See ChangeLog: Mon Sep 6 19:59:08 CEST 1999 Werner Koch

AUTHORS

@@ -52,21 +52,22 @@ koch@hsp.de
 
 
 TRANSLATIONS	Gregory Steuck	1998-10-20
-Disclaimer.  [ru?]
+Disclaimer.  [ru]
 steuck@iname.com
 
 
-TRANSLATIONS	Urko Lusa	Okay
+TRANSLATIONS	Urko Lusa
-es_ES.po
+Disclaimer.  [es_ES]
+ulusa@lacueva.ddns.org
 
 
-TRANSLATIONS	Thiago Jung Bauermann Okay
+TRANSLATIONS	Thiago Jung Bauermann
-pt_BR.po
+Disclaimer.  [pt_BR]
 jungmann@cwb.matrix.com.br
 
 
 TRANSLATIONS	Janusz Aleksander Urbanowicz	1999-01-09
-pl.po
+Disclaimer.  [po]
 alex@bofh.torun.pl
 
 

BUGS

@@ -44,4 +44,14 @@ and after about half a day in the rsync snapshots.
     Solaris make has problems with the generated POTFILES - seems to be a
     gettext bug.  Use GNU gmake as a workaround.
 
-Next #23
+[  *] #23 1999-09-03 <todd.brooks@yale.edu> 0.9.11
+    Only the first signature of a cleartext sig seems to be verified.
+    Can't fix it in 1.0 because the code is semi-frozen.
+
+[  *] #24 1999-09-05 <marcus@yoyo.cc.monash.edu.au> 0.9.11
+    Does not link libc and libz expect when removing all "-lc -lz" except
+    for the last one.  This happens on some systems when not using the
+    GNU ld.  This need to be fixed in libtool.
+
+
+Next #25

ChangeLog

@@ -1,3 +1,11 @@
+Mon Sep  6 19:59:08 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+
+	* configure.in: Create makefile in doc/gph
+
+	* acinclude.m4 (GNUPG_FUNC_MKDIR_TAKES_ONE_ARG): New
+	* configure.in: use the above.
+
 Thu Sep  2 16:40:55 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 

INSTALL

@@ -55,6 +55,20 @@ assembler replacements are in C and in mpi/generic; never delete udiv-qrnnd.S
 in any CPU directory, because there may be no C substitute.
 Don't forget to delete "config.cache" and run "./config.status --recheck".
 
+Some make tools are broken - the best solution is to use GNU's make.  Try
+gmake or grab the sources from a GNU archive and install them.
+
+On some OSF you may get unresolved externals.  This is a libtool problem and
+the workaround is to manually remove all the "-lc -lz" but the last one from
+the linker line and execute them manually.
+
+On some architectures you get warnings like:
+  longlong.h:175: warning: function declaration isn't a prototype
+or
+  http.c:647: warning: cast increases required alignment of target type
+This doesn't matter and we know about it (actually it is due to the some
+warning options which we have enabled for gcc)
+
 
 The Random Device
 =================

NEWS

@@ -337,7 +337,7 @@ Noteworthy changes in version 0.4.0
     * detached and armored signatures are now using "PGP SIGNATURE",
       except when --rfc1991 is used.
 
-    * All times which are not in the yyy-mm-dd format are now printed
+    * All times which are not in the yyyy-mm-dd format are now printed
       in local time.
 
 

OBUGS

@@ -25,10 +25,10 @@
     OOPS in close enum_keyblocks - ignored
     [gdbm is experimental and will be replaced by the new keybox code]
     FIX: 1999-07-22 (Fixed the second error, there will be no fix for
-    the first one, becuase GDBM is to be replaced)
+    the first one, because GDBM is to be replaced)
 
 [  *] #7 1999-02-22 <dwpalmer@dwpalm.jf.intel.com> 0.9.3
-    Conventional encrytion incompatibilty:
+    Conventional encryption incompatibility:
      $ gpg -c --cipher-algo cast5 --compress-algo 1 --no-comment secrets.txt
     Creates a file that gpg can decrypt, but PGP 5.5 has problems with it.
     PGP decrypts 6416k out of 6424k, then complains with "PGP Warning",

README

@@ -2,21 +2,17 @@
 
 		    GnuPG - The GNU Privacy Guard
 		   -------------------------------
-			   Version 0.9.11
+			    Version 1.0
 
-    GnuPG is a tool for secure communication and data storage.	It
+    GnuPG is GNU's tool for secure communication and data storage.
-    can be used to encrypt data and to create digital signatures.
+    It can be used to encrypt data and to create digital signatures.
     It includes an advanced key management facility and is compliant
-    to the proposed OpenPGP Internet standard as described in RFC2440.
+    with the proposed OpenPGP Internet standard as described in RFC2440.
 
-    GnuPG is now in Beta test and you should report all bugs to the
+    GnuPG works best on GNU/Linux or *BSD systems.  Most other Unices
-    mailing list (see below).  The 0.9.x versions are released mainly
+    are also supported but are not as well tested as the Free Unices.
-    to fix all remaining serious bugs.	As soon as version 1.0 is out,
+    See http://www.gnupg.org/gnupg.html#supsys for a list of systems
-    development will continue with a 1.1 series and bug fixes for the
+    which are known to work.
-    1.0 version as needed.
-
-    GnuPG works best on GNU/Linux or *BSD.  Other Unices are
-    also supported but are not as well tested as the Free Unices.
 
     See the file COPYING for copyright and warranty information.
 
@@ -32,7 +28,7 @@
     algorithms are: 3DES, Blowfish, CAST5 and Twofish (GnuPG does not
     yet create Twofish encrypted messages because there is no agreement
     in the OpenPGP WG on how to use it together with a MDC algorithm)
-    Digest algorithms available are MD5, RIPEMD160, SHA1, and TIGER/192.
+    Digest algorithms available are MD5, RIPEMD160 and SHA1.
 
 
     Installation
@@ -58,9 +54,9 @@
 
     7) You end up with a "gpg" binary in /usr/local/bin.
        Note: Because some old programs rely on the existence of a
-       binary named "gpgm"; you should install a symbolic link
+       binary named "gpgm" (which was build by some Beta versions
-       from gpgm to gpg:
+       of GnuPG); you may want to install a symbolic link to it:
-	"cd /usr/local/bin; ln -s gpg gpgm"
+       "cd /usr/local/bin; ln -s gpg gpgm"
 
     8) To avoid swapping out of sensitive data, you can install "gpg" as
        suid root.  If you don't do so, you may want to add the option
@@ -127,7 +123,7 @@
 
 	$ md5sum gnupg-x.y.z.tar.gz.sig
 
-       This should yield an output similar to this:
+       This should yield an output similar_to this:
 
 	fd9351b26b3189c1d577f0970f9dcadc  gnupg-x.y.z.tar.gz
 
@@ -135,18 +131,30 @@
        published via the announcement list and probably via Usenet.
 
 
-    Introduction
-    ------------
 
-    A draft version of the manual is included in the subdirectory doc
+    Documentation
-    and some HOWTO documents are available online; dor a listing see:
+    -------------
+
+    A draft version of the manual is included in the subdirectory doc/gph.
+    The supplied version is rendered in HTML and you may access it with any
+    browser (e.g.: lynx doc/gpg/index.html).  The GnuPG webpages have a link
+    to the latest development version and you may want to read those instead.
+
+    A couple of HOWTO documents are available online; for a listing see:
 
 	http://www.gnupg.org/docs.html#howtos
 
+    A man page with a description of all commands and options gets installed
+    along with the program.
+
+
+    Introduction
+    ------------
+
     Here is a brief overview on how to use GnuPG - it is strongly suggested
     that you read the manual and other information about the use of
-    cryptography.  GnuPG is only a tool, secure results require that YOU
+    cryptography.  GnuPG is only a tool, secure usage requires that
-    KNOW WHAT YOU ARE DOING.
+    YOU KNOW WHAT YOU ARE DOING.
 
     If you already have a DSA key from PGP 5 (they call them DH/ElGamal)
     you can simply copy the pgp keyrings over the GnuPG keyrings after
@@ -459,41 +467,15 @@
     detailed information about the errors.
 
 
-    Esoteric commands
+    How to Get More Information
-    -----------------
+    ---------------------------
 
-	gpg --list-packets datafile
-
-    Use this to list the contents of a data file. If the file is encrypted
-    you are asked for the passphrase, so that GnuPG is able to look at the
-    inner structure of a encrypted packet.  This command should list all
-    kinds of rfc2440 messages.
-
-	gpg --list-trustdb
-
-    List the contents of the trust DB in a human readable format
-
-	gpg --list-trustdb  <usernames>
-
-    List the tree of certificates for the given usernames
-
-	gpg --list-trust-path  username
-
-    List the possible trust paths for the given username. The length
-    of such a trust path is limited by the option --max-cert-depth
-    which defaults to 5.
-
-    For more options/commands see the man page or use "gpg --help".
-
-
-    Other Notes
-    -----------
-
-    The primary FTP site is "ftp://ftp.gnupg.org/pub/gcrypt/"
     The primary WWW page is "http://www.gnupg.org"
+    The primary FTP site is "ftp://ftp.gnupg.org/pub/gcrypt/"
 
     See http://www.gnupg.org/mirrors.html for a list of FTP mirrors
-    and use them if possible.
+    and use them if possible.  You may also find GnuPG mirrored on
+    some of the regular GNU mirrors.
 
     We have some mailing lists dedicated to GnuPG:
 
@@ -515,19 +497,22 @@
 
     Please direct bug reports to <gnupg-bugs@gnu.org> or post
     them direct to the mailing list <gnupg-devel@gnupg.org>.
-    Please direct questions about GnuPG to the users mailing list or
-    one of the pgp newsgroups to give me more time to improve
-    GnuPG.  Commercial support for GnuPG is also available; please
-    see the GNU service directory or search other resources.
 
-    Have fun and remember: Echelon is looking at you kid.
+    Please direct questions about GnuPG to the users mailing list or
+    one of the pgp newsgroups; please do not direct questions to one
+    of the authors directly as we are busy working on improvements
+    and bug fixes.  Both mailing lists are watched by the authors
+    and we try to answer questions when time allows us to do so.
+
+    Commercial grade support for GnuPG is available; please see
+    the GNU service directory or search other resources.
 
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v0.9.10 (GNU/Linux)
+Version: GnuPG v0.9.11 (GNU/Linux)
 Comment: For info see http://www.gnupg.org
 
-iQB1AwUBN86L1h0Z9MEMmFelAQFQlQL/S5jDPpDFI3wDG/soA/qMTR79YX1IXDz9
+iQB1AwUBN9QAwB0Z9MEMmFelAQG0XwMAqyH3UR0Jk+dm2ZkVoTqckGqmMMt5IdBN
-Izin49GkPHElRCoNbT3r3+T6V+lNtrZpah6JBR30//yo1OGUyoJ88yn3KC0JdtUq
+MlG4g3dau5De8XXHvbQ45cUpU4CC0MOlEuKDp+CKOc+xbzczdH35qYt/5XKmVWS8
-NgJzX3yYUXD+Ojer+WHEL+O8D8qkZrAX
+JwTvuKKCZ/95JRMk0ZMRueQduH7tSijZ
-=wiUu
+=MefQ
 -----END PGP SIGNATURE-----

THANKS

@@ -17,6 +17,7 @@ Christian von Roques	roques@pond.sub.org
 Christopher Oliver	oliver@fritz.traverse.net
 Christian Recktenwald	chris@citecs.de
 Daniel Eisenbud 	eisenbud@cs.swarthmore.edu
+Daniel Koenig		dan@mail.isis.de
 David Ellement		ellement@sdd.hp.com
 Detlef Lannert		lannert@lannert.rz.uni-duesseldorf.de
 Dirk Lattermann 	dlatt@t-online.de
@@ -56,6 +57,7 @@ Mark Adler		madler@alumni.caltech.edu
 Mark Elbrecht		snowball3@bigfoot.com
 Markus Friedl		Markus.Friedl@informatik.uni-erlangen.de
 Martin Kahlert		martin.kahlert@provi.de
+Martin Hamilton
 Martin Schulte		schulte@thp.uni-koeln.de
 Matthew Skala		mskala@ansuz.sooke.bc.ca
 Max Valianskiy		maxcom@maxcom.ml.org
@@ -66,6 +68,7 @@ NIIBE Yutaka		gniibe@chroot.org
 Niklas Hernaeus
 Nimrod Zimerman 	zimerman@forfree.at
 N J Doye		nic@niss.ac.uk
+Oliver Haakert		haakert@hsp.de
 Oskari Jääskeläinen	f33003a@cc.hut.fi
 Paul D. Smith		psmith@baynetworks.com
 Philippe Laliberte	arsphl@oeil.qc.ca

TODO

@@ -1,4 +1,8 @@
 
+    Gael has added a LF to helptext.c:185  check other translations.
+    (03.09.99)
+
+
 Scheduled for 1.1
 -----------------
   * With option -i prompt before adding a key to the keyring and show some

VERSION

@@ -1 +1 @@
-0.9.11
+0.9.11a

acconfig.h

@@ -94,6 +94,9 @@
 
 #undef USE_CAPABILITIES
 
+/* Some systems have mkdir that takes a single argument. */
+#undef MKDIR_TAKES_ONE_ARG
+
 
 @BOTTOM@
 

acinclude.m4

@@ -617,5 +617,26 @@ if test x$ac_cv_sys_symbol_underscore = xyes; then
 fi
 ])
 
+dnl Stolen from gcc
+dnl Define MKDIR_TAKES_ONE_ARG if mkdir accepts only one argument instead
+dnl of the usual 2.
+AC_DEFUN(GNUPG_FUNC_MKDIR_TAKES_ONE_ARG,
+[AC_CACHE_CHECK([if mkdir takes one argument], gnupg_cv_mkdir_takes_one_arg,
+[AC_TRY_COMPILE([
+#include <sys/types.h>
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#ifdef HAVE_DIRECT_H
+# include <direct.h>
+#endif], [mkdir ("foo", 0);],
+	gnupg_cv_mkdir_takes_one_arg=no, gnupg_cv_mkdir_takes_one_arg=yes)])
+if test $gnupg_cv_mkdir_takes_one_arg = yes ; then
+  AC_DEFINE(MKDIR_TAKES_ONE_ARG)
+fi
+])
 
 dnl *-*wedit:notab*-*  Please keep this as the last line.

cipher/ChangeLog

@@ -1,3 +1,8 @@
+Mon Sep  6 19:59:08 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+
+	* des.c (selftest): Add some testpattern
+
 Mon Aug 30 20:38:33 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 

cipher/des.c

@@ -826,6 +826,75 @@ selftest (void)
       return "TRIPLE-DES test failed.";
   }
 
+    /*
+     * More Triple-DES test.  These are testvectors as used by SSLeay,
+     * thanks to Jeroen C. van Gelderen.
+     */
+    {	struct { byte key[24], byte plain[8], byte cipher[8] } testdata[] = {
+	{ { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+	    0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+	    0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01  },
+	  { 0x95,0xF8,0xA5,0xE5,0xDD,0x31,0xD9,0x00  },
+	  { 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00  }
+	},
+
+	{ { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+	    0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+	    0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01  },
+	  { 0x9D,0x64,0x55,0x5A,0x9A,0x10,0xB8,0x52, },
+	  { 0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x00  }
+	},
+	{ { 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
+	    0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
+	    0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E  },
+	  { 0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A  },
+	  { 0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A  }
+	},
+	{ { 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
+	    0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
+	    0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6  },
+	  { 0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2  },
+	  { 0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95  }
+	},
+	{ { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	    0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	    0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF  },
+	  { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61  },
+	  { 0x3D,0x12,0x4F,0xE2,0x19,0x8B,0xA3,0x18  }
+	},
+	{ { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	    0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
+	    0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF  },
+	  { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61  },
+	  { 0xFB,0xAB,0xA1,0xFF,0x9D,0x05,0xE9,0xB1  }
+	},
+	{ { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	    0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
+	    0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10  },
+	  { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61  },
+	  { 0x18,0xd7,0x48,0xe5,0x63,0x62,0x05,0x72  }
+	},
+	{ { 0x03,0x52,0x02,0x07,0x67,0x20,0x82,0x17,
+	    0x86,0x02,0x87,0x66,0x59,0x08,0x21,0x98,
+	    0x64,0x05,0x6A,0xBD,0xFE,0xA9,0x34,0x57  },
+	  { 0x73,0x71,0x75,0x69,0x67,0x67,0x6C,0x65  },
+	  { 0xc0,0x7d,0x2a,0x0f,0xa5,0x66,0xfa,0x30  }
+	},
+	{ { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+	    0x80,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+	    0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x02  },
+	  { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00  },
+	  { 0xe6,0xe6,0xdd,0x5b,0x7e,0x72,0x29,0x74  }
+	},
+	{ { 0x10,0x46,0x10,0x34,0x89,0x98,0x80,0x20,
+	    0x91,0x07,0xD0,0x15,0x89,0x19,0x01,0x01,
+	    0x19,0x07,0x92,0x10,0x98,0x1A,0x01,0x01  },
+	  { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00  },
+	  { 0xe1,0xef,0x62,0xc3,0x32,0xfe,0x82,0x5b  }
+	}
+	};
+	/* fixme: do the test */
+    }
 
   /*
    * Check the weak key detection. We simply assume the table with

configure.in

@@ -406,6 +406,7 @@ AC_CHECK_FUNCS(memmove gettimeofday getrusage gethrtime setrlimit)
 AC_CHECK_FUNCS(memicmp atexit raise getpagesize strftime nl_langinfo)
 
 GNUPG_CHECK_MLOCK
+GNUPG_FUNC_MKDIR_TAKES_ONE_ARG
 
 dnl
 dnl Check whether we can use Linux capabilities as requested
@@ -706,6 +707,7 @@ mpi/Makefile
 cipher/Makefile
 g10/Makefile
 doc/Makefile
+doc/gph/Makefile
 tools/Makefile
 zlib/Makefile
 checks/Makefile

debian/changelog

@@ -141,8 +141,8 @@ gnupg (0.4.0-1) unstable; urgency=high
   * debian/control: update extended description.
   * debian/rules (binary-arch): install FAQ and all ChangeLogs.
   * debian/preinst: new; check for upgrade from (<= 0.3.2-1) and warn about
-    incompatabilites in keyring format and offer to move old copy out of
+    incompatibilities in keyring format and offer to move old copy out of
-    gpg out of the way for transistion strategy and inform the user about
+    gpg out of the way for transition strategy and inform the user about
     the old copies of gnupg available on my web page.
   * debian/rules (binary-arch) install preinst.
   * debian/rules (binary-arch): don't depend on the test target as it is

doc/Makefile.am

@@ -1,5 +1,7 @@
 ## Process this file with automake to create Makefile.in
 
+SUBDIRS = gph
+
 EXTRA_DIST = DETAILS gpg.sgml gpg.1 FAQ HACKING OpenPGP
 
 man_MANS = gpg.1
@@ -15,21 +17,13 @@ else
 endif
 
 
-%.txt : %.sgml
+%.dvi: %.sgml
-	sgml2txt -c latin $*
+	db2dvi $<
 
-%.html : %.sgml
+%.ps: %.dvi
-	sgml2html -c latin $*
+	dvips -o $@ $<
 
-%.dvi : %.sgml
+%/%.html: %.sgml
-	-rm $*.sgml.tmp
+	-db2html $<
-	mv $*.sgml $*.sgml.tmp
-	sed -e '/<!entity/  s/"IGNORE">/"INCLUDE">/' $*.sgml.tmp >$*.sgml
-	sgml2latex -b -l deutsch -c latin $* ; mv $*.sgml.tmp $*.sgml
 
-%.ps : %.sgml
-	-rm $*.sgml.tmp
-	mv $*.sgml $*.sgml.tmp
-	sed -e '/<!entity/  s/"IGNORE">/"INCLUDE">/' $*.sgml.tmp >$*.sgml
-	sgml2latex -b -l deutsch -c latin -o ps $* ; mv $*.sgml.tmp $*.sgml
 

doc/credits-1.0

@@ -0,0 +1,41 @@
+The GNU Privacy Guard has been created by the GnuPG team:
+Matthew Skala, Michael Roth, Niklas Hernaeus, Rémi Guyomarch
+and Werner Koch.  Gael Queri, Gregory Steuck, Janusz A. Urbanowicz,
+Marco d'Itri, Thiago Jung Bauermann, Urko Lusa and Walter Koch
+did the official translations.	Mike Ashley is working on the
+GNU Privacy Handbook.
+
+The following people helped greatly by suggesting improvements,
+testing, fixing bugs, providing resources and doing other important
+tasks:	Allan Clark, Anand Kumria, Ariel T Glenn, Bodo Moeller,
+Bryan Fullerton, Brian Moore, Brian Warner, Caskey L. Dickson,
+Cees van de Griend, Charles Levert, Christian von Roques,
+Christopher Oliver, Christian Recktenwald, Daniel Eisenbud,
+Daniel Koenig, David Ellement, Detlef Lannert, Dirk Lattermann,
+Ed Boraas, Enzo Michelangeli, Ernst Molitor, Fabio Coatti,
+Felix von Leitner, Frank Heckenbach, Frank Stajano, Gaël Quéri,
+Greg Louis, Greg Troxel, Gregory Steuck, Geoff Keating, Harald Denker,
+Hendrik Buschkamp, Holger Schurig, Hugh Daniel, Ian McKellar,
+Janusz A. Urbanowicz, James Troup, Jean-loup Gailly, Jens Bachem,
+Joachim Backes, John A. Martin, Johnny Teveßen, Jörg Schilling,
+Jun Kuriyama, Karl Fogel, Karsten Thygesen, Katsuhiro Kondou,
+Kazu Yamamoto, Lars Kellogg-Stedman, Marco d'Itri, Mark Adler,
+Mark Elbrecht, Markus Friedl, Martin Kahlert, Martin Hamilton,
+Martin Schulte, Matthew Skala, Max Valianskiy, Michael Roth,
+Michael Sobolev, Nicolas Graner, NIIBE Yutaka, Niklas Hernaeus,
+Nimrod Zimerman, N J Doye, Oliver Haakert, Oskari Jääskeläinen,
+Paul D. Smith, Philippe Laliberte, Peter Gutmann, QingLong,
+Ralph Gillen, Rat, Reinhard Wobst, Rémi Guyomarch, Reuben Sumner,
+Roland Rosenfeld, Ross Golder, Serge Munhoven, SL Baur, Stefan Karrmann,
+Stefan Keller, Steffen Ullrich, Steffen Zahn, Steven Bakker,
+Susanne Schultz, Thiago Jung Bauermann, Thomas Roessler, Tom Spindler,
+Tom Zerucha, Tomas Fasth, Thomas Mikkelsen, Ulf Möller, Urko Lusa,
+Walter Koch, Wim Vandeputte and Gerlinde Klaes.
+
+This software has been made possible by the previous work of
+Chris Wedgwood, Jean-loup Gailly, Jon Callas, Mark Adler, Martin Hellmann
+Paul Kendall, Philip R. Zimmermann, Peter Gutmann, Philip A. Nelson,
+Taher ElGamal, Torbjorn Granlund, Whitfield Diffie, some unknown NSA
+mathematicians and all the folks who have worked hard to create complete
+and free operating systems.
+

doc/gpg.sgml

@@ -253,7 +253,7 @@ with -u.</para></listitem></varlistentry>
     <term>lsign</term>
     <listitem><para>
 Same as --sign but the signature is marked as
-non-exportbale and will therefore never be used
+non-exportable and will therefore never be used
 by others.  This may be used to make keys valid
 only in the local environment.</para></listitem></varlistentry>
     <varlistentry>

doc/gph/ChangeLog

@@ -0,0 +1,5 @@
+Fri Sep  3 13:24:45 1999  Werner Koch  (wk@gnupg.org)
+
+	* Makefile.am: New
+
+

doc/gph/Makefile.am

@@ -0,0 +1,38 @@
+# GPH - GNU Privacy Handbook
+
+PARTS = manual.sgml c1.sgml c2.sgml c3.sgml c4.sgml c5.sgml c6.sgml \
+	signatures.fig
+
+EXTRA_DIST = $(PARTS) index.html
+BUILT_SOURCES = index.html
+
+index.html: $(PARTS) signatures.jpg
+	db2html manual.sgml
+	cp signatures.jpg manual/signatures.jpg
+	echo '<html><body>' >index.html
+	echo '<ul>'         >>index.html
+	echo '<li><a href="manual/book1.html">GnuPG User Manual</a>' >>index.html
+	echo '</ul>'          >>index.html
+	echo '</body></html>' >>index.html
+	-rm -r manual.junk
+	(cd manual; rm -r stylesheet-images; ls | grep -v distfiles >distfiles)
+
+%.dvi: %.sgml
+	db2dvi $<
+
+%.ps: %.dvi
+	dvips -o $@ $<
+
+%/%.html: %.sgml
+	db2html $<
+
+
+%.png: %.fig
+	fig2dev -L png $< $@
+
+%.jpg: %.fig
+	fig2dev -L jpeg $< $@
+
+%.eps: %.fig
+	fig2dev -L ps  $< $@
+

doc/gph/c1.sgml

@@ -0,0 +1,627 @@
+<chapter id="intro" xreflabel="1">
+<docinfo>
+<date>
+$Id$
+</date>
+</docinfo>
+<title>
+Getting Started
+</title>
+
+<para>
+&Gnupg; is a tool for secure communication.
+This chapter is a quick-start guide that covers the core functionality
+of &gnupg;.
+This includes keypair creation, exchanging and verifying keys, encrypting
+and decrypting documents, and making and verifying signatures.
+It does not explain in detail the concepts behind public-key cryptography,
+encryption, and digital signatures.
+This is covered in Chapter <xref linkend="concepts">.
+It also does not explain how to use &gnupg; wisely.
+This is covered in Chapters <xref linkend="management"> and 
+<xref linkend="wise">.
+</para>
+
+<para>
+&Gnupg; uses public-key cryptography so that users may communicate securely.
+In a public-key system, each user has a public/private keypair.
+A user's private key is kept secret; it need never be revealed.
+The public key may be given to anyone with whom the user wants to
+communicate.
+&Gnupg; uses a somewhat more sophisticated scheme in which a user has
+a primary keypair and then zero or more additional subordinate keypairs.
+The primary and subordinate keypairs are bundled to facilitate key
+management and the bundle can often be considered simply as one keypair.
+</para>
+
+<sect1>
+<title>
+Generating a new keypair
+</title>
+
+<para>
+The command-line option <link linkend="gen-key"><option>--gen-key</option></link>
+is used to create a new primary keypair.
+
+<screen width="80">
+<prompt>alice%</prompt> <userinput>gpg --gen-key</userinput>
+gpg (GnuPG) 0.9.4; Copyright (C) 1999 Free Software Foundation, Inc.
+This program comes with ABSOLUTELY NO WARRANTY.
+This is free software, and you are welcome to redistribute it
+under certain conditions. See the file COPYING for details.
+
+Please select what kind of key you want:
+   (1) DSA and ElGamal (default)
+   (2) DSA (sign only)
+   (4) ElGamal (sign and encrypt)
+Your selection?
+</screen>
+
+<!--
+REWRITE
+From Thomas Zander (zander@microweb.nl):
+In GPG you can create 3 type of keypairs. A keypair is the combination
+of a publ ic key and a private key, see chapter X. A DSA keypair can
+only be used to sign a message. A ElGamal subordinate keypair can be
+used for encryption as well as s igning, but is not as compatible with
+former standards.
+
+Option 1 creates 2 keypairs; a DSA (signing) and a ElGamal (Encryption).
+Option 2 creates a DSA keypair (Signing)
+Option 4 creates a ElGemal keypair (Signing & Encryption).
+
+note: option 3 xxxx
+
+This doesn't quite work, but I agree the following paragraph is rough.
+-->
+
+&Gnupg; is able to create several different types of keypairs, but a primary
+key must be capable of making signatures.
+There are therefore only three options.
+Option 1 actually creates two keypairs.
+A DSA keypair is the primary keypair usable only for making signatures.
+An ElGamal subordinate keypair is also created for encryption. 
+Option 2 is similar but creates only a DSA keypair.
+Option 4<footnote><para>Option 3 is to generate an ElGamal keypair that is
+not usable for making signatures.</para></footnote> creates a single ElGamal 
+keypair usable for both making signatures and performing encryption.
+In all cases it is possible to later add additional subkeys for encryption
+and signing.
+For most users the default option is fine.
+</para>
+
+<para>
+You must also choose a key size.
+The size of a DSA key must be between 512 and 1024 bits, and an ElGamal
+key may be of any size.
+&Gnupg;, however, requires that keys be no smaller than 768 bits.
+Therefore, if Option 1 was chosen and you choose a keysize larger than
+1024 bits, the ElGamal key will have the requested size, but the DSA
+key will be 1024 bits.
+
+<screen width="80">
+About to generate a new ELG-E keypair.
+              minimum keysize is  768 bits
+              default keysize is 1024 bits
+    highest suggested keysize is 2048 bits
+What keysize do you want? (1024)
+</screen>
+
+The longer the key the more secure it is against brute-force attacks,
+but for almost all purposes the default keysize is adequate since
+it would be cheaper to circumvent the encryption than try to break it.
+Also, encryption and decryption will be slower as the
+key size is increased, and a larger keysize may affect signature length.
+Once selected, the keysize can never be changed.
+</para>
+
+<para>
+Finally, you must choose an expiration date.
+If Option 1 was chosen, the expiration date will be used for both the
+ElGamal and DSA keypairs.
+
+<screen width="80">
+Please specify how long the key should be valid.
+         0 = key does not expire
+      &lt;n>  = key expires in n days
+      &lt;n>w = key expires in n weeks
+      &lt;n>m = key expires in n months
+      &lt;n>y = key expires in n years
+Key is valid for? (0) 
+</screen>
+
+For most users a key that does not expire is adequate.
+The expiration time should be chosen with care, however,
+since although it is possible to change the expiration date after the key
+is created, it may be difficult to communicate a change
+to users who have your public key.
+</para>
+
+<para>
+You must provide a user ID in addition to the key parameters.
+The user ID is used to associate the key being created with a real
+person.
+
+<screen width="80">
+You need a User-ID to identify your key; the software constructs the user id
+from Real Name, Comment and Email Address in this form:
+    "Heinrich Heine (Der Dichter) &lt;heinrichh@duesseldorf.de>"
+
+Real name: 
+</screen>
+
+Only one user ID is created when a key is created, but it is possible
+to create additional user IDs if you want to use the key in two or
+more contexts, &eg;, as an employee at work and a political activist
+on the side.
+A user ID should be created carefully since it cannot be edited after
+it is created.
+</para>
+
+<para>
+&Gnupg; needs a passphrase to protect the primary and subordinate 
+private keys that you keep in your possession.
+
+<screen width="80">
+You need a Passphrase to protect your private key.    
+
+Enter passphrase: 
+</screen>
+
+There is no limit on the length of a passphrase, and it should be
+carefully chosen.
+From the perspective of security, the passphrase to unlock the private
+key is one of the weakest points in &gnupg; (and other public-key 
+encryption systems as well) since it is the only protection you 
+have if another individual gets your private key.
+Ideally, the passphrase should not use words from a dictionary and
+should mix the case of alphabetic characters as well as use 
+non-alphabetic characters.
+A good passphrase is crucial to the secure use of &gnupg;.
+</para>
+
+<sect2 id="revocation">
+<title>
+Generating a revocation certificate
+</title>
+
+<para>
+After your keypair is created you should immediately generate a revocation
+certificate for the primary public key using the option
+<link linkend="gen-revoke"><option>--gen-revoke</option></link>.
+If you forget your passphrase or if your private key is compromised 
+or lost, this revocation certificate may be published to notify others
+that the public key should no longer be used.
+A revoked public key can still be used to verify signatures made
+by you in the past, but it cannot be used to encrypt future messages
+to you.
+It also does not affect your ability to decrypt messages sent to
+you in the past if you still do have access to the private key.
+
+<screen width="80">
+<prompt>alice%</prompt> <userinput>gpg --output revoke.asc --gen-revoke mykey</userinput>
+[...]
+</screen>
+
+The argument <userinput>mykey</userinput> must be a <emphasis>key
+specifier</emphasis>,
+either the key ID of your primary keypair or any part of a user ID
+that identifies your keypair.
+The generated certificate will be left in the file
+<parameter>revoke.asc</parameter>.
+If the <link linkend="output"><option>--output</option></link> option is 
+omitted, the result will be placed on standard output.
+Since the certificate is short, you may wish to print a hardcopy of
+the certificate to store somewhere safe such as your safe deposit box.
+The certificate should not be stored where others can access it since
+anybody can publish the revocation certificate and render the
+corresponding public key useless.
+</para>
+</sect2>
+</sect1>
+
+<sect1>
+<title>
+Exchanging keys
+</title>
+
+<para>
+To communicate with others you must exchange public keys.
+To list the keys on your public keyring use the command-line 
+option <link linkend="list-keys"><option>--list-keys</option></link>.
+</para>
+
+<screen width="80">
+<prompt>alice%</prompt> <userinput>gpg --list-keys</userinput>
+/users/alice/.gnupg/pubring.gpg
+---------------------------------------
+pub  1024D/BB7576AC 1999-06-04 Alice (Judge) &lt;alice@cyb.org>
+sub  1024g/78E9A8FA 1999-06-04
+</screen>
+
+<sect2>
+<title>
+Exporting a public key
+</title>
+
+<para>
+To send your public key to a correspondent you must first export it.
+The command-line option <link linkend="export"><option>--export</option></link>
+is used to do this.
+It takes an additional argument identifying the public key to export.
+As with the <option>--gen-revoke</option> option, either the key ID or any part of
+the user ID may be used to identify the key to export.
+</para>
+
+<screen width="80">
+<prompt>alice%</prompt> <userinput>gpg --output alice.gpg --export alice@cyb.org</userinput>
+</screen>
+
+<para>
+The key is exported in a binary format, but this can be inconvenient
+when the key is to be sent though email or published on a web page.
+&Gnupg; therefore supports a command-line option 
+<link linkend="armor"><option>--armor</option></link><footnote>
+<para>Many
+command-line options that are frequently used can also be set in a
+<link linkend="optionsfile">configuration file</link>.
+</para>
+</footnote>
+that that 
+causes output to be generated in an ASCII-armored format similar to
+uuencoded documents.
+In general, any output from &gnupg;, &eg;, keys, encrypted documents, and
+signatures, can be ASCII-armored by adding the <option>--armor</option> option.
+</para>
+
+<screen width="80">
+<prompt>alice%</prompt> <userinput>gpg --armor --export alice@cyb.org</userinput>
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v0.9.7 (GNU/Linux)
+Comment: For info see http://www.gnupg.org
+
+[...]
+-----END PGP PUBLIC KEY BLOCK-----
+</screen>
+</sect2>
+
+<sect2>
+<title>
+Importing a public key
+</title>
+
+<para>
+A public key may be added to your public keyring with the
+<link linkend="import"><option>--import</option></link> option.
+</para>
+
+<screen width="80">
+<prompt>alice%</prompt> <userinput>gpg --import blake.gpg</userinput>
+gpg: key 9E98BC16: public key imported
+gpg: Total number processed: 1
+gpg:               imported: 1
+<prompt>alice%</prompt> <userinput>gpg --list-keys</userinput>
+/users/alice/.gnupg/pubring.gpg
+---------------------------------------
+pub  1024D/BB7576AC 1999-06-04 Alice (Judge) &lt;alice@cyb.org>
+sub  1024g/78E9A8FA 1999-06-04
+
+pub  1024D/9E98BC16 1999-06-04 Blake (Executioner) &lt;blake@cyb.org>
+sub  1024g/5C8CBD41 1999-06-04
+</screen>
+
+<para>
+Once a key is imported it should be validated.
+&Gnupg; uses a powerful and flexible trust model that does not require
+you to personally validate each key you import.
+Some keys may need to be personally validated, however.
+A key is validated by verifying the key's fingerprint and then signing
+the key to certify it as a valid key.
+A key's fingerprint can be quickly viewed with the
+<link linkend="fingerprint"><option>--fingerprint</option></link>
+command-line option, but in order to certify the key you must edit it.
+
+<screen width="80">
+<prompt>alice%</prompt> <userinput>gpg --edit-key blake@cyb.org</userinput>
+
+pub  1024D/9E98BC16  created: 1999-06-04 expires: never      trust: -/q
+sub  1024g/5C8CBD41  created: 1999-06-04 expires: never     
+(1)  Blake (Executioner) &lt;blake@cyb.org>
+
+<prompt>Command></prompt> <userinput>fpr</userinput>
+pub  1024D/9E98BC16 1999-06-04 Blake (Executioner) &lt;blake@cyb.org>
+             Fingerprint: 268F 448F CCD7 AF34 183E  52D8 9BDE 1A08 9E98 BC16
+</screen>
+
+Key verification is a weak point in public-key cryptography, so you
+must be sure that the fingerprint is correct.
+The fingerprint displayed should be checked with the key's owner.
+This may be done in person or over the phone or through any other means
+as long as you can guarantee that you are communicating with the key's
+true owner.
+Once verified you may sign the key to validate it.
+</para>
+
+<screen width="80">
+<prompt>Command></prompt> <userinput>sign</userinput>
+             
+pub  1024D/9E98BC16  created: 1999-06-04 expires: never      trust: -/q
+             Fingerprint: 268F 448F CCD7 AF34 183E  52D8 9BDE 1A08 9E98 BC16
+
+     Blake (Executioner) &lt;blake@cyb.org>
+
+Are you really sure that you want to sign this key
+with your key: "Alice (Judge) &lt;alice@cyb.org>"
+
+Really sign?
+</screen>
+
+<para>
+Once signed you can check the key to list the signatures on it and
+see the signature that you have added.
+Every user ID on the key will have one or more self-signatures as well
+as a signature for each user that has validated the key.
+</para>
+
+<screen width="80">
+<prompt>Command></prompt> <userinput>check</userinput>
+uid  Blake (Executioner) &lt;blake@cyb.org>
+sig!       9E98BC16 1999-06-04   [self-signature]
+sig!       BB7576AC 1999-06-04   Alice (Judge) &lt;alice@cyb.org>
+</screen>
+</sect2>
+</sect1>
+
+<sect1>
+<title>
+Encrypting and decrypting documents
+</title>
+
+<para>
+To encrypt a document the option 
+<link linkend="encrypt"><option>--encrypt</option></link> is used.
+You must have the public keys of the intended recipients.
+The software expects the name of the document to encrypt as input or, if
+omitted, on standard input.
+The encrypted result is placed on standard output or as specified using
+the option <option>--output</option>.
+The document is compressed for additional security in addition to
+encrypting it.
+
+<screen width="80">
+<prompt>alice%</prompt> <userinput>gpg --output doc.gpg --encrypt --recipient blake@cyb.org doc</userinput>
+</screen>
+
+The <link linkend="recipient"><option>--recipient</option></link> option
+is used once for each recipient and takes an extra argument specifying
+the public key to which the document should be encrypted.
+The encrypted document can only be decrypted by someone with a private
+key that complements one of the recipients' public keys.
+In particular, you cannot decrypt a document encrypted by you unless
+you included your own public key in the recipient list.
+</para>
+
+<para>
+To decrypt a message the option 
+<link linkend="decrypt"><option>--decrypt</option></link> is used.
+You need the private key to which the message was encrypted.
+Similar to the encryption process, the document to decrypt is
+input, and the decrypted result is output.
+</para>
+
+<screen width="80">
+<prompt>blake%</prompt> <userinput>gpg --output doc --decrypt doc.gpg</userinput>
+
+You need a passphrase to unlock the secret key for
+user: "Blake (Executioner) &lt;blake@cyb.org>"
+1024-bit ELG-E key, ID 5C8CBD41, created 1999-06-04 (main key ID 9E98BC16)
+
+Enter passphrase: 
+</screen>
+
+<para>
+Documents may also be encrypted without using public-key cryptography.
+Instead, only a symmetric cipher is used to encrypt the document.
+The key used to drive the symmetric cipher is derived from a passphrase
+supplied when the document is encrypted, and for good security, it
+should not be the same passphrase that you use to protect your private key.
+Symmetric encryption is useful for securing documents when the
+passphrase does not need to be communicated to others.
+A document can be encrypted with a symmetric cipher by using the
+<link linkend="symmetric"><option>--symmetric</option></link> option.
+</para>
+
+<screen width="80">
+<prompt>alice%</prompt> <userinput>gpg --output doc.gpg --symmetric doc</userinput>
+Enter passphrase: 
+</screen>
+</sect1>
+
+<sect1>
+<title>
+Making and verifying signatures
+</title>
+
+<para>
+A digital signature certifies and timestamps a document.
+If the document is subsequently modified in any way, a verification
+of the signature will fail.
+A digital signature can serve the same purpose as a hand-written signature
+with the additional benefit of being tamper-resistant.
+The &gnupg; source distribution, for example, is signed so that users can
+verify that the source code has not been modified since it was packaged.
+</para>
+
+<para>
+Creating and verifying signatures uses the public/private keypair
+in an operation different from encryption and decryption.
+A signature is created using the private key of the signer.
+The signature is verified using the corresponding public key.
+A consequence is that it is difficult to deny that you made a digital
+signature since that would imply your private key had been compromised.
+</para>
+
+<para>
+The command-line option <link linkend="sign"><option>--sign</option></link> is
+used to make a digital signature.
+The document to sign is input, and the signed document is output.
+
+<screen width="80">
+<prompt>alice%</prompt> <userinput>gpg --output doc.sig --sign doc</userinput>
+
+You need a passphrase to unlock the private key for
+user: "Alice (Judge) &lt;alice@cyb.org>"
+1024-bit DSA key, ID BB7576AC, created 1999-06-04
+
+Enter passphrase: 
+</screen>
+
+The document is compressed before signed, and the output is in binary
+format.
+</para>
+
+<para>
+Given a signed document, you can either check the signature or
+check the signature and recover the original document.
+To check the signature use the 
+<link linkend="verify"><option>--verify</option></link> option.
+To verify the signature and extract the document use the
+<option>--decrypt</option>
+option.
+The signed document to verify and recover is input and the recovered
+document is output.
+</para>
+
+<screen width="80">
+<prompt>blake%</prompt> <userinput>gpg --output doc --decrypt doc.sig</userinput>
+gpg: Signature made Fri Jun  4 12:02:38 1999 CDT using DSA key ID BB7576AC
+gpg: Good signature from "Alice (Judge) &lt;alice@cyb.org>"
+</screen>
+
+<sect2>
+<title>
+Clearsigned documents
+</title>
+
+<para>
+A common use of digital signatures is to sign usenet postings or
+email messages.
+In such situations it is undesirable to compress the document while
+signing it.
+The option 
+<link linkend="clearsign"><option>--clearsign</option></link> 
+causes the document to be wrapped in an ASCII-armored signature but 
+otherwise does not modify the document.
+</para>
+
+<screen width="80">
+<prompt>alice%</prompt> <userinput>gpg --clearsign doc</userinput>
+
+You need a passphrase to unlock the secret key for
+user: "Alice (Judge) &lt;alice@cyb.org>"
+1024-bit DSA key, ID BB7576AC, created 1999-06-04
+
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+[...]
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v0.9.7 (GNU/Linux)
+Comment: For info see http://www.gnupg.org
+
+iEYEARECAAYFAjdYCQoACgkQJ9S6ULt1dqz6IwCfQ7wP6i/i8HhbcOSKF4ELyQB1
+oCoAoOuqpRqEzr4kOkQqHRLE/b8/Rw2k
+=y6kj
+-----END PGP SIGNATURE-----
+</screen>
+</sect2>
+
+<sect2>
+<title>
+Detached signatures
+</title>
+
+<para>
+A signed document has limited usefulness.
+Other users must recover the original document from the signed
+version, and even with clearsigned documents, the signed document
+must be edited to recover the original.
+Therefore, there is a third method for signing a document that
+creates a detached signature.
+A detached signature is created using the 
+<link linkend="detach-sig"><option>--detach-sig</option></link>
+option.
+</para>
+
+<screen width="80">
+<prompt>alice%</prompt> <userinput>gpg --output doc.sig --detach-sig doc</userinput>
+
+You need a passphrase to unlock the secret key for
+user: "Alice (Judge) &lt;alice@cyb.org>"
+1024-bit DSA key, ID BB7576AC, created 1999-06-04
+
+Enter passphrase: 
+</screen>
+
+<para>
+Both the document and detached signature are needed to verify
+the signature.
+The <option>--verify</option> option can be to check the 
+signature.
+</para>
+
+<screen width="80">
+<prompt>blake%</prompt> <userinput>gpg --verify doc.sig doc</userinput>
+gpg: Signature made Fri Jun  4 12:38:46 1999 CDT using DSA key ID BB7576AC
+gpg: Good signature from "Alice (Judge) &lt;alice@cyb.org>"
+</screen>
+</sect2>
+</sect1>
+</chapter>
+
+<!--
+In the "Getting Started" chapter, it would be interesting to provide
+a checklist of assumptions that the reader can consult to determine
+whether or not she fits the "most users" profile.  Perhaps put this
+at the end of the chapter (perhaps w/ forward pointer?).  You could
+include cross references for each item on the list.  For example:
+
+    23.  Your use of public key encryption has property X with attribute Y.
+         (see Section 3.4.1 for a more detailed discussion of other
+          attributes of property X)
+
+What prompted this was wondering, as I read through the generating keypair
+section, "under what circumstances would these defaults be inappropriate?"
+
+The notion of using the same key with different user IDs "as an employee at
+work and a political activist on the side" is interesting.  Knowing one,
+could you be traced to the other?  (Are they separate numeric ids, and is
+that enough?)  (seems someone could just match the public keys)
+
+It's a very nice touch that you don't cover every single prompt that the
+system throws at you, but instead treat them functionally.  For example,
+I can imagine other books going through the "Comment:" and "Email Address:"
+prompts.
+-->
+
+<!--
+"Key verification is a weak point in public-key cryptography ..."
+Saying "weak point" makes it sound like a slam on public key stuff.
+Although we've talked about weaknesses of the trust model, I'm guessing
+the point here is that communication is only secure if you verify the
+identity of the key's owner.
+
+Key verification can be done through any means "as long as you can
+guarantee that you are communicating with the key's true owner".
+I suspect we'd also like to prevent leaking information that an
+interceptor could use to pose as us in a key verification step with
+another party.  I suppose the notion of bootstrapping may not be widely
+appreciated as an analogy.
+
+I'm almost inclined to want to see a section in the Getting Started
+guide called "Why you should read the rest of this book".  Failing
+that, or perhaps better yet, maybe it would work to have some margin
+notes that point to other sections of the book for more information
+("a discussion of trust models begins on p. 95").
+-->
+

doc/gph/c2.sgml

@@ -0,0 +1,345 @@
+<chapter id="concepts" xreflabel="2">
+<docinfo>
+<date>
+$Id$
+</date>
+</docinfo>
+<title>
+Concepts
+</title>
+
+<para>
+&Gnupg; makes uses of several cryptographic concepts including 
+<firstterm>symmetric ciphers</firstterm>, 
+<firstterm>public-key ciphers</firstterm>, and 
+<firstterm>one-way hashing</firstterm>.
+You can make basic use &gnupg; without fully understanding these concepts,
+but in order to use it wisely some understanding of them is necessary.
+</para>
+
+<para>
+This chapter introduces the basic cryptographic concepts used in GnuPG.
+Other books cover these topics in much more detail.
+A good book with which to pursue further study is 
+<ulink url="http://www.counterpane.com/schneier.html">Bruce 
+Schneier</ulink>'s
+<ulink url="http://www.counterpane.com/applied.html">"Applied 
+Cryptography"</ulink>.
+</para>
+
+<sect1>
+<title>
+Symmetric ciphers
+</title>
+
+<para>
+A symmetric cipher is a cipher that uses the same key for both encryption
+and decryption.
+Two parties communicating using a symmetric cipher must agree on the
+key beforehand.
+Once they agree, the sender encrypts a message using the key, sends it
+to the receiver, and the receiver decrypts the message using the key.
+As an example, the German Enigma is a symmetric cipher, and daily keys
+were distributed as code books.
+Each day, a sending or receiving radio operator would consult his copy
+of the code book to find the day's key.
+Radio traffic for that day was then encrypted and decrypted using the
+day's key.
+Modern examples of symmetric ciphers include 3DES, Blowfish, and IDEA.
+</para>
+
+<para>
+A good cipher puts all the security in the key and none in the algorithm.
+In other words, it should be no help to an attacker if he knows which
+cipher is being used.
+Only if he obtains the key would knowledge of the algorithm be needed.
+The ciphers used in &gnupg; have this property.
+</para>
+
+<para>
+Since all the security is in the key, then it is important that it be
+very difficult to guess the key.
+In other words, the set of possible keys, &ie;, the <emphasis>key
+space</emphasis>, needs
+to be large.
+While at Los Alamos, Richard Feynman was famous for his ability to
+crack safes.
+To encourage the mystique he even carried around a set of tools
+including an old stethoscope.
+In reality, he used a variety of tricks to reduce the number of
+combinations he had to try to a small number and then simply guessed
+until he found the right combination.
+In other words, he reduced the size of the key space.
+</para>
+
+<para>
+Britain used machines to guess keys during World War 2.
+The German Enigma had a very large key space, but the British built
+speciailzed computing engines, the Bombes, to mechanically try 
+keys until the day's key was found.
+This meant that sometimes they found the day's key within hours of
+the new key's use, but it also meant that on some days they never
+did find the right key.
+The Bombes were not general-purpose computers but were precursors
+to modern-day computers.
+</para>
+
+<para>
+Today, computers can guess keys very quickly, and this is why key
+size is important in modern cryptosystems.
+The cipher DES uses a 56-bit key, which means that there are
+<!-- inlineequation -->
+2<superscript>56</superscript> possible keys.
+<!-- inlineequation -->
+2<superscript>56</superscript> is 72,057,594,037,927,936 keys.
+This is a lot of keys, but a general-purpose computer can check the
+entire key space in a matter of days.
+A specialized computer can check it in hours.
+On the other hand, more recently designed ciphers such as 3DES, 
+Blowfish, and IDEA
+<!-- inlineequation -->
+all use 128-bit keys, which means there are 2<superscript>128</superscript> 
+possible keys.
+This is many, many more keys, and even if all the computers on the
+planet cooperated, it could still take more time than the age of
+the universe to find the key.
+</para>
+</sect1>
+
+<sect1>
+<title>
+Public-key ciphers
+</title>
+
+<para>
+The primary problem with symmetric ciphers is not their security but
+with key exchange.
+Once the sender and receiver have exchanged keys, that key can be
+used to securely communicate, but what secure communication channel
+was used to communicate the key itself?
+In particular, it would probably be much easier for an attacker to work
+to intercept the key than it is to try all the keys in the key space.
+Another problem is the number of keys needed.
+<!-- inlineequation -->
+If there are <emphasis>n</emphasis> people who need to communicate, then 
+<!-- inlineequation -->
+<emphasis>n(n-1)/2</emphasis> keys
+are needed for each pair of people to communicate privately.
+This may be ok for a small number of people but quickly becomes unwieldly
+for large groups of people.
+</para>
+
+<para>
+Public-key ciphers were invented to avoid the key-exchange problem
+entirely.
+A public-key cipher uses a pair of keys for sending messages.
+The two keys belong to the person receiving the message.
+One key is a <emphasis>public key</emphasis> and may be given to anybody.
+The other key is a <emphasis>private key</emphasis> and is kept 
+secret by the owner.
+A sender encrypts a message using the public key and once encrypted,
+only the private key may be used to decrypt it.
+</para>
+
+<para>
+This protocol solves the key-exchange problem inherent with symmetric
+ciphers.
+There is no need for the sender and receiver to agree
+upon a key.
+All that is required is that some time before secret communication the
+sender gets a copy of the receiver's public key.
+Furthermore, the one public key can be used by anybody wishing to
+communicate with the receiver.
+<!-- inlineequation -->
+So only <emphasis>n</emphasis> keypairs are needed for <emphasis>n</emphasis> 
+people to communicate secretly
+with one another,
+</para>
+
+<para>
+Public-key ciphers are based on one-way trapdoor functions.
+A one-way function is a function that is easy to compute,
+but the inverse is hard to compute.
+For example, it is easy to multiply two prime numbers together to get
+a composite, but it is difficult to factor a composite into its prime
+components.a
+A one-way trapdoor function is similar, but it has a trapdoor.
+That is, if some piece of information is known, it becomes easy
+to compute the inverse.
+For example, if you have a number made of two prime factors, then knowing
+one of the factors makes it easy to compute the second.
+Given a public-key cipher based on prime factorization, the public
+key contains a composite number made from two large prime factors, and
+the encryption algorithm uses that composite to encrypt the
+message.
+The algorithm to decrypt the message requires knowing the prime factors,
+so decryption is easy if you have the private key containing one of the
+factors but extremely difficult if you do not have it.
+</para>
+
+<para>
+As with good symmetric ciphers, with a good public-key cipher all of the
+security rests with the key.
+Therefore, key size is a measure of the system's security, but
+one cannot compare the size of a symmetric cipher key and a public-key
+cipher key as a measure of their relative security.
+In a brute-force attack on a symmetric cipher with a key size of 80 bits,
+<!-- inlineequation -->
+the attacker must enumerate up to 2<superscript>81</superscript>-1 keys to 
+find the right key.
+In a brute-force attack on a public-key cipher with a key size of 512 bits,
+the attacker must factor a composite number encoded in 512 bits (up to
+155 decimal digits).
+The workload for the attacker is fundamentally different depending on
+the cipher he is attacking.
+While 128 bits is sufficient for symmetric ciphers, given today's factoring
+technology public keys with 1024 bits are recommended for most purposes.
+</para>
+</sect1>
+
+<sect1>
+<title>
+Hybrid ciphers
+</title>
+
+<para>
+Public-key ciphers are no panacea.
+Many symmetric ciphers are stronger from a security standpoint,
+and public-key encryption and decryption are more expensive than the
+corresponding operations in symmetric systems.
+Public-key ciphers are nevertheless an effective tool for distributing
+symmetric cipher keys, and that is how they are used in hybrid cipher
+systems.
+</para>
+
+<para>
+A hybrid cipher uses both a symmetric cipher and a public-key cipher.
+It works by using a public-key cipher to share a key for the symmetric
+cipher.
+The actual message being sent is then encrypted using the key and sent
+to the recipient.
+Since symmetric key sharing is secure, the symmetric key used is different
+for each message sent.
+Hence it is sometimes called a session key.
+</para>
+
+<para>
+Both PGP and &gnupg; use hybrid ciphers.
+The session key, encrypted using the public-key cipher, and the message
+being sent, encrypted with the symmetric cipher, are automatically
+combined in one package.
+The recipient uses his private-key to decrypt the session key and the
+session key is then used to decrypt the message.
+</para>
+
+<para>
+A hybrid cipher is no stronger than the public-key cipher or symmetric
+cipher it uses, whichever is weaker.
+In PGP and &gnupg;, the public-key cipher is probably the weaker of
+the pair.
+Fortunately, however, if an attacker could decrypt a session key it
+would only be useful for reading the one message encrypted with that
+session key.
+The attacker would have to start over and decrypt another session
+key in order to read any other message.
+</para>
+</sect1>
+
+<sect1>
+<title>
+Digital signatures
+</title>
+
+<para>
+A hash function is a many-to-one function that maps its input to a
+value in a finite set.
+Typically this set is a range of natural numbers.
+<!-- inlineequation -->
+A simple ehash function is <emphasis>f</emphasis>(<emphasis>x</emphasis>) = 0 
+for all integers <emphasis>x</emphasis>.
+A more interesting hash function is 
+<emphasis>f</emphasis>(<emphasis>x</emphasis>) = <emphasis>x</emphasis> 
+<emphasis>mod</emphasis> 37, which
+maps <emphasis>x</emphasis> to the remainder of dividing <emphasis>x</emphasis> by 37.
+</para>
+
+<para>
+A document's digital signature is the result of applying a hash
+function to the document.
+To be useful, however, the hash function needs to satisfy two
+important properties.
+First, it should be hard to find two documents that hash to the
+same value.
+Second, given a hash value it should be hard to recover the document
+that produced that value.
+</para>
+
+<para>
+Some public-key ciphers<footnote><para>
+The cipher must have the property that the actual public key or private
+key could be used by the encryption algorithm as the public key.
+RSA is an example of such an algorithm while ElGamal is not an example.
+</para>
+</footnote> could be used to sign documents.
+The signer encrypts the document with his <emphasis>private</emphasis> key.
+Anybody wishing to check the signature and see the document simply
+uses the signer's public key to decrypt the document.
+This algorithm does satisfy the two properties needed from a good hash
+function, but in practice, this algorithm is too slow to be useful.
+</para>
+
+<para>
+An alternative is to use hash functions designed to satisfy these
+two important properties.
+SHA and MD5 are examples of such algorithms.
+Using such an algorithm, a document is signed by hashing it, and
+the hash value is the signature.
+Another person can check the signature by also hashing their copy of the
+document and comparing the hash value they get with the hash value of
+the original document.
+If they match, it is almost certain that the documents are identical.
+</para>
+
+<para>
+Of course, the problem now is using a hash function for digital
+signatures without permitting an attacker to interfere with signature
+checking.
+If the document and signature are sent unencrypted, an attacker could
+modify the document and generate a corresponding signature without the
+recipient's knowledge.
+If only the document is encrypted, an attacker could tamper with the
+signature and cause a signature check to fail.
+A third option is to use a hybrid public-key encryption to encrypt both
+the signature and document.
+The signer uses his private key, and anybody can use his public key
+to check the signature and document.
+This sounds good but is actually nonsense.
+If this algorithm truly secured the document it would also
+secure it from tampering and there would be no need for the signature.
+The more serious problem, however, is that this does not protect either
+the signature or document from tampering.
+With this algorithm, only the session key for the symmetric cipher
+is encrypted using the signer's private key.
+Anybody can use the public key to recover the session key.
+Therefore, it is straightforward for an attacker to recover the session
+key and use it to encrypt substitute documents and signatures to send
+to others in the sender's name.
+</para>
+
+<para>
+An algorithm that does work is to use a public key algorithm to
+encrypt only the signature.
+In particular, the hash value is encrypted using the signer's private
+key, and anbody can check the signature using the public key.
+The signed document can be sent using any other encryption algorithm
+including none if it is a public document.
+If the document is modified the signature check will fail, but this
+is precisely what the signature check is supposed to catch.
+The Digital Signature Standard (DSA) is a public key signature 
+algorithm that works as just described.
+DSA is the primary signing algorithm used in &Gnupg;.
+</para>
+
+</sect1>
+</chapter>
+

doc/gph/c3.sgml

@@ -0,0 +1,885 @@
+<chapter id="management" xreflabel="3">
+<docinfo>
+<date>
+$Id$
+</date>
+</docinfo>
+<title>
+Key Management
+</title>
+
+<para>
+Key tampering is a major security weakness with public-key cryptography.
+An eavesdropper may tamper with a user's keyrings or forge a
+user's public key and post it for others to download and use.
+For example, suppose Chloe wants to monitor the messages that Alice
+sends to Blake.
+She could mount what is called a <firstterm>man in the 
+middle</firstterm> attack.
+In this attack, Chloe creates a new public/private keypair.
+She replaces Alice's copy of Blake's public key with the new public key.
+She then intercepts the messages that Alice sends to Blake.
+For each intercept, she decrypts it using the new private key, reencrypts
+it using Blake's true public key, and forwards the reencrypted
+message to Blake.
+All messages sent from Alice to Blake can now be read by Chloe.
+</para>
+
+<para>
+Good key management is crucial in order to ensure not just the integrity
+of your keyrings but the integrity of other users' keyrings as well.
+The core of key management in &gnupg; is the notion of signing keys.
+Key signing has two main purposes: it permits you to detect tampering
+on your keyring, and it allows you to certify that a key truly belongs
+to the person named by a user ID on the key.
+Key signatures are also used in a scheme known as the <firstterm>web of 
+trust</firstterm> to extend certification to keys not directly signed by you 
+but signed by others you trust.
+Responsible users who practice good key management can defeat key
+tampering as a practical attack on secure communication with &gnupg;.
+</para>
+
+<sect1>
+<title>
+Managing your own keypair
+</title>
+
+<para>
+A keypair has a public key and a private key.
+A public key consists of 
+the public portion of the master signing key,
+the public portions of the subordinate signing and encryption subkeys, and 
+a set of user IDs used to associate the public key with a real person.
+Each piece has data about itself.
+For a key, this data includes its ID, when it was created, when it
+will expire, etc.
+For a user ID, this data includes the name of the real person it identifies,
+an optional comment, and an email address.
+The structure of the private key is similar, except that it contains only
+the private portions of the keys, and there is no user ID information.
+</para>
+
+<para>
+The command-line option 
+<link linkend="edit-key"><option>--edit-key</option></link>
+may be used to view a keypair.
+For example,
+
+<screen width="80">
+<prompt>chloe%</prompt> <userinput>gpg --edit-key chloe@cyb.org</userinput>
+Secret key is available.
+
+pub  1024D/26B6AAE1  created: 1999-06-15 expires: never      trust: -/u
+sub  2048g/0CF8CB7A  created: 1999-06-15 expires: never     
+sub  1792G/08224617  created: 1999-06-15 expires: 2002-06-14
+sub   960D/B1F423E7  created: 1999-06-15 expires: 2002-06-14
+(1)  Chloe (Jester) &lt;chloe@cyb.org>
+(2)  Chloe (Plebian) &lt;chloe@tel.net>
+<prompt>Command></prompt>
+</screen>
+
+The public key is displayed along with an indication of whether
+or not the private key is available.
+Information about each component of the public key is then listed.
+The first column indicates the type of the key.
+The keyword <literal>pub</literal> identifies the public master signing key,
+and the keyword <literal>sub</literal> identifies a public subordinate key.
+The second column indicates the key's bit length, type, and ID.
+The type is <literal>D</literal> for a DSA key, <literal>g</literal> for an 
+encryption-only
+ElGamal key, and <literal>G</literal> for an ElGamal key that may be used for
+both encryption and signing.
+The creation date and expiration date are given in columns three and four.
+The user IDs are listed following the keys.
+</para>
+
+<para>
+More information about the key can be obtained with interactive commands.
+The command <link linkend="toggle"><command>toggle</command></link> 
+switches between the public and private
+components of a keypair if indeed both components are available.
+
+<screen width="80">
+<prompt>Command></prompt> <userinput>toggle</userinput>
+               
+sec  1024D/26B6AAE1  created: 1999-06-15 expires: never     
+sbb  2048g/0CF8CB7A  created: 1999-06-15 expires: never     
+sbb  1792G/08224617  created: 1999-06-15 expires: 2002-06-14
+sbb   960D/B1F423E7  created: 1999-06-15 expires: 2002-06-14
+(1)  Chloe (Jester) &lt;chloe@cyb.org>
+(2)  Chloe (Plebian) &lt;chloe@tel.net>
+</screen>
+
+The information provided is similar to the listing for the public-key
+component.
+The keyword <literal>sec</literal> identifies the private master signing key,
+and the keyword <literal>sbb</literal> identifies the private subordinates keys.
+The user IDs from the public key are also listed for convenience.
+</para>
+
+<sect2>
+<title id="integrity">
+Key integrity
+</title>
+
+<para>
+When you distribute your public key, you are distributing the public
+components of your master and subordinate keys as well as the user IDs.
+Distributing this material alone, however, is a security risk since
+it is possible for an attacker to tamper with the key.
+The public key can be modified by adding or substituting keys, or by
+adding or changing user IDs.
+By tampering with a user ID, the attacker could change the user ID's email
+address to have email redirected to himself.
+By changing one of the encryption keys, the attacker would
+also be able to decrypt the messages redirected to him.
+</para>
+
+<para>
+Using digital signatures is a solution to this problem.
+When data is signed by a private key, the corresponding public key
+is bound to the signed data.
+In other words, only the corresponding public key can be used to
+verify the signature and ensure that the data has not been modified.
+A public key can be protected from tampering by using its corresponding
+private master key to sign the public key components and user IDs, thus
+binding the components to the public master key.
+Signing public key components with the corresponding private master
+signing key is called <firstterm>self-signing</firstterm>, and a public key that has
+self-signed user IDs bound to it is called a <firstterm>certificate</firstterm>.
+</para>
+
+<!--
+%\begin{figure}
+%Blank
+%\caption{This should depict how self-signatures bind information to
+%a public key.}\label{fig:selfsignedkey}
+%\end{figure}
+%
+%As an example, Figure~\ref{fig:selfsignedkey} illustrates Chloe's public
+%key, which has been self-signed to bind the user IDs and public subkeys
+%to the public master key.
+%The signatures on the user IDs can be checked with the \texttt{check}
+%command from the key edit menu.
+-->
+
+<para>
+As an example, Chloe has two user IDs and three subkeys.
+The signatures on the user IDs can be checked with the command
+<link linkend="check"><command>check</command></link> from the key edit menu.
+
+<screen width="80">
+<prompt>chloe%</prompt> <userinput>gpg --edit-key chloe</userinput>
+Secret key is available.
+
+pub  1024D/26B6AAE1  created: 1999-06-15 expires: never      trust: -/u
+sub  2048g/0CF8CB7A  created: 1999-06-15 expires: never     
+sub  1792G/08224617  created: 1999-06-15 expires: 2002-06-14
+sub   960D/B1F423E7  created: 1999-06-15 expires: 2002-06-14
+(1)  Chloe (Jester) &lt;chloe@cyb.org>
+(2)  Chloe (Plebian) &lt;chloe@tel.net>
+
+<prompt>Command></prompt> <userinput>check</userinput>
+uid  Chloe (Jester) &lt;chloe@cyb.org>
+sig!       26B6AAE1 1999-06-15   [self-signature]
+uid  Chloe (Plebian) &lt;chloe@tel.net>
+sig!       26B6AAE1 1999-06-15   [self-signature]
+</screen>
+
+As expected, the signing key for each signature is the master signing
+key with key ID <literal>0x26B6AAE1</literal>.
+The self-signatures on the subkeys are present in the public key, but
+they are not shown by the &gnupg; interface.
+</para>
+</sect2>
+
+<sect2>
+<title>
+Adding and deleting key components
+</title>
+
+<para>
+Both new subkeys and new user IDs may be added to your keypair after
+it has been created.
+A user ID is added using the command 
+<link linkend="adduid"><command>adduid</command></link>.
+You are prompted for a real name, email address, and comment just
+as when you create an initial keypair.
+A subkey is added using the command 
+<link linkend="addkey"><command>addkey</command></link>.
+The interface is similar to the interface used when creating an initial
+keypair.
+The subkey may be a DSA signing key, and encrypt-only ElGamal
+key, or a sign-and-encrypt ElGamal key.
+When a subkey or user ID is generated it is self-signed using your 
+master signing key, which is why you must supply your passphrase
+when the key is generated.
+</para>
+
+<para>
+Additional user IDs are useful when you need multiple identities.
+For example, you may have an identity for your job and an identity
+for your work as a political activist.
+Coworkers will know you by your work user ID.
+Coactivists will know you by your activist user ID.
+Since those groups of people may not overlap, though, each group
+may not trust the other user ID.
+Both user IDs are therefore necessary.
+</para>
+
+<para>
+Additional subkeys are also useful.
+The user IDs associated with your public master key are validated by
+the people with whom you
+communicate, and changing the master key therefore requires recertification.
+This may be difficult and time consuming if you communicate with
+many people.
+On the other hand, it is good to periodically change encryption subkeys.
+If a key is broken, all the data encrypted with that key will be
+vulnerable.
+By changing keys, however, only the data encrypted with the one broken
+key will be revealed.
+</para>
+
+<para>
+Subkeys and user IDs may also be deleted.
+To delete a subkey or user ID you must first select it using the
+<link linkend="key"><command>key</command></link> or 
+<link linkend="uid"><command>uid</command></link> commands respectively.
+These commands are toggles.
+For example, the command <command>key <parameter>2</parameter></command> 
+selects the second subkey,
+and invoking <command>key <parameter>2</parameter></command> again 
+deselects it.
+If no extra argument is given, all subkeys or user IDs are deselected.
+Once the user IDs to be deleted are selected, the command
+<link linkend="deluid"><command>deluid</command></link>
+actually deletes the user IDs from your key.
+Similarly, the command <link linkend="delkey"><command>delkey</command></link>
+deletes all selected subkeys from both your public and private keys.
+</para>
+
+<para>
+For local keyring management, deleting key components is a good way
+to trim other people's public keys of unnecessary material.
+Deleting user IDs and subkeys on your own key, however, is not always
+wise since it complicates key distribution.
+By default, when a user imports your updated public key it will be merged
+with the old copy of your public key on his ring if it exists.
+The components from both keys are combined in the merge, and this
+effectively restores any components you deleted.
+To properly update the key, the user must first delete the old version
+of your key and then import the new version.
+This puts an extra burden on the people with whom you communicate.
+Furthermore, if you send your key to a keyserver, the merge will
+happen regardless, and anybody who downloads your key from a keyserver
+will never see your key with components deleted.
+Consequently, for updating your own key it is better to revoke key
+components instead of deleting them.
+</para>
+</sect2>
+
+<sect2>
+<title>
+Revoking key components
+</title>
+
+<para>
+To revoke a subkey it must be selected.
+Once selected it may be revoked with the 
+<link linkend="revkey"><command>revkey</command></link> command.
+The key is revoked by adding a revocation self-signature to the key.
+Unlike the command-line option <option>--gen-revoke</option>, the effect of
+revoking a subkey is immediate.
+</para>
+
+<screen width="80">
+<prompt>Command></prompt> <userinput>revkey</userinput>
+Do you really want to revoke this key? y
+                                        
+You need a passphrase to unlock the secret key for
+user: "Chloe (Jester) &lt;chloe@cyb.org>"
+1024-bit DSA key, ID B87DBA93, created 1999-06-28
+
+                  
+pub  1024D/B87DBA93  created: 1999-06-28 expires: never      trust: -/u
+sub  2048g/B7934539  created: 1999-06-28 expires: never     
+sub  1792G/4E3160AD  created: 1999-06-29 expires: 2000-06-28
+rev! subkey has been revoked: 1999-06-29
+sub   960D/E1F56448  created: 1999-06-29 expires: 2000-06-28
+(1)  Chloe (Jester) &lt;chloe@cyb.org>
+(2)  Chloe (Plebian) &lt;chloe@tel.net>
+</screen>
+
+<para>
+A user ID is revoked differently.
+Normally, a user ID collects signatures that attest that the user ID
+describes the person who actually owns the associated key.
+In theory, a user ID describes a person forever, since that person will
+never change.
+In practice, though, elements of the user ID such as the email address
+and comment may change over time, thus invalidating the user ID.
+</para>
+
+<para>
+The OpenPGP
+<comment>First reference to OpenPGP</comment>
+specification does not support user ID revocation, but
+a user ID can effectively be revoked by revoking the self-signature
+on the user ID.
+For the security reasons described 
+<link linkend="integrity">previously</link>,
+correspondents will not trust a user ID with no valid self-signature.
+</para>
+
+<para>
+A signature is revoked by using the command 
+<link linkend="revsig"><command>revsig</command></link>.
+Since you may have signed any number of user IDs, the user interface
+prompts you to decide for each signature whether or not to revoke it.
+</para>
+
+<screen width="80">
+<prompt>Command></prompt> <userinput>revsig</userinput>
+You have signed these user IDs:
+     Chloe (Jester) &lt;chloe@cyb.org>
+   signed by B87DBA93 at 1999-06-28
+     Chloe (Plebian) &lt;chloe@tel.net>
+   signed by B87DBA93 at 1999-06-28
+user ID: "Chloe (Jester) &lt;chloe@cyb.org>"
+signed with your key B87DBA93 at 1999-06-28
+Create a revocation certificate for this signature? (y/N)n
+user ID: "Chloe (Plebian) &lt;chloe@tel.net>"                
+signed with your key B87DBA93 at 1999-06-28
+Create a revocation certificate for this signature? (y/N)y
+You are about to revoke these signatures:                 
+     Chloe (Plebian) &lt;chloe@tel.net>
+   signed by B87DBA93 at 1999-06-28
+Really create the revocation certificates? (y/N)y
+                                                 
+You need a passphrase to unlock the secret key for
+user: "Chloe (Jester) &lt;chloe@cyb.org>"
+1024-bit DSA key, ID B87DBA93, created 1999-06-28
+
+                  
+pub  1024D/B87DBA93  created: 1999-06-28 expires: never      trust: -/u
+sub  2048g/B7934539  created: 1999-06-28 expires: never     
+sub  1792G/4E3160AD  created: 1999-06-29 expires: 2000-06-28
+rev! subkey has been revoked: 1999-06-29
+sub   960D/E1F56448  created: 1999-06-29 expires: 2000-06-28
+(1)  Chloe (Jester) &lt;chloe@cyb.org>
+(2)  Chloe (Plebian) &lt;chloe@tel.net>
+</screen>
+
+<para>
+A revoked user ID is indicated by the revocation signature on 
+the ID when the signatures on the key's user IDs are listed.
+</para>
+
+<screen width="80">
+<prompt>Command></prompt> <userinput>check</userinput>
+uid  Chloe (Jester) &lt;chloe@cyb.org>
+sig!       B87DBA93 1999-06-28   [self-signature]
+uid  Chloe (Plebian) &lt;chloe@tel.net>
+rev!       B87DBA93 1999-06-29   [revocation]
+sig!       B87DBA93 1999-06-28   [self-signature]
+</screen>
+
+<para>
+Revoking both subkeys and self-signatures on user IDs adds revocation
+self-signatures to the key.
+Since signatures are being added and no material is deleted, a 
+revocation will always be visible to others when your updated public
+key is distributed and merged with older copies of it.
+Revocation therefore guarantees that everybody has a consistent
+copy of your public key.
+</para>
+</sect2>
+
+<sect2>
+<title>
+Updating a key's expiration time
+</title>
+
+<para>
+The expiration time of a key may be updated with the command
+<link linkend="expire"><command>expire</command></link> from the key edit menu.
+If no key is selected the expiration time of the primary key
+is updated.
+Otherwise the expiration time of the selected subordinate key
+is updated.
+</para>
+
+<para>
+A key's expiration time is associated with the key's self-signature.
+The expiration time is updated by deleting the old self-signature
+and adding a new self-signature.
+Since correspondents will not have deleted the old self-signature, they
+will see an additional self-signature on the key when they update
+their copy of your key.
+The latest self-signature takes precedence, however, so all correspondents
+will unambiguously know the expiration times of your keys.
+</para>
+</sect2>
+</sect1>
+
+<sect1>
+<title>
+Validating other keys on your public keyring
+</title>
+
+<para>
+In Chapter <xref linkend="intro"> a procedure was given to validate your
+correspondents' public keys: a correspondent's key is validated by
+personally checking his key's fingerprint and then signing his public
+key with your private key.
+By personally checking the fingerprint you can be sure that the
+key really does belong to him, and since you have signed they key, you
+can be sure to detect any tampering with it in the future.
+Unfortunately, this procedure is awkward when either you must validate
+a large number of keys or communicate with people whom you do not
+know personally.
+</para>
+
+<para>
+&Gnupg; addresses this problem with a mechanism popularly known
+as the <firstterm>web of trust</firstterm>.
+In the web of trust model, responsibility for validating public
+keys is delegated to people you trust.
+For example, suppose
+<itemizedlist spacing="compact">
+<listitem>
+<para>
+Alice has signed Blake's key, and
+</para>
+</listitem>
+<listitem>
+<para>
+Blake has signed Chloe's key and Dharma's key.
+</para>
+</listitem>
+</itemizedlist>
+
+If Alice trusts Blake to properly validate keys that he signs, then
+Alice can infer that Chloe's and Dharma's keys are valid without 
+having to personally check them.
+She simply uses her validated copy of Blake's public key to
+check that Blake's signatures on Chloe's and Dharma's are good.
+In general, assuming that Alice fully trusts everybody to properly
+validate keys they sign, then any key signed by a valid key is also
+considered valid.
+The root is Alice's key, which is axiomatically assumed to be valid.
+</para>
+
+<sect2>
+<title>
+Trust in a key's owner
+</title>
+
+<para>
+In practice trust is subjective.
+For example, Blake's key is valid to Alice since she signed it, but she
+may not trust Blake to properly validate keys that he signs.
+In that case, she would not take Chloe's and Dharma's key as valid
+based on Blake's signatures alone.
+The web of trust model accounts for this by associating with each
+public key on your keyring an indication of how much you trust the
+key's owner.
+There are four trust levels.
+
+<variablelist>
+<varlistentry>
+<term>
+unknown
+</term>
+<listitem>
+<para>
+Nothing is known about the owner's judgement in key signing.
+Keys on your public keyring that you do not own initially have
+this trust level.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>
+none
+</term>
+<listitem>
+<para>
+The owner is known to improperly sign other keys.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>
+marginal
+</term>
+<listitem>
+<para>
+The owner understands the implications of key signing and 
+properly validates keys before signing them.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>
+full
+</term>
+<listitem>
+<para>
+The owner has an excellent understanding of key signing,
+and his signature on a key would be as good as your own.
+</para>
+</listitem>
+</varlistentry>
+</variablelist>
+
+A key's trust level is something that you alone assign to the
+key, and it is considered private information.
+It is not packaged with the key when it is exported; it is even
+stored separately from your keyrings in a separate database.
+</para>
+
+<para>
+The &gnupg; key editor may be used to adjust your trust in a key's owner.
+The command is <link linkend="trust"><command>trust</command></link>.
+In this example Alice edits her trust in Blake and then updates
+the trust database to recompute which keys are valid based on her new
+trust in Blake.
+
+<screen width="80">
+<prompt>alice%</prompt> <userinput>gpg --edit-key blake</userinput>
+
+pub  1024D/8B927C8A  created: 1999-07-02 expires: never      trust: q/f
+sub  1024g/C19EA233  created: 1999-07-02 expires: never     
+(1)  Blake (Executioner) &lt;blake@cyb.org>
+
+<prompt>Command></prompt> <userinput>trust</userinput>
+pub  1024D/8B927C8A  created: 1999-07-02 expires: never      trust: q/f
+sub  1024g/C19EA233  created: 1999-07-02 expires: never     
+(1)  Blake (Executioner) &lt;blake@cyb.org>
+
+Please decide how far you trust this user to correctly
+verify other users' keys (by looking at passports,
+checking fingerprints from different sources...)?
+
+ 1 = Don't know
+ 2 = I do NOT trust
+ 3 = I trust marginally
+ 4 = I trust fully
+ s = please show me more information
+ m = back to the main menu
+
+<prompt>Your decision?</prompt> <userinput>3</userinput>
+                
+pub  1024D/8B927C8A  created: 1999-07-02 expires: never      trust: m/f
+sub  1024g/C19EA233  created: 1999-07-02 expires: never     
+(1)  Blake (Executioner) &lt;blake@cyb.org>
+
+<prompt>Command></prompt> <userinput>quit</userinput>
+[...]
+</screen>
+
+Trust in the key's owner and the key's validity are indicated to the
+right when the key is displayed.
+Trust in the owner is displayed first and the key's validity is 
+<!-- HERE, need to fix quotation marks -->
+second<footnote>
+<para>
+&Gnupg; overloads the word "trust" by using it to mean
+trust in an owner and trust in a key.
+This can be confusing.
+Sometimes trust in an owner is referred to as
+<firstterm>owner-trust</firstterm> to
+distinguish it from trust in a key.
+<!-- HERE, need to fix quotation marks -->
+Throughout this manual, however, "trust" is used to 
+mean trust in a key's
+<!-- HERE, need to fix quotation marks -->
+owner, and "validity" is used to mean trust that a key 
+belongs to the human associated with the key ID.
+</para>
+</footnote>.
+The four trust/validity levels are abbreviated: unknown (<literal>q</literal>),
+none (<literal>n</literal>), marginal (<literal>m</literal>), and 
+full (<literal>f</literal>).
+In this case, Blake's key is fully valid since Alice signed it herself.
+She initially has an unknown trust in Blake to properly sign other keys
+but decides to trust him marginally.
+</para>
+</sect2>
+
+<sect2>
+<title>
+Using trust to validate keys
+</title>
+
+<para>
+The web of trust allows a more elaborate algorithm to be used to
+validate a key.
+Formerly, a key was considered valid only if you signed it personally.
+<!-- HERE, math -->
+A more flexible algorithm can now be used: a key <emphasis>K</emphasis> is considered valid
+if it meets two conditions:
+<orderedlist spacing="compact">
+<listitem>
+<para>
+it is signed by enough valid keys, meaning
+<itemizedlist spacing="compact">
+<listitem>
+<para>
+you have signed it personally, 
+</para>
+</listitem>
+<listitem>
+<para>
+it has been signed by one fully trusted key, or
+</para>
+</listitem>
+<listitem>
+<para>
+it has been signed by three marginally trusted keys; and
+</para>
+</listitem>
+</itemizedlist>
+</para>
+</listitem>
+<listitem>
+<para>
+<!-- HERE, math -->
+the path of signed keys leading from <emphasis>K</emphasis> back 
+to your own key is five steps or shorter.
+</para>
+</listitem>
+</orderedlist>
+
+The path length, number of marginally trusted keys required, and number
+of fully trusted keys required may be adjusted.
+The numbers given above are the default values used by &gnupg;.
+</para>
+
+<para>
+<xref linkend="wot-examples"> shows a web of trust rooted at Alice.
+The graph illustrates who has signed who's keys.
+The table shows which keys Alice considers valid based on her
+trust in the other members of the web.
+<comment>Potential bug: <option>--completes-needed</option> on command 
+line seems to be ignored when combined with <option>--update-trustdb</option>.
+Value is taken correctly if put in options file, however.</comment>
+This example assumes that two marginally-trusted keys or one
+fully-trusted key is needed to validate another key.
+The maximum path length is three.
+</para>
+
+<para>
+When computing valid keys in the example, Blake and Dharma's are
+always considered fully valid since they were signed directly
+by Alice.
+The validity of the other keys depends on trust.
+In the first case, Dharma is trusted fully, which implies 
+that Chloe's and Francis's keys will be considered valid.
+In the second example, Blake and Dharma are trusted marginally.
+Since two marginally trusted keys are needed to fully validate a
+key, Chloe's key will be considered fully valid, but Francis's 
+key will be considered only marginally valid.
+In the case where Chloe and Dharma are marginally trusted,
+Chloe's key will be marginally valid since Dharma's key is
+fully valid.
+Francis's key, however, will also be considered marginally
+valid since only a fully valid key can be used to validate
+other keys, and Dharma's key is the only fully valid key
+that has been used to sign Francis's key.
+When marginal trust in Blake is added, Chloe's key becomes
+fully valid and can then be used to fully validate Francis's
+key and marginally validate Elena's key.
+Lastly, when Blake, Chloe, and Elena are fully trusted, this is
+still insufficient to validate Geoff's key since the maximum
+certification path is three, but the path length from Geoff
+back to Alice is four.
+</para>
+
+<para>
+The web of trust model is a flexible approach to the problem of safe
+public key exchange.
+It permits you to tune &gnupg; to reflect how you use it.
+At one extreme you may insist on multiple, short paths from your
+<!-- HERE, math -->
+key to another key <emphasis>K</emphasis> in order to trust it.
+On the other hand, you may be satisfied with longer paths and
+<!-- HERE, math -->
+perhaps as little as one path from your key to the other 
+key <emphasis>K</emphasis>.
+<!-- HERE, math -->
+Requiring multiple, short paths is a strong guarantee 
+that <emphasis>K</emphasis> belongs to whom your think it does.
+The price, of course, is that it is more difficult to validate keys
+since you must personally sign more keys than if you accepted fewer
+and longer paths.
+</para>
+
+<figure id="wot-examples" float=1>
+<title>
+A hypothetical web of trust
+</title>
+<!--
+The graph indicates who has signed who's keys.
+The table, in which names have been abbreviated, shows which keys are 
+valid depending on how Alice trusts other members in the web.
+Alice considers different keys valid depending on how she trusts
+the members of the web.
+-->
+
+<graphic fileref="signatures.jpg"></graphic>
+
+<informaltable frame="all">
+<tgroup cols="4" rowsep="1" colsep="1">
+<colspec colname="one" colnum="1">
+<colspec colname="two" colnum="2">
+<colspec colname="three" colnum="3">
+<colspec colname="four" colnum="4">
+<spanspec spanname="lefthalf" namest="one" nameend="two" align="center">
+<spanspec spanname="righthalf" namest="three" nameend="four" align="center">
+
+<thead>
+<colspec
+<row>
+<entry spanname="lefthalf">trust</entry>
+<entry spanname="righthalf">validity</entry>
+</row>
+<row>
+<entry align="center">marginal</entry>
+<entry align="center">full</entry>
+<entry align="center">marginal</entry>
+<entry align="center">full</entry>
+</row>
+</thead>
+<tbody>
+<row>
+<entry></entry>
+<entry>Dharma</entry>
+<entry></entry>
+<entry>Blake, Chloe, Dharma, Francis</entry>
+</row>
+
+<row>
+<entry>Blake, Dharma</entry>
+<entry></entry>
+<entry>Francis</entry>
+<entry>Blake, Chloe, Dharma</entry>
+</row>
+
+<row>
+<entry>Chloe, Dharma</entry>
+<entry></entry>
+<entry>Chloe, Francis</entry>
+<entry>Blake, Dharma</entry>
+</row>
+
+<row>
+<entry>Blake, Chloe, Dharma</entry>
+<entry></entry>
+<entry>Elena</entry>
+<entry>Blake, Chloe, Dharma, Francis</entry>
+</row>
+
+<row>
+<entry></entry>
+<entry>Blake, Chloe, Elena</entry>
+<entry></entry>
+<entry>Blake, Chloe, Elena, Francis</entry>
+</row>
+</tbody>
+</tgroup>
+</informaltable>
+</figure>
+</sect2>
+</sect1>
+
+<sect1>
+<title>
+Distributing keys
+</title>
+
+<para>
+Ideally, you distribute your key by personally giving it to your
+correspondents.
+In practice, however, keys are often distributed by email or some
+other electronic communication medium.
+Distribution by email is good practice when you have only a few
+correspondents, and even if you have many correspondents, you can use
+an alternative means such as posting your public key on your World Wide
+Web homepage.
+This is unacceptable, however, if people who need your public key do
+not know where to find it on the Web.
+</para>
+
+<para>
+To solve this problem public key servers are used to collect
+and distribute public keys.
+A public key received by the server is either added to the server's
+database or merged with the existing key if already present.
+When a key request comes to the server, the server consults its
+database and returns the requested public key if found.
+</para>
+
+<para>
+A keyserver is also valuable when many people are frequently signing other
+people's keys.
+Without a keyserver, when Blake sign's Alice's key then Blake would send
+Alice a copy of her public key signed by him so that Alice could
+add the updated key to her ring as well as distribute it to all of her
+correspondents.
+Going through this effort fulfills Alice's and Blake's responsibility 
+to the community at large in building tight webs of trust and thus
+improving the security of PGP.
+It is nevertheless a nuisance if key signing is frequent.
+</para>
+
+<para>
+Using a keyserver makes the process somewhat easier.
+When Blake signs Alice's key he sends the signed key to the key server.
+The key server adds Blake's signature to its copy of Alice's key.
+Individuals interested in updating their copy of Alice's key then consult
+the keyserver on their own initiative to retrieve the updated key.
+Alice need never be involved with distribution and can retrieve signatures
+on her key simply by querying a keyserver.
+<comment><option>--keyserver</option> must come before
+<option>--send-key</option> or <option>--recv-key</option>.  
+This appears to be a bug.</comment>
+</para>
+
+<para>
+One or more keys may be sent to a keyserver using the command-line
+option <link linkend="send-keys"><option>--send-keys</option></link>.
+The option takes one or more key specifiers and sends the specified
+keys to the key server.
+The key server to which to send the keys is specified with the
+command-line option <link linkend="keyserver"><option>--keyserver</option></link>.
+Similarly, the option 
+<link linkend="recv-keys"><option>--recv-keys</option></link> is used 
+to retrieve keys from a keyserver, but the option <option>--recv-keys</option>
+requires a key ID be used to specify the key.
+In the following example Alice sends her public key to the keyserver
+<parameter>certserver.pgp.com</parameter> and then updates her copy 
+of Blake's key from the same keyserver.
+
+<screen width="80">
+<prompt>alice%</prompt> <userinput>gpg --keyserver certserver.pgp.com --recv-key 0xBB7576AC</userinput>
+gpg: requesting key BB7576AC from certserver.pgp.com ...
+gpg: key BB7576AC: 1 new signature
+
+gpg: Total number processed: 1
+gpg:         new signatures: 1
+<prompt>alice%</prompt> <userinput>gpg --keyserver certserver.pgp.com --send-key blake@cyb.org</userinput>
+gpg: success sending to 'certserver.pgp.com' (status=200)
+</screen>
+
+There are several popular keyservers in use around the world.
+The major keyservers synchronize themselves, so it is fine to
+pick a keyserver close to you on the Internet and then use it
+regularly for sending and receiving keys.
+</para>
+</sect1>
+
+</chapter>
+

doc/gph/c4.sgml

@@ -0,0 +1,433 @@
+<chapter id="wise" xreflabel="4">
+<docinfo>
+<date>
+$Id$
+</date>
+</docinfo>
+<title>
+Daily use of &Gnupg;
+</title>
+
+<para>
+&Gnupg; is a complex tool with technical, social, and legal issues
+surrounding it.
+Technically, it has been designed to be used in situations having
+drastically different security needs.
+This complicates key management.
+Socially, using &gnupg; is not strictly a personal decision.
+To use &gnupg effectively both parties communicating must use it.
+Finally, as of 1999, laws regarding digital encryption, and in particular
+whether or not using &gnupg; is legal, vary from country to country and 
+is currently being debated by many national governments.
+</para>
+
+<para>
+This chapter addresses these issues.
+It gives practical advice on how to use &gnupg; to meet your security needs.
+It also suggests ways to promote the use of &gnupg; for secure
+communication between yourself and your colleagues when your colleagues
+are not currently using &gnupg;.
+Finally, the legal status of &gnupg; is outlined given the current status
+of encryption laws in the world.
+</para>
+
+<sect1>
+<title>
+Defining your security needs
+</title>
+
+<para>
+&Gnupg; is a tool you use to protect your privacy.
+Your privacy is protected if you can correspond with others without
+eavesdroppers reading those messages.
+</para>
+
+<para>
+How you should use &gnupg; depends on the determination and resourcefulness
+of those who might want to read your encrypted messages.
+An eavesdropper may be an unscrupulous system administrator casually
+scanning your mail, it might be an industrial spy trying to collect
+your company's secrets, or it might be a law enforcement agency trying
+to prosecute you.
+Using &gnupg; to protect against casual eavesdropping is going to be
+different than using &gnupg; to protect against a determined adversary.
+Your goal, ultimately, is to make it more expensive to recover the
+unencrypted data than that data is worth.
+</para>
+
+<para>
+Customizing your use of &gnupg; revolves around three issues:
+<itemizedlist spacing="compact">
+<listitem>
+<para>
+the key size of your public/private keypair,
+</para>
+</listitem>
+
+<listitem>
+<para>
+protecting your private key, and
+</para>
+</listitem>
+
+<listitem>
+<para>
+managing your web of trust.
+</para>
+</listitem>
+</itemizedlist>
+
+A well-chosen key size protects you against brute-force attacks on
+encrypted messages.
+Protecting your private key prevents an attacker from simply using your
+private key to decrypt encrypted messages and sign messages in your name.
+Correctly managing your web of trust prevents attackers from masquarading
+as people with whom you communicate.
+Ultimately, addressing these issues with respect to your own security
+needs is how you balance the extra work required to use &gnupg; with
+the privacy it gives you.
+</para>
+
+<sect2>
+<title>
+Choosing a key size
+</title>
+
+<para>
+Selecting a key size depends on the key.
+In OpenPGP, a public/private keypair usually has multiple keys.
+At the least it has a master signing key, and it probably has one or
+more additional subkeys for encryption.
+Using default key generation parameters with &gnupg;, the master
+key will be a DSA key, and the subkeys will be ElGamal keys.
+</para>
+
+<para>
+DSA allows a key size up to 1024 bits.
+This is not especially good given today's factoring technology, but
+that is what the standard specifies.
+Without question, you should use 1024 bit DSA keys.
+</para>
+
+<para>
+ElGamal keys, on the other hand, may be of any size.
+Since &gnupg; is a hybrid public-key system, the public key is used
+to encrypt a 128-bit session key, and the private key is used to
+decrypt it.
+Key size nevertheless affects encryption and decryption speed
+since the cost of these algorithms is exponential in the size of
+the key.
+Larger keys also take more time to generate and take more space
+to store.
+Ultimately, there are diminishing returns on the extra security
+a large key provides you.
+After all, if the key is large enough to resist a brute-force
+attack, an eavesdropper will merely switch to some other method for
+obtaining your plaintext data.
+Examples of other methods include robbing your home or office
+and mugging you.
+1024 bits is thus the recommended key size.
+If you genuinely need a larger key size then you probably already
+know this and should be consulting an expert in data security.
+</para>
+</sect2>
+
+<sect2>
+<title>
+Protecting your private key
+</title>
+
+<para>
+Protecting your private key is the most important job you have to
+use &gnupg; correctly.
+If someone obtains your private key, then all data encrypted to
+the private key can be decrypted and signatures can be made in your name.
+If you lose your private key, then you will no longer be able to 
+decrypt documents encrypted to you in the future or in the past,
+and you will not be able to make signatures.
+Losing sole possession of your private key is catastrophic.
+</para>
+
+<para>
+Regardless of how you use &gnupg; you should store the public
+key's <link linkend="revocation">revocation certificate</link> 
+and a backup of your private key on write-protected media in a safe place.
+For example, you could burn them on a CD-ROM and store them in your
+safe deposit box at the bank in a sealed envelope.
+Alternatively, you could store them on a floppy and hide it in your
+house.
+Whatever you do, they should be put on media that is safe to store
+for as long as you expect to keep the key, and you should store
+them more carefully than the copy of your private key you use daily.
+</para>
+
+<para>
+To help safeguard your key, &Gnupg; does not store your raw
+private key on disk.
+Instead it encrypts it using a symmetric encryption algorithm.
+That is why you need a passphrase to access the key.
+Thus there are two barriers an attacker must cross to access your private
+key: (1) he must actually acquire the key, and (2) he must get past
+the encryption.
+</para>
+
+<para>
+Safely storing your private key is important, but there is a cost.
+Ideally, you would keep the private key on a removable, write-protected disk
+such as a floppy disk, and you would use it on a single-user machine 
+not connected to a network.
+This may be inconvenient or impossible for you to do.
+For example, you may not own your own machine and must use a computer 
+at work or school, or it may mean you have to physically disconnect
+your computer from your cable modem every time you want to use &gnupg;
+</para>
+
+<para>
+This does not mean you cannot or should not use &gnupg;.
+It means only that you have decided that the data you are protecting is
+important enough to encrypt but not so important as to take extra
+steps to make the first barrier stronger.
+It is your choice.
+</para>
+
+<para>
+A good passphrase is absolutely critical when using &gnupg;.
+Any attacker who gains access to your private key must bypass the 
+encryption on the private key.
+Instead of brute-force guessing the key, an attacker will almost
+certainly instead try to guess the passphrase.
+</para>
+
+<para>
+The motivation for trying passphrases is that most people choose
+a passphrase that is easier to guess than a random 128-bit key.
+If the passphrase is a word, it is much cheaper to try all the
+words in the dictionaries of the world's languages.
+Even if the word is permuted, &eg, k3wldood, it is still easier
+to try dictionary words with a catalog of permutations.
+The same problem applies to quotations.
+In general, passphrases based on natural-language utterances
+are poor passphrases since there is little randomness and lots
+of redundancy in natural language.
+You should avoid natural language passphrases if you can.
+</para>
+
+<para>
+A good passphrase is one that you can remember but is hard for
+someone to guess.
+It should include characters from the whole range of printable characters
+on your keyboard.
+This includes uppercase alphabetics characters, numbers, and special
+characters such as <literal>}</literal> and <literal>|</literal>.
+Be creative and spend a little time considering your passphrase; a
+good choice is important to ensure your privacy.
+</para>
+</sect2>
+
+<!--
+<sect2>
+<title>
+Reacting to a compromised private key
+</title>
+
+<para>
+Despite your precautions you may lose sole access to your private key.
+For example, you may forget the passphrase, or someone who you think 
+can bypass the encryption gets access to it.
+In that case then you need to spread the word that your key is no 
+longer valid.
+To do that you use the key revocation certificate you should have generated
+when you created the key.
+Importing it onto your public keyring will revoke the public key
+of the keypair you no longer wish to use.
+It is then up to you to distribute the revoked public key to all 
+those who may encrypt documents to you.
+</para>
+
+<para>
+A revoked public key only prevents future use of the private key.
+Others will neither be able to encrypt documents to the key nor will
+they be able to check signatures made with the private key.
+Documents signed in the past can still be checked, however, and
+documents encrypted in the past can still be decrypted.
+</para>
+
+<para>
+It is important that you protect the revocation certificate carefully.
+Anybody can add the certificate to your public key and distribute it,
+and there is no way to revoke a revocation certificate.
+Therefore, you should store the revocation certificate in a safe
+place such as with the backup of your private key.
+</para>
+</sect2>
+-->
+
+<sect2>
+<title>
+Managing your web of trust
+</title>
+
+<para>
+As with protecting your private key, managing your web of trust is
+another aspect of using &gnupg; that requires balancing security against
+ease of use.
+If you are using &gnupg; to protect against casual eavesdropping and
+forgeries then you can afford to be relatively trusting of other
+people's signatures.
+On the other hand, if you are concerned that there may be a determined
+attacker interested in invading your privacy, then
+you should be much less trusting of other signatures and spend more time 
+personally verifying signatures.
+</para>
+
+<para>
+Regardless of your own security needs, through, you should 
+<emphasis>always be careful</emphasis> when signing other keys.
+It is selfish to sign a key with just enough confidence in the key's
+validity to satisfy your own security needs.
+Others, with more stringent security needs, may want to depend on 
+your signature.
+If they cannot depend on you then that weakens the web of trust
+and makes it more difficult for all &gnupg; users to communicate.
+Use the same care in signing keys that you would like others to use when
+you depend on their signatures.
+</para>
+
+<para>
+In practice, managing your web of trust reduces to assigning trust to 
+others and tuning the options 
+<link linkend="marginals-needed"><option>--marginals-needed</option></link>
+and 
+<link linkend="completes-needed"><option>--completes-needed</option></link>.
+Any key you personally sign will be considered valid, but except for small
+groups, it will not be practical to personally sign the key of every person
+with whom you communicate.
+You will therefore have to assign trust to others.
+</para>
+
+<para>
+It is probably wise to be accurate when assigning trust and then
+use the options to tune how careful &gnupg; is with key validation.
+As a concrete example, you may fully trust a few close friends that
+you know are careful with key signing and then marginally
+trust all others on your keyring.
+From there, you may set <option>--completes-needed</option> to
+<literal>1</literal> and <option>--marginals-needed</option> to
+<literal>2</literal>.
+If you are more concerned with security you might choose values of
+<literal>1</literal> and <literal>3</literal> or <literal>2</literal>
+and <literal>3</literal> respectively.
+If you are less concerned with privacy attacks and just want some
+reasonable confidence about validity, set the values to <literal>1</literal>
+and <literal>1</literal>.
+In general, higher numbers for these options imply that more people
+would be needed to conspire against you in order to have a key validated
+that does not actually belong to the person whom you think it does.
+</para>
+</sect2>
+</sect1>
+
+<sect1>
+<title>
+Building your web of trust
+</title>
+
+<para>
+Wanting to use &gnupg; yourself is not enough.
+In order to use to communicate securely with others you must have
+a web of trust.
+At first glance, however, building a web of trust is a daunting task.
+The people with whom you communicate need to use 
+&gnupg;<footnote><para>In this section, &gnupg; refers to the 
+&gnupg; implementation of OpenPGP as well as other implementations 
+such as NAI's PGP product.</para></footnote>, and there needs to be enough 
+key signing so that keys can be considered valid.
+These are not technical problems; they are social problems.
+Nevertheless, you must overcome these problems if you want to 
+use &gnupg;.
+</para>
+
+<para>
+When getting started using &gnupg; it is important to realize that you
+need not securely communicate with every one of your correspondents.
+Start with a small circle of people, perhaps just yourself and
+one or two others who also want to exercise their right
+to privacy.
+Generate your keys and sign each other's public keys.
+This is your initial web of trust.
+By doing this you will appreciate the value of a small, robust
+web of trust and will be more cautious as you grow your web
+in the future.
+</para>
+
+<para>
+In addition to those in your initial web of trust, you may want to
+communicate securely with others who are also using &gnupg;.
+Doing so, however, can be awkward for two reasons:
+(1) you do not always know when someone uses or is willing to use
+&gnupg;, and (2) if you do know of someone who uses it, you may still have
+trouble validating their key.
+The first reason occurs because people do not always advertise that
+they use &gnupg;.
+The way to change this behavior is to set the example and advertise 
+that you use &gnupg;.
+There are at least three ways to do this: you can sign messages you mail
+to others or post to message boards, you can put your public key on your
+web page, or, if you put your key on a keyserver, you can put your key
+ID in your email signature.
+If you advertise your key then you make it that much more acceptable
+for others to advertise their keys.
+Furthermore, you make it easier for others to start communicating
+with you securely since you have taken the initiative and made it clear
+that you use &gnupg;.
+</para>
+
+<para>
+Key validation is more difficult.
+If you do not personally know the person whose key you want to sign,
+then it is not possible to sign the key yourself.
+You must rely on the signatures of others and hope to find a chain
+of signatures leading from the key in question back to your own.
+To have any chance of finding a chain, you must take the intitive
+and get your key signed by others outside of your intitial web of trust.
+An effective way to accomplish this is to participate in key
+signing parties.
+If you are going to a conference look ahead of time for a key
+signing party, and if you do not see one being held, offer to 
+<ulink url="http://www.herrons.com/kb2nsx/keysign.html">hold one</ulink>.
+You can also be more passive and carry your fingerprint with you
+for impromptu key exchanges.
+In such a situation the person to whom you gave the fingerprint
+would verify it and sign your public key once he returned home.
+</para>
+
+<para>
+Keep in mind, though, that this is optional.
+You have no obligation to either publically advertise your key or
+sign other people's keys.
+The power of &gnupg; is that it is flexible enough to adapt to your
+security needs whatever they may be.
+The social reality, however, is that you will need to take the initiative
+if you want to grow your web of trust and use &gnupg; for as much of 
+your communication as possible.
+</para>
+</sect1>
+
+<sect1>
+<title>
+Using &Gnupg; legally
+</title>
+
+<para>
+The legal status of encryption software varies from country to country,
+and law regarding encryption software is rapidly evolving.
+<ulink url="http://cwis.kub.nl/~frw/people/koops/bertjaap.htm">Bert-Japp 
+Koops</ulink> has an excellent 
+<ulink url="http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm">Crypto
+Law Survey</ulink> to which you should refer for the legal status of
+encryption software in your country.
+</para>
+
+</sect1>
+</chapter>
+

doc/gph/c5.sgml

@@ -0,0 +1,38 @@
+<chapter id="Modules" xreflabel="5">
+<docinfo>
+<date>
+$Id$
+</date>
+</docinfo>
+<title>
+Programming with &Gnupg;
+</title>
+
+<para>...</para>
+
+<sect1>
+<title>
+Using &gpg in batch mode
+</title>
+
+<para>...</para>
+
+<sect2>
+<title>
+Invoking &gpg from mail clients
+</title>
+
+<para>...</para>
+</sect2>
+</sect1>
+
+<sect1>
+<title>
+Writing extension modules
+</title>
+
+<para>...</para>
+</sect1>
+
+</chapter>
+

doc/gph/c6.sgml

@@ -0,0 +1,804 @@
+<reference>
+<docinfo>
+<date>
+$Id$
+</date>
+</docinfo>
+<title>
+Command Reference
+</title>
+
+<partintro>
+<sect1>
+<title>
+Key specifiers
+</title>
+
+<para>
+Many commands and options require a <firstterm>key specifier</firstterm>.
+A key specifier is the key ID or any portion of ther user ID of
+a key.
+Consider the following example.
+
+<screen width="80">
+<prompt>alice%</prompt> <userinput>gpg --list-keys chloe</userinput>
+pub  1024D/B87DBA93 1999-06-28 Chloe (Jester) &lt;chloe@cyb.org>
+uid                            Chloe (Plebian) &lt;chloe@tel.net>
+sub  2048g/B7934539 1999-06-28
+</screen>
+
+For this key, <literal>0xB87DBA93</literal>,
+<literal>Chloe</literal>,
+<literal>Plebian</literal>, and
+<literal>oe@tel</literal>
+are all examples of key specifiers that match the above key.
+</para>
+</sect1>
+</partintro>
+
+<refentry id="send-keys">
+<refnamediv>
+<refname>
+send-keys
+</refname>
+<refpurpose>
+send keys to a key server
+</refpurpose>
+
+
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+send-keys <replaceable class="parameter">key</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This command sends a public key to a keyserver.  
+The parameter <replaceable class="parameter">key</replaceable> specifies 
+the public key that should be uploaded.
+The command requires the option
+<link linkend="keyserver"><option>keyserver</option></link> to specify
+to which keyserver &gpg; should send the keys.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="recv-keys">
+<refnamediv>
+<refname>
+recv-keys
+</refname>
+<refpurpose>
+retrieve keys from a key server
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>recv-keys</option> <replaceable class="parameter">key-id key-id ...</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This command downloads one or more public keys from a keyserver.  
+Each <replaceable class="parameter">key-id</replaceable> is a key ID.
+The command requires the option
+<link linkend="keyserver"><option>keyserver</option></link> to 
+specify from which keyserver &gpg; should download the keys.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="encrypt">
+<refnamediv>
+<refname>
+encrypt
+</refname>
+<refpurpose>
+encrypt a document
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>encrypt</option> <replaceable class="parameter">filename</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This command encrypts the document 
+<replaceable class="parameter">filename</replaceable> to
+recipients specified using the 
+option <link linkend="recipient"><option>recipient</option></link>.
+If the parameter <replaceable class="parameter">filename</replaceable>
+is omitted, then the document to encrypt is taken from standard input.
+If the option <option>recipient</option> is omitted,
+&gpg; will prompt for a recipient.
+If the option <link linkend="output"><option>output</option></link> is used,
+&gpg; will output the encrypted information to the specified file.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="decrypt">
+<refnamediv>
+<refname>
+decrypt
+</refname>
+<refpurpose>
+decrypt an encrypted document
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>decrypt</option> <replaceable class="parameter">filename</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This command decrypts <replaceable class="parameter">filename</replaceable>
+and puts the result on standard output.
+If the parameter <replaceable class="parameter">filename</replaceable>
+is omitted, then the document to decrypt is taken from standard input.
+Use the option <link linkend="output"><option>output</option></link>
+to output the decrypted message to a file instead.
+</para>
+</refsect1>
+</refentry>
+
+
+<refentry id="clearsign">
+<refnamediv>
+<refname>
+clearsign
+</refname>
+<refpurpose>
+make a cleartext signature
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>clearsign</option> <replaceable class="parameter">filename</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This command signs a message that can be verified to ensure that the 
+original message has not been changed.
+Verification of the signed message is done using the command
+<link linkend="verify"><option>verify</option></link>.
+
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="fingerprint">
+<refnamediv>
+<refname>
+fingerprint
+</refname>
+<refpurpose>
+display key fingerprints
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>fingerprint</option> <replaceable class="parameter">name ...</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This command prints the fingerprints of the specified public keys.
+The parameter <replaceable class="parameter">name</replaceable> is a
+key specifier.
+If no parameter <replaceable class="parameter">name</replaceable> is
+provided, &gpg; will print the fingerprints of all the keys on 
+your public keyring.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="detach-sig">
+<refnamediv>
+<refname>
+detach-sig
+</refname>
+<refpurpose>
+make a detached signature
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>detach-sig</option> <replaceable class="parameter">filename</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This command creates a signature file that can be used 
+to verify that the orginal file 
+<replaceable class="parameter">filename</replaceable> has not
+been changed.  
+Verification of the file using a detached signature is done using the 
+command <link linkend="verify"><option>verify</option></link>.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="gen-key">
+<refnamediv>
+<refname>
+gen-key
+</refname>
+<refpurpose>
+generate a new keypair
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>gen-key</option>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This command generates a private/public key pair for use in encrypting, 
+decrypting, and signing of messages.
+You will br prompted for the kind of key you wish to create, the key 
+size, and the key's expiration date.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="symmetric">
+<refnamediv>
+<refname>
+symmetric
+</refname>
+<refpurpose>
+encrypt a document using only a symmetric encryption algorithm
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>symmetric</option> <replaceable class="parameter">filename</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This command encrypts a document using a symmetric algorithm with
+a key derived from a passphrase supplied by you during execution.
+The key should be selected to make it difficult to randomly guess the key.
+To decrypt a document encrypted in this manner use the command.
+<link linkend="decrypt"><option>decrypt</option></link>.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="list-keys">
+<refnamediv>
+<refname>
+list-keys
+</refname>
+<refpurpose>
+list information about the specified keys
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>list-keys</option> <replaceable class="parameter">key ...</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This command lists the public key specified by the key specifiers on the
+command line.
+If no key specifier is given, &gpg; will print all of the keys on the 
+public keyring.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="import">
+<refnamediv>
+<refname>
+import
+</refname>
+<refpurpose>
+import keys to a local keyring
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>import</option> <replaceable class="parameter">filename</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This command imports one or more public keys onto the user's public 
+keyring from the file <replaceable class="parameter">filename</replaceable>.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="verify">
+<refnamediv>
+<refname>
+verify
+</refname>
+<refpurpose>
+verify a signed document
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>verify</option> <replaceable class="parameter">signature document</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This command verifies a document against a signature
+to ensure that the document has not been altered since the signature
+was created.
+If <replaceable class="parameter">signature</replaceable> is omitted,
+&gpg; will look in <replaceable class="parameter">document</replaceable>
+for a clearsign signature.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="gen-revoke">
+<refnamediv>
+<refname>
+gen-revoke
+</refname>
+<refpurpose>
+generate a revocation certificate for a public/private keypair
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>gen-revoke</option> <replaceable class="parameter">key</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This command generates a revocation certificate for a public/private 
+key pair.  
+The parameter <replaceable class="parameter">key</replaceable> is 
+a key specifier.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="export">
+<refnamediv>
+<refname>
+export
+</refname>
+<refpurpose>
+export keys from a local keyring
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>export</option> <replaceable class="parameter">key key ...</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This command exports the public keys components of the keys specified
+by the key specifiers <replaceable class="parameter">key key ...</replaceable>.
+The export command by default sends its output to standard output.  
+This key file can later be imported into another keyring using the command
+<link linkend="import"><option>import</option></link>.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="edit-key">
+<refnamediv>
+<refname>
+edit-key
+</refname>
+<refpurpose>
+presents a menu for operating on keys
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>edit-key</option> <replaceable class="parameter">key</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This command presents a menu which enables you to perform
+key-related taskes.
+The key specifier <replaceable class="parameter">key</replaceable>
+specifies the key pair to be edited.
+If the specifier matches more than one key pair, &gpg; issues
+an error and exits.
+</para>
+
+<para>
+Key listings displayed during key editing show the key with its
+secondary keys and all user ids.
+Selected keys or user ids are indicated by an asterisk.
+The trust and validity values are displayed with the primary key: 
+the first is the assigned trust and the second is the
+calculated validity.
+Letters are used for the values:
+
+<informaltable>
+<tgroup cols="2" rowsep="1" colsep="1">
+<thead>
+<row>
+<entry>Letter</entry>
+<entry>Meaning</entry>
+</row>
+</thead>
+<tbody>
+<row>
+<entry>
+-
+</entry>
+<entry>
+No ownertrust assigned / not yet calculated.
+</entry>
+</row>
+<row>
+<entry>
+e
+</entry>
+<entry>
+Trust calculation has failed.
+</entry>
+</row>
+
+<row>
+<entry>
+q
+</entry>
+<entry>
+Not enough information for calculation.
+</entry>
+</row>
+
+<row>
+<entry>
+n
+</entry>
+<entry>
+Never trust this key.
+</entry>
+</row>
+
+<row>
+<entry>
+m
+</entry>
+<entry>
+Marginally trusted.
+</entry>
+</row>
+
+<row>
+<entry>
+f
+</entry>
+<entry>
+Fully trusted.
+</entry>
+</row>
+
+<row>
+<entry>
+u
+</entry>
+<entry>
+Ultimately trusted.
+</entry>
+</row>
+</tbody>
+</tgroup>
+</informaltable>
+</para>
+
+<para>
+The following lists each key editing command and a description
+of its behavior.
+</para>
+
+<refsect2 id="sign">
+<title>
+sign
+</title>
+
+<para>
+Makes a signature on the current key.
+If th  key is not yet signed by the default user or the user 
+given with the option
+<link linkend="local-user"><option>local-user</option></link>, 
+the program displays the information of the key again, together with
+its  fingerprint and asks whether it should be signed.
+This question is repeated for all users specified with the option
+<option>local-user</option>.
+</para>
+</refsect2>
+
+<refsect2 id="lsign">
+<title>
+lsign
+</title>
+
+<para>
+Same as <link linkend="sign">sign</link>, but the signature is
+marked as non-exportable and will therefore never be used by others.
+This may be used to make keys valid only in the local environment.
+</para>
+</refsect2>
+
+<refsect2 id="revsig">
+<title>
+revsig
+</title>
+
+<para>
+Revoke a signature.
+Asks for each signature makde by a one of the private keys whether
+a revocation certificate should be generated.
+</para>
+</refsect2>
+
+<refsect2 id="trust">
+<title>
+trust
+</title>
+
+<para>
+Change the owner trust value.
+This updates the trust database immediately and no save is required.
+</para>
+</refsect2>
+
+<refsect2 id="disable">
+<title>
+disable
+</title>
+
+<para>
+Disable the key.
+A disabled key cannot normally be used for encryption.
+</para>
+</refsect2>
+
+<refsect2 id="enable">
+<title>
+enable
+</title>
+
+<para>
+Enable a key that has been previously
+<link linkend="disable">disabled</link>.
+</para>
+</refsect2>
+
+<refsect2 id="adduid">
+<title>
+adduid
+</title>
+
+<para>
+Add a new user id to the current key.
+</para>
+</refsect2>
+
+<refsect2 id="deluid">
+<title>
+deluid
+</title>
+
+<para>
+Delete a user id from the current key.
+</para>
+</refsect2>
+
+<refsect2 id="addkey">
+<title>
+addkey
+</title>
+
+<para>
+Add a new subkey to the current key.
+</para>
+</refsect2>
+
+<refsect2 id="delkey">
+<title>
+delkey
+</title>
+
+<para>
+Delete a subkey from the current key.
+</para>
+</refsect2>
+
+<refsect2 id="revkey">
+<title>
+revkey
+</title>
+
+<para>
+Revoke a subkey of the current key.
+</para>
+</refsect2>
+
+<refsect2 id="expire">
+<title>
+expire
+</title>
+
+<para>
+Change a key expiration time.
+If a subkey is selected, the time of that key will be changed.
+With no selection the expiration time of the current primary key is changed.
+</para>
+</refsect2>
+
+<refsect2 id="key">
+<title>
+key n
+</title>
+
+<para>
+Toggle selection of subkey with index n.
+Use 0 to deselect all.
+</para>
+</refsect2>
+
+<refsect2 id="uid">
+<title>
+uid n
+</title>
+
+<para>
+Toggle selection of user id with index n.
+Use 0 to deselect all.
+</para>
+</refsect2>
+
+<refsect2 id="passwd">
+<title>
+toggle
+</title>
+
+<para>
+Change the passphrase of the private key of the selected key pair.
+</para>
+</refsect2>
+
+<refsect2 id="toggle">
+<title>
+toggle
+</title>
+
+<para>
+Toggle between public and private key listings.
+</para>
+</refsect2>
+
+<refsect2 id="check">
+<title>
+check
+</title>
+
+<para>
+Check all selected user ids.
+</para>
+</refsect2>
+
+<refsect2 id="pref">
+<title>
+pref
+</title>
+
+<para>
+List preferences.
+</para>
+</refsect2>
+
+<refsect2 id="save">
+<title>
+save
+</title>
+
+<para>
+Save all changes to the current key and quit.
+</para>
+</refsect2>
+
+<refsect2 id="quit">
+<title>
+save
+</title>
+
+<para>
+Quit without updating the current key.
+</para>
+</refsect2>
+
+</refsect1>
+</refentry>
+</reference>

doc/gph/c7.sgml

@@ -0,0 +1,251 @@
+<reference>
+<docinfo>
+<date>
+$Id$
+</date>
+</docinfo>
+<title>
+Options Reference
+</title>
+
+<partintro>
+<sect1 id="optionsfile">
+<title>
+Setting options
+</title>
+
+<para>
+Options may be specified on the command line or in an options file.
+The default location of the options file is
+<literal>~/.gnupg/options</literal>.
+When specifying options in the options file, omit the leading two
+dashes and instead use simply the option name followed by any
+arguments.
+Lines in the file with a hash (<literal>#</literal>) as the 
+first non-white-space character are ignored.
+</para>
+</sect1>
+</partintro>
+
+<refentry id="keyserver">
+<refnamediv>
+<refname>
+keyserver
+</refname>
+<refpurpose>
+specify the keyserver to use to locate keys
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>keyserver</option> <replaceable class="parameter">server-name</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This option is used in conjunction with either 
+<link linkend="recv-keys"><option>recv-keys</option></link> or 
+<link linkend="send-keys"><option>send-keys</option></link> to specify a
+keyserver to manage public key distribution.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="output">
+<refnamediv>
+<refname>
+output
+</refname>
+<refpurpose>
+specify the file in which to place output
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>output</option> <replaceable class="parameter">file-name</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This is a description.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="recipient">
+<refnamediv>
+<refname>
+recipient
+</refname>
+<refpurpose>
+specify the recipient of a public-key encrypted document
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This is a description.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="armor">
+<refnamediv>
+<refname>
+armor
+</refname>
+<refpurpose>
+ASCII-armor encrypted or signed output
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This is a description.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="no-greeting">
+<refnamediv>
+<refname>
+no-greeting
+</refname>
+<refpurpose>
+suppress the opening copyright notice but do not enter batch mode
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+This is a description.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="local-user">
+<refnamediv>
+<refname>
+local-user
+</refname>
+<refpurpose>
+specifies a user id to use for signing
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>localuser</option> <replaceable class="parameter">name</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+Use <replaceable class="parameter">name</replaceable> as the user ID to sign.
+This option is silently ignored for the list commands, so that it can be 
+used in an options file.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="completes-needed">
+<refnamediv>
+<refname>
+completes-needed
+</refname>
+<refpurpose>
+specifies the number of fully-trusted people needed to validate a new key.
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>completes-needed</option> <replaceable class="parameter">n</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+A public key on your keyring is validated using those signatures on
+the key that were made by other valid keys on your keyring.
+The option specifies the number of signatures needed if you fully
+trust the owners of the keys that made the signatures.
+Your trust in a key's owner is set with the command 
+<link linkend="edit-key"><option>edit-key</option></link>.
+</para>
+</refsect1>
+</refentry>
+
+<refentry id="marginals-needed">
+<refnamediv>
+<refname>
+marginals-needed
+</refname>
+<refpurpose>
+specifies the number of marginally-trusted people needed to validate
+a new key.
+</refpurpose>
+</refnamediv>
+<refsynopsisdiv>
+<synopsis>
+<option>marginals-needed</option> <replaceable class="parameter">n</replaceable>
+</synopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>
+Description
+</title>
+
+<para>
+A public key on your keyring is validated using those signatures on
+the key that were made by other valid keys on your keyring.
+The option specifies the number of signatures needed if you marginally
+trust the owners of the keys that made the signatures.
+Your trust in a key's owner is set with the command 
+<link linkend="edit-key"><option>edit-key</option></link>.
+</para>
+</refsect1>
+</refentry>
+</reference>
+

doc/gph/manual.sgml

@@ -0,0 +1,71 @@
+<!--
+  ToDo
+  - acknowledge Joergen Grahn for his xfig version of Figure 3.1
+  - 'inlineequation' marks places where formatting is ok now but not
+    semantically correct.
+  - need some story for formatting math
+       From Tom Goulet (tomg@iaw.on.ca):
+       > and the <SUP> tag doesn't seem to do much under Lynx, consider just
+       > using a ^ to show powers.
+ -->
+
+<!DOCTYPE BOOK PUBLIC "-//Davenport//DTD DocBook V3.0//EN" [
+<!--ArborText, Inc., 1988-1995, v.4001-->
+<!NOTATION drw SYSTEM "DRW">
+<!ENTITY gpg "<application>gpg</application>">
+<!ENTITY gnupg "GnuPG">
+<!ENTITY Gnupg "GnuPG">
+<!ENTITY eg "e.g.">
+<!ENTITY ie "i.e.">
+<!ENTITY chapter1 SYSTEM "c1.sgml">
+<!ENTITY chapter2 SYSTEM "c2.sgml">
+<!ENTITY chapter3 SYSTEM "c3.sgml">
+<!ENTITY chapter4 SYSTEM "c4.sgml">
+<!ENTITY chapter5 SYSTEM "c5.sgml">
+<!ENTITY chapter6 SYSTEM "c6.sgml">
+<!ENTITY chapter7 SYSTEM "c7.sgml">
+]>
+<book>
+<bookinfo>
+<title>The GNU Privacy Handbook</title>
+<date>
+August 25, 1999
+</date>
+<copyright>
+<year>1999</year>
+<holder>Free Software Foundation</holder>
+</copyright>
+<abstract>
+<para>
+Please direct questions, bug reports, or suggesstions concerning
+this manual to the maintainer, Mike Ashley (<email>jashley@acm.org</email>).
+Contributors to this manual also include Matthew Copeland and
+Joergen Grahn.
+</para>
+
+<para>
+This manual may be redistributed under the terms of the
+<ulink url="http://www.gnu.org/copyleft/gpl.html">GNU General Public
+License</ulink>.
+</para>
+<para> <!-- I have added this note (wk 06.09.99) -->
+PLEASE NOTE, THAT THIS IS A DRAFT VERSION OF THE MANUAL AND NOT A COMPLETE
+AND CORRECT MANUAL.  CONSIDER IT AS WORK IN PROGRESS.  The latest draft of
+the manual should be available online;
+<ulink url="http://www.gnupg.org/docs.html">www.gnupg.org</ulink> has a link
+to it.
+</para>
+</abstract>
+</bookinfo>
+
+<toc></toc>
+
+&chapter1
+&chapter2
+&chapter3
+&chapter4
+&chapter5
+&chapter6
+&chapter7
+</book>
+

doc/gph/signatures.fig

@@ -0,0 +1,44 @@
+#FIG 3.2
+Landscape
+Center
+Inches
+Letter  
+100.00
+Single
+-2
+1200 2
+6 600 300 9450 2625
+6 1500 300 9450 2625
+2 1 0 3 0 7 100 0 -1 0.000 0 0 -1 1 0 2
+	1 1 3.00 90.00 180.00
+	 1575 1050 2475 1950
+2 1 0 3 0 7 100 0 -1 0.000 0 0 -1 1 0 2
+	1 1 3.00 90.00 180.00
+	 3675 1950 4575 1050
+2 1 0 3 0 7 100 0 -1 0.000 0 0 -1 1 0 2
+	1 1 3.00 90.00 180.00
+	 5775 1050 6675 1050
+2 1 0 3 0 7 100 0 -1 0.000 0 0 -1 1 0 2
+	1 1 3.00 90.00 180.00
+	 7875 1050 8475 1050
+2 1 0 3 0 7 100 0 -1 0.000 0 0 -1 1 0 2
+	1 1 3.00 90.00 180.00
+	 3600 525 4500 1050
+2 1 0 3 0 7 100 0 -1 0.000 0 0 -1 1 0 2
+	1 1 3.00 90.00 180.00
+	 3675 1950 5100 2550
+2 1 0 3 0 7 100 0 -1 0.000 0 0 -1 1 0 2
+	1 1 3.00 90.00 180.00
+	 5175 1200 5625 2325
+4 0 0 100 0 14 18 0.0000 4 180 825 6825 1125 Elena\001
+4 0 0 100 0 14 18 0.0000 4 180 825 8625 1125 Geoff\001
+4 0 0 100 0 14 18 0.0000 4 180 825 4725 1125 Chloe\001
+4 0 0 100 0 14 18 0.0000 4 180 825 2625 525 Blake\001
+4 0 0 100 0 14 18 0.0000 4 180 990 2550 2025 Dharma\001
+4 0 0 100 0 14 18 0.0000 4 180 1155 5175 2625 Francis\001
+-6
+2 1 0 3 0 7 100 0 -1 0.000 0 0 -1 1 0 2
+	1 1 3.00 90.00 180.00
+	 1575 1050 2475 450
+4 0 0 100 0 14 18 0.0000 4 180 825 600 1125 Alice\001
+-6

doc/manual.sgml

@@ -1,101 +0,0 @@
-<!doctype book PUBLIC "-//Davenport//DTD DocBook V3.0//EN" [
-<!entity gnupg	    "GnuPG">
-<!entity wwwgnu     "http://www.gnu.org">
-<!entity wwwgnupg   "http://www.gnupg.org">
-]>
-<book>
-  <bookinfo>
-    <title>The GNU Privacy Guard Manual</title>
-    <titleabbrev>GnuPG-Man</titleabbrev>
-    <edition>v0.0.0</edition>
-    <authorgroup>
-      <!-- Replace with your name and delete mine -->
-      <author>
-	<firstname>Joe</firstname>
-	<othername>D.</othername>
-	<surname>Foo</surname>
-	<authorblurb>
-	    <para><email>joe@somewhere</email></para>
-	</authorblurb>
-      </author>
-      <author>
-	  <firstname>Werner</firstname>
-	  <surname>Koch</surname>
-	  <authorblurb>
-	      <para><email>wk@gnupg.org</email></para>
-	  </authorblurb>
-      </author>
-    </authorgroup>
-    <!-- note, it is possible to give more than 1 year -->
-    <copyright><year>1999</year>
-	       <holder>Free Software Foundation, Inc.</holder>
-    </copyright>
-    <!-- We have to check, whether this is the right wording -->
-    <legalnotice>
-      <para>This manual is free software; you can redistribute
-	it and/or modify it under the terms of the GNU General Public
-	License as published by the Free Software Foundation; either
-	version 2 of the License, or (at your option) any later
-	version.</para>
-
-      <para>This manual is distributed in the hope that it will be
-	useful, but WITHOUT ANY WARRANTY; without even the implied
-	warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-	PURPOSE.  See the GNU General Public License for more
-	details.</para>
-
-      <para>You should have received a copy of the GNU General Public
-	License along with this program; if not, write to the Free
-	Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
-	MA 02111-1307 USA</para>
-
-      <para>For more details see the file COPYING in the source
-	distribution of &gnupg;.</para>
-    </legalnotice>
-  </bookinfo>
-
-  <!-- Insert the table of contents -->
-  <toc></toc>
-
-<!--*******************************************
-    *********  the first chapter  *************
-    *******************************************-->
-  <chapter id="intro">
-    <title>Introduction</title>
-    <sect1 id="feedback">
-      <title>Feedback</title>
-      <!-- Hope we can remove this ;-) -->
-      <para>Well, I'm German and I find it hard to express myself in
-	English. So if you find some phrases and/or words that I used
-	in a wrong way (and you will find them :-) ), please send me a
-	mail, to let me correct this. Please send me notes about
-	typos, too.
-    </sect1>
-
-
-    <sect1 id="whatis">
-	<title>What is &gnupg;</title>
-      <para><ulink url="&wwwgnupg;">&gnupg;</> is a tool for digital
-	encryption and signing;
-	it is part of the <ulink url="&wwwgnu;">GNU Project</>.
-
-      <para>It has these features:
-      <itemizedlist>
-	<listitem>
-	  <para>Exciting feature 1
-	</listitem>
-	<listitem>
-	  <para>Exciting feature 2
-	</listitem>
-      </itemizedlist>
-
-      <para>How to find out the version of &gnupg;
-      <screen>
-	<prompt/$/ <userinput>gpg --version</>
-      </screen>
-
-    </sect1>
-
-  </chapter>
-
-</book>

g10/ChangeLog

@@ -1,3 +1,9 @@
+Mon Sep  6 19:59:08 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+
+	* tdbio.c (tdbio_set_dbname): Use mkdir macro
+	* ringedit.c (add_keyblock_resource): Ditto.
+
 Fri Sep  3 10:04:45 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 

g10/OPTIONS

@@ -1,35 +1,12 @@
-# This is a sample option file
+# Some notes used by the maintainers
-#
-# Unless you you specify which option file to use with the
-# commandline option "--options filename", gpg uses the
-# file ~/.gnupg/options by default.
-#
-# An option file can contain all long options which are
-# available in GNUPG. If the first non white space character of
-# a line is a '#', this line is ignored.  Empty lines are also
-# ignored.
-#
-# Here is a list of all possible options. Not of all them make
-# sense in an option file; consider this as a complete option
-# reference. Before the options you find a list of commands.
 
 
-#-----------------------------------------------
-#------------------- Commands ------------------
-#-----------------------------------------------
-# With some exceptions, these cannot be combined
-
 store
 # simply packs the input data into a rfc1991 packet format
 
 check-trustdb
 
 
-
-#-----------------------------------------------
-#--- options
-#-----------------------------------------------
-
 compress-keys
 # compress exported key, compress level is still set with "-z" and
 # algorithm with --compress-algo" - Default is to not compress keys, as

g10/helptext.c

@@ -182,7 +182,7 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = {
 { "keyedit.delsig.unknown", N_(
  "This signature can't be checked because you don't have the\n"
  "corresponding key.  You should postpone its deletion until you\n"
- "know which key was used because this signing key might establish"
+ "know which key was used because this signing key might establish\n"
  "a trust connection through another already certified key."
 )},
 { "keyedit.delsig.invalid", N_(

g10/keyedit.c

@@ -1737,7 +1737,7 @@ menu_revsig( KBNODE keyblock )
     int rc, any;
 
     /* FIXME: detect duplicates here  */
-    tty_printf("You have signed these user IDs:\n");
+    tty_printf(_("You have signed these user IDs:\n"));
     for( node = keyblock; node; node = node->next ) {
 	node->flag &= ~(NODFLG_SELSIG | NODFLG_MARK_A);
 	if( node->pkt->pkttype == PKT_USER_ID ) {
@@ -1751,12 +1751,12 @@ menu_revsig( KBNODE keyblock )
 		&& ((sig = node->pkt->pkt.signature),
 		     !seckey_available( sig->keyid )  ) ) {
 	    if( (sig->sig_class&~3) == 0x10 ) {
-		tty_printf("   signed by %08lX at %s\n",
+		tty_printf(_("   signed by %08lX at %s\n"),
 			    sig->keyid[1], datestr_from_sig(sig) );
 		node->flag |= NODFLG_SELSIG;
 	    }
 	    else if( sig->sig_class == 0x30 ) {
-		tty_printf("   revoked by %08lX at %s\n",
+		tty_printf(_("   revoked by %08lX at %s\n"),
 			    sig->keyid[1], datestr_from_sig(sig) );
 	    }
 	}
@@ -1776,7 +1776,7 @@ menu_revsig( KBNODE keyblock )
 	    continue;
 	if( !any ) {
 	    any = 1;
-	    tty_printf("You are about to revoke these signatures:\n");
+	    tty_printf(_("You are about to revoke these signatures:\n"));
 	}
 	if( node->pkt->pkttype == PKT_USER_ID ) {
 	    PKT_user_id *uid = node->pkt->pkt.user_id;
@@ -1786,7 +1786,7 @@ menu_revsig( KBNODE keyblock )
 	}
 	else if( node->pkt->pkttype == PKT_SIGNATURE ) {
 	    sig = node->pkt->pkt.signature;
-	    tty_printf("   signed by %08lX at %s\n",
+	    tty_printf(_("   signed by %08lX at %s\n"),
 			    sig->keyid[1], datestr_from_sig(sig) );
 	}
     }

g10/ringedit.c

@@ -63,6 +63,12 @@
 #include "i18n.h"
 
 
+#ifdef MKDIR_TAKES_ONE_ARG
+# undef mkdir
+# define mkdir(a,b) mkdir(a)
+#endif
+
+
 struct resource_table_struct {
     int used;
     int secret; /* this is a secret keyring */
@@ -287,11 +293,7 @@ add_keyblock_resource( const char *url, int force, int secret )
 	    if( access(filename, F_OK) ) {
 		if( strlen(filename) >= 7
 		    && !strcmp(filename+strlen(filename)-7, "/.gnupg") ) {
-		  #ifdef HAVE_DOSISH_SYSTEM
-		    if( mkdir(filename) )
-		  #else
 		    if( mkdir(filename, S_IRUSR|S_IWUSR|S_IXUSR) )
-		  #endif
 		    {
 			log_error( _("%s: can't create directory: %s\n"),
 				  filename, strerror(errno));

g10/tdbio.c

@@ -40,6 +40,11 @@
 #include "tdbio.h"
 
 
+#ifdef MKDIR_TAKES_ONE_ARG
+# undef mkdir
+# define mkdir(a,b) mkdir(a)
+#endif
+
 /****************
  * Yes, this is a very simple implementation. We should really
  * use a page aligned buffer and read complete pages.
@@ -436,11 +441,7 @@ tdbio_set_dbname( const char *new_dbname, int create )
 	    if( access( fname, F_OK ) ) {
 		if( strlen(fname) >= 7
 		    && !strcmp(fname+strlen(fname)-7, "/.gnupg" ) ) {
-		  #if HAVE_DOSISH_SYSTEM
-		    if( mkdir( fname ) )
-		  #else
 		    if( mkdir( fname, S_IRUSR|S_IWUSR|S_IXUSR ) )
-		  #endif
 			log_fatal( _("%s: can't create directory: %s\n"),
 						    fname,  strerror(errno) );
 		    else if( !opt.quiet )

po/ChangeLog

@@ -1,11 +1,20 @@
-Wed Sep  1 15:30:44 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+Mon Sep  6 19:59:08 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 
+	* fr.po: Imported and fixed a msgid.
+	* de.po: Ditto.
+	* pt_BR.po: Ditto.
+
+	* POTFILES.in (delkey.c): New.
+
+	* fr.po: Gaël was the first to update it again.
+
+Wed Sep  1 15:30:44 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
 	* de.po: Updated.
 
 Mon Aug 30 20:38:33 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
-
 	* it.po: Updated (Marco).
 	* de.po: Updated (Walter).
 	* pt_BR-po: Update (Thiago).

po/de.po

@@ -3,8 +3,8 @@
 # Walter Koch <koch@hsp.de>, 1998.
 msgid ""
 msgstr ""
-"POT-Creation-Date: 1999-09-03 08:52+0200\n"
+"POT-Creation-Date: 1999-09-05 19:21+0200\n"
-"PO-Revision-Date: 1999-08-31 21:36+0200\n"
+"PO-Revision-Date: 1999-09-04 22:36+0200\n"
 "Last-Translator: Walter Koch <koch@hsp.de>\n"
 "Language-Team: German <de@li.org>\n"
 "MIME-Version: 1.0\n"
@@ -587,7 +587,7 @@ msgstr "|N|Komprimierverfahren N benutzen"
 
 #: g10/g10.c:282
 msgid "throw keyid field of encrypted packets"
-msgstr "Entferne Absender-ID verschlüsselter Pakete"
+msgstr "Entferne Empfänger-ID verschlüsselter Pakete"
 
 #: g10/g10.c:283
 msgid "|NAME=VALUE|use this notation data"
@@ -1150,18 +1150,18 @@ msgid "No such user ID.\n"
 msgstr "Keine solche User-ID vorhanden.\n"
 
 #: g10/pkclist.c:756
-#, fuzzy
 msgid "skipped: public key already set as default recipient\n"
-msgstr "%s: übersprungen: öffentlicher Schlüssel bereits vorhanden\n"
+msgstr ""
+"übersprungen: öffentlicher Schlüssel bereits als Standardempfänger gesetzt\n"
 
 #: g10/pkclist.c:778
 msgid "Public key is disabled.\n"
 msgstr "Öffentlicher Schlüssel ist abgeschaltet.\n"
 
 #: g10/pkclist.c:785
-#, fuzzy
 msgid "skipped: public key already set with --encrypt-to\n"
-msgstr "%s: übersprungen: öffentlicher Schlüssel bereits vorhanden\n"
+msgstr ""
+"übersprungen: öffentlicher Schlüssel bereits mittels --encrypt-to gesetzt\n"
 
 #: g10/pkclist.c:816
 #, c-format
@@ -1512,8 +1512,8 @@ msgstr ""
 msgid "Really create? "
 msgstr "Wirklich erzeugen? "
 
-#: g10/encode.c:91 g10/openfile.c:156 g10/openfile.c:246 g10/tdbio.c:467
+#: g10/encode.c:91 g10/openfile.c:156 g10/openfile.c:246 g10/tdbio.c:468
-#: g10/tdbio.c:528
+#: g10/tdbio.c:529
 #, c-format
 msgid "%s: can't open: %s\n"
 msgstr "%s: kann nicht geöffnet werden: %s\n"
@@ -1570,12 +1570,10 @@ msgid "RSA key cannot be used in this version\n"
 msgstr "RSA-Schlüssel können in dieser Version nicht verwendet werden\n"
 
 #: g10/getkey.c:1291 g10/getkey.c:1330
-#, fuzzy
 msgid "No key for user ID\n"
 msgstr "Kein Schlüssel für User-ID\n"
 
 #: g10/getkey.c:1369 g10/getkey.c:1409
-#, fuzzy
 msgid "No user ID for key\n"
 msgstr "Keine User-ID für Schlüssel\n"
 
@@ -1661,12 +1659,12 @@ msgid " secret keys unchanged: %lu\n"
 msgstr " unveränderte geh.Schl.: %lu\n"
 
 #: g10/import.c:362 g10/import.c:554
-#, fuzzy, c-format
+#, c-format
 msgid "key %08lX: no user ID\n"
 msgstr "Schlüssel %08lX: Keine User-ID\n"
 
 #: g10/import.c:376
-#, fuzzy, c-format
+#, c-format
 msgid "key %08lX: no valid user IDs\n"
 msgstr "Schlüssel %08lX: Keine gültigen User-IDs\n"
 
@@ -1722,12 +1720,12 @@ msgstr ""
 "Schlüssel %08lX: Lesefehler im lokalen originalen Schlüsselblocks: %s\n"
 
 #: g10/import.c:469
-#, fuzzy, c-format
+#, c-format
 msgid "key %08lX: 1 new user ID\n"
 msgstr "Schlüssel %08lX: 1 neue User-ID\n"
 
 #: g10/import.c:472
-#, fuzzy, c-format
+#, c-format
 msgid "key %08lX: %d new user IDs\n"
 msgstr "Schlüssel %08lX: %d neue User-IDs\n"
 
@@ -1790,7 +1788,7 @@ msgid "key %08lX: revocation certificate imported\n"
 msgstr "Schlüssel %08lX: Widerrufzertifikat importiert\n"
 
 #: g10/import.c:711
-#, fuzzy, c-format
+#, c-format
 msgid "key %08lX: no user ID for signature\n"
 msgstr "Schlüssel %08lX: Keine User-ID für Signatur\n"
 
@@ -1815,12 +1813,12 @@ msgid "key %08lX: invalid subkey binding\n"
 msgstr "Schlüssel %08lX: Ungültige Unterschlüssel-Anbindung\n"
 
 #: g10/import.c:769
-#, fuzzy, c-format
+#, c-format
 msgid "key %08lX: accepted non self-signed user ID '"
 msgstr "Schlüssel %08lX: Nicht eigenbeglaubigte User-ID übernommen'"
 
 #: g10/import.c:798
-#, fuzzy, c-format
+#, c-format
 msgid "key %08lX: skipped user ID '"
 msgstr "Schlüssel %08lX: User-ID übergangen '"
 
@@ -1863,7 +1861,7 @@ msgstr "Schl
 msgid "key %08lX: our copy has no self-signature\n"
 msgstr "Schlüssel %08lX: Unsere Kopie hat keine Eigenbeglaubigung\n"
 
-#: g10/keyedit.c:93
+#: g10/delkey.c:64 g10/keyedit.c:93
 #, c-format
 msgid "%s: user not found\n"
 msgstr "%s: Benutzer nicht gefunden\n"
@@ -1904,12 +1902,11 @@ msgid "%d signatures not checked due to errors\n"
 msgstr "%d Beglaubigungen aufgrund von Fehlern nicht geprüft\n"
 
 #: g10/keyedit.c:231
-#, fuzzy
 msgid "1 user ID without valid self-signature detected\n"
 msgstr "Eine User-ID ohne gültige Eigenbeglaubigung entdeckt\n"
 
 #: g10/keyedit.c:233
-#, fuzzy, c-format
+#, c-format
 msgid "%d user IDs without valid self-signatures detected\n"
 msgstr "%d User-IDs ohne gültige Eigenbeglaubigung entdeckt\n"
 
@@ -2024,9 +2021,8 @@ msgid "list"
 msgstr "Liste der Schlüssel"
 
 #: g10/keyedit.c:570
-#, fuzzy
 msgid "list key and user IDs"
-msgstr "Schlüssel und User-ID auflisten"
+msgstr "Schlüssel und User-IDs auflisten"
 
 #: g10/keyedit.c:571
 msgid "l"
@@ -2037,7 +2033,6 @@ msgid "uid"
 msgstr "uid"
 
 #: g10/keyedit.c:572
-#, fuzzy
 msgid "select user ID N"
 msgstr "User-ID N auswählen"
 
@@ -2090,7 +2085,6 @@ msgid "adduid"
 msgstr "adduid"
 
 #: g10/keyedit.c:580
-#, fuzzy
 msgid "add a user ID"
 msgstr "Eine User-ID hinzufügen"
 
@@ -2099,7 +2093,6 @@ msgid "deluid"
 msgstr "deluid"
 
 #: g10/keyedit.c:581
-#, fuzzy
 msgid "delete user ID"
 msgstr "User-ID entfernen"
 
@@ -2203,7 +2196,7 @@ msgstr "enable"
 msgid "enable a key"
 msgstr "Schlüssel anschalten"
 
-#: g10/keyedit.c:614
+#: g10/delkey.c:107 g10/keyedit.c:614
 msgid "can't do that in batchmode\n"
 msgstr "Dies kann im Batchmodus nicht durchgeführt werden.\n"
 
@@ -2222,14 +2215,12 @@ msgid "Need the secret key to do this.\n"
 msgstr "Hierzu wird der geheime Schlüssel benötigt.\n"
 
 #: g10/keyedit.c:758
-#, fuzzy
 msgid "Really sign all user IDs? "
 msgstr "Wirklich alle User-IDs beglaubigen? "
 
 #: g10/keyedit.c:759
-#, fuzzy
 msgid "Hint: Select the user IDs to sign\n"
-msgstr "Tip: Wählen Sie die User-ID, die beglaubigt werden soll\n"
+msgstr "Tip: Wählen Sie die User-IDs, die beglaubigt werden sollen\n"
 
 #: g10/keyedit.c:786 g10/keyedit.c:968
 #, c-format
@@ -2237,22 +2228,18 @@ msgid "update of trustdb failed: %s\n"
 msgstr "Änderung der \"Trust-DB\" fehlgeschlagen: %s\n"
 
 #: g10/keyedit.c:797 g10/keyedit.c:818
-#, fuzzy
 msgid "You must select at least one user ID.\n"
 msgstr "Zumindestens eine User-ID muß ausgewählt werden.\n"
 
 #: g10/keyedit.c:799
-#, fuzzy
 msgid "You can't delete the last user ID!\n"
 msgstr "Die letzte User-ID kann nicht gelöscht werden!\n"
 
 #: g10/keyedit.c:802
-#, fuzzy
 msgid "Really remove all selected user IDs? "
 msgstr "Möchten Sie alle ausgewählten User-IDs wirklich entfernen? "
 
 #: g10/keyedit.c:803
-#, fuzzy
 msgid "Really remove this user ID? "
 msgstr "Diese User-ID wirklich entfernen? "
 
@@ -2361,7 +2348,7 @@ msgid "No corresponding signature in secret ring\n"
 msgstr "Keine entsprechende Signatur im geheimen Schlüsselbund\n"
 
 #: g10/keyedit.c:1566
-#, fuzzy, c-format
+#, c-format
 msgid "No user ID with index %d\n"
 msgstr "Keine User-ID mit Index %d\n"
 
@@ -2387,6 +2374,31 @@ msgstr ""
 msgid "Create a revocation certificate for this signature? (y/N)"
 msgstr "Ein Widerrufszertifikat für diese Unterschrift erzeugen (j/N)"
 
+#. FIXME: detect duplicates here
+#: g10/keyedit.c:1740
+#, fuzzy
+msgid "You have signed these user IDs:\n"
+msgstr "Die letzte User-ID kann nicht gelöscht werden!\n"
+
+#: g10/keyedit.c:1754 g10/keyedit.c:1789
+#, fuzzy, c-format
+msgid "   signed by %08lX at %s\n"
+msgstr ""
+"\"\n"
+"unterschrieben mit Ihrem Schlüssel %08lX um %s\n"
+
+#: g10/keyedit.c:1759
+#, fuzzy, c-format
+msgid "   revoked by %08lX at %s\n"
+msgstr ""
+"\"\n"
+"unterschrieben mit Ihrem Schlüssel %08lX um %s\n"
+
+#: g10/keyedit.c:1779
+#, fuzzy
+msgid "You are about to revoke these signatures:\n"
+msgstr "Möchten Sie einige der ungültigen Signaturen entfernen? "
+
 #: g10/keyedit.c:1797
 msgid "Really create the revocation certificates? (y/N)"
 msgstr "Wirklich ein Unterschrift-Widerrufszertifikat erzeugen? (j/N) "
@@ -2680,137 +2692,137 @@ msgstr "Textzeilen l
 msgid "input line longer than %d characters\n"
 msgstr "Eingabezeile ist länger als %d Zeichen\n"
 
-#: g10/tdbio.c:116 g10/tdbio.c:1634
+#: g10/tdbio.c:121 g10/tdbio.c:1635
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "trustdb Satz %lu: lseek fehlgeschlagen: %s\n"
 
-#: g10/tdbio.c:122 g10/tdbio.c:1641
+#: g10/tdbio.c:127 g10/tdbio.c:1642
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "trustdb Satz %lu: write fehlgeschlagen (n=%d): %s\n"
 
-#: g10/tdbio.c:232
+#: g10/tdbio.c:237
 msgid "trustdb transaction too large\n"
 msgstr "trustdb Transaktion zu groß\n"
 
-#: g10/tdbio.c:424
+#: g10/tdbio.c:429
 #, c-format
 msgid "%s: can't access: %s\n"
 msgstr "%s: kann nicht zugegriffen werden: %s\n"
 
-#: g10/ringedit.c:296 g10/tdbio.c:444
+#: g10/ringedit.c:298 g10/tdbio.c:445
 #, c-format
 msgid "%s: can't create directory: %s\n"
 msgstr "%s: Verzeichnis kann nicht erzeugt werden: %s\n"
 
-#: g10/ringedit.c:302 g10/tdbio.c:447
+#: g10/ringedit.c:304 g10/tdbio.c:448
 #, c-format
 msgid "%s: directory created\n"
 msgstr "%s: Verzeichnis erzeugt\n"
 
-#: g10/tdbio.c:451
+#: g10/tdbio.c:452
 #, c-format
 msgid "%s: directory does not exist!\n"
 msgstr "%s: Verzeichnis existiert nicht!\n"
 
-#: g10/openfile.c:182 g10/openfile.c:253 g10/ringedit.c:1346 g10/tdbio.c:457
+#: g10/openfile.c:182 g10/openfile.c:253 g10/ringedit.c:1348 g10/tdbio.c:458
 #, c-format
 msgid "%s: can't create: %s\n"
 msgstr "%s: kann nicht erzeugt werden: %s\n"
 
-#: g10/tdbio.c:472 g10/tdbio.c:521
+#: g10/tdbio.c:473 g10/tdbio.c:522
 #, c-format
 msgid "%s: can't create lock\n"
 msgstr "%s: Sperre kann nicht erzeugt werden\n"
 
-#: g10/tdbio.c:486
+#: g10/tdbio.c:487
 #, c-format
 msgid "%s: failed to create version record: %s"
 msgstr "%s: Fehler beim Erzeugen des Versionsatzes: %s"
 
-#: g10/tdbio.c:490
+#: g10/tdbio.c:491
 #, c-format
 msgid "%s: invalid trustdb created\n"
 msgstr "%s: ungültige trust-db erzeugt\n"
 
-#: g10/tdbio.c:493
+#: g10/tdbio.c:494
 #, c-format
 msgid "%s: trustdb created\n"
 msgstr "%s: trust-db erzeugt\n"
 
-#: g10/tdbio.c:530
+#: g10/tdbio.c:531
 #, c-format
 msgid "%s: invalid trustdb\n"
 msgstr "%s: ungültige 'Trust'-Datenbank\n"
 
-#: g10/tdbio.c:563
+#: g10/tdbio.c:564
 #, c-format
 msgid "%s: failed to create hashtable: %s\n"
 msgstr "%s: hashtable kann nicht erzeugt werden: %s\n"
 
-#: g10/tdbio.c:571
+#: g10/tdbio.c:572
 #, c-format
 msgid "%s: error updating version record: %s\n"
 msgstr "%s: Fehler beim Ändern des Versionsatzes: %s\n"
 
-#: g10/tdbio.c:587 g10/tdbio.c:626 g10/tdbio.c:648 g10/tdbio.c:678
+#: g10/tdbio.c:588 g10/tdbio.c:627 g10/tdbio.c:649 g10/tdbio.c:679
-#: g10/tdbio.c:703 g10/tdbio.c:1567 g10/tdbio.c:1594
+#: g10/tdbio.c:704 g10/tdbio.c:1568 g10/tdbio.c:1595
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: Fehler beim Lesen des Versionsatzes: %s\n"
 
-#: g10/tdbio.c:600 g10/tdbio.c:659
+#: g10/tdbio.c:601 g10/tdbio.c:660
 #, c-format
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: Fehler beim Schreiben des Versionsatzes: %s\n"
 
-#: g10/tdbio.c:1246
+#: g10/tdbio.c:1247
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "trustdb: lseek fehlgeschlagen: %s\n"
 
-#: g10/tdbio.c:1254
+#: g10/tdbio.c:1255
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "trustdb: read failed (n=%d): %s\n"
 
-#: g10/tdbio.c:1275
+#: g10/tdbio.c:1276
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: keine trustdb Datei\n"
 
-#: g10/tdbio.c:1291
+#: g10/tdbio.c:1292
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: version record with recnum %lu\n"
 
-#: g10/tdbio.c:1296
+#: g10/tdbio.c:1297
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: invalid file version %d\n"
 
-#: g10/tdbio.c:1600
+#: g10/tdbio.c:1601
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: Fehler beim Lesen eines freien Satzes: %s\n"
 
-#: g10/tdbio.c:1608
+#: g10/tdbio.c:1609
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: Fehler beim Schreiben eines Verzeichnis-Satzes: %s\n"
 
-#: g10/tdbio.c:1618
+#: g10/tdbio.c:1619
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: konnte einen Satz nicht Nullen: %s\n"
 
-#: g10/tdbio.c:1648
+#: g10/tdbio.c:1649
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: konnte Satz nicht anhängen: %s\n"
 
-#: g10/tdbio.c:1759
+#: g10/tdbio.c:1760
 msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
 msgstr ""
 "Die \"Trust\"-Datenbank ist beschädigt; verwenden Sie \"gpg "
@@ -3041,7 +3053,6 @@ msgid "Ooops, no keys\n"
 msgstr "Huch, keine Schlüssel\n"
 
 #: g10/trustdb.c:2061
-#, fuzzy
 msgid "Ooops, no user IDs\n"
 msgstr "Huch, keine User-IDs\n"
 
@@ -3101,31 +3112,31 @@ msgstr "konnte '%s' nicht in die 'Trust'-Datenbank hineintun: %s\n"
 msgid "WARNING: can't yet handle long pref records\n"
 msgstr "WARNUNG: Lange 'Pref'-Records können noch nicht benutzt werden\n"
 
-#: g10/ringedit.c:316
+#: g10/ringedit.c:318
 #, c-format
 msgid "%s: can't create keyring: %s\n"
 msgstr "%s: Schlüsselbund kann nicht erzeugt werden: %s\n"
 
-#: g10/ringedit.c:333 g10/ringedit.c:1351
+#: g10/ringedit.c:335 g10/ringedit.c:1353
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: Schlüsselbund erstellt\n"
 
-#: g10/ringedit.c:1528
+#: g10/ringedit.c:1530
 msgid "WARNING: 2 files with confidential information exists.\n"
 msgstr "Warnung: Zwei Dateien mit vertraulichem Inhalt vorhanden.\n"
 
-#: g10/ringedit.c:1529
+#: g10/ringedit.c:1531
 #, c-format
 msgid "%s is the unchanged one\n"
 msgstr "%s ist der Unveränderte\n"
 
-#: g10/ringedit.c:1530
+#: g10/ringedit.c:1532
 #, c-format
 msgid "%s is the new one\n"
 msgstr "%s ist der Neue\n"
 
-#: g10/ringedit.c:1531
+#: g10/ringedit.c:1533
 msgid "Please fix this possible security flaw\n"
 msgstr "Bitte diesen potentiellen Sicherheitsmangel beseitigen\n"
 
@@ -3209,6 +3220,28 @@ msgstr ""
 "Trotz %d-fachen Versuch konnte die Erzeugung eines unsicheren Schlüssels für "
 "sym.Verschlüsselung nicht vermieden werden!\n"
 
+#: g10/delkey.c:93
+msgid "there is a secret key for this public key!\n"
+msgstr "Es gibt einen privaten Schlüssel zu diesem öffentlichen Schlüssel!\n"
+
+#: g10/delkey.c:95
+msgid "use option \"--delete-secret-key\" to delete it first.\n"
+msgstr ""
+"Benutzen Sie das Kommando \"--delete-secret-key\", um ihn vorab zu "
+"entfernen.\n"
+
+#: g10/delkey.c:111
+msgid "can't do that in batchmode without \"--yes\"\n"
+msgstr "Dies kann im Batchmodus ohne \"--yes\" nicht durchgeführt werden.\n"
+
+#: g10/delkey.c:133
+msgid "Delete this key from the keyring? "
+msgstr "Diesen Schlüssel aus dem Schlüsselbund löschen? "
+
+#: g10/delkey.c:141
+msgid "This is a secret key! - really delete? "
+msgstr "Dies ist ein privater Schlüssel! - Wirklich löschen? "
+
 #: g10/helptext.c:47
 msgid ""
 "It's up to you to assign a value here; this value will never be exported\n"
@@ -3234,7 +3267,6 @@ msgstr ""
 "so antworten Sie mit \"ja\"."
 
 #: g10/helptext.c:61
-#, fuzzy
 msgid ""
 "Enter the user ID of the addressee to whom you want to send the message."
 msgstr "Geben Sie die User-ID dessen ein, dem Sie die Botschaft senden wollen."
@@ -3304,7 +3336,6 @@ msgid "Answer \"yes\" or \"no\""
 msgstr "Geben Sie \"ja\" oder \"nein\" ein"
 
 #: g10/helptext.c:106
-#, fuzzy
 msgid ""
 "Enter the required value as shown in the prompt.\n"
 "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
@@ -3367,7 +3398,6 @@ msgstr ""
 "Geben Sie \"ja\" (oder nur \"j\") ein, um diesen Unterschlüssel zu löschen"
 
 #: g10/helptext.c:178
-#, fuzzy
 msgid ""
 "This is a valid signature on the key; you normally don't want\n"
 "to delete this signature because it may be important to establish a\n"
@@ -3383,8 +3413,8 @@ msgstr ""
 msgid ""
 "This signature can't be checked because you don't have the\n"
 "corresponding key.  You should postpone its deletion until you\n"
-"know which key was used because this signing key might establisha trust "
+"know which key was used because this signing key might establish\n"
-"connection through another already certified key."
+"a trust connection through another already certified key."
 msgstr ""
 "Diese Beglaubigung kann nicht geprüft werden, da Sie den passenden "
 "Schlüssel\n"
@@ -3997,24 +4027,3 @@ msgstr "Keine Hilfe f
 
 #~ msgid "Checking signatures of this public key certificate:\n"
 #~ msgstr "Die Signaturen dieses Zertifikats werden überprüft:\n"
-
-#~ msgid "Do you want to remove some of the invalid signatures? "
-#~ msgstr "Möchten Sie einige der ungültigen Signaturen entfernen? "
-
-#~ msgid "there is a secret key for this public key!\n"
-#~ msgstr ""
-#~ "Es gibt einen privaten Schlüssel zu diesem öffentlichen Schlüssel!\n"
-
-#~ msgid "use option \"--delete-secret-key\" to delete it first.\n"
-#~ msgstr ""
-#~ "Benutzen Sie das Kommando \"--delete-secret-key\", um ihn vorab zu "
-#~ "entfernen.\n"
-
-#~ msgid "can't do that in batchmode without \"--yes\"\n"
-#~ msgstr "Dies kann im Batchmodus ohne \"--yes\" nicht durchgeführt werden.\n"
-
-#~ msgid "Delete this key from the keyring? "
-#~ msgstr "Diesen Schlüssel aus dem Schlüsselbund löschen? "
-
-#~ msgid "This is a secret key! - really delete? "
-#~ msgstr "Dies ist ein privater Schlüssel! - Wirklich löschen? "

po/es_ES.po

@@ -7,7 +7,7 @@
 # GPG version: 0.9.7
 msgid ""
 msgstr ""
-"POT-Creation-Date: 1999-09-03 08:52+0200\n"
+"POT-Creation-Date: 1999-09-05 19:21+0200\n"
 "PO-Revision-Date: 1999-06-06 18:33+0200\n"
 "Content-Type: text/plain; charset=iso-8859-1\n"
 "Date: 1998-11-13 10:49:25+0100\n"
@@ -1519,8 +1519,8 @@ msgstr ""
 msgid "Really create? "
 msgstr "¿Crear de verdad? "
 
-#: g10/encode.c:91 g10/openfile.c:156 g10/openfile.c:246 g10/tdbio.c:467
+#: g10/encode.c:91 g10/openfile.c:156 g10/openfile.c:246 g10/tdbio.c:468
-#: g10/tdbio.c:528
+#: g10/tdbio.c:529
 #, c-format
 msgid "%s: can't open: %s\n"
 msgstr "%s: no puede abrirse: %s\n"
@@ -1867,7 +1867,7 @@ msgstr "clave %08lX: certificado de revocaci
 msgid "key %08lX: our copy has no self-signature\n"
 msgstr "clave %08lX: nuestra copia no tiene autofirma\n"
 
-#: g10/keyedit.c:93
+#: g10/delkey.c:64 g10/keyedit.c:93
 #, c-format
 msgid "%s: user not found\n"
 msgstr "%s: usuario no encontrado\n"
@@ -2212,7 +2212,7 @@ msgstr ""
 msgid "enable a key"
 msgstr "Clave incorrecta"
 
-#: g10/keyedit.c:614
+#: g10/delkey.c:107 g10/keyedit.c:614
 msgid "can't do that in batchmode\n"
 msgstr "imposible hacer esto en modo de proceso por lotes\n"
 
@@ -2401,6 +2401,31 @@ msgstr ""
 msgid "Create a revocation certificate for this signature? (y/N)"
 msgstr "¿Crear un certificado de revocación para esta clave (s/N)?"
 
+#. FIXME: detect duplicates here
+#: g10/keyedit.c:1740
+#, fuzzy
+msgid "You have signed these user IDs:\n"
+msgstr "¡No puede borrar el último identificativo de usuario!\n"
+
+#: g10/keyedit.c:1754 g10/keyedit.c:1789
+#, fuzzy, c-format
+msgid "   signed by %08lX at %s\n"
+msgstr ""
+"\"\n"
+"firmada con su clave %08lX el %s\n"
+
+#: g10/keyedit.c:1759
+#, fuzzy, c-format
+msgid "   revoked by %08lX at %s\n"
+msgstr ""
+"\"\n"
+"firmada con su clave %08lX el %s\n"
+
+#: g10/keyedit.c:1779
+#, fuzzy
+msgid "You are about to revoke these signatures:\n"
+msgstr "¿Revocar realmente las claves seleccionadas? "
+
 #: g10/keyedit.c:1797
 msgid "Really create the revocation certificates? (y/N)"
 msgstr "¿Crear los certificados de revocación realmente? (s/N)"
@@ -2685,138 +2710,138 @@ msgstr "no se pueden manejar l
 msgid "input line longer than %d characters\n"
 msgstr "línea de longitud superior a %d caracteres\n"
 
-#: g10/tdbio.c:116 g10/tdbio.c:1634
+#: g10/tdbio.c:121 g10/tdbio.c:1635
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "registro base de datos de confianza %lu: lseek fallido: %s\n"
 
-#: g10/tdbio.c:122 g10/tdbio.c:1641
+#: g10/tdbio.c:127 g10/tdbio.c:1642
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr ""
 "resgisto base de datos de confianza %lu: escritura fallida (n=%d): %s\n"
 
-#: g10/tdbio.c:232
+#: g10/tdbio.c:237
 msgid "trustdb transaction too large\n"
 msgstr "transacción en la base de datos de confianza demasiado grande\n"
 
-#: g10/tdbio.c:424
+#: g10/tdbio.c:429
 #, c-format
 msgid "%s: can't access: %s\n"
 msgstr "%s: no puede abrirse: %s\n"
 
-#: g10/ringedit.c:296 g10/tdbio.c:444
+#: g10/ringedit.c:298 g10/tdbio.c:445
 #, c-format
 msgid "%s: can't create directory: %s\n"
 msgstr "%s: no puede crearse el directorio: %s\n"
 
-#: g10/ringedit.c:302 g10/tdbio.c:447
+#: g10/ringedit.c:304 g10/tdbio.c:448
 #, c-format
 msgid "%s: directory created\n"
 msgstr "%s: directorio creado\n"
 
-#: g10/tdbio.c:451
+#: g10/tdbio.c:452
 #, c-format
 msgid "%s: directory does not exist!\n"
 msgstr "%s: ¡el directorio no existe!\n"
 
-#: g10/openfile.c:182 g10/openfile.c:253 g10/ringedit.c:1346 g10/tdbio.c:457
+#: g10/openfile.c:182 g10/openfile.c:253 g10/ringedit.c:1348 g10/tdbio.c:458
 #, c-format
 msgid "%s: can't create: %s\n"
 msgstr "%s: no puede crearse: %s\n"
 
-#: g10/tdbio.c:472 g10/tdbio.c:521
+#: g10/tdbio.c:473 g10/tdbio.c:522
 #, c-format
 msgid "%s: can't create lock\n"
 msgstr "%s: no puede crearse bloqueo\n"
 
-#: g10/tdbio.c:486
+#: g10/tdbio.c:487
 #, c-format
 msgid "%s: failed to create version record: %s"
 msgstr "%s: fallo en la creación del registro de versión: %s"
 
-#: g10/tdbio.c:490
+#: g10/tdbio.c:491
 #, c-format
 msgid "%s: invalid trustdb created\n"
 msgstr "%s: se ha creado base de datos de confianza no válida\n"
 
-#: g10/tdbio.c:493
+#: g10/tdbio.c:494
 #, c-format
 msgid "%s: trustdb created\n"
 msgstr "%s: se ha creado base de datos de confianza\n"
 
-#: g10/tdbio.c:530
+#: g10/tdbio.c:531
 #, c-format
 msgid "%s: invalid trustdb\n"
 msgstr "%s: base de datos de confianza no válida\n"
 
-#: g10/tdbio.c:563
+#: g10/tdbio.c:564
 #, c-format
 msgid "%s: failed to create hashtable: %s\n"
 msgstr "%s: fallo en la creación de la tabla hash: %s\n"
 
-#: g10/tdbio.c:571
+#: g10/tdbio.c:572
 #, c-format
 msgid "%s: error updating version record: %s\n"
 msgstr "%s: error actualizando el registro de versión: %s\n"
 
-#: g10/tdbio.c:587 g10/tdbio.c:626 g10/tdbio.c:648 g10/tdbio.c:678
+#: g10/tdbio.c:588 g10/tdbio.c:627 g10/tdbio.c:649 g10/tdbio.c:679
-#: g10/tdbio.c:703 g10/tdbio.c:1567 g10/tdbio.c:1594
+#: g10/tdbio.c:704 g10/tdbio.c:1568 g10/tdbio.c:1595
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: error leyendo registro de versión: %s\n"
 
-#: g10/tdbio.c:600 g10/tdbio.c:659
+#: g10/tdbio.c:601 g10/tdbio.c:660
 #, c-format
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: error escribiendo registro de versión: %s\n"
 
-#: g10/tdbio.c:1246
+#: g10/tdbio.c:1247
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "base de datos de confianza: fallo lseek: %s\n"
 
-#: g10/tdbio.c:1254
+#: g10/tdbio.c:1255
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "base de datos de confianza: error lectura (n=%d): %s\n"
 
-#: g10/tdbio.c:1275
+#: g10/tdbio.c:1276
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: no es una base de datos de confianza\n"
 
-#: g10/tdbio.c:1291
+#: g10/tdbio.c:1292
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: registro de versión con número de registro %lu\n"
 
-#: g10/tdbio.c:1296
+#: g10/tdbio.c:1297
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: versión del fichero %d no válida\n"
 
-#: g10/tdbio.c:1600
+#: g10/tdbio.c:1601
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: error leyendo registro libre: %s\n"
 
-#: g10/tdbio.c:1608
+#: g10/tdbio.c:1609
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: error escribiendo registro de directorio: %s\n"
 
-#: g10/tdbio.c:1618
+#: g10/tdbio.c:1619
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: fallo en poner a cero un registro: %s\n"
 
-#: g10/tdbio.c:1648
+#: g10/tdbio.c:1649
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: fallo al añadir un registro: %s\n"
 
-#: g10/tdbio.c:1759
+#: g10/tdbio.c:1760
 #, fuzzy
 msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
 msgstr ""
@@ -3107,31 +3132,31 @@ msgstr "fallo al poner '%s' en la tabla de confianza: %s\n"
 msgid "WARNING: can't yet handle long pref records\n"
 msgstr "ATENCÍON: todavía no puedo tratar registros de preferencias largos\n"
 
-#: g10/ringedit.c:316
+#: g10/ringedit.c:318
 #, c-format
 msgid "%s: can't create keyring: %s\n"
 msgstr "%s: no se puede crear el anillo: %s\n"
 
-#: g10/ringedit.c:333 g10/ringedit.c:1351
+#: g10/ringedit.c:335 g10/ringedit.c:1353
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: anillo creado\n"
 
-#: g10/ringedit.c:1528
+#: g10/ringedit.c:1530
 msgid "WARNING: 2 files with confidential information exists.\n"
 msgstr "ATENCIÓN: existen 2 ficheros con información confidencial.\n"
 
-#: g10/ringedit.c:1529
+#: g10/ringedit.c:1531
 #, c-format
 msgid "%s is the unchanged one\n"
 msgstr "%s es el que no se ha modificado\n"
 
-#: g10/ringedit.c:1530
+#: g10/ringedit.c:1532
 #, c-format
 msgid "%s is the new one\n"
 msgstr "%s es el nuevo\n"
 
-#: g10/ringedit.c:1531
+#: g10/ringedit.c:1533
 msgid "Please fix this possible security flaw\n"
 msgstr "Por favor arregle este posible fallo de seguridad\n"
 
@@ -3214,6 +3239,29 @@ msgstr ""
 "¡imposible evitar clave débil para cifrado simétrico después de %d "
 "intentos!\n"
 
+#: g10/delkey.c:93
+#, fuzzy
+msgid "there is a secret key for this public key!\n"
+msgstr "elimina la clave del anillo público"
+
+#: g10/delkey.c:95
+msgid "use option \"--delete-secret-key\" to delete it first.\n"
+msgstr ""
+
+#: g10/delkey.c:111
+#, fuzzy
+msgid "can't do that in batchmode without \"--yes\"\n"
+msgstr "imposible hacer esto en modo de proceso por lotes\n"
+
+#: g10/delkey.c:133
+#, fuzzy
+msgid "Delete this key from the keyring? "
+msgstr "elimina la clave del anillo público"
+
+#: g10/delkey.c:141
+msgid "This is a secret key! - really delete? "
+msgstr ""
+
 #: g10/helptext.c:47
 msgid ""
 "It's up to you to assign a value here; this value will never be exported\n"
@@ -3331,8 +3379,8 @@ msgstr ""
 msgid ""
 "This signature can't be checked because you don't have the\n"
 "corresponding key.  You should postpone its deletion until you\n"
-"know which key was used because this signing key might establisha trust "
+"know which key was used because this signing key might establish\n"
-"connection through another already certified key."
+"a trust connection through another already certified key."
 msgstr ""
 
 #: g10/helptext.c:189

po/fr.po

@@ -5,8 +5,8 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 1.0\n"
-"POT-Creation-Date: 1999-09-03 08:52+0200\n"
+"POT-Creation-Date: 1999-09-05 19:21+0200\n"
-"PO-Revision-Date: 1999-08-08 04:01+02:00\n"
+"PO-Revision-Date: 1999-09-03 18:07+0200\n"
 "Last-Translator: Gaël Quéri <gqueri@mail.dotcom.fr>\n"
 "Language-Team: French <traduc@traduc.org>\n"
 "MIME-Version: 1.0\n"
@@ -37,11 +37,11 @@ msgstr "oO"
 
 #: util/miscutil.c:279 util/miscutil.c:307
 msgid "no"
-msgstr ""
+msgstr "non"
 
 #: util/miscutil.c:280 util/miscutil.c:310
 msgid "nN"
-msgstr ""
+msgstr "nN"
 
 #: g10/keyedit.c:564 util/miscutil.c:308
 msgid "quit"
@@ -560,10 +560,9 @@ msgstr "imiter le mode d
 msgid "set all packet, cipher and digest options to OpenPGP behavior"
 msgstr "utiliser le comportement défini par OpenPGP"
 
-# FIXMOI : faudra trouver mieux ...
 #: g10/g10.c:274
 msgid "|N|use passphrase mode N"
-msgstr "|N|utiliser le mode de codage des mots de passe N"
+msgstr "|N|coder les mots de passe suivant le mode N"
 
 #: g10/g10.c:276
 msgid "|NAME|use message digest algorithm NAME for passphrases"
@@ -1042,9 +1041,8 @@ msgid ""
 "%08lX: It is not sure that this key really belongs to the owner\n"
 "but it is accepted anyway\n"
 msgstr ""
-"%08lX : Il n'est pas sûr que cette clé appartient vraiment à son "
+"%08lX : Il n'est pas sûr que cette clé appartient vraiment à son\n"
-"propriétaire\n"
+"propriétaire mais elle est quand même acceptée\n"
-"mais elle est quand même acceptée\n"
 
 #: g10/pkclist.c:422
 msgid "This key probably belongs to the owner\n"
@@ -1144,18 +1142,16 @@ msgid "No such user ID.\n"
 msgstr "Pas de tel utilisateur.\n"
 
 #: g10/pkclist.c:756
-#, fuzzy
 msgid "skipped: public key already set as default recipient\n"
-msgstr "%s : ignoré : clé publique déjà présente\n"
+msgstr "ignoré : la clé publique est déjà le récipient par défaut\n"
 
 #: g10/pkclist.c:778
 msgid "Public key is disabled.\n"
 msgstr "La clé publique est désactivée.\n"
 
 #: g10/pkclist.c:785
-#, fuzzy
 msgid "skipped: public key already set with --encrypt-to\n"
-msgstr "%s : ignoré : clé publique déjà présente\n"
+msgstr "ignoré : clé publique configurée par --encrypt-to\n"
 
 #: g10/pkclist.c:816
 #, c-format
@@ -1506,8 +1502,8 @@ msgstr ""
 msgid "Really create? "
 msgstr "Créer vraiment ? "
 
-#: g10/encode.c:91 g10/openfile.c:156 g10/openfile.c:246 g10/tdbio.c:467
+#: g10/encode.c:91 g10/openfile.c:156 g10/openfile.c:246 g10/tdbio.c:468
-#: g10/tdbio.c:528
+#: g10/tdbio.c:529
 #, c-format
 msgid "%s: can't open: %s\n"
 msgstr "%s : ne peut ouvrir : %s\n"
@@ -1564,14 +1560,12 @@ msgid "RSA key cannot be used in this version\n"
 msgstr "les clés RSA ne peuvent être utilisées dans cette version\n"
 
 #: g10/getkey.c:1291 g10/getkey.c:1330
-#, fuzzy
 msgid "No key for user ID\n"
-msgstr "Pas de clé pour cet utilisateur\n"
+msgstr "Pas de clé pour l'utilisateur\n"
 
 #: g10/getkey.c:1369 g10/getkey.c:1409
-#, fuzzy
 msgid "No user ID for key\n"
-msgstr "Pas d'utilisateur pour cette clé\n"
+msgstr "Pas d'utilisateur pour la clé\n"
 
 #: g10/getkey.c:1565 g10/getkey.c:1621
 #, c-format
@@ -1656,12 +1650,12 @@ msgid " secret keys unchanged: %lu\n"
 msgstr "      clés secrètes inchangées : %lu\n"
 
 #: g10/import.c:362 g10/import.c:554
-#, fuzzy, c-format
+#, c-format
 msgid "key %08lX: no user ID\n"
 msgstr "clé %08lX : pas de nom d'utilisateur\n"
 
 #: g10/import.c:376
-#, fuzzy, c-format
+#, c-format
 msgid "key %08lX: no valid user IDs\n"
 msgstr "clé %08lX : pas de nom d'utilisateur valide\n"
 
@@ -1714,12 +1708,12 @@ msgid "key %08lX: can't read original keyblock: %s\n"
 msgstr "clé %08lX : ne peut lire le bloc de clés original : %s\n"
 
 #: g10/import.c:469
-#, fuzzy, c-format
+#, c-format
 msgid "key %08lX: 1 new user ID\n"
 msgstr "clé %08lX : un nouvel utilisateur\n"
 
 #: g10/import.c:472
-#, fuzzy, c-format
+#, c-format
 msgid "key %08lX: %d new user IDs\n"
 msgstr "clé %08lX : %d nouveaux utilisateurs\n"
 
@@ -1782,7 +1776,7 @@ msgid "key %08lX: revocation certificate imported\n"
 msgstr "clé %08lX : certificat de révocation importé\n"
 
 #: g10/import.c:711
-#, fuzzy, c-format
+#, c-format
 msgid "key %08lX: no user ID for signature\n"
 msgstr "clé %08lX : pas d'utilisateur pour la signature\n"
 
@@ -1807,12 +1801,12 @@ msgid "key %08lX: invalid subkey binding\n"
 msgstr "clé %08lX : liaison avec la sous-clé invalide\n"
 
 #: g10/import.c:769
-#, fuzzy, c-format
+#, c-format
 msgid "key %08lX: accepted non self-signed user ID '"
 msgstr "clé %08lX : utilisateur non signé par lui-même accepté : '"
 
 #: g10/import.c:798
-#, fuzzy, c-format
+#, c-format
 msgid "key %08lX: skipped user ID '"
 msgstr "clé %08lX : utilisateur non pris en compte : '"
 
@@ -1855,7 +1849,7 @@ msgstr "cl
 msgid "key %08lX: our copy has no self-signature\n"
 msgstr "clé %08lX : notre copie n'a pas d'auto-signature\n"
 
-#: g10/keyedit.c:93
+#: g10/delkey.c:64 g10/keyedit.c:93
 #, c-format
 msgid "%s: user not found\n"
 msgstr "%s : utilisateur non trouvé\n"
@@ -1896,12 +1890,11 @@ msgid "%d signatures not checked due to errors\n"
 msgstr "%d signatures non vérifiées à cause d'erreurs\n"
 
 #: g10/keyedit.c:231
-#, fuzzy
 msgid "1 user ID without valid self-signature detected\n"
 msgstr "un nom d'utilisateur sans auto-signature valide détecté\n"
 
 #: g10/keyedit.c:233
-#, fuzzy, c-format
+#, c-format
 msgid "%d user IDs without valid self-signatures detected\n"
 msgstr "%d nom d'utilisateurs sans auto-signature valide détecté\n"
 
@@ -2017,7 +2010,6 @@ msgid "list"
 msgstr "lister"
 
 #: g10/keyedit.c:570
-#, fuzzy
 msgid "list key and user IDs"
 msgstr "lister la clé et les noms d'utilisateurs"
 
@@ -2030,7 +2022,6 @@ msgid "uid"
 msgstr "uid"
 
 #: g10/keyedit.c:572
-#, fuzzy
 msgid "select user ID N"
 msgstr "sélectionner le nom d'utilisateur N"
 
@@ -2083,7 +2074,6 @@ msgid "adduid"
 msgstr "aj.ut"
 
 #: g10/keyedit.c:580
-#, fuzzy
 msgid "add a user ID"
 msgstr "ajouter un utilisateur"
 
@@ -2092,7 +2082,6 @@ msgid "deluid"
 msgstr "suppr.ut"
 
 #: g10/keyedit.c:581
-#, fuzzy
 msgid "delete user ID"
 msgstr "enlever un utilisateur"
 
@@ -2197,7 +2186,7 @@ msgstr "activer"
 msgid "enable a key"
 msgstr "activer une clé"
 
-#: g10/keyedit.c:614
+#: g10/delkey.c:107 g10/keyedit.c:614
 msgid "can't do that in batchmode\n"
 msgstr "impossible de faire cela en mode automatique\n"
 
@@ -2216,12 +2205,10 @@ msgid "Need the secret key to do this.\n"
 msgstr "Il faut la clé secrète pour faire cela.\n"
 
 #: g10/keyedit.c:758
-#, fuzzy
 msgid "Really sign all user IDs? "
 msgstr "Signer vraiment tous les utilisateurs ? "
 
 #: g10/keyedit.c:759
-#, fuzzy
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Aide : Sélectionner les utilisateurs à signer\n"
 
@@ -2231,22 +2218,18 @@ msgid "update of trustdb failed: %s\n"
 msgstr "la mise à jour de la base de confiance a échoué : %s\n"
 
 #: g10/keyedit.c:797 g10/keyedit.c:818
-#, fuzzy
 msgid "You must select at least one user ID.\n"
 msgstr "Vous devez sélectionner au moins un utilisateur.\n"
 
 #: g10/keyedit.c:799
-#, fuzzy
 msgid "You can't delete the last user ID!\n"
 msgstr "Vous ne pouvez pas supprimer le dernier utilisateur !\n"
 
 #: g10/keyedit.c:802
-#, fuzzy
 msgid "Really remove all selected user IDs? "
 msgstr "Enlever réellement tous les utilisateurs sélectionnés ? "
 
 #: g10/keyedit.c:803
-#, fuzzy
 msgid "Really remove this user ID? "
 msgstr "Enlever réellement cet utilisateur ? "
 
@@ -2355,7 +2338,7 @@ msgid "No corresponding signature in secret ring\n"
 msgstr "Pas de signature correspondante dans le porte-clés secret\n"
 
 #: g10/keyedit.c:1566
-#, fuzzy, c-format
+#, c-format
 msgid "No user ID with index %d\n"
 msgstr "Pas d'utilisateur avec l'index %d\n"
 
@@ -2381,6 +2364,31 @@ msgstr ""
 msgid "Create a revocation certificate for this signature? (y/N)"
 msgstr "Générer un certificat de révocation pour cette signature ? (o/N)"
 
+#. FIXME: detect duplicates here
+#: g10/keyedit.c:1740
+#, fuzzy
+msgid "You have signed these user IDs:\n"
+msgstr "Vous ne pouvez pas supprimer le dernier utilisateur !\n"
+
+#: g10/keyedit.c:1754 g10/keyedit.c:1789
+#, fuzzy, c-format
+msgid "   signed by %08lX at %s\n"
+msgstr ""
+" »\n"
+"signé avec votre clé %08lX à %s\n"
+
+#: g10/keyedit.c:1759
+#, fuzzy, c-format
+msgid "   revoked by %08lX at %s\n"
+msgstr ""
+" »\n"
+"signé avec votre clé %08lX à %s\n"
+
+#: g10/keyedit.c:1779
+#, fuzzy
+msgid "You are about to revoke these signatures:\n"
+msgstr "Voulez-vous vraiment révoquer les clés sélectionnées ? "
+
 #: g10/keyedit.c:1797
 msgid "Really create the revocation certificates? (y/N)"
 msgstr "Faut-il vraiment générer les certificats de révocation ? (o/N)"
@@ -2668,142 +2676,142 @@ msgstr "ne peut pas traiter les ligne plus longues que %d caract
 msgid "input line longer than %d characters\n"
 msgstr "la ligne d'entrée est plus longue que %d caractères\n"
 
-#: g10/tdbio.c:116 g10/tdbio.c:1634
+#: g10/tdbio.c:121 g10/tdbio.c:1635
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "enregistrement de base de confiance %lu : lseek a échoué : %s\n"
 
-#: g10/tdbio.c:122 g10/tdbio.c:1641
+#: g10/tdbio.c:127 g10/tdbio.c:1642
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr ""
 "enregistrement de la base de confiance %lu : l'écriture a échoué (n=%d) : "
 "%s\n"
 
-#: g10/tdbio.c:232
+#: g10/tdbio.c:237
 msgid "trustdb transaction too large\n"
 msgstr "transaction de base de confiance trop volumineuse\n"
 
-#: g10/tdbio.c:424
+#: g10/tdbio.c:429
 #, c-format
 msgid "%s: can't access: %s\n"
 msgstr "%s : ne peut accéder : %s\n"
 
-#: g10/ringedit.c:296 g10/tdbio.c:444
+#: g10/ringedit.c:298 g10/tdbio.c:445
 #, c-format
 msgid "%s: can't create directory: %s\n"
 msgstr "%s : ne peut créer le répertoire : %s\n"
 
-#: g10/ringedit.c:302 g10/tdbio.c:447
+#: g10/ringedit.c:304 g10/tdbio.c:448
 #, c-format
 msgid "%s: directory created\n"
 msgstr "%s : répertoire créé\n"
 
-#: g10/tdbio.c:451
+#: g10/tdbio.c:452
 #, c-format
 msgid "%s: directory does not exist!\n"
 msgstr "%s : le répertoire n'existe pas !\n"
 
-#: g10/openfile.c:182 g10/openfile.c:253 g10/ringedit.c:1346 g10/tdbio.c:457
+#: g10/openfile.c:182 g10/openfile.c:253 g10/ringedit.c:1348 g10/tdbio.c:458
 #, c-format
 msgid "%s: can't create: %s\n"
 msgstr "%s : ne peut créer : %s\n"
 
-#: g10/tdbio.c:472 g10/tdbio.c:521
+#: g10/tdbio.c:473 g10/tdbio.c:522
 #, c-format
 msgid "%s: can't create lock\n"
 msgstr "%s : ne peut créer de verrouillage\n"
 
-#: g10/tdbio.c:486
+#: g10/tdbio.c:487
 #, c-format
 msgid "%s: failed to create version record: %s"
 msgstr "%s : n'a pas pu créer un enregistrement de version : %s"
 
-#: g10/tdbio.c:490
+#: g10/tdbio.c:491
 #, c-format
 msgid "%s: invalid trustdb created\n"
 msgstr "%s : base de confiance invalide créée\n"
 
-#: g10/tdbio.c:493
+#: g10/tdbio.c:494
 #, c-format
 msgid "%s: trustdb created\n"
 msgstr "%s : base de confiance créée\n"
 
-#: g10/tdbio.c:530
+#: g10/tdbio.c:531
 #, c-format
 msgid "%s: invalid trustdb\n"
 msgstr "%s : base de confiance invalide\n"
 
-#: g10/tdbio.c:563
+#: g10/tdbio.c:564
 #, c-format
 msgid "%s: failed to create hashtable: %s\n"
 msgstr "%s : la création de la table de hachage a échoué : %s\n"
 
-#: g10/tdbio.c:571
+#: g10/tdbio.c:572
 #, c-format
 msgid "%s: error updating version record: %s\n"
 msgstr ""
 "%s : erreur pendant la mise à jour de l'enregistrement de version : %s\n"
 
-#: g10/tdbio.c:587 g10/tdbio.c:626 g10/tdbio.c:648 g10/tdbio.c:678
+#: g10/tdbio.c:588 g10/tdbio.c:627 g10/tdbio.c:649 g10/tdbio.c:679
-#: g10/tdbio.c:703 g10/tdbio.c:1567 g10/tdbio.c:1594
+#: g10/tdbio.c:704 g10/tdbio.c:1568 g10/tdbio.c:1595
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s : erreur pendant la lecture de l'enregistrement de version : %s\n"
 
-#: g10/tdbio.c:600 g10/tdbio.c:659
+#: g10/tdbio.c:601 g10/tdbio.c:660
 #, c-format
 msgid "%s: error writing version record: %s\n"
 msgstr "%s : erreur pendant l'écriture de l'enregistrement de version : %s\n"
 
-#: g10/tdbio.c:1246
+#: g10/tdbio.c:1247
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "base de confiance : « lseek() » a échoué : %s\n"
 
-#: g10/tdbio.c:1254
+#: g10/tdbio.c:1255
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "base de confiance : la lecture a échoué (n=%d) : %s\n"
 
-#: g10/tdbio.c:1275
+#: g10/tdbio.c:1276
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s : ce n'est pas un fichier de base de confiance\n"
 
-#: g10/tdbio.c:1291
+#: g10/tdbio.c:1292
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s : enregistrement de version avec un numéro %lu\n"
 
-#: g10/tdbio.c:1296
+#: g10/tdbio.c:1297
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s : version %d du fichier invalide\n"
 
-#: g10/tdbio.c:1600
+#: g10/tdbio.c:1601
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s : erreur pendant la lecture de l'enregistrement libre : %s\n"
 
-#: g10/tdbio.c:1608
+#: g10/tdbio.c:1609
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr ""
 "%s : erreur pendant l'écriture de l'enregistrement de\n"
 "répertoire : %s\n"
 
-#: g10/tdbio.c:1618
+#: g10/tdbio.c:1619
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s : n'a pu mettre un enregistrement à zéro : %s\n"
 
-#: g10/tdbio.c:1648
+#: g10/tdbio.c:1649
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s : n'a pas pu ajouter un enregistrement : %s\n"
 
-#: g10/tdbio.c:1759
+#: g10/tdbio.c:1760
 msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
 msgstr "la base de confiance est corrompue ; exécutez « gpg --fix-trustdb ».\n"
 
@@ -3035,7 +3043,6 @@ msgid "Ooops, no keys\n"
 msgstr "Ooops, pas de clé\n"
 
 #: g10/trustdb.c:2061
-#, fuzzy
 msgid "Ooops, no user IDs\n"
 msgstr "Ooops, pas de nom d'utilisateur\n"
 
@@ -3098,32 +3105,32 @@ msgstr ""
 "ATTENTION : les enregistrements de préférences longs ne sont pas encore\n"
 "supportés\n"
 
-#: g10/ringedit.c:316
+#: g10/ringedit.c:318
 #, c-format
 msgid "%s: can't create keyring: %s\n"
 msgstr "%s : ne peut créer le porte-clés : %s\n"
 
-#: g10/ringedit.c:333 g10/ringedit.c:1351
+#: g10/ringedit.c:335 g10/ringedit.c:1353
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s : porte-clés créé\n"
 
-#: g10/ringedit.c:1528
+#: g10/ringedit.c:1530
 msgid "WARNING: 2 files with confidential information exists.\n"
 msgstr ""
 "ATTENTION : 2 fichiers avec des informations confidentielles existent.\n"
 
-#: g10/ringedit.c:1529
+#: g10/ringedit.c:1531
 #, c-format
 msgid "%s is the unchanged one\n"
 msgstr "%s est le fichier original\n"
 
-#: g10/ringedit.c:1530
+#: g10/ringedit.c:1532
 #, c-format
 msgid "%s is the new one\n"
 msgstr "%s est le nouveau\n"
 
-#: g10/ringedit.c:1531
+#: g10/ringedit.c:1533
 msgid "Please fix this possible security flaw\n"
 msgstr "Réparez ce problème de sécurité possible\n"
 
@@ -3208,25 +3215,56 @@ msgstr ""
 "ne peut éviter une clé faible pour le chiffrement symétrique :\n"
 "%d essais ont eu lieu !\n"
 
+#: g10/delkey.c:93
+#, fuzzy
+msgid "there is a secret key for this public key!\n"
+msgstr "enlever la clé du porte-clés public"
+
+#: g10/delkey.c:95
+msgid "use option \"--delete-secret-key\" to delete it first.\n"
+msgstr ""
+
+#: g10/delkey.c:111
+#, fuzzy
+msgid "can't do that in batchmode without \"--yes\"\n"
+msgstr "impossible de faire cela en mode automatique\n"
+
+#: g10/delkey.c:133
+#, fuzzy
+msgid "Delete this key from the keyring? "
+msgstr "enlever la clé du porte-clés public"
+
+#: g10/delkey.c:141
+msgid "This is a secret key! - really delete? "
+msgstr ""
+
 #: g10/helptext.c:47
 msgid ""
 "It's up to you to assign a value here; this value will never be exported\n"
 "to any 3rd party.  We need it to implement the web-of-trust; it has nothing\n"
 "to do with the (implicitly created) web-of-certificates."
 msgstr ""
+"C'est à vous d'assigner une valeur ici ; cette valeur ne sera jamais\n"
+"envoyée à une tierce personne. Nous en avons besoin pour créer le réseau\n"
+"de confiance (web-of-trust) ; cela n'a rien à voir avec le réseau des\n"
+"certificats (créé implicitement)"
 
 #: g10/helptext.c:53
 msgid "If you want to use this revoked key anyway, answer \"yes\"."
 msgstr ""
+"Si vous voulez utiliser cette clé révoquée quand-même, répondez « oui »."
 
 #: g10/helptext.c:57
 msgid "If you want to use this untrusted key anyway, answer \"yes\"."
 msgstr ""
+"Si vous voulez utiliser cette clé peu sûre quand-même, répondez « oui »."
 
 #: g10/helptext.c:61
 msgid ""
 "Enter the user ID of the addressee to whom you want to send the message."
 msgstr ""
+"Entrez le nom d'utilisateur de la personne à qui vous voulez envoyer\n"
+"le message."
 
 #: g10/helptext.c:65
 msgid ""
@@ -3248,6 +3286,23 @@ msgid ""
 "this is the reason why the encryption only ElGamal key is not available in\n"
 "this menu."
 msgstr ""
+"Sélectionnez l'algorithme à utiliser.\n"
+"DSA (alias DSS) est l'algorithme de signatures électroniques qui ne peut\n"
+"être utilisé que pour les signatures. C'est l'algorithme recommandé car\n"
+"la vérification des signatures DSA est beaucoup plus rapide que celle des\n"
+"signatures ElGamal.\n"
+"\n"
+"ElGamal est un algorithme pouvant à la fois être utilisé pour les\n"
+"signatures et le chiffrement. OpenPGP en distingue deux sortes :\n"
+"l'une destinée uniquement au chiffrement et l'autre pouvant aussi bien\n"
+"servir aux signatures ; elles sont en fait identiques mais certains\n"
+"paramètres doivent être spécialement choisis pour que la clé génère des\n"
+"signatures sûres : ce programme est capable de le faire mais les autres\n"
+"implémentations de OpenPGP ne sont pas obligées d'accepter cette forme de\n"
+"clé.\n"
+"\n"
+"La première clé (clé principale) doit toujours être capable de signer ;\n"
+"c'est pourquoi la clé ElGamal de chiffrement seul est alors désactivée."
 
 #: g10/helptext.c:85
 msgid ""
@@ -3255,16 +3310,18 @@ msgid ""
 "because they are not supported by all programs and signatures created\n"
 "with them are quite large and very slow to verify."
 msgstr ""
+"Bien que ces clés soient définies dans la RFC2440 elles ne sont pas\n"
+"conseillées car tous les programmes ne les supportent pas et les\n"
+"signatures créées avec elles sont plutôt longues et très lentes à vérifier."
 
 #: g10/helptext.c:92
-#, fuzzy
 msgid "Enter the size of the key"
-msgstr "Entrez le nom d'utilisateur : "
+msgstr "Entrez la taille de la clé"
 
 #: g10/helptext.c:96 g10/helptext.c:101 g10/helptext.c:113 g10/helptext.c:145
 #: g10/helptext.c:150 g10/helptext.c:155 g10/helptext.c:160
 msgid "Answer \"yes\" or \"no\""
-msgstr ""
+msgstr "Répondez « oui » ou « non »"
 
 #: g10/helptext.c:106
 msgid ""
@@ -3273,19 +3330,22 @@ msgid ""
 "get a good error response - instead the system tries to interpret\n"
 "the given value as an interval."
 msgstr ""
+"Entrez la valeur demandée comme indiqué dans la ligne de commande.\n"
+"On peut entrer une date ISO (AAAA-MM-JJ) mais le résultat d'erreur sera\n"
+"mauvais - le système essaierait d'interpréter la valeur donnée comme un\n"
+"intervalle."
 
 #: g10/helptext.c:118
 msgid "Enter the name of the key holder"
-msgstr ""
+msgstr "Entrez le nom du propriétaire de la clé"
 
 #: g10/helptext.c:123
 msgid "please enter an optional but highly suggested email address"
-msgstr ""
+msgstr "entrez une adresse e-mail optionnelle mais hautement recommandée"
 
 #: g10/helptext.c:127
-#, fuzzy
 msgid "Please enter an optional comment"
-msgstr "Entrez le nom d'un fichier de données : "
+msgstr "Entrez un commentaire optionnel"
 
 #: g10/helptext.c:132
 msgid ""
@@ -3295,24 +3355,31 @@ msgid ""
 "O  to continue with key generation.\n"
 "Q  to to quit the key generation."
 msgstr ""
+"N pour changer le nom.\n"
+"C pour changer le commentaire.\n"
+"E pour changer l'adresse e-mail.\n"
+"O pour continuer à générer la clé.\n"
+"Q pour arrêter de générer de clé."
 
 #: g10/helptext.c:141
 msgid "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
-msgstr ""
+msgstr "Répondez « oui » (ou simplement « o ») pour générer la sous-clé"
 
 #: g10/helptext.c:164
 msgid "Answer \"yes\" is you want to sign ALL the user IDs"
-msgstr ""
+msgstr "Répondez « oui » si vous voulez signer TOUS les noms d'utilisateurs"
 
 #: g10/helptext.c:168
 msgid ""
 "Answer \"yes\" if you really want to delete this user ID.\n"
 "All certificates are then also lost!"
 msgstr ""
+"Répondez « oui » si vous voulez vraiment supprimer ce nom\n"
+"d'utilisateur. Tous les certificats seront alors perdus en même temps !"
 
 #: g10/helptext.c:173
 msgid "Answer \"yes\" if it is okay to delete the subkey"
-msgstr ""
+msgstr "Répondez « oui » s'il faut vraiment supprimer la sous-clé"
 
 #: g10/helptext.c:178
 msgid ""
@@ -3320,20 +3387,30 @@ msgid ""
 "to delete this signature because it may be important to establish a\n"
 "trust connection to the key or another key certified by this key."
 msgstr ""
+"C'est une signature valide dans la clé ; vous n'avez pas normalement\n"
+"intérêt à supprimer cette signature car elle peut être importante pour\n"
+"établir une connection de confiance vers la clé ou une autre clé certifiée\n"
+"par celle-là."
 
 #: g10/helptext.c:183
 msgid ""
 "This signature can't be checked because you don't have the\n"
 "corresponding key.  You should postpone its deletion until you\n"
-"know which key was used because this signing key might establisha trust "
+"know which key was used because this signing key might establish\n"
-"connection through another already certified key."
+"a trust connection through another already certified key."
 msgstr ""
+"Cette signature ne peut pas être vérifiée parce que vous n'avez pas la\n"
+"clé correspondante. Vous devriez remettre sa supression jusqu'à ce que\n"
+"vous soyez sûr de quelle clé a été utilisée car cette clé de signature\n"
+"peut établir une connection de confiance vers une autre clé déjà certifiée."
 
 #: g10/helptext.c:189
 msgid ""
 "The signature is not valid.  It does make sense to remove it from\n"
 "your keyring."
 msgstr ""
+"Cette signature n'est pas valide. Vous devriez la supprimer de votre\n"
+"porte-clés."
 
 #: g10/helptext.c:193
 msgid ""
@@ -3343,30 +3420,40 @@ msgid ""
 "only if this self-signature is for some reason not valid and\n"
 "a second one is available."
 msgstr ""
+"Cette signature relie le nom d'utilisateur à la clé. Habituellement\n"
+"enlever une telle signature n'est pas une bonne idée. En fait GnuPG peut\n"
+"ne plus être capable d'utiliser cette clé. Donc faites ceci uniquement si\n"
+"cette auto-signature est invalide pour une certaine raison et si une autre\n"
+"est disponible."
 
 #: g10/helptext.c:202
 msgid ""
 "Please enter the passhrase; this is a secret sentence \n"
 "  Blurb, blurb,.... "
 msgstr ""
+"Entrez le mot de passe ; c'est une phrase secrète \n"
+"  Blurb, blurb,.... "
 
 #: g10/helptext.c:209
 msgid "Please repeat the last passphrase, so you are sure what you typed in."
 msgstr ""
+"Répétez le dernier mot de passe pour être sûr de ce que vous avez tapé."
 
 #: g10/helptext.c:213
 msgid "Give the name fo the file to which the signature applies"
-msgstr ""
+msgstr "Donnez le nom du fichier auquel la signature se rapporte"
 
 #: g10/helptext.c:218
 msgid "Answer \"yes\" if it is okay to overwrite the file"
-msgstr ""
+msgstr "Répondez « oui » s'il faut vraiment réécrire le fichier"
 
 #: g10/helptext.c:223
 msgid ""
 "Please enter a new filename. If you just hit RETURN the default\n"
 "file (which is shown in brackets) will be used."
 msgstr ""
+"Entrez le nouveau nom de fichier. Si vous tapez simplement ENTRÉE lefichier "
+"par défaut (indiqué entre crochets) sera utilisé."
 
 #: g10/helptext.c:237
 msgid "No help available"
@@ -3376,156 +3463,3 @@ msgstr "Pas d'aide disponible"
 #, c-format
 msgid "No help available for `%s'"
 msgstr "Pas d'aide disponible pour `%s'"
-
-#~ msgid "edit_ownertrust.value"
-#~ msgstr ""
-#~ "C'est à vous d'assigner une valeur ici ; cette valeur ne sera jamais\n"
-#~ "envoyée à une tierce personne. Nous en avons besoin pour créer le réseau de\n"
-#~ "confiance (web-of-trust) ; cela n'a rien à voir avec le réseau des\n"
-#~ "certificats (créé implicitement)"
-
-#~ msgid "revoked_key.override"
-#~ msgstr ""
-#~ "Si vous voulez utiliser cette clé révoquée quand-même, répondez « oui »."
-
-#~ msgid "untrusted_key.override"
-#~ msgstr ""
-#~ "Si vous voulez utiliser cette clé peu sûre quand-même, répondez « oui »."
-
-#~ msgid "pklist.user_id.enter"
-#~ msgstr ""
-#~ "Entrez l'adresse de la personne à qui vous voulez envoyer le message."
-
-#~ msgid "keygen.algo"
-#~ msgstr ""
-#~ "Sélectionnez l'algorithme à utiliser.\n"
-#~ "DSA (alias DSS) est l'algorithme de signatures électroniques qui ne peut\n"
-#~ "être utilisé que pour les signatures. C'est l'algorithme recommandé car\n"
-#~ "la vérification des signatures DSA est beaucoup plus rapide que celle des\n"
-#~ "signatures ElGamal.\n"
-#~ "ElGamal est un algorithme pouvant à la fois être utilisé pour les\n"
-#~ "signatures et le chiffrement. OpenPGP en distingue deux sortes :\n"
-#~ "l'une destinée uniquement au chiffrement et l'autre pouvant aussi bien\n"
-#~ "servir aux signatures ; elles sont en fait identiques mais certains\n"
-#~ "paramètres doivent être spécialement choisis pour que la clé génère des\n"
-#~ "signatures sures : ce programme est capable de le faire mais les autres\n"
-#~ "implémentaions de OpenPGP ne sont pas obligées d'accepter cette forme de\n"
-#~ "clé.\n"
-#~ "La première clé (clé principale) doit toujours être capable de signer ;\n"
-#~ "c'est pourquoi la clé ElGamal de chiffrement seul est alors désactivée."
-
-#~ msgid "keygen.algo.elg_se"
-#~ msgstr ""
-#~ "Bien que ces clés soient définies dans la RFC2440 elles ne sont pas\n"
-#~ "conseillées car tous les programmes ne les supportent pas et les signatures\n"
-#~ "créées avec elles sont plutôt longues et très lentes à vérifier."
-
-#~ msgid "keygen.size"
-#~ msgstr "Entrez la taille de la clé"
-
-#~ msgid "keygen.size.huge.okay"
-#~ msgstr "Répondez « oui » ou « non »"
-
-#~ msgid "keygen.size.large.okay"
-#~ msgstr "Répondez « oui » ou « non »"
-
-#~ msgid "keygen.valid"
-#~ msgstr ""
-#~ "Entrez la valeur demandée comme indiqué dans le prompteur.\n"
-#~ "On peut entrer une date ISO (AAAA-MM-JJ) mais le résultat d'erreur sera\n"
-#~ "mauvais - le système essaie d'interpréter la valeur donnée comme un\n"
-#~ "intervalle."
-
-#~ msgid "keygen.valid.okay"
-#~ msgstr "Répondez « oui » ou « non »"
-
-#~ msgid "keygen.name"
-#~ msgstr "Entrez le nom du propriétaire de la clé"
-
-#~ msgid "keygen.email"
-#~ msgstr "Entrez une adresse e-mail optionnelle mais hautement recommandée"
-
-#~ msgid "keygen.comment"
-#~ msgstr "Entrez un commentaire optionnel"
-
-#~ msgid "keygen.userid.cmd"
-#~ msgstr ""
-#~ "N pour changer le nom.\n"
-#~ "C pour changer le commentaire.\n"
-#~ "E pour changer l'adresse e-mail.\n"
-#~ "O pour continuer à générer la clé.\n"
-#~ "Q pour arrêter de générer de clé."
-
-#~ msgid "keygen.sub.okay"
-#~ msgstr "Répondez « oui » (ou simplement « o ») pour générer la sous-clé"
-
-#~ msgid "sign_uid.okay"
-#~ msgstr "Répondez « oui » ou « non »"
-
-#~ msgid "change_passwd.empty.okay"
-#~ msgstr "Répondez « oui » ou « non »"
-
-#~ msgid "keyedit.save.okay"
-#~ msgstr "Répondez « oui » ou « non »"
-
-#~ msgid "keyedit.cancel.okay"
-#~ msgstr "Répondez « oui » ou « non »"
-
-#~ msgid "keyedit.sign_all.okay"
-#~ msgstr "Répondez « oui » si vous voulez signer TOUS les noms d'utilisateurs"
-
-#~ msgid "keyedit.remove.uid.okay"
-#~ msgstr ""
-#~ "Répondez « oui » si vous voulez vraiment supprimer ce nom\n"
-#~ "d'utilisateur. Tous les certificats seront alors perdus en même temps !"
-
-#~ msgid "keyedit.remove.subkey.okay"
-#~ msgstr "Entrez « oui » s'il faut vraiment supprimer la sous-clé"
-
-#~ msgid "keyedit.delsig.valid"
-#~ msgstr ""
-#~ "C'est une signature valide dans la clé ; vous n'avez pas normalement\n"
-#~ "intérêt à supprimer cette signature car elle peut être importante pour\n"
-#~ "établir une connection de confiance vers la clé ou une autre clé certifiée\n"
-#~ "par celle-là."
-
-#~ msgid "keyedit.delsig.unknown"
-#~ msgstr ""
-#~ "Cette signature ne peut pas être vérifiée parce que vous n'avez pas la\n"
-#~ "clé correspondante. Vous devriez remettre sa supression jusqu'à ce que\n"
-#~ "vous soyez sûr de quelle clé a été utilisée car cette clé de signature\n"
-#~ "peut établir une connection de confiance vers une autre clé déjà certifiée."
-
-#~ msgid "keyedit.delsig.invalid"
-#~ msgstr ""
-#~ "Cette signature n'est pas valide. Vous devriez la supprimer de votre\n"
-#~ "porte-clés."
-
-#~ msgid "keyedit.delsig.selfsig"
-#~ msgstr ""
-#~ "Cette signature relie le nom d'utilisateur à la clé. Habituellement\n"
-#~ "enlever une telle signature n'est pas une bonne idée. En fait GnuPG peut\n"
-#~ "ne plus être capable d'utiliser cette clé. Donc faites ceci uniquement si\n"
-#~ "cette auto-signature est invalide pour une certaine raison et si une autre\n"
-#~ "est disponible."
-
-#~ msgid "passphrase.enter"
-#~ msgstr ""
-#~ "Entrez le mot de passe ; c'est une phrase secrète \n"
-#~ "  Blurb, blurb,.... "
-
-#~ msgid "passphrase.repeat"
-#~ msgstr ""
-#~ "Répétez le dernier mot de passe pour être sûr de ce que vous avez tapé."
-
-#~ msgid "detached_signature.filename"
-#~ msgstr "Donnez le nom du fichier auquel la signature se rapporte"
-
-#~ msgid "openfile.overwrite.okay"
-#~ msgstr "Entrez « oui » s'il faut vraiment réécrire le fichier"
-
-#~ msgid "openfile.askoutname"
-#~ msgstr ""
-#~ "Entrez le nouveau nom de fichier. Si vous tapez simplement ENTRÉE le "
-#~ "fichier\n"
-#~ "par défaut (indiqué entre crochets) sera utilisé."

po/it.po

@@ -5,7 +5,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: gnupg-0.9.7\n"
-"POT-Creation-Date: 1999-09-03 08:52+0200\n"
+"POT-Creation-Date: 1999-09-05 19:21+0200\n"
 "PO-Revision-Date: 1999-08-17 23:04+02:00\n"
 "Last-Translator: Marco d'Itri <md@linux.it>\n"
 "Language-Team: Italian <it@li.org>\n"
@@ -1492,8 +1492,8 @@ msgstr ""
 msgid "Really create? "
 msgstr "Crea davvero? "
 
-#: g10/encode.c:91 g10/openfile.c:156 g10/openfile.c:246 g10/tdbio.c:467
+#: g10/encode.c:91 g10/openfile.c:156 g10/openfile.c:246 g10/tdbio.c:468
-#: g10/tdbio.c:528
+#: g10/tdbio.c:529
 #, c-format
 msgid "%s: can't open: %s\n"
 msgstr "%s: impossibile aprire: %s\n"
@@ -1839,7 +1839,7 @@ msgstr "chiave %08lX: certificato di revoca aggiunto\n"
 msgid "key %08lX: our copy has no self-signature\n"
 msgstr "chiave %08lX: la nostra copia non ha autofirma\n"
 
-#: g10/keyedit.c:93
+#: g10/delkey.c:64 g10/keyedit.c:93
 #, c-format
 msgid "%s: user not found\n"
 msgstr "%s: utente non trovato\n"
@@ -2179,7 +2179,7 @@ msgstr "abilita"
 msgid "enable a key"
 msgstr "abilita una chiave"
 
-#: g10/keyedit.c:614
+#: g10/delkey.c:107 g10/keyedit.c:614
 msgid "can't do that in batchmode\n"
 msgstr "impossibile fare questo in modo batch\n"
 
@@ -2364,6 +2364,33 @@ msgstr ""
 msgid "Create a revocation certificate for this signature? (y/N)"
 msgstr "Creare un certificato di revoca per questa firma? (s/N)"
 
+#. FIXME: detect duplicates here
+#: g10/keyedit.c:1740
+#, fuzzy
+msgid "You have signed these user IDs:\n"
+msgstr "Non puoi cancellare l'ultimo user id!\n"
+
+#: g10/keyedit.c:1754 g10/keyedit.c:1789
+#, fuzzy, c-format
+msgid "   signed by %08lX at %s\n"
+msgstr ""
+"\"\n"
+"firmata con la tua chiave %08lX a %s\n"
+"\n"
+
+#: g10/keyedit.c:1759
+#, fuzzy, c-format
+msgid "   revoked by %08lX at %s\n"
+msgstr ""
+"\"\n"
+"firmata con la tua chiave %08lX a %s\n"
+"\n"
+
+#: g10/keyedit.c:1779
+#, fuzzy
+msgid "You are about to revoke these signatures:\n"
+msgstr "Vuoi davvero revocare le chiavi selezionate? "
+
 #: g10/keyedit.c:1797
 msgid "Really create the revocation certificates? (y/N)"
 msgstr "Creare davvero i certificati di revoca? (s/N)"
@@ -2648,137 +2675,137 @@ msgstr "impossibile gestire linee di testo pi
 msgid "input line longer than %d characters\n"
 msgstr "linea di input più lunga di %d caratteri\n"
 
-#: g10/tdbio.c:116 g10/tdbio.c:1634
+#: g10/tdbio.c:121 g10/tdbio.c:1635
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "trustdb rec %lu: lseek fallita: %s\n"
 
-#: g10/tdbio.c:122 g10/tdbio.c:1641
+#: g10/tdbio.c:127 g10/tdbio.c:1642
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "trustdb rec %lu: scrittura fallita (n=%d): %s\n"
 
-#: g10/tdbio.c:232
+#: g10/tdbio.c:237
 msgid "trustdb transaction too large\n"
 msgstr "transazione del trustdb troppo grande\n"
 
-#: g10/tdbio.c:424
+#: g10/tdbio.c:429
 #, c-format
 msgid "%s: can't access: %s\n"
 msgstr "%s: impossibile acedere a: %s\n"
 
-#: g10/ringedit.c:296 g10/tdbio.c:444
+#: g10/ringedit.c:298 g10/tdbio.c:445
 #, c-format
 msgid "%s: can't create directory: %s\n"
 msgstr "%s: impossibile creare la directory: %s\n"
 
-#: g10/ringedit.c:302 g10/tdbio.c:447
+#: g10/ringedit.c:304 g10/tdbio.c:448
 #, c-format
 msgid "%s: directory created\n"
 msgstr "%s: directory creata\n"
 
-#: g10/tdbio.c:451
+#: g10/tdbio.c:452
 #, c-format
 msgid "%s: directory does not exist!\n"
 msgstr "%s: la directory non esiste!\n"
 
-#: g10/openfile.c:182 g10/openfile.c:253 g10/ringedit.c:1346 g10/tdbio.c:457
+#: g10/openfile.c:182 g10/openfile.c:253 g10/ringedit.c:1348 g10/tdbio.c:458
 #, c-format
 msgid "%s: can't create: %s\n"
 msgstr "%s: impossibile creare: %s\n"
 
-#: g10/tdbio.c:472 g10/tdbio.c:521
+#: g10/tdbio.c:473 g10/tdbio.c:522
 #, c-format
 msgid "%s: can't create lock\n"
 msgstr "%s: impossibile creare il lock\n"
 
-#: g10/tdbio.c:486
+#: g10/tdbio.c:487
 #, c-format
 msgid "%s: failed to create version record: %s"
 msgstr "%s: creazione del record della versione fallita: %s"
 
-#: g10/tdbio.c:490
+#: g10/tdbio.c:491
 #, c-format
 msgid "%s: invalid trustdb created\n"
 msgstr "%s: è stato creato un trustdb non valido\n"
 
-#: g10/tdbio.c:493
+#: g10/tdbio.c:494
 #, c-format
 msgid "%s: trustdb created\n"
 msgstr "%s: creato il trustdb\n"
 
-#: g10/tdbio.c:530
+#: g10/tdbio.c:531
 #, c-format
 msgid "%s: invalid trustdb\n"
 msgstr "%s: trustdb non valido\n"
 
-#: g10/tdbio.c:563
+#: g10/tdbio.c:564
 #, c-format
 msgid "%s: failed to create hashtable: %s\n"
 msgstr "%s: creazione della tabella hash fallita: %s\n"
 
-#: g10/tdbio.c:571
+#: g10/tdbio.c:572
 #, c-format
 msgid "%s: error updating version record: %s\n"
 msgstr "%s: errore durante l'aggiornamento del record di versione: %s\n"
 
-#: g10/tdbio.c:587 g10/tdbio.c:626 g10/tdbio.c:648 g10/tdbio.c:678
+#: g10/tdbio.c:588 g10/tdbio.c:627 g10/tdbio.c:649 g10/tdbio.c:679
-#: g10/tdbio.c:703 g10/tdbio.c:1567 g10/tdbio.c:1594
+#: g10/tdbio.c:704 g10/tdbio.c:1568 g10/tdbio.c:1595
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: errore durante la lettura del record di versione: %s\n"
 
-#: g10/tdbio.c:600 g10/tdbio.c:659
+#: g10/tdbio.c:601 g10/tdbio.c:660
 #, c-format
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: errore durante la scrittura del record di versione: %s\n"
 
-#: g10/tdbio.c:1246
+#: g10/tdbio.c:1247
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "trustdb: lseek fallita: %s\n"
 
-#: g10/tdbio.c:1254
+#: g10/tdbio.c:1255
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "trustdb: read fallita (n=%d): %s\n"
 
-#: g10/tdbio.c:1275
+#: g10/tdbio.c:1276
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: non è un file di trustdb\n"
 
-#: g10/tdbio.c:1291
+#: g10/tdbio.c:1292
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: record di versione con recnum %lu\n"
 
-#: g10/tdbio.c:1296
+#: g10/tdbio.c:1297
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: versione %d del file non valida\n"
 
-#: g10/tdbio.c:1600
+#: g10/tdbio.c:1601
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: errore durante la lettura del record libero: %s\n"
 
-#: g10/tdbio.c:1608
+#: g10/tdbio.c:1609
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: errore durante la scrittura del dir record: %s\n"
 
-#: g10/tdbio.c:1618
+#: g10/tdbio.c:1619
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: azzeramento di un record fallito: %s\n"
 
-#: g10/tdbio.c:1648
+#: g10/tdbio.c:1649
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: accodatura a un record fallita: %s\n"
 
-#: g10/tdbio.c:1759
+#: g10/tdbio.c:1760
 msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
 msgstr "Il trustdb è danneggiato; eseguire \"gpg --fix-trust-db\".\n"
 
@@ -3065,31 +3092,31 @@ msgstr "impossibile mettere `%s' nel trustdb: %s\n"
 msgid "WARNING: can't yet handle long pref records\n"
 msgstr "ATTENZIONE: non è ancora possibile gestire record pref lunghi\n"
 
-#: g10/ringedit.c:316
+#: g10/ringedit.c:318
 #, c-format
 msgid "%s: can't create keyring: %s\n"
 msgstr "%s: impossibile creare il portachiavi: %s\n"
 
-#: g10/ringedit.c:333 g10/ringedit.c:1351
+#: g10/ringedit.c:335 g10/ringedit.c:1353
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: portachiavi creato\n"
 
-#: g10/ringedit.c:1528
+#: g10/ringedit.c:1530
 msgid "WARNING: 2 files with confidential information exists.\n"
 msgstr "ATTENZIONE: esistono due file con informazioni confidenziali.\n"
 
-#: g10/ringedit.c:1529
+#: g10/ringedit.c:1531
 #, c-format
 msgid "%s is the unchanged one\n"
 msgstr "%s è quello non modificato\n"
 
-#: g10/ringedit.c:1530
+#: g10/ringedit.c:1532
 #, c-format
 msgid "%s is the new one\n"
 msgstr "%s è quello nuovo\n"
 
-#: g10/ringedit.c:1531
+#: g10/ringedit.c:1533
 msgid "Please fix this possible security flaw\n"
 msgstr "Per favore risolvete questo possibile problema di sicurezza\n"
 
@@ -3174,6 +3201,29 @@ msgstr ""
 "Impossibile evitare una chiave debole per il cifrario simmetrico;\n"
 "ho provato %d volte!\n"
 
+#: g10/delkey.c:93
+#, fuzzy
+msgid "there is a secret key for this public key!\n"
+msgstr "rimuove una chiave dal portachiavi pubblico"
+
+#: g10/delkey.c:95
+msgid "use option \"--delete-secret-key\" to delete it first.\n"
+msgstr ""
+
+#: g10/delkey.c:111
+#, fuzzy
+msgid "can't do that in batchmode without \"--yes\"\n"
+msgstr "impossibile fare questo in modo batch\n"
+
+#: g10/delkey.c:133
+#, fuzzy
+msgid "Delete this key from the keyring? "
+msgstr "rimuove una chiave dal portachiavi pubblico"
+
+#: g10/delkey.c:141
+msgid "This is a secret key! - really delete? "
+msgstr ""
+
 #: g10/helptext.c:47
 msgid ""
 "It's up to you to assign a value here; this value will never be exported\n"
@@ -3291,8 +3341,8 @@ msgstr ""
 msgid ""
 "This signature can't be checked because you don't have the\n"
 "corresponding key.  You should postpone its deletion until you\n"
-"know which key was used because this signing key might establisha trust "
+"know which key was used because this signing key might establish\n"
-"connection through another already certified key."
+"a trust connection through another already certified key."
 msgstr ""
 
 #: g10/helptext.c:189

po/pl.po

@@ -6,7 +6,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: gnupg-0.9.7\n"
-"POT-Creation-Date: 1999-09-03 08:52+0200\n"
+"POT-Creation-Date: 1999-09-05 19:21+0200\n"
 "PO-Revision-Date: 1999-05-30 19:08+02:00\n"
 "Last-Translator: Janusz A. Urbanowicz <alex@bofh.net.pl>\n"
 "Language-Team: Polish <pl@li.org>\n"
@@ -1521,8 +1521,8 @@ msgstr ""
 msgid "Really create? "
 msgstr "Na pewno generowaæ? "
 
-#: g10/encode.c:91 g10/openfile.c:156 g10/openfile.c:246 g10/tdbio.c:467
+#: g10/encode.c:91 g10/openfile.c:156 g10/openfile.c:246 g10/tdbio.c:468
-#: g10/tdbio.c:528
+#: g10/tdbio.c:529
 #, c-format
 msgid "%s: can't open: %s\n"
 msgstr "%s: nie mogê otworzyæ: %s\n"
@@ -1873,7 +1873,7 @@ msgstr "klucz %08lX: dodany certyfikat uniewa
 msgid "key %08lX: our copy has no self-signature\n"
 msgstr "klucz %08lX: dostêpna kopia nie jest podpisana ni± sam±\n"
 
-#: g10/keyedit.c:93
+#: g10/delkey.c:64 g10/keyedit.c:93
 #, c-format
 msgid "%s: user not found\n"
 msgstr "%s: nie znaleziono u¿ytkownika\n"
@@ -2218,7 +2218,7 @@ msgstr ""
 msgid "enable a key"
 msgstr "klucz niepoprawny"
 
-#: g10/keyedit.c:614
+#: g10/delkey.c:107 g10/keyedit.c:614
 msgid "can't do that in batchmode\n"
 msgstr "nie dzia³a w trybie wsadowym\n"
 
@@ -2409,6 +2409,31 @@ msgstr ""
 msgid "Create a revocation certificate for this signature? (y/N)"
 msgstr "Stworzyæ certyfikat uniewa¿nienia tego podpisu? (t/N)"
 
+#. FIXME: detect duplicates here
+#: g10/keyedit.c:1740
+#, fuzzy
+msgid "You have signed these user IDs:\n"
+msgstr "Nie mo¿esz usun±æ ostatniego identyfikatora u¿ytkownika!\n"
+
+#: g10/keyedit.c:1754 g10/keyedit.c:1789
+#, fuzzy, c-format
+msgid "   signed by %08lX at %s\n"
+msgstr ""
+"\"\n"
+"podpisano Twoim kluczem %08lX w %s\n"
+
+#: g10/keyedit.c:1759
+#, fuzzy, c-format
+msgid "   revoked by %08lX at %s\n"
+msgstr ""
+"\"\n"
+"podpisano Twoim kluczem %08lX w %s\n"
+
+#: g10/keyedit.c:1779
+#, fuzzy
+msgid "You are about to revoke these signatures:\n"
+msgstr "Czy na pewno chcesz uniewa¿niæ wybrane klucze? "
+
 #: g10/keyedit.c:1797
 msgid "Really create the revocation certificates? (y/N)"
 msgstr "Na pewno utworzyæ certyfikaty uniewa¿nienia ? (t/N)"
@@ -2703,137 +2728,137 @@ msgstr "nie mog
 msgid "input line longer than %d characters\n"
 msgstr "linia d³u¿sza ni¿ %d znaków\n"
 
-#: g10/tdbio.c:116 g10/tdbio.c:1634
+#: g10/tdbio.c:121 g10/tdbio.c:1635
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "baza zaufania, wpis %lu: lseek() nie powiod³a siê: %s\n"
 
-#: g10/tdbio.c:122 g10/tdbio.c:1641
+#: g10/tdbio.c:127 g10/tdbio.c:1642
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "baza zaufania, wpis %lu: zapis nie powiód³ siê (n=%d): %s\n"
 
-#: g10/tdbio.c:232
+#: g10/tdbio.c:237
 msgid "trustdb transaction too large\n"
 msgstr "zbyt du¿e zlecenie dla bazy zaufania\n"
 
-#: g10/tdbio.c:424
+#: g10/tdbio.c:429
 #, c-format
 msgid "%s: can't access: %s\n"
 msgstr "%s: dostêp niemo¿liwy: %s\n"
 
-#: g10/ringedit.c:296 g10/tdbio.c:444
+#: g10/ringedit.c:298 g10/tdbio.c:445
 #, c-format
 msgid "%s: can't create directory: %s\n"
 msgstr "%s: nie mogê utworzyæ katalogu: %s\n"
 
-#: g10/ringedit.c:302 g10/tdbio.c:447
+#: g10/ringedit.c:304 g10/tdbio.c:448
 #, c-format
 msgid "%s: directory created\n"
 msgstr "%s: katalog utworzony\n"
 
-#: g10/tdbio.c:451
+#: g10/tdbio.c:452
 #, c-format
 msgid "%s: directory does not exist!\n"
 msgstr "%s: katalog nie istnieje!\n"
 
-#: g10/openfile.c:182 g10/openfile.c:253 g10/ringedit.c:1346 g10/tdbio.c:457
+#: g10/openfile.c:182 g10/openfile.c:253 g10/ringedit.c:1348 g10/tdbio.c:458
 #, c-format
 msgid "%s: can't create: %s\n"
 msgstr "%s: nie mogê utworzyæ: %s\n"
 
-#: g10/tdbio.c:472 g10/tdbio.c:521
+#: g10/tdbio.c:473 g10/tdbio.c:522
 #, c-format
 msgid "%s: can't create lock\n"
 msgstr "%s: nie mogê utworzyæ blokady\n"
 
-#: g10/tdbio.c:486
+#: g10/tdbio.c:487
 #, c-format
 msgid "%s: failed to create version record: %s"
 msgstr "%s: stworzenie zapisu o wersji nie powiod³o siê: %s"
 
-#: g10/tdbio.c:490
+#: g10/tdbio.c:491
 #, c-format
 msgid "%s: invalid trustdb created\n"
 msgstr "%s: stworzony niepoprawny plik bazy zaufania\n"
 
-#: g10/tdbio.c:493
+#: g10/tdbio.c:494
 #, c-format
 msgid "%s: trustdb created\n"
 msgstr "%s: baza zaufania utworzona\n"
 
-#: g10/tdbio.c:530
+#: g10/tdbio.c:531
 #, c-format
 msgid "%s: invalid trustdb\n"
 msgstr "%s: niepoprawny plik bazy zaufania\n"
 
-#: g10/tdbio.c:563
+#: g10/tdbio.c:564
 #, c-format
 msgid "%s: failed to create hashtable: %s\n"
 msgstr "%s: tworzenie tablicy skrótów nie powiod³o siê: %s\n"
 
-#: g10/tdbio.c:571
+#: g10/tdbio.c:572
 #, c-format
 msgid "%s: error updating version record: %s\n"
 msgstr "%s: b³±d przy uaktualnianiu numeru wersji: %s\n"
 
-#: g10/tdbio.c:587 g10/tdbio.c:626 g10/tdbio.c:648 g10/tdbio.c:678
+#: g10/tdbio.c:588 g10/tdbio.c:627 g10/tdbio.c:649 g10/tdbio.c:679
-#: g10/tdbio.c:703 g10/tdbio.c:1567 g10/tdbio.c:1594
+#: g10/tdbio.c:704 g10/tdbio.c:1568 g10/tdbio.c:1595
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: b³±d odczytu numeru wersji: %s\n"
 
-#: g10/tdbio.c:600 g10/tdbio.c:659
+#: g10/tdbio.c:601 g10/tdbio.c:660
 #, c-format
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: b³±d zapisu numeru wersji: %s\n"
 
-#: g10/tdbio.c:1246
+#: g10/tdbio.c:1247
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "baza zaufania: procedura lseek() zawiod³a: %s\n"
 
-#: g10/tdbio.c:1254
+#: g10/tdbio.c:1255
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "baza zaufania: procedura read() (n=%d) zawiod³a: %s\n"
 
-#: g10/tdbio.c:1275
+#: g10/tdbio.c:1276
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: to nie jest plik bazy zaufania\n"
 
-#: g10/tdbio.c:1291
+#: g10/tdbio.c:1292
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: wpis wersji z numerem %lu\n"
 
-#: g10/tdbio.c:1296
+#: g10/tdbio.c:1297
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: niew³a¶ciwa wersja pliku %d\n"
 
-#: g10/tdbio.c:1600
+#: g10/tdbio.c:1601
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: b³±d odczytu pustego wpisu: %s\n"
 
-#: g10/tdbio.c:1608
+#: g10/tdbio.c:1609
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: b³±d zapisu wpisu katalogowego: %s\n"
 
-#: g10/tdbio.c:1618
+#: g10/tdbio.c:1619
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: zerowanie rekordu nie powiod³o siê: %s\n"
 
-#: g10/tdbio.c:1648
+#: g10/tdbio.c:1649
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: dopisanie rekordu nie powiod³o siê: %s\n"
 
-#: g10/tdbio.c:1759
+#: g10/tdbio.c:1760
 #, fuzzy
 msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
 msgstr ""
@@ -3123,31 +3148,31 @@ msgstr "umieszczenie '%s' w Bazie Zaufania nie powiod
 msgid "WARNING: can't yet handle long pref records\n"
 msgstr "OSTRZE¯ENIE: d³ugie wpisy ustawieñ jeszcze nie s± obs³ugiwane.\n"
 
-#: g10/ringedit.c:316
+#: g10/ringedit.c:318
 #, c-format
 msgid "%s: can't create keyring: %s\n"
 msgstr "%s: stworzenie zbioru kluczy jest niemo¿liwe: %s\n"
 
-#: g10/ringedit.c:333 g10/ringedit.c:1351
+#: g10/ringedit.c:335 g10/ringedit.c:1353
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: zbiór kluczy utworzony\n"
 
-#: g10/ringedit.c:1528
+#: g10/ringedit.c:1530
 msgid "WARNING: 2 files with confidential information exists.\n"
 msgstr "OSTRZE¯ENIE: Istniej± dwa pliki z poufnymi informacjami.\n"
 
-#: g10/ringedit.c:1529
+#: g10/ringedit.c:1531
 #, c-format
 msgid "%s is the unchanged one\n"
 msgstr "%s pozosta³ bez zmian\n"
 
-#: g10/ringedit.c:1530
+#: g10/ringedit.c:1532
 #, c-format
 msgid "%s is the new one\n"
 msgstr "%s zosta³ utworzony\n"
 
-#: g10/ringedit.c:1531
+#: g10/ringedit.c:1533
 msgid "Please fix this possible security flaw\n"
 msgstr "Proszê usun±æ to naruszenie zasad bezpieczeñstwa\n"
 
@@ -3232,6 +3257,29 @@ msgstr ""
 "brak mo¿liwo¶ci generacji dobrego klucza dla szyfru symetrycznego;\n"
 "operacja by³a powtarzana %d razy!\n"
 
+#: g10/delkey.c:93
+#, fuzzy
+msgid "there is a secret key for this public key!\n"
+msgstr "usuniêcie klucza ze zbioru kluczy publicznych"
+
+#: g10/delkey.c:95
+msgid "use option \"--delete-secret-key\" to delete it first.\n"
+msgstr ""
+
+#: g10/delkey.c:111
+#, fuzzy
+msgid "can't do that in batchmode without \"--yes\"\n"
+msgstr "nie dzia³a w trybie wsadowym\n"
+
+#: g10/delkey.c:133
+#, fuzzy
+msgid "Delete this key from the keyring? "
+msgstr "usuniêcie klucza ze zbioru kluczy publicznych"
+
+#: g10/delkey.c:141
+msgid "This is a secret key! - really delete? "
+msgstr ""
+
 #: g10/helptext.c:47
 msgid ""
 "It's up to you to assign a value here; this value will never be exported\n"
@@ -3349,8 +3397,8 @@ msgstr ""
 msgid ""
 "This signature can't be checked because you don't have the\n"
 "corresponding key.  You should postpone its deletion until you\n"
-"know which key was used because this signing key might establisha trust "
+"know which key was used because this signing key might establish\n"
-"connection through another already certified key."
+"a trust connection through another already certified key."
 msgstr ""
 
 #: g10/helptext.c:189

po/ru.po

@@ -9,7 +9,7 @@
 # QingLong <qinglong@Bolizm> (couldn't send an email to let you know)
 msgid ""
 msgstr ""
-"POT-Creation-Date: 1999-09-03 08:52+0200\n"
+"POT-Creation-Date: 1999-09-05 19:21+0200\n"
 "Content-Type: text/plain; charset=\n"
 "Date: 1998-01-26 22:08:36+0100\n"
 "From: Gregory Steuck <steuck@iname.com>\n"
@@ -1578,8 +1578,8 @@ msgstr ""
 msgid "Really create? "
 msgstr "äÅÊÓÔ×ÉÔÅÌØÎÏ ÓÏÚÄÁÔØ? "
 
-#: g10/encode.c:91 g10/openfile.c:156 g10/openfile.c:246 g10/tdbio.c:467
+#: g10/encode.c:91 g10/openfile.c:156 g10/openfile.c:246 g10/tdbio.c:468
-#: g10/tdbio.c:528
+#: g10/tdbio.c:529
 #, c-format
 msgid "%s: can't open: %s\n"
 msgstr "%s: ÎÅ×ÏÚÍÏÖÎÏ ÏÔËÒÙÔØ: %s\n"
@@ -1926,7 +1926,7 @@ msgstr "
 msgid "key %08lX: our copy has no self-signature\n"
 msgstr "ËÌÀÞ %08lX: ÎÁÛÁ ËÏÐÉÑ ÎÅ ÉÍÅÅÔ ÓÁÍÏ-ÐÏÄÐÉÓÉ\n"
 
-#: g10/keyedit.c:93
+#: g10/delkey.c:64 g10/keyedit.c:93
 #, c-format
 msgid "%s: user not found\n"
 msgstr "%s: ÐÏÌØÚÏ×ÁÔÅÌØ ÎÅ ÎÁÊÄÅÎ\n"
@@ -2285,7 +2285,7 @@ msgstr ""
 msgid "enable a key"
 msgstr "ðÌÏÈÏÊ ËÌÀÞ"
 
-#: g10/keyedit.c:614
+#: g10/delkey.c:107 g10/keyedit.c:614
 msgid "can't do that in batchmode\n"
 msgstr "ÎÅ×ÏÚÍÏÖÎÏ ÓÄÅÌÁÔØ ÜÔÏ × ÐÁËÅÔÎÏÍ ÒÅÖÉÍÅ.\n"
 
@@ -2482,6 +2482,27 @@ msgstr "
 msgid "Create a revocation certificate for this signature? (y/N)"
 msgstr "ÓÇÅÎÅÒÉÒÏ×ÁÔØ ÏÔÚÙ×ÁÀÝÉÊ ÓÅÒÔÉÆÉËÁÔ"
 
+#. FIXME: detect duplicates here
+#: g10/keyedit.c:1740
+#, fuzzy
+msgid "You have signed these user IDs:\n"
+msgstr "÷Ù ÎÅ ÍÏÖÅÔÅ ÕÄÁÌÉÔØ ÐÏÓÌÅÄÎÉÊ ÉÄÅÎÔÉÆÉËÁÔÏÒ ÐÏÌØÚÏ×ÁÔÅÌÑ!\n"
+
+#: g10/keyedit.c:1754 g10/keyedit.c:1789
+#, fuzzy, c-format
+msgid "   signed by %08lX at %s\n"
+msgstr "îÅÞÅÇÏ ÐÏÄÐÉÓÙ×ÁÔØ ËÌÀÞÁÍ %08lX\n"
+
+#: g10/keyedit.c:1759
+#, fuzzy, c-format
+msgid "   revoked by %08lX at %s\n"
+msgstr "îÅÞÅÇÏ ÐÏÄÐÉÓÙ×ÁÔØ ËÌÀÞÁÍ %08lX\n"
+
+#: g10/keyedit.c:1779
+#, fuzzy
+msgid "You are about to revoke these signatures:\n"
+msgstr "Möchten Sie einige der ungültigen Signaturen entfernen? "
+
 #: g10/keyedit.c:1797
 #, fuzzy
 msgid "Really create the revocation certificates? (y/N)"
@@ -2773,137 +2794,137 @@ msgstr ""
 msgid "input line longer than %d characters\n"
 msgstr ""
 
-#: g10/tdbio.c:116 g10/tdbio.c:1634
+#: g10/tdbio.c:121 g10/tdbio.c:1635
 #, fuzzy, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "ÏÂÎÏ×ÌÅÎÉÅ ÓÅËÒÅÔÁ ÎÅ ÕÄÁÌÏÓØ: %s\n"
 
-#: g10/tdbio.c:122 g10/tdbio.c:1641
+#: g10/tdbio.c:127 g10/tdbio.c:1642
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr ""
 
-#: g10/tdbio.c:232
+#: g10/tdbio.c:237
 msgid "trustdb transaction too large\n"
 msgstr ""
 
-#: g10/tdbio.c:424
+#: g10/tdbio.c:429
 #, fuzzy, c-format
 msgid "%s: can't access: %s\n"
 msgstr "%s: ÎÅ×ÏÚÍÏÖÎÏ ÏÔËÒÙÔØ: %s\n"
 
-#: g10/ringedit.c:296 g10/tdbio.c:444
+#: g10/ringedit.c:298 g10/tdbio.c:445
 #, fuzzy, c-format
 msgid "%s: can't create directory: %s\n"
 msgstr "%s: ÎÅ×ÏÚÍÏÖÎÏ ÏÔËÒÙÔØ: %s\n"
 
-#: g10/ringedit.c:302 g10/tdbio.c:447
+#: g10/ringedit.c:304 g10/tdbio.c:448
 #, fuzzy, c-format
 msgid "%s: directory created\n"
 msgstr "%s: ÎÅ×ÏÚÍÏÖÎÏ ÏÔËÒÙÔØ: %s\n"
 
-#: g10/tdbio.c:451
+#: g10/tdbio.c:452
 #, c-format
 msgid "%s: directory does not exist!\n"
 msgstr ""
 
-#: g10/openfile.c:182 g10/openfile.c:253 g10/ringedit.c:1346 g10/tdbio.c:457
+#: g10/openfile.c:182 g10/openfile.c:253 g10/ringedit.c:1348 g10/tdbio.c:458
 #, fuzzy, c-format
 msgid "%s: can't create: %s\n"
 msgstr "%s: ÎÅ×ÏÚÍÏÖÎÏ ÏÔËÒÙÔØ: %s\n"
 
-#: g10/tdbio.c:472 g10/tdbio.c:521
+#: g10/tdbio.c:473 g10/tdbio.c:522
 #, fuzzy, c-format
 msgid "%s: can't create lock\n"
 msgstr "%s: ÎÅ×ÏÚÍÏÖÎÏ ÏÔËÒÙÔØ: %s\n"
 
-#: g10/tdbio.c:486
+#: g10/tdbio.c:487
 #, c-format
 msgid "%s: failed to create version record: %s"
 msgstr ""
 
-#: g10/tdbio.c:490
+#: g10/tdbio.c:491
 #, fuzzy, c-format
 msgid "%s: invalid trustdb created\n"
 msgstr "%s: ÎÅ×ÏÚÍÏÖÎÏ ÏÔËÒÙÔØ: %s\n"
 
-#: g10/tdbio.c:493
+#: g10/tdbio.c:494
 #, fuzzy, c-format
 msgid "%s: trustdb created\n"
 msgstr "%s: ÎÅ×ÏÚÍÏÖÎÏ ÏÔËÒÙÔØ: %s\n"
 
-#: g10/tdbio.c:530
+#: g10/tdbio.c:531
 #, fuzzy, c-format
 msgid "%s: invalid trustdb\n"
 msgstr "ÏÂÎÏ×ÌÅÎÉÅ ÂÁÚÙ ÄÁÎÎÙÈ ÄÏ×ÅÒÉÑ ÎÅ ÕÄÁÌÏÓØ: %s\n"
 
-#: g10/tdbio.c:563
+#: g10/tdbio.c:564
 #, fuzzy, c-format
 msgid "%s: failed to create hashtable: %s\n"
 msgstr "%s: ÎÅ×ÏÚÍÏÖÎÏ ÏÔËÒÙÔØ: %s\n"
 
-#: g10/tdbio.c:571
+#: g10/tdbio.c:572
 #, fuzzy, c-format
 msgid "%s: error updating version record: %s\n"
 msgstr "Fehler beim Erzeugen der \"Passphrase\": %s\n"
 
-#: g10/tdbio.c:587 g10/tdbio.c:626 g10/tdbio.c:648 g10/tdbio.c:678
+#: g10/tdbio.c:588 g10/tdbio.c:627 g10/tdbio.c:649 g10/tdbio.c:679
-#: g10/tdbio.c:703 g10/tdbio.c:1567 g10/tdbio.c:1594
+#: g10/tdbio.c:704 g10/tdbio.c:1568 g10/tdbio.c:1595
 #, fuzzy, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "Fehler beim Erzeugen der \"Passphrase\": %s\n"
 
-#: g10/tdbio.c:600 g10/tdbio.c:659
+#: g10/tdbio.c:601 g10/tdbio.c:660
 #, fuzzy, c-format
 msgid "%s: error writing version record: %s\n"
 msgstr "Fehler beim Erzeugen der \"Passphrase\": %s\n"
 
-#: g10/tdbio.c:1246
+#: g10/tdbio.c:1247
 #, fuzzy, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "ÏÂÎÏ×ÌÅÎÉÅ ÓÅËÒÅÔÁ ÎÅ ÕÄÁÌÏÓØ: %s\n"
 
-#: g10/tdbio.c:1254
+#: g10/tdbio.c:1255
 #, fuzzy, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "ÏÂÎÏ×ÌÅÎÉÅ ÂÁÚÙ ÄÁÎÎÙÈ ÄÏ×ÅÒÉÑ ÎÅ ÕÄÁÌÏÓØ: %s\n"
 
-#: g10/tdbio.c:1275
+#: g10/tdbio.c:1276
 #, fuzzy, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "ÏÂÎÏ×ÌÅÎÉÅ ÂÁÚÙ ÄÁÎÎÙÈ ÄÏ×ÅÒÉÑ ÎÅ ÕÄÁÌÏÓØ: %s\n"
 
-#: g10/tdbio.c:1291
+#: g10/tdbio.c:1292
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr ""
 
-#: g10/tdbio.c:1296
+#: g10/tdbio.c:1297
 #, fuzzy, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "ÎÅÄÏÐÕÓÔÉÍÏÅ ÎÁÞÁÌÏ ÔÅËÓÔÏ×ÏÊ ÐÏÄÐÉÓÉ\n"
 
-#: g10/tdbio.c:1600
+#: g10/tdbio.c:1601
 #, fuzzy, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "Fehler beim Erzeugen der \"Passphrase\": %s\n"
 
-#: g10/tdbio.c:1608
+#: g10/tdbio.c:1609
 #, fuzzy, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "Fehler beim Erzeugen der \"Passphrase\": %s\n"
 
-#: g10/tdbio.c:1618
+#: g10/tdbio.c:1619
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr ""
 
-#: g10/tdbio.c:1648
+#: g10/tdbio.c:1649
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr ""
 
-#: g10/tdbio.c:1759
+#: g10/tdbio.c:1760
 #, fuzzy
 msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
 msgstr "âÁÚÁ ÄÁÎÎÙÈ ÄÏ×ÅÒÉÑ ÒÁÚÒÕÛÅÎÁ: ÚÁÐÕÓÔÉÔÅ \"gpgm --fix-trust-db\".\n"
@@ -3196,31 +3217,31 @@ msgstr "
 msgid "WARNING: can't yet handle long pref records\n"
 msgstr ""
 
-#: g10/ringedit.c:316
+#: g10/ringedit.c:318
 #, fuzzy, c-format
 msgid "%s: can't create keyring: %s\n"
 msgstr "%s: ÎÅ×ÏÚÍÏÖÎÏ ÏÔËÒÙÔØ: %s\n"
 
-#: g10/ringedit.c:333 g10/ringedit.c:1351
+#: g10/ringedit.c:335 g10/ringedit.c:1353
 #, fuzzy, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: ÎÅ×ÏÚÍÏÖÎÏ ÏÔËÒÙÔØ: %s\n"
 
-#: g10/ringedit.c:1528
+#: g10/ringedit.c:1530
 msgid "WARNING: 2 files with confidential information exists.\n"
 msgstr ""
 
-#: g10/ringedit.c:1529
+#: g10/ringedit.c:1531
 #, fuzzy, c-format
 msgid "%s is the unchanged one\n"
 msgstr "éÓÐÏÌØÚÏ×ÁÎ ÎÅÐÒÁ×ÉÌØÎÙÊ ÓÅËÒÅÔÎÙÊ ËÌÀÞ"
 
-#: g10/ringedit.c:1530
+#: g10/ringedit.c:1532
 #, c-format
 msgid "%s is the new one\n"
 msgstr ""
 
-#: g10/ringedit.c:1531
+#: g10/ringedit.c:1533
 msgid "Please fix this possible security flaw\n"
 msgstr ""
 
@@ -3304,6 +3325,28 @@ msgstr ""
 "ÎÅ ÐÏÌÕÞÁÅÔÓÑ ÉÚÂÅÖÁÔØ ÓÌÁÂÏÇÏ ËÌÀÞÁ × ÓÉÍÍÅÔÒÉÞÎÏÍ ÁÌÇÏÒÉÔÍÅ; ÐÒÏÂÏ×ÁÌÉ %d "
 "ÒÁÚ!\n"
 
+#: g10/delkey.c:93
+msgid "there is a secret key for this public key!\n"
+msgstr "Es gibt einen privaten ËÌÀÞ zu diesem öffentlichen ËÌÀÞ!\n"
+
+#: g10/delkey.c:95
+msgid "use option \"--delete-secret-key\" to delete it first.\n"
+msgstr ""
+"Benutzen Sie das Kommando \"--delete-secret-key\", um ihn vorab zu "
+"entfernen.\n"
+
+#: g10/delkey.c:111
+msgid "can't do that in batchmode without \"--yes\"\n"
+msgstr "Dies kann im Batchmodus ohne \"--yes\" nicht durchgeführt werden.\n"
+
+#: g10/delkey.c:133
+msgid "Delete this key from the keyring? "
+msgstr "Diesen ËÌÀÞ aus dem ËÌÀÞring löschen? "
+
+#: g10/delkey.c:141
+msgid "This is a secret key! - really delete? "
+msgstr "Dies ist ein privater ËÌÀÞ! - Wirklich löschen? "
+
 #: g10/helptext.c:47
 #, fuzzy
 msgid ""
@@ -3427,8 +3470,8 @@ msgstr ""
 msgid ""
 "This signature can't be checked because you don't have the\n"
 "corresponding key.  You should postpone its deletion until you\n"
-"know which key was used because this signing key might establisha trust "
+"know which key was used because this signing key might establish\n"
-"connection through another already certified key."
+"a trust connection through another already certified key."
 msgstr ""
 
 #: g10/helptext.c:189
@@ -3708,23 +3751,3 @@ msgstr "
 
 #~ msgid "Checking signatures of this public key certificate:\n"
 #~ msgstr "Die Signaturen dieses Zertifikats werden überprüft:\n"
-
-#~ msgid "Do you want to remove some of the invalid signatures? "
-#~ msgstr "Möchten Sie einige der ungültigen Signaturen entfernen? "
-
-#~ msgid "there is a secret key for this public key!\n"
-#~ msgstr "Es gibt einen privaten ËÌÀÞ zu diesem öffentlichen ËÌÀÞ!\n"
-
-#~ msgid "use option \"--delete-secret-key\" to delete it first.\n"
-#~ msgstr ""
-#~ "Benutzen Sie das Kommando \"--delete-secret-key\", um ihn vorab zu "
-#~ "entfernen.\n"
-
-#~ msgid "can't do that in batchmode without \"--yes\"\n"
-#~ msgstr "Dies kann im Batchmodus ohne \"--yes\" nicht durchgeführt werden.\n"
-
-#~ msgid "Delete this key from the keyring? "
-#~ msgstr "Diesen ËÌÀÞ aus dem ËÌÀÞring löschen? "
-
-#~ msgid "This is a secret key! - really delete? "
-#~ msgstr "Dies ist ein privater ËÌÀÞ! - Wirklich löschen? "