mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
edit-key is now complete
This commit is contained in:
Werner Koch
parent
1a80de41a5
commit
5ae562b41d
48 changed files with 2044 additions and 984 deletions
45
doc/DETAILS
45
doc/DETAILS
|
|
@ -56,23 +56,18 @@ Record type 1:
|
|||
--------------
|
||||
Version information for this TrustDB. This is always the first
|
||||
record of the DB and the only one with type 1.
|
||||
1 byte value 2
|
||||
1 byte value 1
|
||||
3 bytes 'gpg' magic value
|
||||
1 byte Version of the TrustDB
|
||||
3 byte reserved
|
||||
1 u32 locked by (pid) 0 = not locked.
|
||||
1 u32 locked flags
|
||||
1 u32 timestamp of trustdb creation
|
||||
1 u32 timestamp of last modification
|
||||
1 u32 timestamp of last validation
|
||||
(Used to keep track of the time, when this TrustDB was checked
|
||||
against the pubring)
|
||||
1 u32 reserved
|
||||
1 byte marginals needed
|
||||
1 byte completes needed
|
||||
1 byte max. cert depth
|
||||
If any of this 3 values are changed, all cache records
|
||||
must be invalidated.
|
||||
9 bytes reserved
|
||||
1 u32 record number of keyhashtable
|
||||
12 bytes reserved
|
||||
|
||||
|
||||
Record type 2: (directory record)
|
||||
|
|
@ -183,9 +178,9 @@ Record type 9: (cache record)
|
|||
|
||||
Record Type 10 (hash table)
|
||||
--------------
|
||||
Due to the fact that we use the keyid to lookup keys, we can
|
||||
Due to the fact that we use fingerprints to lookup keys, we can
|
||||
implement quick access by some simple hash methods, and avoid
|
||||
the overhead of gdbm. A property of keyids is that they can be
|
||||
the overhead of gdbm. A property of fingerprints is that they can be
|
||||
used directly as hash values. (They can be considered as strong
|
||||
random numbers.)
|
||||
What we use is a dynamic multilevel architecture, which combines
|
||||
|
|
@ -194,11 +189,11 @@ Record Type 10 (hash table)
|
|||
This record is a hashtable of 256 entries; a special property
|
||||
is that all these records are stored consecutively to make one
|
||||
big table. The hash value is simple the 1st, 2nd, ... byte of
|
||||
the keyid (depending on the indirection level).
|
||||
the fingerprint (depending on the indirection level).
|
||||
|
||||
1 byte value 10
|
||||
1 byte reserved
|
||||
n u32 recnum; n depends on th record length:
|
||||
n u32 recnum; n depends on the record length:
|
||||
n = (reclen-2)/4 which yields 9 for the current record length
|
||||
of 40 bytes.
|
||||
|
||||
|
|
@ -206,18 +201,15 @@ Record Type 10 (hash table)
|
|||
m = (256+n-1) / n
|
||||
which is 29 for a record length of 40.
|
||||
|
||||
To look up a key we use its lsb to get the recnum from this
|
||||
hashtable and look up the addressed record:
|
||||
- If this record is another hashtable, we use 2nd lsb
|
||||
To look up a key we use the first byte of the fingerprint to get
|
||||
the recnum from this hashtable and look up the addressed record:
|
||||
- If this record is another hashtable, we use 2nd byte
|
||||
to index this hast table and so on.
|
||||
- if this record is a hashlist, we walk thru the
|
||||
reclist records until we found one whose hash field
|
||||
matches the MSB of our keyid, and lookup this record
|
||||
- if this record is a dir record, we compare the
|
||||
keyid and if this is correct, we get the keyrecod and compare
|
||||
the fingerprint to decide whether it is the requested key;
|
||||
if this is not the correct dir record, we look at the next
|
||||
dir record which is linked by the link field.
|
||||
- if this record is a hashlist, we walk all entries
|
||||
until we found one a matching one.
|
||||
- if this record is a key record, we compare the
|
||||
fingerprint and to decide whether it is the requested key;
|
||||
|
||||
|
||||
Record type 11 (hash list)
|
||||
--------------
|
||||
|
|
@ -226,11 +218,10 @@ Record type 11 (hash list)
|
|||
1 byte value 11
|
||||
1 byte reserved
|
||||
1 u32 next next hash list record
|
||||
n times n = (reclen-6)/5
|
||||
1 byte hash
|
||||
n times n = (reclen-5)/5
|
||||
1 u32 recnum
|
||||
|
||||
For the current record length of 40, n is 6
|
||||
For the current record length of 40, n is 7
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
69
doc/gpg.1pod
69
doc/gpg.1pod
|
|
@ -5,6 +5,7 @@ gpg - GNU Privacy Guard
|
|||
=head1 SYNOPSIS
|
||||
|
||||
B<gpg> [--homedir name] [--options file] [options] command [args]
|
||||
|
||||
B<gpgm> [--homedir name] [--options file] [options] command [args]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
|
@ -98,23 +99,46 @@ B<--gen-key>
|
|||
Generate a new key pair. This command can only be
|
||||
used interactive.
|
||||
|
||||
B<--add-key> I<name>
|
||||
Add a subkey to an already existing key. This
|
||||
command is similiar to B<--gen-key> but a primary
|
||||
key must already exit.
|
||||
|
||||
B<--sign-key> I<name>
|
||||
Make a signature on key of user I<name>.
|
||||
This looks for the key, displays the key and checks
|
||||
all existing signatures of this key. If the key is
|
||||
not yet signed by the default user (or the users given
|
||||
with B<-u>), the program displays the information of
|
||||
the key again, together with its fingerprint and
|
||||
asks whether it should be signed. This question
|
||||
is repeated for all users specified with B<-u>.
|
||||
The key is then signed and the keyring which
|
||||
contains the key is updated.
|
||||
|
||||
B<--edit-key> I<name>
|
||||
Present a menu which enables you to do all key
|
||||
related tasks:
|
||||
B<sign>
|
||||
Make a signature on key of user I<name>.
|
||||
If the key is not yet signed by the default
|
||||
user (or the users given with B<-u>), the
|
||||
program displays the information of the key
|
||||
again, together with its fingerprint and
|
||||
asks whether it should be signed. This
|
||||
question is repeated for all users specified
|
||||
with B<-u>.
|
||||
B<adduid>
|
||||
Create an alternate user id.
|
||||
B<deluid>
|
||||
Delete an user id.
|
||||
B<addkey>
|
||||
Add a subkey to this key.
|
||||
B<delkey>
|
||||
Remove a subkey.
|
||||
B<passwd>
|
||||
Change the passphrase of the secret key.
|
||||
B<check>
|
||||
Check signatures
|
||||
B<uid> I<n>
|
||||
Toggle selection of user id with index I<n>.
|
||||
Use 0 to deselect all.
|
||||
B<key> I<n>
|
||||
Toggle selection of subkey with index I<n>.
|
||||
Use 0 to deselect all.
|
||||
B<check>
|
||||
Check all selected user ids.
|
||||
B<toggle>
|
||||
Toggle between public and secret key listing.
|
||||
B<save>
|
||||
Save all changes to the key rings and quit.
|
||||
B<quit>
|
||||
Quit the program without updating the
|
||||
key rings.
|
||||
|
||||
B<--delete-key>
|
||||
Remove key from the public keyring
|
||||
|
|
@ -122,12 +146,6 @@ B<--delete-key>
|
|||
B<--delete-secret-key>
|
||||
Remove key from the secret and public keyring
|
||||
|
||||
B<--edit-key>
|
||||
Edit/remove a key signature.
|
||||
|
||||
B<--change-passphrase>
|
||||
Change the passphrase of your secret keyring
|
||||
|
||||
B<--gen-revoke>
|
||||
Generate a revocation certificate.
|
||||
|
||||
|
|
@ -142,10 +160,15 @@ B<--export> [I<names>]
|
|||
B<--import>
|
||||
import/merge keys
|
||||
|
||||
B<--list-ownertrust>
|
||||
B<--export-ownertrust>
|
||||
List the assigned ownertrust values in ascii format for
|
||||
backup purposes [B<gpgm> only].
|
||||
|
||||
B<--import-ownertrust> [I<filename>]
|
||||
Update the trustdb with the ownertrust values stored in
|
||||
I<filename> (or stdin if not given); existing values will be
|
||||
overwritten. [B<gpgm> only].
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
Long options can be put in an options file (default F<~/.gnupg/options>);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue