* Changed variable for default gnupg.org http location from $hGPG

to $hGPGHTTP and update instances of variable throughout FAQ in introduction area and sections 1.1, 2.1 and 2.2 * Added section 1.4 - What conventions are used in this FAQ? + unices vs. win32 (with hyperlink (<Rhomedir>) to section 4.18 for example + gpg.conf vs. options (with hyperlink (<Roptions>) to section 5.8 to note name change * Corrected section 2.2 - Changed ftp URL (both display and link URLs) from "ftp://ftp.gnupg.org/pub/gcrypt" to ftp://ftp.gnupg.org/gcrypt/, and the display URL (not the actual link URL, it's correct) of the http URL from "http://www.gnupg.org/mirror.html" to "http://www.gnupg.org/mirrors.html" * Included variable ($hVERSION) for easier updating of latest gpg version when referenced (as in section 2.2) * Included variable ($hGPGFTP) for default gnupg.org ftp location (ftp://ftp.gnupg.org) for use in sections 2.2 and 4.16 * Corrected section 3.1 visual display of link from "http://www.gnupg.org/gnupg.html#supsys" to "http://www.gnupg.org/backend.html#supsys" * Edited sections 3.1, 3.2, 5.2 to include $hGPGHTTP variable * Corrected section 3.2 - Word typo ("avoided" was "avoiced"). * Corrected / edited section 3.3 - + corrected link: ftp://ftp.gnupg.dk/pub/contrib-dk/ for idea.c.gz, idea.c.gz.sig, ideadll.zip, ideadll.zip.sig + edited section to include all files and added ~/.gnupg/gpg.conf info * Edited section 4.6 - As this section deals with loosing a public key, I added a paragraph containing a hyperlink to the end of section 4.21 ("I still have my secret key, but lost my public key..."). The paragraph reads: "If you've lost your public key and need to recreate it instead for continued use with your secret key, you may be able to use gpgsplit as detailed in question <Rgpgsplit>." * Edited section 4.15 - Added paragraph below table on GPGrelay, an application for MUAs that lack OpenPGP (rfc2015) support to. "Users of Win32 MUAs that lack OpenPGP support may look into using GPGrelay <http://http://gpgrelay.sourceforge.net>, a small email-relaying server that uses GnuPG to enable many email clients to send and receive emails that conform to PGP-MIME (RFC 2015)." suggested by: Andreas John <aj@tesla.inka.de> * Corrected section 4.16 - Incorportated Werner's URL fix for gpgme FTP location to synchronize local CVS with released FAQ version 1.5.8. * Added section 4.19 - "How do I verify signed packages?" suggested by: Christian Reis <kiko@async.com.br> * Added section 4.20 - "How do I export a keyring with only selected signatures?" by: David Shaw <dshaw@jabberwocky.com> * Added section 4.21 - "I still have my secret key, but lost my public key. What can I do?" by: Werner Koch <wk@gnupg.org> * Added section 4.22 - "Clearsigned messages sent from my web-mail account have an invalid signature. Why?" by: David Scribner <dscribner@bigfoot.com> * Edited / Corrected section 5.8 - Changed question from "I just installed the most recent version of GnuPG and don't have a ~/.gnupg/options file. Is this missing from the installation?" to "GnuPG no longer installs a ~/.gnupg/options file. Is it missing?" + Added "An existing options file can be renamed to gpg.conf for users upgrading, or receiving the message that the "old default options file" is ignored (occurs if both a gpg.conf and an options file are found)." to the end of the paragraph. + Corrected ~/.gnupg/gpg.conf (was ~/.gnupg/conf) * Added section 5.9 - "How to you export GnuPG keys for use with PGP?" by: David Shaw <dshaw@jabberwocky.com>
2025-01-10 13:04:23 +01:00 · 2002-12-05 18:47:58 +00:00 · 2002-12-05 18:47:58 +00:00 · 5c504ac5c5
commit 5c504ac5c5
parent 77f99fd667
1 changed files with 212 additions and 26 deletions
--- a/doc/faq.raw
+++ b/doc/faq.raw
@ -7,21 +7,23 @@ The most recent version of the FAQ is available from
 [$usenetheader=
 ]
 [$maintainer=David D. Scribner, <faq 'at' gnupg.org>]
-[$hGPG=http://www.gnupg.org]
+[$hGPGHTTP=http://www.gnupg.org]
 [$hGPGFTP=ftp://ftp.gnupg.org]
 [$hVERSION=1.2.1]
 [H body bgcolor=#ffffff text=#000000 link=#1f00ff alink=#ff0000 vlink=#9900dd]
 [H H1]GnuPG Frequently Asked Questions[H /H1]
 [H p]
-Version: 1.5.8[H br]
+Version: 1.6.0[H br]
-Last-Modified: Oct 8, 2002[H br]
+Last-Modified: Dec 1, 2002[H br]
 Maintained-by: [$maintainer]
 [H /p]
 This is the GnuPG FAQ. The latest HTML version is available
-[H a href=[$hGPG]/faq.html]here[H/a].
+[H a href=[$hGPGHTTP]/faq.html]here[H/a].
 The index is generated automatically, so there may be errors. Not all
 questions may be in the section they belong to. Suggestions about how
@ -44,7 +46,7 @@ you could search in the mailing list archive.
 <Q> What is GnuPG?
-    [H a href=[$hGPG]]GnuPG[H /a] stands for GNU Privacy Guard and
+    [H a href=[$hGPGHTTP]]GnuPG[H /a] stands for GNU Privacy Guard and
    is GNU's tool for secure communication and data storage. It can be
    used to encrypt data and to create digital signatures. It includes
    an advanced key management facility and is compliant with the
@ -66,6 +68,35 @@ you could search in the mailing list archive.
    read the file titled COPYING that accompanies the application for
    more information.
 <Q> What conventions are used in this FAQ?
    Although GnuPG is being developed for several operating systems
    (often in parallel), the conventions used in this FAQ reflect a
    UNIX shell environment. For Win32 users, references to a shell
    prompt (`$') should be interpreted as a command prompt (`>'),
    directory names separated by a forward slash (`/') may need to be
    converted to a back slash (`\'), and a tilde (`~') represents a
    user's "home" directory (reference question <Rhomedir> for an example).
    Also, the indicator used to inform the shell that a continuation
    of the command will follow on the next line (the `\' character
    seen at the end of some command strings in this FAQ, and represents
    a "\<newline>" pair) should be noted. If your shell or command
    interpreter does not support this convention, the command should be
    typed in its  entirety as a single entry after removing the trailing
    backslash and continuing with the second line before pressing Enter
    or the return key.
    Please keep in mind that this FAQ contains information that may not
    apply to your particular version, as new features and bug fixes are
    added on a continuing basis (reference the NEWS file included with
    the source or package for noteworthy changes between versions). One
    item to note is that starting with GnuPG version 1.1.92 the file
    containing user options and settings has been renamed from "options"
    to "gpg.conf". Information in the FAQ that relates to the options
    file may be interchangable with the newer gpg.conf file in many
    instances. See question <Roptions> for details.
 <S> SOURCES of INFORMATION
@ -74,7 +105,7 @@ you could search in the mailing list archive.
    On-line resources:
    [H UL] 
-    [H LI]The documentation page is located at [H a href=[$hGPG]/docs.html]<[$hGPG]/docs.html>[H/a].
+    [H LI]The documentation page is located at [H a href=[$hGPGHTTP]/docs.html]<[$hGPGHTTP]/docs.html>[H/a].
    Also, have a look at the HOWTOs and the GNU Privacy Handbook (GPH,
    available in English, Spanish and Russian). The latter provides a
    detailed user's guide to GnuPG. You'll also find a document about
@ -86,8 +117,8 @@ you could search in the mailing list archive.
    the developers.
    In addition, searchable archives can be found on MARC, e.g.: [H br]
-    gnupg-users: [H a href=http://marc.theaimsgroup.com/?l=gnupg-users&r=1&w=2]<http://marc.theaimsgroup.com/?l=gnupg-users&r=1&w=2>[H/a],[H br]
+    gnupg-users: [H a href=http://marc.theaimsgroup.com/?l=gnupg-users&r=1&w=2]<http://marc.theaimsgroup.com/?l=gnupg-users&r=1&w=2>[H/a][H br]
-    gnupg-devel: [H a href=http://marc.theaimsgroup.com/?l=gnupg-devel&r=1&w=2]<http://marc.theaimsgroup.com/?l=gnupg-devel&r=1&w=2>[H/a].[H br]
+    gnupg-devel: [H a href=http://marc.theaimsgroup.com/?l=gnupg-devel&r=1&w=2]<http://marc.theaimsgroup.com/?l=gnupg-devel&r=1&w=2>[H/a][H br]
    [H B]PLEASE:[H/B]
    Before posting to a list, read this FAQ and the available
@ -108,13 +139,13 @@ you could search in the mailing list archive.
 <Q> Where do I get GnuPG?
    You can download the GNU Privacy Guard from its primary FTP server
-    [H a href=ftp://ftp.gnupg.org/pub/gcrypt]<ftp.gnupg.org>[H /a] or from one of the mirrors:
+    [H a href=[$hGPGFTP]/gcrypt/]<[$hGPGFTP]/gcrypt/>[H /a] or from one of the mirrors:
-    [H a href=[$hGPG]/mirrors.html]
+    [H a href=[$hGPGHTTP]/mirrors.html]
-       <[$hGPG]/mirror.html>
+       <[$hGPGHTTP]/mirrors.html>
    [H /a]
-    The current stable version is 1.2.x. Please upgrade to this version as
+    The current stable version is [$hVERSION]. Please upgrade to this version as
    it includes additional features, functions and security fixes that may
    not have existed in prior versions.
@ -127,8 +158,8 @@ you could search in the mailing list archive.
    Windows NT/2000) and Macintosh OS/X. A list of OSes reported to be OK
    is presented at:
-    [H a href=http://www.gnupg.org/backend.html#supsys]
+    [H a href=[$hGPGHTTP]/backend.html#supsys]
-       <http://www.gnupg.org/gnupg.html#supsys>
+       <[$hGPGHTTP]/backend.html#supsys>
    [H /a]
 <Q> Which random data gatherer should I use?
@ -150,7 +181,7 @@ you could search in the mailing list archive.
    On other systems, the Entropy Gathering Daemon (EGD) is a good choice.
    It is a perl-daemon that monitors system activity and hashes it into
-    random data. See the download page [H a href=http://www.gnupg.org/download.html]<http://www.gnupg.org/download.html>[H /a]
+    random data. See the download page [H a href=[$hGPGHTTP]/download.html]<[$hGPGHTTP]/download.html>[H /a]
    to obtain EGD. Use:
    [H pre]
@ -174,14 +205,21 @@ you could search in the mailing list archive.
    However, there is an unofficial module to include it even in earlier
    versions of GnuPG. It's available from
-    [H a href=ftp://ftp.gnupg.org/pub/gcrypt/contrib/]<ftp://ftp.gnupg.org/pub/gcrypt/contrib/>[H /a]. Look for:
+    [H a href=ftp://ftp.gnupg.dk/pub/contrib-dk/]<ftp://ftp.gnupg.dk/pub/contrib-dk/>[H /a]. Look for:
    [H pre]
-       idea.c
+       idea.c.gz          (c module)
       idea.c.gz.sig      (signature file)
    [H /pre]
    [H pre]
       ideadll.zip        (c module and win32 dll)
       ideadll.zip.sig    (signature file)
    [H /pre]
    Compilation directives are in the headers of these files. You will
-    then need to add the following line to your ~/.gnupg/options file:
+    then need to add the following line to your ~/.gnupg/gpg.conf or
    ~/.gnupg/options file:
    [H pre]
       load-extension idea
@ -334,6 +372,10 @@ you could search in the mailing list archive.
    which can be obtained by using the --with-colons options (it is
    the fifth field in the lines beginning with "sec").
    If you've lost your public key and need to recreate it instead
    for continued use with your secret key, you may be able to use
    gpgsplit as detailed in question <Rgpgsplit>.
 <Q> What are trust, validity and ownertrust?
    With GnuPG, the term "ownertrust" is used instead of "trust" to
@ -502,16 +544,21 @@ you could search in the mailing list archive.
    Good overviews of OpenPGP-support can be found at:[H br]
    [H a href=http://cryptorights.org/pgp-users/resources/pgp-mail-clients.html]<http://cryptorights.org/pgp-users/resources/pgp-mail-clients.html>[H /a],[H br]
-    [H a href=http://www.geocities.com/openpgp/courrier_en.html]<http://www.geocities.com/openpgp/courrier_en.html>[H /a] and[H br]
+    [H a href=http://www.geocities.com/openpgp/courrier_en.html]<http://www.geocities.com/openpgp/courrier_en.html>[H /a], and[H br]
    [H a href=http://www.bretschneidernet.de/tips/secmua.html]<http://www.bretschneidernet.de/tips/secmua.html>[H /a].
    Users of Win32 MUAs that lack OpenPGP support may look into
    using GPGrelay [H a href=http://http://gpgrelay.sourceforge.net]<http://gpgrelay.sourceforge.net>[H /a], a small
    email-relaying server that uses GnuPG to enable many email clients
    to send and receive emails that conform to PGP-MIME (RFC 2015).
 <Q> Can't we have a gpg library?
    This has been frequently requested. However, the current viewpoint
    of the GnuPG maintainers is that this would lead to several security
    issues and will therefore not be implemented in the foreseeable
    future. However, for some areas of application gpgme could do the
-    trick. You'll find it at [H a href=ftp://ftp.gnupg.org/gcrypt/alpha/gpgme]<ftp://ftp.gnupg.org/gcrypt/alpha/gpgme>[H /a].
+    trick. You'll find it at [H a href=[$hGPGFTP]/gcrypt/alpha/gpgme]<[$hGPGFTP]/gcrypt/alpha/gpgme>[H /a].
 <Q> I have successfully generated a revocation certificate, but I don't
    understand how to send it to the key servers.
@ -531,6 +578,7 @@ you could search in the mailing list archive.
    (or use a keyserver web interface for this).
 <Dhomedir>
 <Q> How do I put my keyring in a different directory?
    GnuPG keeps several files in a special homedir directory. These
@ -549,6 +597,76 @@ you could search in the mailing list archive.
    on a floppy disk. Don't use "--keyring" as its purpose is to specify
    additional keyring files.
 <Q> How do I verify signed packages?
    Before you can verify the signature that accompanies a package,
    you must first have the vendor, organisation, or issueing person's
    key imported into your public keyring. To prevent GnuPG warning
    messages the key should also be validated (or locally signed).
    You will also need to download the detached signature file along
    with the package. These files will usually have the same name as
    the package, with either a binary (.sig) or ASCII armor (.asc)
    extension.
    Once their key has been imported, and the package and accompanying
    signature files have been downloaded, use:
    [H pre]
       $ gpg --verify sigfile signed-file
    [H /pre]
    If the signature file has the same base name as the package file,
    the package can also be verified by specifying just the signature
    file, as GnuPG will derive the package's file name from the name
    given (less the .sig or .asc extension). For example, to verify a
    package named foobar.tar.gz against its detached binary signature
    file, use:
    [H pre]
       $ gpg --verify foobar.tar.gz.sig
    [H /pre]
 <Q> How do I export a keyring with only selected signatures?
    If you're wanting to create a keyring with only a subset of signatures
    selected from a master keyring (for a club, user group, or company
    department for example), simply specify the keys you want to export:
    [H pre]
       $ gpg --armor --export key1 key2 key3 key4 > keys1-4.asc
    [H /pre]
 <Dgpgsplit>
 <Q> I still have my secret key, but lost my public key. What can I do?
    All OpenPGP secret keys have a copy of the public key inside them,
    and in a worst-case scenario, you can create yourself a new public
    key using the secret key.
    A tool to convert a secret key into a public one has been included
    (it's actually a new option for gpgsplit) and is available with GnuPG
    versions 1.2.1 or later (or can be found in CVS). It works like this:
    [H pre]
       $ gpgsplit --no-split --secret-to-public secret.gpg >publickey.gpg
    [H /pre]
    One should first try to export the secret key and convert just this
    one. Using the entire secret keyring should work too. After this has
    been done, the publickey.gpg file can be imported into GnuPG as usual.
 <Q> Clearsigned messages sent from my web-mail account have an invalid
    signature. Why?
    Check to make sure the settings for your web-based email account
    do not use HTML formatting for the pasted clearsigned message. This can
    alter the message with embedded HTML markup tags or spaces, resulting
    in an invalid signature. The recipient may be able to copy the signed
    message block to a text file for verification, or the web email
    service may allow you to attach the clearsigned message as a file
    if plaintext messages are not an option.
 <S> COMPATIBILITY ISSUES
@ -599,7 +717,7 @@ you could search in the mailing list archive.
    algorithm is still patented until 2007. Under certain conditions you
    may use IDEA even today. In that case, you may refer to Question
    <Ridea> about how to add IDEA support to GnuPG and read
-    [H a href=http://www.gnupg.org/gph/en/pgp2x.html]<http://www.gnupg.org/gph/en/pgp2x.html>[H /a] to perform the migration.
+    [H a href=[$hGPGHTTP]/gph/en/pgp2x.html]<[$hGPGHTTP]/gph/en/pgp2x.html>[H /a] to perform the migration.
 <Q> (removed)
@ -668,13 +786,81 @@ you could search in the mailing list archive.
             --export-secret-keys <key-ID>
    [H /pre]
-<Q> I just installed the most recent version of GnuPG and don't have a
+<Doptions>
-    ~/.gnupg/options file. Is this missing from the installation?
+<Q> GnuPG no longer installs a ~/.gnupg/options file. Is it missing?
-    No. The ~/.gnupg/options file has been renamed to ~/.gnupg/conf for
+    No. The ~/.gnupg/options file has been renamed to ~/.gnupg/gpg.conf for
    new installs as of version 1.1.92. If an existing ~/.gnupg/options file
    is found during an upgrade it will still be used, but this change was
    required to have a more consistent naming scheme with forthcoming tools.
    An existing options file can be renamed to gpg.conf for users upgrading,
    or receiving the message that the "old default options file" is ignored
    (occurs if both a gpg.conf and an options file are found).
 <Q> How do you export GnuPG keys for use with PGP?
    This has come up fairly often, so here's the HOWTO:
    PGP can (for most key types) use secret keys generated by GnuPG. The
    problems that come up occasionally are generally because GnuPG
    supports a few more features from the OpenPGP standard than PGP does.
    If your secret key has any of those features in use, then PGP will
    reject the key or you will have problems communicating later. Note
    that PGP doesn't do ElGamal signing keys at all, so they are not
    usable with any version.
    These instructions should work for GnuPG 1.0.7 and later, and PGP
    7.0.3 and later.
    Start by editing the key. Most of this line is not really necessary
    as the default values are correct, but it does not hurt to repeat the
    values, as this will override them in case you have something else set
    in your options file.
    [H pre]
       $ gpg --s2k-cipher-algo cast5 --s2k-digest-algo sha1 --s2k-mode 3 \
             --simple-sk-checksum --edit KeyID
    [H /pre]
    Turn off some features. Set the list of preferred ciphers, hashes,
    and compression algorithms to things that PGP can handle. (Yes, I
    know this is an odd list of ciphers, but this is what PGP itself uses,
    minus IDEA).
    [H pre]
       > setpref S9 S8 S7 S3 S2 S10 H2 H3 Z1 Z0
    [H /pre]
    Now put the list of preferences onto the key.
    [H pre]
       > updpref
    [H /pre]
    Finally we must decrypt and re-encrypt the key, making sure that we
    encrypt with a cipher that PGP likes. We set this up in the --edit
    line above, so now we just need to change the passphrase to make it
    take effect. You can use the same passphrase if you like, or take
    this opportunity to actually change it.
    [H pre]
       > passwd
    [H /pre]
    Save our work.
    [H pre]
       > save
    [H /pre]
    Now we can do the usual export:
    [H pre]
       $ gpg --export KeyID > mypublickey.pgp
       $ gpg --export-secret-key KeyID > mysecretkey.pgp
    [H /pre]
    Thanks to David Shaw for this information!
 <S> PROBLEMS and ERROR MESSAGES
@ -882,8 +1068,8 @@ you could search in the mailing list archive.
       http://www.gnupg.org/developer/gpg-woody-fix.txt
    [H /pre]
-<Q> I've upgraded to GnuPG version 1.0.7 and now it takes longer to load
+<Q> I upgraded to GnuPG version 1.0.7 and now it takes longer to load my
-    my keyrings. What can I do?
+    keyrings. What can I do?
    The way signature states are stored has changed so that v3 signatures
    can be supported. You can use the new --rebuild-keydb-caches migration