key with the latest
|
||||
signatures, user IDs, etc. Calling this with no arguments will
|
||||
refresh the entire keyring. Option --keyserver must be used to give
|
||||
the name of the keyserver for all keys that do not have preferred
|
||||
keyservers set (see --keyserver-option honor-keyserver-url).
|
||||
keyservers set (see --keyserver-options honor-keyserver-url).
|
||||
|
||||
@item --search-keys
|
||||
@item --search-keys @code{names}
|
||||
Search the keyserver for the given names. Multiple names given here
|
||||
will be joined together to create the search string for the keyserver.
|
||||
Option --keyserver must be used to give the name of this keyserver.
|
||||
@ -505,6 +510,11 @@ syntax specified in "How to specify a user ID" below. Note that
|
||||
different keyserver types support different search methods. Currently
|
||||
only LDAP supports them all.
|
||||
|
||||
@item --fetch-keys @code{URIs}
|
||||
Retrieve keys located at the specified URIs. Note that different
|
||||
installations of GnuPG may support different protocols (HTTP, FTP,
|
||||
LDAP, etc.)
|
||||
|
||||
@item --update-trustdb
|
||||
Do trust database maintenance. This command iterates over all keys
|
||||
and builds the Web of Trust. This is an interactive command because it
|
||||
@ -775,14 +785,15 @@ don't want to keep your secret keys (or one of them)
|
||||
online but still want to be able to check the validity of a given
|
||||
recipient's or signator's key.
|
||||
|
||||
@item --trust-model @code{pgp|classic|always}
|
||||
@item --trust-model @code{pgp|classic|direct|always|auto}
|
||||
Set what trust model GnuPG should follow. The models are:
|
||||
|
||||
@table @asis
|
||||
|
||||
@item pgp
|
||||
This is the Web of Trust combined with trust signatures as used in PGP
|
||||
5.x and later. This is the default trust model.
|
||||
5.x and later. This is the default trust model when creating a new
|
||||
trust database.
|
||||
|
||||
@item classic
|
||||
This is the standard Web of Trust as used in PGP 2.x and earlier.
|
||||
@ -793,38 +804,76 @@ Web of Trust.
|
||||
|
||||
@item always
|
||||
Skip key validation and assume that used keys are always fully
|
||||
trusted. You won't use this unless you have installed some external
|
||||
validation scheme. This option also suppresses the "[uncertain]" tag
|
||||
printed with signature checks when there is no evidence that the user
|
||||
ID is bound to the key.
|
||||
trusted. You generally won't use this unless you are using some
|
||||
external validation scheme. This option also suppresses the
|
||||
"[uncertain]" tag printed with signature checks when there is no
|
||||
evidence that the user ID is bound to the key.
|
||||
|
||||
@item auto
|
||||
Select the trust model depending on whatever the internal trust
|
||||
database says. This is the default model if such a database already
|
||||
exists.
|
||||
@end table
|
||||
|
||||
@item --always-trust
|
||||
Identical to `--trust-model always'. This option is deprecated.
|
||||
|
||||
@item --auto-key-locate @code{parameters}
|
||||
@itemx --no-auto-key-locate
|
||||
GnuPG can automatically locate and retrieve keys as needed using this
|
||||
option. This happens when encrypting to an email address (in the
|
||||
"user@@example.com" form), and there are no user@@example.com keys on
|
||||
the local keyring. This option takes any number of the following
|
||||
arguments, in the order they are to be tried:
|
||||
|
||||
@table @asis
|
||||
|
||||
@item cert
|
||||
locate a key using DNS CERT, as specified in 2538bis (currently in
|
||||
draft): http://www.josefsson.org/rfc2538bis/
|
||||
|
||||
@item pka
|
||||
locate a key using DNS PKA.
|
||||
|
||||
@item ldap
|
||||
locate a key using the PGP Universal method of checking
|
||||
"ldap://keys.(thedomain)".
|
||||
|
||||
@item keyserver
|
||||
locate a key using whatever keyserver is defined using the --keyserver
|
||||
option.
|
||||
|
||||
@item (keyserver URL)
|
||||
In addition, a keyserver URL as used in the --keyserver option may be
|
||||
used here to query that particular keyserver.
|
||||
@end table
|
||||
|
||||
@item --keyid-format @code{short|0xshort|long|0xlong}
|
||||
Select how to display key IDs. "short" is the traditional 8-character
|
||||
key ID. "long" is the more accurate (but less convenient)
|
||||
16-character key ID. Add an "0x" to either to include an "0x" at the
|
||||
beginning of the key ID, as in 0x99242560.
|
||||
|
||||
@item --keyserver @code{name}
|
||||
@item --keyserver @code{name}
|
||||
Use @code{name} as your keyserver. This is the server that
|
||||
--recv-keys, --send-keys, and --search-keys will communicate with to
|
||||
receive keys from, send keys to, and search for keys on. The format
|
||||
of the @code{name} is a URI: `scheme:[//]keyservername[:port]' The
|
||||
scheme is the type of keyserver: "hkp" for the HTTP (or compatible)
|
||||
keyservers, "ldap" for the NAI LDAP keyserver, or "mailto" for the
|
||||
Graff email keyserver. Note that your particular installation of
|
||||
GnuPG may have other keyserver types available as well. Keyserver
|
||||
schemes are case-insensitive.
|
||||
keyservers, "ldap" for the LDAP keyservers, or "mailto" for the Graff
|
||||
email keyserver. Note that your particular installation of GnuPG may
|
||||
have other keyserver types available as well. Keyserver schemes are
|
||||
case-insensitive. After the keyserver name, optional keyserver
|
||||
configuration options may be provided. These are the same as the
|
||||
global --keyserver-options from below, but apply only to this
|
||||
particular keyserver.
|
||||
|
||||
Most keyservers synchronize with each other, so there is generally no
|
||||
need to send keys to more than one server. The keyserver
|
||||
"hkp://subkeys.pgp.net" uses round robin DNS to give a different
|
||||
keyserver each time you use it.
|
||||
|
||||
@item --keyserver-options @code{parameters}
|
||||
@item --keyserver-options @code{name=value1 }
|
||||
This is a space or comma delimited string that gives options for the
|
||||
keyserver. Options can be prepended with a `no-' to give the opposite
|
||||
meaning. Valid import-options or export-options may be used here as
|
||||
@ -841,17 +890,35 @@ differentiate between revoked and unrevoked keys, and for such
|
||||
keyservers this option is meaningless. Note also that most keyservers
|
||||
do not have cryptographic verification of key revocations, and so
|
||||
turning this option off may result in skipping keys that are
|
||||
incorrectly marked as revoked. Defaults to on.
|
||||
incorrectly marked as revoked.
|
||||
|
||||
@item include-disabled
|
||||
When searching for a key with --search-keys, include keys that are
|
||||
marked on the keyserver as disabled. Note that this option is not
|
||||
used with HKP keyservers.
|
||||
|
||||
@item auto-key-retrieve
|
||||
This option enables the automatic retrieving of keys from a keyserver
|
||||
when verifying signatures made by keys that are not on the local
|
||||
keyring.
|
||||
|
||||
Note that this option makes a "web bug" like behavior possible.
|
||||
Keyserver operators can see which keys you request, so by sending you
|
||||
a message signed by a brand new key (which you naturally will not have
|
||||
on your local keyring), the operator can tell both your IP address and
|
||||
the time when you verified the signature.
|
||||
|
||||
@item honor-keyserver-url
|
||||
When using --refresh-keys, if the key in question has a preferred
|
||||
keyserver set, then use that preferred keyserver to refresh the key
|
||||
from. Defaults to yes.
|
||||
keyserver URL, then use that preferred keyserver to refresh the key
|
||||
from. In addition, if auto-key-retrieve is set, and the signature
|
||||
being verified has a preferred keyserver URL, then use that preferred
|
||||
keyserver to fetch the key from. Defaults to yes.
|
||||
|
||||
@item honor-pka-record
|
||||
If auto-key-retrieve is set, and the signature being verified has a
|
||||
PKA record, then use the PKA information to fetch the key. Defaults
|
||||
to yes.
|
||||
|
||||
@item include-subkeys
|
||||
When receiving a key, include subkeys as potential targets. Note that
|
||||
@ -885,19 +952,12 @@ timeout applies separately to each key retrieval, and not to the
|
||||
For HTTP-like keyserver schemes that (such as HKP and HTTP itself),
|
||||
try to access the keyserver over a proxy. If a @code{value} is
|
||||
specified, use this as the HTTP proxy. If no @code{value} is
|
||||
specified, try to use the value of the environment variable
|
||||
"http_proxy".
|
||||
specified, the value of the environment variable "http_proxy", if any,
|
||||
will be used.
|
||||
|
||||
@item auto-key-retrieve
|
||||
This option enables the automatic retrieving of keys from a keyserver
|
||||
when verifying signatures made by keys that are not on the local
|
||||
keyring.
|
||||
|
||||
Note that this option makes a "web bug" like behavior possible.
|
||||
Keyserver operators can see which keys you request, so by sending you
|
||||
a message signed by a brand new key (which you naturally will not have
|
||||
on your local keyring), the operator can tell both your IP address and
|
||||
the time when you verified the signature.
|
||||
@item max-cert-size
|
||||
When retrieving a key via DNS CERT, only accept keys up to this size.
|
||||
Defaults to 16384 bytes.
|
||||
@end table
|
||||
|
||||
@item --import-options @code{parameters}
|
||||
@ -924,18 +984,19 @@ yes for keyserver --recv-keys.
|
||||
During import, allow key updates to existing keys, but do not allow
|
||||
any new keys to be imported. Defaults to no.
|
||||
|
||||
@item import-clean-sigs
|
||||
After import, remove any signatures from the new key that are not
|
||||
usable. This is the same as running the --edit-key command "clean
|
||||
sigs" after import. Defaults to no.
|
||||
|
||||
@item import-clean-uids
|
||||
After import, compact (remove all signatures from) any user IDs from
|
||||
the new key that are not usable. This is the same as running the
|
||||
--edit-key command "clean uids" after import. Defaults to no.
|
||||
|
||||
@item import-clean
|
||||
Identical to "import-clean-sigs import-clean-uids".
|
||||
After import, compact (remove all signatures except the
|
||||
self-signature) any user IDs from the new key that are not usable.
|
||||
Then, remove any signatures from the new key that are not usable.
|
||||
This includes signatures that were issued by keys that are not present
|
||||
on the keyring. This option is the same as running the --edit-key
|
||||
command "clean" after import. Defaults to no.
|
||||
|
||||
@item import-minimal
|
||||
Import the smallest key possible. This removes all signatures except
|
||||
the most recent self-signature on each user ID. This option is the
|
||||
same as running the --edit-key command "minimize" after import.
|
||||
Defaults to no.
|
||||
@end table
|
||||
|
||||
@item --export-options @code{parameters}
|
||||
@ -959,25 +1020,26 @@ program that does not accept attribute user IDs. Defaults to yes.
|
||||
Include designated revoker information that was marked as
|
||||
"sensitive". Defaults to no.
|
||||
|
||||
@item export-minimal
|
||||
Export the smallest key possible. Currently this is done by leaving
|
||||
out any signatures that are not self-signatures. Defaults to no.
|
||||
|
||||
@item export-clean-sigs
|
||||
Do not export any signatures that are not usable. This is the same as
|
||||
running the --edit-key command "clean sigs" before export. Defaults
|
||||
to no.
|
||||
|
||||
@item export-clean-uids
|
||||
Compact (remove all signatures from) user IDs on the key being
|
||||
exported if the user IDs are not usable. This is the same as running
|
||||
the --edit-key command "clean uids" before export. Defaults to no.
|
||||
|
||||
@item export-reset-subkey-passwd
|
||||
When using the "--export-secret-subkeys" command, this option resets
|
||||
the passphrases for all exported subkeys to empty. This is useful
|
||||
when the exported subkey is to be used on an unattended machine where
|
||||
a passphrase doesn't necessarily make sense. Defaults to no.
|
||||
|
||||
@item export-clean
|
||||
Compact (remove all signatures from) user IDs on the key being
|
||||
exported if the user IDs are not usable. Also, do not export any
|
||||
signatures that are not usable. This includes signatures that were
|
||||
issued by keys that are not present on the keyring. This option is
|
||||
the same as running the --edit-key command "clean" before export
|
||||
except that the local copy of the key is not modified. Defaults to
|
||||
no.
|
||||
|
||||
@item export-minimal
|
||||
Export the smallest key possible. This removes all signatures except
|
||||
the most recent self-signature on each user ID. This option is the
|
||||
same as running the --edit-key command "minimize" before export except
|
||||
that the local copy of the key is not modified. Defaults to no.
|
||||
@end table
|
||||
|
||||
@item --list-options @code{parameters}
|
||||
@ -1065,6 +1127,17 @@ the signature. Defaults to no.
|
||||
@item show-unusable-uids
|
||||
Show revoked and expired user IDs during signature verification.
|
||||
Defaults to no.
|
||||
|
||||
@item pka-lookups
|
||||
Enable PKA lookups to verify sender addresses. Note that PKA is based
|
||||
on DNS, and so enabling this option may disclose information on when
|
||||
and what signatures are verified or to whom data is encrypted. This
|
||||
is similar to the "web bug" described for the auto-key-retrieve
|
||||
feature.
|
||||
|
||||
@item pka-trust-increase
|
||||
Raise the trust in a signature to full if the signature passes PKA
|
||||
validation. This option is only meaningful if pka-lookups is set.
|
||||
@end table
|
||||
|
||||
@item --show-photos
|
||||
@ -1135,10 +1208,10 @@ a options file. This also overrides the environment variable
|
||||
$GNUPGHOME.
|
||||
|
||||
@item --pcsc-driver @code{file}
|
||||
Use @code{file} to access the smartcard reader. The current default
|
||||
is `libpcsclite.so'. Instead of using this option you might also
|
||||
want to install a symbolic link to the default file name
|
||||
(e.g. from `libpcsclite.so.1').
|
||||
Use @code{file} to access the smartcard reader. The current default is
|
||||
`libpcsclite.so.1' for GLIBC based systems,
|
||||
`/System/Library/Frameworks/PCSC.framework/PCSC' for MAC OS X,
|
||||
`winscard.dll' for Windows and `libpcsclite.so' for other systems.
|
||||
|
||||
@item --ctapi-driver @code{file}
|
||||
Use @code{file} to access the smartcard reader. The current default
|
||||
@ -1485,21 +1558,21 @@ signature. Note that all other PGP versions do it this way too.
|
||||
Enabled by default. --no-escape-from-lines disables this option.
|
||||
|
||||
@item --passphrase-fd @code{n}
|
||||
Read the passphrase from file descriptor @code{n}. If you use
|
||||
0 for @code{n}, the passphrase will be read from stdin. This
|
||||
can only be used if only one passphrase is supplied.
|
||||
Don't use this option if you can avoid it.
|
||||
Read the passphrase from file descriptor @code{n}. If you use 0 for
|
||||
@code{n}, the passphrase will be read from stdin. This can only be
|
||||
used if only one passphrase is supplied.
|
||||
|
||||
@item --passphrase-file @code{file}
|
||||
Read the passphrase from file @code{file}. This can only be used if
|
||||
only one passphrase is supplied. Obviously, a passphrase stored in a
|
||||
file is of questionable security. Don't use this option if you can
|
||||
avoid it.
|
||||
file is of questionable security if other users can read this file.
|
||||
Don't use this option if you can avoid it.
|
||||
|
||||
@item --passphrase @code{string}
|
||||
Use @code{string} as the passphrase. This can only be used if only one
|
||||
passphrase is supplied. Obviously, this is of very questionable
|
||||
security. Don't use this option if you can avoid it.
|
||||
security on a multi-user system. Don't use this option if you can
|
||||
avoid it.
|
||||
|
||||
@item --command-fd @code{n}
|
||||
This is a replacement for the deprecated shared-memory IPC mode.
|
||||
@ -1788,19 +1861,29 @@ of one specific message without compromising all messages ever
|
||||
encrypted for one secret key. DON'T USE IT UNLESS YOU ARE REALLY
|
||||
FORCED TO DO SO.
|
||||
|
||||
@item --override-session-key @code{string}
|
||||
@item --override-session-key @code{string}
|
||||
Don't use the public key but the session key @code{string}. The format of this
|
||||
string is the same as the one printed by --show-session-key. This option
|
||||
is normally not used but comes handy in case someone forces you to reveal the
|
||||
content of an encrypted message; using this option you can do this without
|
||||
handing out the secret key.
|
||||
|
||||
@item --require-cross-certification
|
||||
@itemx --no-require-certification
|
||||
When verifying a signature made from a subkey, ensure that the cross
|
||||
certification "back signature" on the subkey is present and valid.
|
||||
This protects against a subtle attack against subkeys that can sign.
|
||||
Currently defaults to --no-require-cross-certification, but will be
|
||||
changed to --require-cross-certification in the future.
|
||||
|
||||
@item --ask-sig-expire
|
||||
@itemx --no-ask-sig-expire
|
||||
When making a data signature, prompt for an expiration time. If this
|
||||
option is not specified, the expiration time set via
|
||||
--default-sig-expire is used. --no-ask-sig-expire disables this
|
||||
option.
|
||||
option. Note that by default, --force-v3-sigs is set which also
|
||||
disables this option. If you want signature expiration, you must set
|
||||
--no-force-v3-sigs as well as turning --ask-sig-expire on.
|
||||
|
||||
@item --default-sig-expire
|
||||
The default expiration time to use for signature expiration. Valid
|
||||
@ -1843,6 +1926,12 @@ behaviour as used by anonymous recipients (created by using
|
||||
--throw-keyids) and might come handy in case where an encrypted
|
||||
message contains a bogus key ID.
|
||||
|
||||
@item --allow-multisig-verification
|
||||
Allow verification of concatenated signed messages. This will run a
|
||||
signature verification for each data+signature block. There are some
|
||||
security issues with this option thus it is off by default. Note that
|
||||
versions of gpg rpior to version 1.4.3 implicityly allowed for this.
|
||||
|
||||
@item --enable-special-filenames
|
||||
This options enables a mode in which filenames of the form
|
||||
@file{-&n}, where n is a non-negative decimal number,
|
||||
@ -2017,10 +2106,6 @@ starting the gpg-agent as described in its documentation, this
|
||||
variable is set to the correct value. The option --gpg-agent-info can
|
||||
be used to override it.
|
||||
|
||||
@item http_proxy
|
||||
Only honored when the keyserver-option
|
||||
honor-http-proxy is set.
|
||||
|
||||
@item COLUMNS
|
||||
@itemx LINES
|
||||
Used to size some displays to the full size of the screen.
|
||||
|
@ -1,3 +1,15 @@
|
||||
2006-04-03 Werner Koch <wk@g10code.com>
|
||||
|
||||
* import.c (check_prefs_warning): Merged strings for better
|
||||
translation.
|
||||
|
||||
* gpg.c (main) [__GLIBC__]: Default to libpcsclite.so.1.
|
||||
|
||||
* status.h, status.c (STATUS_BEGIN_SIGNING): New. Suggested by
|
||||
Daiki Ueno.
|
||||
* textfilter.c (copy_clearsig_text): Issue new status code.
|
||||
* sign.c (sign_file, sign_symencrypt_file): Ditto.
|
||||
|
||||
2006-03-31 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* getkey.c (get_pubkey_byname): Fix missing auto_key_retrieve
|
||||
@ -17,6 +29,11 @@
|
||||
This will need to come out once the standard for DSA2 is firmed
|
||||
up.
|
||||
|
||||
2006-03-28 Werner Koch <wk@g10code.com>
|
||||
|
||||
* openfile.c (overwrite_filep): Fix small cpr issue. Noted by
|
||||
Daiki Ueno.
|
||||
|
||||
2006-03-22 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* getkey.c (parse_auto_key_locate): Silently strip out duplicates
|
||||
|
@ -1726,6 +1726,8 @@ main (int argc, char **argv )
|
||||
opt.pcsc_driver = "winscard.dll";
|
||||
#elif defined(__APPLE__)
|
||||
opt.pcsc_driver = "/System/Library/Frameworks/PCSC.framework/PCSC";
|
||||
#elif defined(__GLIBC__)
|
||||
opt.pcsc_driver = "libpcsclite.so.1";
|
||||
#else
|
||||
opt.pcsc_driver = "libpcsclite.so";
|
||||
#endif
|
||||
|
@ -563,9 +563,8 @@ print_import_check (PKT_public_key * pk, PKT_user_id * id)
|
||||
static void
|
||||
check_prefs_warning(PKT_public_key *pk)
|
||||
{
|
||||
log_info(_("WARNING: key %s contains preferences for unavailable\n"),
|
||||
keystr_from_pk(pk));
|
||||
log_info(_("algorithms on these user IDs:\n"));
|
||||
log_info(_("WARNING: key %s contains preferences for unavailable\n"
|
||||
"algorithms on these user IDs:\n"), keystr_from_pk(pk));
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -84,6 +84,8 @@ overwrite_filep( const char *fname )
|
||||
return 0; /* do not overwrite */
|
||||
|
||||
tty_printf(_("File `%s' exists. "), fname);
|
||||
if( cpr_enabled () )
|
||||
tty_printf ("\n");
|
||||
if( cpr_get_answer_is_yes("openfile.overwrite.okay",
|
||||
_("Overwrite? (y/N) ")) )
|
||||
return 1;
|
||||
|
@ -917,7 +917,9 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
|
||||
goto leave;
|
||||
}
|
||||
|
||||
/* setup the inner packet */
|
||||
write_status (STATUS_BEGIN_SIGNING);
|
||||
|
||||
/* Setup the inner packet. */
|
||||
if( detached ) {
|
||||
if( multifile ) {
|
||||
STRLIST sl;
|
||||
@ -1283,6 +1285,8 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
|
||||
goto leave;
|
||||
}
|
||||
|
||||
write_status (STATUS_BEGIN_SIGNING);
|
||||
|
||||
/* Pipe data through all filters; i.e. write the signed stuff */
|
||||
/*(current filters: zip - encrypt - armor)*/
|
||||
rc = write_plaintext_packet (out, inp, fname, opt.textmode ? 't':'b');
|
||||
|
@ -165,6 +165,7 @@ get_status_string ( int no )
|
||||
case STATUS_BACKUP_KEY_CREATED:s="BACKUP_KEY_CREATED"; break;
|
||||
case STATUS_PKA_TRUST_BAD : s = "PKA_TRUST_BAD"; break;
|
||||
case STATUS_PKA_TRUST_GOOD : s = "PKA_TRUST_GOOD"; break;
|
||||
case STATUS_BEGIN_SIGNING : s = "BEGIN_SIGNING"; break;
|
||||
default: s = "?"; break;
|
||||
}
|
||||
return s;
|
||||
|
@ -118,6 +118,8 @@
|
||||
#define STATUS_PKA_TRUST_BAD 82
|
||||
#define STATUS_PKA_TRUST_GOOD 83
|
||||
|
||||
#define STATUS_BEGIN_SIGNING 84
|
||||
|
||||
|
||||
/*-- status.c --*/
|
||||
void set_status_fd ( int fd );
|
||||
|
@ -33,6 +33,7 @@
|
||||
#include "filter.h"
|
||||
#include "i18n.h"
|
||||
#include "options.h"
|
||||
#include "status.h"
|
||||
|
||||
#ifdef HAVE_DOSISH_SYSTEM
|
||||
#define LF "\r\n"
|
||||
@ -177,6 +178,8 @@ copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md,
|
||||
if( !escape_dash )
|
||||
escape_from = 0;
|
||||
|
||||
write_status (STATUS_BEGIN_SIGNING);
|
||||
|
||||
for(;;) {
|
||||
maxlen = MAX_LINELEN;
|
||||
n = iobuf_read_line( inp, &buffer, &bufsize, &maxlen );
|
||||
|
773
po/pt_BR.po
773
po/pt_BR.po
File diff suppressed because it is too large
Load Diff
779
po/zh_CN.po
779
po/zh_CN.po
File diff suppressed because it is too large
Load Diff
779
po/zh_TW.po
779
po/zh_TW.po
File diff suppressed because it is too large
Load Diff
@ -1,3 +1,7 @@
|
||||
2006-04-03 Werner Koch <wk@g10code.com>
|
||||
|
||||
* autogen.sh: Unsupport mingw32/cpd.
|
||||
|
||||
2006-03-09 Werner Koch <wk@g10code.com>
|
||||
|
||||
* config.sub, config.guess: Updated.
|
||||
|
@ -63,15 +63,17 @@ if test "$1" = "--build-w32"; then
|
||||
echo "We need at least version 0.3 of MingW32/CPD" >&2
|
||||
exit 1
|
||||
fi
|
||||
crossbindir=`mingw32 --install-dir`/bin
|
||||
# Old autoconf version required us to setup the environment
|
||||
# with the proper tool names.
|
||||
CC=`mingw32 --get-path gcc`
|
||||
CPP=`mingw32 --get-path cpp`
|
||||
AR=`mingw32 --get-path ar`
|
||||
RANLIB=`mingw32 --get-path ranlib`
|
||||
export CC CPP AR RANLIB
|
||||
conf_CC=""
|
||||
echo "MingW32/CPD is no longer supported" >&2
|
||||
exit 1
|
||||
# crossbindir=`mingw32 --install-dir`/bin
|
||||
# # Old autoconf version required us to setup the environment
|
||||
# # with the proper tool names.
|
||||
# CC=`mingw32 --get-path gcc`
|
||||
# CPP=`mingw32 --get-path cpp`
|
||||
# AR=`mingw32 --get-path ar`
|
||||
# RANLIB=`mingw32 --get-path ranlib`
|
||||
# export CC CPP AR RANLIB
|
||||
# conf_CC=""
|
||||
fi
|
||||
|
||||
if [ -f "$tsdir/config.log" ]; then
|
||||
|
Loading…
x
Reference in New Issue
Block a user