From 46e07daa31ee8eb79b3a4720ae7a4205a72fd091 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Tue, 30 Jul 2002 21:38:14 +0000 Subject: [PATCH] * gpg.sgml: Clarify --edit/addrevoker (sensitive), and --keyserver-options (--import/export-options may be used as well). Document --import-options and --export-options with their various options. --show-photos now works during signature verification as well. Document --exec-path. Note in --simple-sk-checksum that the passphrase must be changed for this to take effect. Note that --pgp7 does not disable MDC. Document --no-mdc-warning. --- doc/ChangeLog | 10 +++++ doc/gpg.sgml | 110 +++++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 111 insertions(+), 9 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 0cea43a9a..b8e7e6551 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,13 @@ +2002-07-30 David Shaw + + * gpg.sgml: Clarify --edit/addrevoker (sensitive), and + --keyserver-options (--import/export-options may be used as well). + Document --import-options and --export-options with their various + options. --show-photos now works during signature verification as + well. Document --exec-path. Note in --simple-sk-checksum that + the passphrase must be changed for this to take effect. Note that + --pgp7 does not disable MDC. Document --no-mdc-warning. + 2002-07-25 David Shaw * gpg.sgml: Clarify the differences between "pref" and "showpref". diff --git a/doc/gpg.sgml b/doc/gpg.sgml index 892591058..2ae5a7d80 100644 --- a/doc/gpg.sgml +++ b/doc/gpg.sgml @@ -349,7 +349,10 @@ Remove a subkey. addrevoker -Add a designated revoker. +Add a designated revoker. This takes one optional argument: +"sensitive". If a designated revoker is marked as sensitive, it will +not be exported by default (see +export-options). revkey @@ -962,8 +965,10 @@ each time. This is a space or comma delimited string that gives options for the keyserver. Options can be prepended with a `no-' to give the opposite -meaning. While not all options are available for all keyserver types, -some common options are: +meaning. Valid import-options or export-options may be used here as +well to apply to importing (--recv-key) or exporting (--send-key) a +key from a keyserver. While not all options are available for all +keyserver types, some common options are: @@ -1026,12 +1031,81 @@ keyring. + +--import-options parameters + +This is a space or comma delimited string that gives options for +importing keys. Options can be prepended with a `no-' to give the +opposite meaning. The options are: + + + +allow-local-sigs + +Allow importing key signatures marked as "local". This is not +generally useful unless a shared keyring scheme is being used. +Defaults to no. + + + +repair-hkp-subkey-bug + +During import, attempt to repair the HKP keyserver mangling multiple +subkeys bug. Note that this cannot completely repair the damaged key +as some crucial data is removed by the keyserver, but it does at least +give you back one subkey. Defaults to no for regular --import and to +yes for keyserver --recv-keys. + + + + + + +--export-options parameters + +This is a space or comma delimited string that gives options for +exporting keys. Options can be prepended with a `no-' to give the +opposite meaning. The options are: + + + +include-non-rfc + +Include non-RFC compliant keys in the export. Defaults to yes. + + + +include-local-sigs + +Allow exporting key signatures marked as "local". This is not +generally useful unless a shared keyring scheme is being used. +Defaults to no. + + + +include-attributes + +Include attribute user IDs (photo IDs) while exporting. This is +useful to export keys if they are going to be used by an OpenPGP +program that does not accept attribute user IDs. Defaults to yes. + + + +include-sensitive-revkeys + +Include designated revoker information that was marked as +"sensitive". Defaults to no. + + + + + --show-photos -Causes --list-keys, --list-sigs, --list-public-keys, and ---list-secret-keys to also display the photo ID attached to a key, if -any. +Causes --list-keys, --list-sigs, --list-public-keys, +--list-secret-keys, and verifying a signature to also display the +photo ID attached to the key, if any. See also --photo-viewer. @@ -1057,6 +1131,15 @@ The default viewer is "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin" + +--exec-path &ParmString; + +Sets a list of directories to search for photo viewers and keyserver +helpers. If not provided, keyserver helpers use the compiled-in +default directory, and photo viewers use the $PATH environment +variable. + + --show-keyring @@ -1427,7 +1510,10 @@ method will be part of an enhanced OpenPGP specification but GnuPG already uses it as a countermeasure against certain attacks. Old applications don't understand this new format, so this option may be used to switch back to the old behaviour. Using this this option -bears a security risk. +bears a security risk. Note that using this option only takes effect +when the secret key is encrypted - the simplest way to make this +happen is to change the passphrase on the key (even changing it to the +same value is acceptable). @@ -1617,8 +1703,9 @@ Resets the --pgp6 option. --pgp7 Set up all options to be as PGP 7 compliant as possible. This is -identical to --pgp6 except that the list of allowable ciphers is -expanded to add AES128, AES192, AES256, and TWOFISH. +identical to --pgp6 except that MDCs are not disabled, and the list of +allowable ciphers is expanded to add AES128, AES192, AES256, and +TWOFISH. @@ -1792,6 +1879,11 @@ Suppress the warning about "using insecure memory". Suppress the warning about unsafe file permissions. + +--no-mdc-warning + +Suppress the warning about missing MDC integrity protection. + --no-armor