security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

More man pages.

This commit is contained in:
Werner Koch 2006-08-17 18:01:25 +00:00
parent 2b587cbf91
commit 6e3e2513d8
13 changed files with 1769 additions and 328 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
AUTHORS
View File

@ -3,8 +3,6 @@ Maintainer: Werner Koch <wk@gnupg.org>
Bug reports: <bug-gnupg@gnu.org>
Security related bug reports: <security@gnupg.org>
Please note that this file is for the 1.9 branch of GnuPG.
Authors
=======

8
ChangeLog
View File

@ -1,3 +1,11 @@
2006-08-17 Werner Koch <wk@g10code.com>
* THANKS: Merged with the 1.4 one.
2006-08-16 Werner Koch <wk@g10code.com>
* configure.ac: Removed test for capabilities and mlock.
2006-08-15 Werner Koch <wk@g10code.com>
* Makefile.am (keyserver): Enable building of keyserver helpers.

279
THANKS
View File

@ -1,9 +1,272 @@
GnuPG was originally written by Werner Koch. Other people contributed
by reporting problems, suggesting various improvements or submitting
actual code. Here is a list of those people. Help us keep it
complete and free of errors.
Alexander Belopolsky belopolsky at mac.com
Andrew J. Schorr aschorr at telemetry-investments.com
Carl Meijer carlm at prism.co.za
Charly Avital shavital at mac.com
Kazu Yamamoto kazu at iij.ad.jp
Michael Nottebrock michaelnottebrock at gmx.net
Ray Link rlink at pitt.edu
Richard Lefebvre rick at cerca.umontreal.ca
Adam Mitchell adam at cafe21.org
Albert Chin china at thewrittenword.com
Alec Habig habig at budoe2.bu.edu
Alexander Belopolsky belopolsky at mac.com
Allan Clark allanc at sco.com
Anand Kumria wildfire at progsoc.uts.edu.au
Andreas Haumer andreas at xss.co.at
Andrew J. Schorr aschorr at telemetry-investments.com
Anthony Carrico acarrico at memebeam.org
Anthony Mulcahy anthony at kcn.ne.jp
Ariel T Glenn ariel at columbia.edu
Bernhard Herzog bh at intevation.de
Bernhard Reiter bernhard de intevation.de
Bob Mathews bobmathews at mindspring.com
Bodo Moeller Bodo_Moeller at public.uni-hamburg.de
Brendan O'Dea bod at debian.org
Brenno de Winter brenno at dewinter.com
Brian M. Carlson karlsson at hal-pc.org
Brian Moore bem at cmc.net
Brian Warner warner at lothar.com
Bryan Fullerton bryanf at samurai.com
Bryce Nichols bryce at bnichols.org
Carl Meijer carlm at prism.co.za
Caskey L. Dickson caskey at technocage.com
Cees van de Griend cees-list at griend.xs4all.nl
Charles Levert charles at comm.polymtl.ca
Charly Avital shavital at mac.com
Chip Salzenberg chip at valinux.com
Chris Adams cmadams at hiwaay.net
Christian Biere christianbiere at gmx.de
Christian Kurz shorty at debian.org
Christian von Roques roques at pond.sub.org
Christopher Oliver oliver at fritz.traverse.net
Christian Recktenwald chris at citecs.de
Daiki Ueno ueno at unixuser.org
Dan Winship danw at helixcode.com
Daniel Eisenbud eisenbud at cs.swarthmore.edu
Daniel Koening dan at chaosdorf.de
Daniel Resare daniel at resare.com
Dany Nativel dany at natzo.com
Dave Dykstra dwd at bell-labs.com
David C Niemi niemi at tuxers.net
David Champion dgc at uchicago.edu
David D. Scribner dscribner at bigfoot.com
David Ellement ellement at sdd.hp.com
David Hallinan hallinan at rtd.com
David Hollenberg dhollen at ISI.EDU
David Mathog MATHOG at seqaxp.bio.caltech.edu
David R. Bergstein dbergstein at home.com
David Shaw dshaw at jabberwocky.com
Detlef Lannert lannert at lannert.rz.uni-duesseldorf.de
Dimitri dmitri at advantrix.com
Dirk Lattermann dlatt at t-online.de
Dirk Meyer dirk.meyer at dinoex.sub.org
Disastry Disastry at saiknes.lv
Douglas Calvert dfc at anize.org
Ed Boraas ecxjo at esperanto.org
Edmund GRIMLEY EVANS edmundo at rano.org
Edwin Woudt edwin at woudt.nl
Enzo Michelangeli em at MailAndNews.com
Ernst Molitor ernst.molitor at uni-bonn.de
Evgeny Legerov
Fabio Coatti cova at ferrara.linux.it
Felix von Leitner leitner at amdiv.de
fish stiqz fish at analog.org
Florian Weimer Florian.Weimer at rus.uni-stuttgart.de
Francesco Potorti pot at gnu.org
Frank Donahoe fdonahoe at wilkes1.wilkes.edu
Frank Heckenbach heckenb at mi.uni-erlangen.de
Frank Stajano frank.stajano at cl.cam.ac.uk
Frank Tobin ftobin at uiuc.edu
Gabriel Rosenkoetter gr at eclipsed.net
Gaël Quéri gael at lautre.net
Gene Carter gcarter at lanier.com
Geoff Keating geoffk at ozemail.com.au
Georg Schwarz georg.schwarz at iname.com
Giampaolo Tomassoni g.tomassoni at libero.it
Gilbert Fernandes gilbert_fernandes at hotmail.com
Greg Louis glouis at dynamicro.on.ca
Greg Troxel gdt at ir.bbn.com
Gregory Steuck steuck at iname.com
Harald Denker harry at hal.westfalen.de
Holger Baust Holger.Baust at freenet-ag.de
Hendrik Buschkamp buschkamp at rheumanet.org
Holger Schurig holger at d.om.org
Holger Smolinski smolinsk at de.ibm.com
Holger Trapp Holger.Trapp at informatik.tu-chemnitz.de
Hugh Daniel hugh at toad.com
Huy Le huyle at ugcs.caltech.edu
Ian McKellar imckellar at harvestroad.com.au
Ingo Klöcker kloecker at kde.org
Ivo Timmermans itimmermans at bigfoot.com
Jan Krueger max at physics.otago.ac.nz
Jan Niehusmann jan at gondor.com
Jan-0liver Wagner jan @ intevation.de
Janusz A. Urbanowicz alex at bofh.torun.pl
James Troup james at nocrew.org
Jean-loup Gailly gzip at prep.ai.mit.edu
Jeff Long long at kestrel.cc.ukans.edu
Jeffery Von Ronne jronne at ics.uci.edu
Jens Bachem bachem at rrz.uni-koeln.de
Jeroen C. van Gelderen jeroen at vangelderen.org
J Horacio MG homega at ciberia.es
J. Michael Ashley jashley at acm.org
Jim Bauer jfbauer at home.com
Jim Small cavenewt at my-deja.com
Joachim Backes backes at rhrk.uni-kl.de
Joe Rhett jrhett at isite.net
Joerg Honegger Joerg.Honegger at hp.com
John A. Martin jam at jamux.com
John Clizbe JPClizbe at comcast.net
John R. Shannon john at johnrshannon.com
Johnny Teveßen j.tevessen at gmx.de
Jörg Schilling schilling at fokus.gmd.de
Jos Backus Jos.Backus at nl.origin-it.com
Joseph Walton joe at kafsemo.org
Juan F. Codagnone juam at arnet.com.ar
Jun Kuriyama kuriyama at sky.rim.or.jp
Kahil D. Jallad kdj4 at cs.columbia.edu
Karl Fogel kfogel at guanabana.onshore.com
Karsten Thygesen karthy at kom.auc.dk
Katsuhiro Kondou kondou at nec.co.jp
Kazu Yamamoto kazu at iij.ad.jp
Kazuyoshi Kakihara
Keith Clayton keith at claytons.org
Kevin Ryde user42 at zip.com.au
Klaus Singvogel ks at caldera.de
Kurt Garloff garloff at suse.de
Lars Kellogg-Stedman lars at bu.edu
L. Sassaman rabbi at quickie.net
M Taylor mctaylor at privacy.nb.ca
Marcel Waldvogel mwa at arl.wustl.edu
Marco d'Itri md at linux.it
Marco Parrone marc0 at autistici.org
Marcus Brinkmann Marcus.Brinkmann at ruhr-uni-bochum.de
Mark Adler madler at alumni.caltech.edu
Mark Elbrecht snowball3 at bigfoot.com
Mark Pettit pettit at yahoo-inc.com
Markus Friedl Markus.Friedl at informatik.uni-erlangen.de
Martin Kahlert martin.kahlert at provi.de
Martin Hamilton
Martin Schulte schulte at thp.uni-koeln.de
Matt Kraai kraai at alumni.carnegiemellon.edu
Matthew Skala mskala at ansuz.sooke.bc.ca
Matthew Wilcox matthew at wil.cx
Matthias Urlichs smurf at noris.de
Max Valianskiy maxcom at maxcom.ml.org
Michael Engels michael.engels at uni-duesseldorf.de
Michael Fischer v. Mollard mfvm at gmx.de
Michael Nottebrock michaelnottebrock at gmx.net
Michael Roth mroth at nessie.de
Michael Sobolev mss at despair.transas.com
Michael Tokarev mjt at tls.msk.ru
Mike Dowling ML.Dowling at tu-bs.de
Mike McEwan mike at lotusland.demon.co.uk
Moritz Schulte moritz at chaosdorf.de
Neal H Walfield neal at cs.uml.edu
Nelson H. F. Beebe beebe at math.utah.edu
Nicolas Graner Nicolas.Graner at cri.u-psud.fr
NIIBE Yutaka gniibe at chroot.org
Niklas Hernaeus
Nimrod Zimerman zimerman at forfree.at
Norihiko Murase skeleten at shillest.net
N J Doye nic at niss.ac.uk
Oliver Haakert haakert at hsp.de
Oskari Jääskeläinen f33003a at cc.hut.fi
Pascal Scheffers Pascal at scheffers.net
Paul D. Smith psmith at baynetworks.com
Per Cederqvist ceder at lysator.liu.se
Phil Blundell pb at debian.org
Philippe Laliberte arsphl at oeil.qc.ca
Peter Fales psfales at lucent.com
Peter Gutmann pgut001 at cs.auckland.ac.nz
Peter Marschall Peter.Marschall at gedos.de
Peter Valchev pvalchev at openbsd.org
Phong Nguyen Phong.Nguyen at ens.fr
Piotr Krukowiecki piotr at pingu.ii.uj.edu.pl
QingLong qinglong at bolizm.ihep.su
Ralph Gillen gillen at theochem.uni-duesseldorf.de
Rat ratinox at peorth.gweep.net
Ray Link rlink at pitt.edu
Reinhard Wobst R.Wobst at ifw-dresden.de
Rémi Guyomarch rguyom at mail.dotcom.fr
Reuben Sumner rasumner at wisdom.weizmann.ac.il
Richard Lefebvre rick at cerca.umontreal.ca
Richard Outerbridge outer at interlog.com
Richard Patterson vectro at yahoo.com
Robert Joop rj at rainbow.in-berlin.de
Roddy Strachan roddy at satlink.com.au
Roger Sondermann r.so at bigfoot.com
Roland Rosenfeld roland at spinnaker.rhein.de
Roman Pavlik rp at tns.cz
Ross Golder rossigee at bigfoot.com
Russell Coker russell at coker.com.au
Ryan Malayter rmalayter at bai.org
Sam Roberts sam at cogent.ca
Sami Tolvanen sami at tolvanen.com
Sascha Kiefer sk at intertivity.com
Scott Worley sworley at chkno.net
Sean MacLennan seanm at netwinder.org
Sebastian Klemke packet at convergence.de
Serge Munhoven munhoven at mema.ucl.ac.be
SL Baur steve at xemacs.org
Stefan Bellon sbellon at sbellon.de
Dr.Stefan.Dalibor Dr.Stefan.Dalibor at bfa.de
Stefan Karrmann S.Karrmann at gmx.net
Stefan Keller dres at cs.tu-berlin.de
Steffen Ullrich ccrlphr at xensei.com
Steffen Zahn zahn at berlin.snafu.de
Steven Bakker steven at icoe.att.com
Steven Murdoch sjmurdoch at bigfoot.com
Susanne Schultz schultz at hsp.de
Tavis Ormandy taviso at gentoo.org
Ted Cabeen secabeen at pobox.com
Thiago Jung Bauermann jungmann at cwb.matrix.com.br
Thijmen Klok thijmen at xs4all.nl
Thomas Roessler roessler at guug.de
Tim Mooney mooney at dogbert.cc.ndsu.nodak.edu
Timo Schulz twoaday at freakmail.de
Tobias Winkler tobias.winkler at s1998.tu-chemnitz.de
Todd Vierling tv at pobox.com
TOGAWA Satoshi Satoshi.Togawa at jp.yokogawa.com
Tom Spindler dogcow at home.merit.edu
Tom Zerucha tzeruch at ceddec.com
Tomas Fasth tomas.fasth at twinspot.net
Tommi Komulainen Tommi.Komulainen at iki.fi
Thomas Klausner wiz at danbala.ifoer.tuwien.ac.at
Tomasz Kozlowski tomek at rentec.com
Thomas Mikkelsen tbm at image.dk
Ulf Möller 3umoelle at informatik.uni-hamburg.de
Urko Lusa ulusa at euskalnet.net
Vincent P. Broman broman at spawar.navy.mil
Volker Quetschke quetschke at scytek.de
W Lewis wiml at hhhh.org
Walter Hofmann Walter.Hofmann at physik.stud.uni-erlangen.de
Walter Koch koch at hsp.de
Wayne Chapeskie waynec at spinnaker.com
Werner Koch wk at gnupg.org
Wim Vandeputte bunbun at reptile.rug.ac.be
Winona Brown win at huh.org
Yosiaki IIDA iida at ring.gr.jp
Yoshihiro Kajiki kajiki at ylug.org
nbecker at hns.com
Thanks to the German Unix User Group for sponsoring this project,
Martin Hamilton for hosting the first mailing list and OpenIT for
hosting the server.
The development of this software has partly (i.e. the Windows port)
been funded by the German Ministry for Economics and Technology under
grant VIB3-68553.168-001/1999.
Many thanks to my wife Gerlinde for having so much patience with
me while hacking late in the evening.
Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004
2006 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

10
TODO
View File

@ -98,11 +98,14 @@ might want to have an agent context for each service request
* sm/
** check that we issue NO_SECKEY xxx if a -u key was not found
We don't. The messages retruned are also wrong (recipient vs. signer).
* jnlib/
** provide jnlib_malloc and try to remove all jnlib_xmalloc.
** Extend utf8conv.c to make use of iconv.
Need to merge with the code in 1.4/util/strgutil.c.
* gpg/
* g10/
** issue a NO_SECKEY xxxx if a -u key was not found.
** Replace DIGEST_ALGO_SHA224
We can't do that right now because it is only defined by newer
@ -121,7 +124,6 @@ might want to have an agent context for each service request
Update to gpg 1.4.3 version
what about gnupg_use_iconv?
Extend selinux support to other modules
Does the check for Linux capabilities still makes sense?
* Extend selinux support to other modules

36
configure.ac
View File

@ -988,41 +988,11 @@ AC_CHECK_FUNCS([getrusage setrlimit stat setlocale])
AC_CHECK_FUNCS([flockfile funlockfile fopencookie funopen])
GNUPG_CHECK_MLOCK
#
# W32 specific test
#
GNUPG_FUNC_MKDIR_TAKES_ONE_ARG
#
# Check whether we can use Linux capabilities as requested
#
# fixme: Still required?
#
if test "$use_capabilities" = "yes" ; then
use_capabilities=no
AC_CHECK_HEADERS(sys/capability.h)
if test "$ac_cv_header_sys_capability_h" = "yes" ; then
AC_CHECK_LIB(cap, cap_init, ac_need_libcap=1)
if test "$ac_cv_lib_cap_cap_init" = "yes"; then
AC_DEFINE(USE_CAPABILITIES,1,
[define if capabilities should be used])
AC_SUBST(CAPLIBS,"-lcap")
use_capabilities=yes
fi
fi
if test "$use_capabilities" = "no" ; then
AC_MSG_WARN([[
***
*** The use of capabilities on this system is not possible.
*** You need a recent Linux kernel and some patches:
*** fcaps-2.2.9-990610.patch (kernel patch for 2.2.9)
*** fcap-module-990613.tar.gz (kernel module)
*** libcap-1.92.tar.gz (user mode library and utilities)
*** And you have to configure the kernel with CONFIG_VFS_CAP_PLUGIN
*** set (filesystems menu). Be warned: This code is *really* ALPHA.
***]])
fi
fi
#
# Sanity check regex. Tests adapted from mutt.

6
doc/ChangeLog
View File

@ -1,3 +1,9 @@
2006-08-17 Werner Koch <wk@g10code.com>
* Makefile.am: Added rules to build man pages.
* yat2m.c: New.
2006-02-14 Werner Koch <wk@gnupg.org>
* gpgsm.texi (GPGSM Configuration): New section.

41
doc/Makefile.am
View File

@ -27,6 +27,8 @@ EXTRA_DIST = gnupg-badge-openpgp.eps gnupg-badge-openpgp.jpg \
BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \
gnupg-card-architecture.pdf
noinst_PROGRAMS = yat2m
info_TEXINFOS = gnupg.texi
dist_pkgdata_DATA = qualified.txt
@ -36,8 +38,22 @@ gnupg_TEXINFOS = \
tools.texi debugging.texi glossary.texi contrib.texi gpl.texi \
sysnotes.texi gnupg-card-architecture.fig
DISTCLEANFILES = gnupg.tmp gnupg.ops
YAT2M_OPTIONS = \
--release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard"
myman_sources = gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi tools.texi
myman_pages = gpg2.1 gpgsm.1 gpg-agent.1 scdaemon.1 \
watchgnupg.1 gpgconf.1 addgnupghome.8
man_MANS = $(myman_pages)
watchgnupg_SOURCE = gnupg.texi
DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
$(myman_pages)
yat2m_SOURCES = yat2m.c
.fig.png:
@ -53,3 +69,26 @@ DISTCLEANFILES = gnupg.tmp gnupg.ops
fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@
yat2m-stamp: $(myman_sources)
@rm -f yat2m-stamp.tmp
@touch yat2m-stamp.tmp
for file in $(myman_sources) ; do \
./yat2m $(YAT2M_OPTIONS) --store \
`test -f '$$file' || echo '$(srcdir)/'`$$file ; done
@mv -f yat2m-stamp.tmp $@
yat2m-stamp: yat2m
$(myman_pages) : yat2m-stamp
@if test -f $@; then :; else \
trap 'rm -rf yat2m-stamp yat2m-lock' 1 2 13 15; \
if mkdir yat2m-lock 2>/dev/null; then \
rm -f yat2m-stamp; \
$(MAKE) $(AM_MAKEFLAGS) yat2m-stamp; \
rmdir yat2m-lock; \
else \
while test -d yat2m-lock; do sleep 1; done; \
test -f yat2m-stamp; exit $$?; \
fi; \
fi

2
doc/gnupg.texi
View File

@ -34,7 +34,7 @@ Published by the Free Software Foundation@*
Boston, MA 02111-1307 USA
@end iftex
Copyright @copyright{} 2002, 2004, 2005 Free Software Foundation, Inc.
Copyright @copyright{} 2002, 2004, 2005, 2006 Free Software Foundation, Inc.
@quotation
Permission is granted to copy, distribute and/or modify this document

111
doc/gpg-agent.texi
View File

@ -8,8 +8,40 @@
@cindex command options
@cindex options, GPG-AGENT command
@c man begin DESCRIPTION
@manpage gpg-agent.1
@ifset manverb
.B gpg-agent
.R \- Secret key management for GnuPG
@end ifset
@mansect synopsis
@ifset manverb
.B gpg-agent
.RB [ \-\-homedir
.IR dir ]
.RB [ \-\-options
.IR file ]
.RI [ options ]
.br
.B gpg-agent
.RB [ \-\-homedir
.IR dir ]
.RB [ \-\-options
.IR file ]
.RI [ options ]
.B \-\-server
.br
.B gpg-agent
.RB [ \-\-homedir
.IR dir ]
.RB [ \-\-options
.IR file ]
.RI [ options ]
.B \-\-daemon
.RI [ command_line ]
@end ifset
@mansect description
@command{gpg-agent} is a daemon to manage secret (private) keys
independently from any protocol. It is used as a backend for
@command{gpg} and @command{gpgsm} as well as for a couple of other
@ -67,10 +99,10 @@ It is often useful to install a symbolic link from the actual used
pinentry (e.g. @file{/usr/bin/pinentry-gtk}) to the expected
one (e.g. @file{/usr/bin/pinentry}).
@c man end
@manpause
@noindent
@xref{Option Index}, for an index to @command{GPG-AGENT}'s commands and options.
@xref{Option Index},for an index to @command{GPG-AGENT}'s commands and options.
@mancont
@menu
* Agent Commands:: List of all commands.
@ -81,8 +113,7 @@ one (e.g. @file{/usr/bin/pinentry}).
* Agent Protocol:: The protocol the agent uses.
@end menu
@c man begin COMMANDS
@mansect commands
@node Agent Commands
@section Commands
@ -95,9 +126,10 @@ only one one command is allowed.
Print the program version and licensing information. Not that you can
abbreviate this command.
@item --help, -h
@item --help
@itemx -h
@opindex help
Print a usage message summarizing the most usefule command-line options.
Print a usage message summarizing the most useful command-line options.
Not that you can abbreviate this command.
@item --dump-options
@ -110,7 +142,7 @@ abbreviate this command.
Run in server mode and wait for commands on the @code{stdin}. The
default mode is to create a socket and listen for commands there.
@item --daemon
@item --daemon [@var{command line}]
@opindex daemon
Run the program in the background. This option is required to prevent
it from being accidently running in the background. A common way to do
@ -121,8 +153,7 @@ $ eval `gpg-agent --daemon`
@end table
@c man begin OPTIONS
@mansect options
@node Agent Options
@section Option Summary
@ -152,7 +183,7 @@ directory stated through the environment variable @env{GNUPGHOME} or
@opindex verbose
Outputs additional information while running.
You can increase the verbosity by giving several
verbose commands to @sc{gpgsm}, such as @samp{-vv}.
verbose commands to @command{gpgsm}, such as @samp{-vv}.
@item -q
@item --quiet
@ -198,26 +229,26 @@ This option is only useful for debugging and the behaviour may change at
any time without notice. FLAGS are bit encoded and may be given in
usual C-Syntax. The currently defined bits are:
@table @code
@item 0 (1)
X.509 or OpenPGP protocol related data
@item 1 (2)
values of big number integers
@item 2 (4)
low level crypto operations
@item 5 (32)
memory allocation
@item 6 (64)
caching
@item 7 (128)
show memory statistics.
@item 9 (512)
write hashed data to files named @code{dbgmd-000*}
@item 10 (1024)
trace Assuan protocol
@item 12 (4096)
bypass all certificate validation
@end table
@table @code
@item 0 (1)
X.509 or OpenPGP protocol related data
@item 1 (2)
values of big number integers
@item 2 (4)
low level crypto operations
@item 5 (32)
memory allocation
@item 6 (64)
caching
@item 7 (128)
show memory statistics.
@item 9 (512)
write hashed data to files named @code{dbgmd-000*}
@item 10 (1024)
trace Assuan protocol
@item 12 (4096)
bypass all certificate validation
@end table
@item --debug-all
@opindex debug-all
@ -359,9 +390,9 @@ information.
@itemx --keep-display
@opindex keep-tty
@opindex keep-display
Ignore requests to change change the current @sc{tty} respective the X
Ignore requests to change change the current @code{tty} respective the X
window system's @code{DISPLAY} variable. This is useful to lock the
pinentry to pop up at the @sc{tty} or display you started the agent.
pinentry to pop up at the @code{tty} or display you started the agent.
@anchor{option --enable-ssh-support}
@item --enable-ssh-support
@ -405,8 +436,7 @@ All the long options may also be given in the configuration file after
stripping off the two leading dashes.
@c man begin FILES
@mansect files
@node Agent Configuration
@section Configuration
@ -455,7 +485,7 @@ agent. By default they may all be found in the current home directory
even advisable to change the permissions to read-only so that this file
can't be changed inadvertently.
@item sshcontrol
@item sshcontrol
This file is used when support for the secure shell agent protocol has
been enabled (@pxref{option --enable-ssh-support}). Only keys present in
@ -488,6 +518,7 @@ a small helper script is provied to create these files (@pxref{addgnupghome}).
@c
@c Agent Signals
@c
@mansect signals
@node Agent Signals
@section Use of some signals.
A running @command{gpg-agent} may be controlled by signals, i.e. using
@ -533,19 +564,16 @@ This signal is used for internal purposes.
@c
@c Examples
@c
@mansect examples
@node Agent Examples
@section Examples
@c man begin EXAMPLES
The usual way to invoke @command{gpg-agent} is
@example
$ eval `gpg-agent --daemon`
@end example
@c man end
An alternative way is by replacing @command{ssh-agent} with
@command{gpg-agent}. If for example @command{ssh-agent} is started as
part of the Xsession intialization you may simply replace
@ -580,6 +608,7 @@ to your shell initialization file (e.g. @file{~/.bashrc}).
@c
@c Assuan Protocol
@c
@mansect assuan
@node Agent Protocol
@section Agent's Assuan Protocol

341
doc/gpg.texi
View File

@ -9,14 +9,33 @@
@cindex command options
@cindex options, GPG command
@c man begin DESCRIPTION
@command{gpg2} is the OpenPGP part of GnuPG. It is a tool to provide
digitla encryption and signing services using the OpenPGP
standard. @command{gpg2} features complete key management and all bells
and whistles you can expect from a decent OpenPGP implementation.
@manpage gpg2.1
@ifset manverb
.B gpg2
.R \- OpenPGP encryption and signing tool
@end ifset
In contrast to the standalone version @command{gpg,} which is more
@mansect synopsis
@ifset manverb
.B gpg2
.RB [ \-\-homedir
.IR dir ]
.RB [ \-\-options
.IR file ]
.RI [ options ]
.I command
.RI [ args ]
@end ifset
@mansect description
@command{gpg2} is the OpenPGP part of the GNU Privacy Guard (GnuPG). It
is a tool to provide digitla encryption and signing services using the
OpenPGP standard. @command{gpg2} features complete key management and
all bells and whistles you can expect from a decent OpenPGP
implementation.
In contrast to the standalone version @command{gpg}, which is more
suited for server and embedded platforms, this version is installed
under the name @command{gpg2} and more targeted to the desktop as it
requires several other modules to be installed. The standalone version
@ -25,12 +44,12 @@ the same system. If you need to use different configuration files, you
should make use of something like @file{gpg.conf-2} instead of just
@file{gpg.conf}.
@manpause
Documentation for the old standard @command{gpg} is available as man page
man page and at @inforef{Top,GnuPG 1,gpg}.
@c man end
@xref{Option Index}, for an index to @command{GPG}'s commands and options.
@mancont
@menu
* GPG Commands:: List of all commands.
@ -44,13 +63,13 @@ Developer information:
@end menu
@c *******************************************
@c *************** ****************
@c *************** COMMANDS ****************
@c *************** ****************
@c *******************************************
@c man begin COMMANDS
@mansect commands
@node GPG Commands
@section Commands
@ -86,7 +105,8 @@ using the special option "--".
Print the program version and licensing information. Note that you
cannot abbreviate this command.
@item --help, -h
@item --help
@itemx -h
@opindex help
Print a usage message summarizing the most useful command line options.
Not that you cannot abbreviate this command.
@ -111,7 +131,7 @@ abbreviate this command.
@table @gnupgtabopt
@item --sign
@item --sign
@itemx -s
@opindex sign
Make a signature. This command may be combined with --encrypt (for a
@ -120,7 +140,7 @@ symmetrically encrypted message), or --encrypt and --symmetric
together (for a signed message that may be decrypted via a secret key
or a passphrase).
@item --clearsign
@item --clearsign
@opindex clearsign
Make a clear text signature. The content in a clear text signature is
readable without any special software. OpenPGP software is only
@ -128,12 +148,12 @@ needed to verify the signature. Clear text signatures may modify
end-of-line whitespace for platform independence and are not intended
to be reversible.
@item --detach-sign
@item --detach-sign
@itemx -b
@opindex detach-sign
Make a detached signature.
@item --encrypt
@item --encrypt
@itemx -e
@opindex encrypt
Encrypt data. This option may be combined with --sign (for a signed
@ -142,7 +162,7 @@ decrypted via a secret key or a passphrase), or --sign and --symmetric
together (for a signed message that may be decrypted via a secret key
or a passphrase).
@item --symmetric
@item --symmetric
@itemx -c
@opindex symmetric
Encrypt with a symmetric cipher using a passphrase. The default
@ -153,11 +173,11 @@ that may be decrypted via a secret key or a passphrase), or --sign and
--encrypt together (for a signed message that may be decrypted via a
secret key or a passphrase).
@item --store
@item --store
@opindex store
Store only (make a simple RFC1991 literal data packet).
@item --decrypt
@item --decrypt
@itemx -d
@opindex decrypt
Decrypt the file given on the command line (or @code{stdin} if no file
@ -167,7 +187,7 @@ verified. This command differs from the default operation, as it never
writes to the filename which is included in the file and it rejects
files which don't begin with an encrypted message.
@item --verify
@item --verify
@opindex verify
Assume that the first argument is a signed file or a detached signature
and verify it without generating any output. With no arguments, the
@ -189,21 +209,21 @@ once. --multifile may currently be used along with --verify, --encrypt,
and --decrypt. Note that `--multifile --verify' may not be used with
detached signatures.
@item --verify-files
@item --verify-files
@opindex verify-files
Identical to `--multifile --verify'.
@item --encrypt-files
@item --encrypt-files
@opindex encrypt-files
Identical to `--multifile --encrypt'.
@item --decrypt-files
@item --decrypt-files
@opindex decrypt-files
Identical to `--multifile --decrypt'.
@item --list-keys
@item --list-keys
@itemx -k
@itemx --list-public-keys
@itemx --list-public-keys
@opindex list-keys
List all keys from the public keyrings, or just the ones given on the
command line.
@ -213,7 +233,7 @@ it is likely to change as GnuPG changes. See --with-colons for a
machine-parseable key listing command that is appropriate for use in
scripts and other programs.
@item --list-secret-keys
@item --list-secret-keys
@itemx -K
@opindex list-secret-keys
List all keys from the secret keyrings, or just the ones given on the
@ -221,7 +241,7 @@ command line. A @code{#} after the letters @code{sec} means that the
secret key is not usable (for example, if it was created via
--export-secret-subkeys).
@item --list-sigs
@item --list-sigs
@opindex list-sigs
Same as --list-keys, but the signatures are listed too.
@ -236,11 +256,11 @@ notation (see --cert-notation), "X" for an eXpired signature (see
--ask-cert-expire), and the numbers 1-9 or "T" for 10 and above to
indicate trust signature levels (see the --edit-key command "tsign").
@item --check-sigs
@item --check-sigs
@opindex check-sigs
Same as --list-sigs, but the signatures are verified.
@item --fingerprint
@item --fingerprint
@opindex fingerprint
List all keys (or the specified ones) along with their
fingerprints. This is the same output as --list-keys but with the
@ -258,7 +278,7 @@ useful for debugging.
@opindex card-edit
Present a menu to work with a smartcard. The subcommand "help" provides
an overview on available commands. For a detailed description, please
see the Card HOWTO at
see the Card HOWTO at
http://www.gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO .
@item --card-status
@ -284,10 +304,10 @@ must be specified by fingerprint.
@item --delete-secret-and-public-key @code{name}
@opindex delete-secret-and-public-key
Same as --delete-key, but if a secret key exists, it will be removed
Same as --delete-key, but if a secret key exists, it will be removed
first. In batch mode the key must be specified by fingerprint.
@item --export
@item --export
@opindex export
Either export all keys from all keyrings (default keyrings and those
registered via option --keyring), or if at least one name is given,
@ -295,15 +315,15 @@ those of the given name. The new keyring is written to stdout or to the
file given with option "output". Use together with --armor to mail those
keys.
@item --send-keys
@item --send-keys
@opindex send-keys
Same as --export but sends the keys to a keyserver. Option --keyserver
must be used to give the name of this keyserver. Don't send your
complete keyring to a keyserver - select only those keys which are new
or changed by you.
@item --export-secret-keys
@itemx --export-secret-subkeys
@item --export-secret-keys
@itemx --export-secret-subkeys
@opindex export-secret-keys
@opindex export-secret-subkeys
Same as --export, but exports the secret keys instead. This is normally
@ -314,8 +334,8 @@ can not be expected to successfully import such a key. See the option
--simple-sk-checksum if you want to import such an exported key with an
older OpenPGP implementation.
@item --import
@itemx --fast-import
@item --import
@itemx --fast-import
@opindex import
Import/merge keys. This adds the given keys to the
keyring. The fast version is currently just a synonym.
@ -330,7 +350,7 @@ user-IDs and subkeys.
Import the keys with the given key IDs from a keyserver. Option
--keyserver must be used to give the name of this keyserver.
@item --refresh-keys
@item --refresh-keys
@opindex refresh-keys
Request updates from a keyserver for keys that already exist on the
local keyring. This is useful for updating a key with the latest
@ -386,7 +406,7 @@ Send the ownertrust values to stdout. This is useful for backup purposes
as these values are the only ones which can't be re-created from a
corrupted trust DB.
@item --import-ownertrust
@item --import-ownertrust
@opindex import-ownertrust
Update the trustdb with the ownertrust values stored in @code{files} (or
stdin if not given); existing values will be overwritten.
@ -397,21 +417,21 @@ ThisWhen updating from version 1.0.6 to 1.0.7 this command should be used
to create signature caches in the keyring. It might be handy in other
situations too.
@item --print-md @code{algo}
@itemx --print-mds
@item --print-md @code{algo}
@itemx --print-mds
@opindex print-md
Print message digest of algorithm ALGO for all given files or stdin.
With the second form (or a deprecated "*" as algo) digests for all
available algorithms are printed.
@item --gen-random @code{0|1|2}
@item --gen-random @code{0|1|2}
@opindex gen-random
Emit @var{count} random bytes of the given quality level. If count is
not given or zero, an endless sequence of random bytes will be emitted.
PLEASE, don't use this command unless you know what you are doing; it
may remove precious entropy from the system!
@item --gen-prime @code{mode} @code{bits}
@item --gen-prime @code{mode} @code{bits}
@opindex gen-prime
Use the source, Luke :-). The output format is still subject to change.
@ -449,7 +469,7 @@ user (with the permission of the keyholder) to revoke someone else's
key.
@item --edit-key
@item --edit-key
@opindex edit-key
Present a menu which enables you to do most of the key management
related tasks. It expects the specification of a key on the command
@ -486,9 +506,11 @@ of certification (like a regular signature), and trust (like the
or groups.
@end table
@c man:.RS
Note that "l" (for local / non-exportable), "nr" (for non-revocable,
and "t" (for trust) may be freely mixed and prefixed to "sign" to
create a signature of any type desired.
@c man:.RE
@table @asis
@ -573,7 +595,7 @@ Remove a subkey (secondart key). Note that it is not possible to retract
a subkey, once it has been send to the public (i.e. to a keyserver). In
that case you better use @code{revkey}.
@item addrevoker
@item addrevoker
@opindex keyedit:addrevoker
Add a designated revoker. This takes one optional argument:
"sensitive". If a designated revoker is marked as sensitive, it will not
@ -698,11 +720,13 @@ key rings.
@end table
@c man:.RS
The listing shows you the key with its secondary keys and all user
ids. Selected keys or user ids are indicated by an asterisk. The trust
value is displayed with the primary key: the first is the assigned owner
trust and the second is the calculated trust value. Letters are used for
the values:
@c man:.RE
@table @asis
@ -733,10 +757,10 @@ Ultimately trusted.
@item --sign-key @code{name}
@opindex sign-key
Signs a public key with your secret key. This is a shortcut version of
the subcommand "sign" from --edit.
the subcommand "sign" from --edit.
@item --lsign-key @code{name}
@opindex lsign-ket
@opindex lsign-key
Signs a public key with your secret key but marks it as
non-exportable. This is a shortcut version of the subcommand "lsign"
from --edit.
@ -750,13 +774,14 @@ from --edit.
@c *************** OPTIONS ****************
@c *************** ****************
@c *******************************************
@mansect options
@node GPG Options
@section Option Summary
@command{GPG} comes features a bunch of options to control the exact
behaviour and to change the default configuration.
@menu
@menu
* GPG Configuration Options:: How to change the configuration.
* GPG Key related Options:: Key related options.
* GPG Input and Output:: Input and Output.
@ -764,8 +789,6 @@ behaviour and to change the default configuration.
* GPG Esoteric Options:: Doing things one usually don't want to do.
@end menu
@c man begin OPTIONS
Long options can be put in an options file (default
"~/.gnupg/gpg.conf"). Short option names will not work - for example,
"armor" is a valid option for the options file, while "a" is not. Do not
@ -1053,7 +1076,7 @@ as a full 8 byte key ID) is as trustworthy as one of
your own secret keys. This option is useful if you
don't want to keep your secret keys (or one of them)
online but still want to be able to check the validity of a given
recipient's or signator's key.
recipient's or signator's key.
@item --trust-model @code{pgp|classic|direct|always|auto}
Set what trust model GnuPG should follow. The models are:
@ -1124,7 +1147,7 @@ key ID. "long" is the more accurate (but less convenient)
16-character key ID. Add an "0x" to either to include an "0x" at the
beginning of the key ID, as in 0x99242560.
@item --keyserver @code{name}
@item --keyserver @code{name}
Use @code{name} as your keyserver. This is the server that
--recv-keys, --send-keys, and --search-keys will communicate with to
receive keys from, send keys to, and search for keys on. The format
@ -1555,7 +1578,7 @@ in an options file.
@item --no-options
Shortcut for "--options /dev/null". This option is
detected before an attempt to open an option file.
Using this option will also prevent the creation of a
Using this option will also prevent the creation of a
"~./gnupg" homedir.
@item --load-extension @code{name}
@ -1677,7 +1700,7 @@ are deprecated. Use `--list-options [no-]show-policy-url' and/or
@item --sig-keyserver-url @code{string}
Use @code{string} as a preferred keyserver URL for data signatures. If
you prefix it with an exclamation mark, the keyserver URL packet will
be flagged as critical.
be flagged as critical.
The same %-expandos used for notation data are available here as well.
@ -1851,7 +1874,7 @@ one passphrase is supplied.
@item --passphrase-file @code{file}
Read the passphrase from file @code{file}. Only the first line will
be read from file @code{file}. This can only be used if only one
be read from file @code{file}. This can only be used if only one
passphrase is supplied. Obviously, a passphrase stored in a file is
of questionable security if other users can read this file. Don't use
this option if you can avoid it.
@ -2290,7 +2313,7 @@ Set the default keyserver URL to @code{name}. This keyserver will be
used as the keyserver URL when writing a new self-signature on a key,
which includes key generation and changing preferences.
@item --list-config
@item --list-config
@opindex list-config
Display various internal configuration parameters of GnuPG. This
option is intended for external programs that call GnuPG to perform
@ -2309,7 +2332,7 @@ only usable with --with-colons set.
@c *************** FILES ****************
@c *************** ****************
@c *******************************************
@c man begin FILES
@mansect files
@node GPG Configuration
@section Configuration files
@ -2329,6 +2352,7 @@ name may be changed on the command line (@pxref{option
@end table
@c man:.RE
Note that on larger installations, it is useful to put predefined files
into the directory @file{/etc/skel/.gnupg/} so that newly created users
start up with a working configuration. For existing users the a small
@ -2338,14 +2362,60 @@ For internal purposes @command{gpg2} creates and maintaines a few other
files; They all live in in the current home directory (@pxref{option
--homedir}). Only the @command{gpg2} may modify these files.
@table @file
@item pubring.gpg
@cindex pubring.gpg
xxx
@item random_seed
@cindex random_seed
xxxx
@item ~/.gnupg/secring.gpg
The secret keyring.
@item ~/.gnupg/secring.gpg.lock
and the lock file
@item ~/.gnupg/pubring.gpg
The public keyring
@item ~/.gnupg/pubring.gpg.lock
and the lock file
@item ~/.gnupg/trustdb.gpg
The trust database
@item ~/.gnupg/trustdb.gpg.lock
and the lock file
@item ~/.gnupg/random_seed
used to preserve the internal random pool
@item /usr[/local]/share/gnupg/options.skel
Skeleton options file
@item /usr[/local]/lib/gnupg/
Default location for extensions
@end table
@c man:.RE
Operation is further controlled by a few environment variables:
@table @asis
@item HOME
Used to locate the default home directory.
@item GNUPGHOME
If set directory used instead of "~/.gnupg".
@item GPG_AGENT_INFO
Used to locate the gpg-agent; only honored when
--use-agent is set. The value consists of 3 colon delimited fields:
The first is the path to the Unix Domain Socket, the second the PID of
the gpg-agent and the protocol version which should be set to 1. When
starting the gpg-agent as described in its documentation, this
variable is set to the correct value. The option --gpg-agent-info can
be used to override it.
@item COLUMNS
@itemx LINES
Used to size some displays to the full size of the screen.
@end table
@ -2355,33 +2425,48 @@ xxxx
@c *************** EXAMPLES ****************
@c *************** ****************
@c *******************************************
@mansect examples
@node GPG Examples
@section Examples
@c man begin EXAMPLES
@table @asis
@example
fooo
@end example
@item gpg -se -r @code{Bob} @code{file}
sign and encrypt for user Bob
@c man end
@item gpg --clearsign @code{file}
make a clear text signature
@item gpg -sb @code{file}
make a detached signature
@item gpg --list-keys @code{user_ID}
show keys
@item gpg --fingerprint @code{user_ID}
show fingerprint
@item gpg --verify @code{pgpfile}
@itemx gpg --verify @code{sigfile}
Verify the signature of the file but do not output the data. The
second form is used for detached signatures, where @code{sigfile}
is the detached signature (either ASCII armored or binary) and
are the signed data; if this is not given, the name of
the file holding the signed data is constructed by cutting off the
extension (".asc" or ".sig") of @code{sigfile} or by asking the
user for the filename.
@end table
ENDEND
@c @chapheading How to specify a user ID
@mansect how to specify a user id
@chapheading How to specify a user ID
There are different ways to specify a user ID to GnuPG; here are some
examples:
@table @asis
@item
@item
@item 234567C4
@itemx 0F34E556E
@ -2426,103 +2511,15 @@ Note that you can append an exclamation mark (!) to key IDs or
fingerprints. This flag tells GnuPG to use the specified primary or
secondary key and not to try and calculate which primary or secondary
key to use.
@mansect return vaue
@chapheading RETURN VALUE
The program returns 0 if everything was fine, 1 if at least
a signature was bad, and other error codes for fatal errors.
@chapheading EXAMPLES
@table @asis
@item gpg -se -r @code{Bob} @code{file}
sign and encrypt for user Bob
@item gpg --clearsign @code{file}
make a clear text signature
@item gpg -sb @code{file}
make a detached signature
@item gpg --list-keys @code{user_ID}
show keys
@item gpg --fingerprint @code{user_ID}
show fingerprint
@item gpg --verify @code{pgpfile}
@itemx gpg --verify @code{sigfile}
Verify the signature of the file but do not output the data. The
second form is used for detached signatures, where @code{sigfile}
is the detached signature (either ASCII armored or binary) and
are the signed data; if this is not given, the name of
the file holding the signed data is constructed by cutting off the
extension (".asc" or ".sig") of @code{sigfile} or by asking the
user for the filename.
@end table
@c @chapheading ENVIRONMENT
@table @asis
@item HOME
Used to locate the default home directory.
@item GNUPGHOME
If set directory used instead of "~/.gnupg".
@item GPG_AGENT_INFO
Used to locate the gpg-agent; only honored when
--use-agent is set. The value consists of 3 colon delimited fields:
The first is the path to the Unix Domain Socket, the second the PID of
the gpg-agent and the protocol version which should be set to 1. When
starting the gpg-agent as described in its documentation, this
variable is set to the correct value. The option --gpg-agent-info can
be used to override it.
@item COLUMNS
@itemx LINES
Used to size some displays to the full size of the screen.
@end table
@chapheading FILES
@table @asis
@item ~/.gnupg/secring.gpg
The secret keyring
@item ~/.gnupg/secring.gpg.lock
and the lock file
@item ~/.gnupg/pubring.gpg
The public keyring
@item ~/.gnupg/pubring.gpg.lock
and the lock file
@item ~/.gnupg/trustdb.gpg
The trust database
@item ~/.gnupg/trustdb.gpg.lock
and the lock file
@item ~/.gnupg/random_seed
used to preserve the internal random pool
@item ~/.gnupg/gpg.conf
Default configuration file
@item ~/.gnupg/options
Old style configuration file; only used when gpg.conf
is not found
@item /usr[/local]/share/gnupg/options.skel
Skeleton options file
@item /usr[/local]/lib/gnupg/
Default location for extensions
@end table
@c @chapheading WARNINGS
@mansect warnings
@chapheading WARNINGS
Use a *good* password for your user account and a *good* passphrase
to protect your secret key. This passphrase is the weakest part of the
@ -2536,6 +2533,8 @@ is *very* easy to spy out your passphrase!
If you are going to verify detached signatures, make sure that the
program knows about it; either give both filenames on the command line
or use @samp{-} to specify stdin.
@mansect interoperability
@chapheading INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS
GnuPG tries to be a very flexible implementation of the OpenPGP
@ -2564,6 +2563,8 @@ better off using the --pgp6, --pgp7, or --pgp8 options. These options
are safe as they do not force any particular algorithms in violation
of OpenPGP, but rather reduce the available algorithms to a "PGP-safe"
list.
@mansect bugs
@chapheading BUGS
On many systems this program should be installed as setuid(root). This
@ -2574,5 +2575,3 @@ warning message about insecure memory your operating system supports
locking without being root. The program drops root privileges as soon
as locked memory is allocated.

120
doc/gpgsm.texi
View File

@ -8,17 +8,35 @@
@cindex command options
@cindex options, GPGSM command
@c man begin DESCRIPTION
@manpage gpgsm.1
@ifset manverb
.B gpgsm
.R \- CMS encryption and signing tool
@end ifset
@mansect synopsis
@ifset manverb
.B gpgsm
.RB [ \-\-homedir
.IR dir ]
.RB [ \-\-options
.IR file ]
.RI [ options ]
.I command
.RI [ args ]
@end ifset
@mansect description
@command{gpgsm} is a tool similar to @command{gpg} to provide digital
encryption and signing servicesd on X.509 certificates and the CMS
protocol. It is mainly used as a backend for S/MIME mail processing.
@command{gpgsm} includes a full features certificate management and
complies with all rules defined for the German Sphinx project.
@c man end
@manpause
@xref{Option Index}, for an index to @command{GPGSM}'s commands and options.
@mancont
@menu
* GPGSM Commands:: List of all commands.
@ -31,8 +49,12 @@ Developer information:
* GPGSM Protocol:: The protocol the server mode uses.
@end menu
@c man begin COMMANDS
@c *******************************************
@c *************** ****************
@c *************** COMMANDS ****************
@c *************** ****************
@c *******************************************
@mansect commands
@node GPGSM Commands
@section Commands
@ -45,6 +67,10 @@ only one command is allowed.
* Certificate Management:: How to manage certificates.
@end menu
@c *******************************************
@c ********** GENERAL COMMANDS *************
@c *******************************************
@node General GPGSM Commands
@subsection Commands not specific to the function
@ -59,6 +85,10 @@ abbreviate this command.
Print a usage message summarizing the most usefule command-line options.
Not that you can abbreviate this command.
@item --warranty
@opindex warranty
Print warranty information.
@item --dump-options
@opindex dump-options
Print a list of all available options and commands. Not that you can
@ -66,7 +96,9 @@ abbreviate this command.
@end table
@c *******************************************
@c ******** OPERATIONAL COMMANDS ***********
@c *******************************************
@node Operational GPGSM Commands
@subsection Commands to select the type of operation
@ -122,8 +154,11 @@ use @samp{--help} to get a list of supported operations.
@end table
@c *******************************************
@c ******* CERTIFICATE MANAGEMENT **********
@c *******************************************
@node Certificate Management
@subsection How to manage the certificate and keys
@subsection How to manage the certificates and keys
@table @gnupgtabopt
@item --gen-key
@ -200,8 +235,8 @@ secret key from a PKCS#12 file.
@item --learn-card
@opindex learn-card
Read information about the private keys from the smartcard and import
the certificates from there. This command utilizes the @sc{gpg-agent}
and in turn the @sc{scdaemon}.
the certificates from there. This command utilizes the @command{gpg-agent}
and in turn the @command{scdaemon}.
@item --passwd @var{user_id}
@opindex passwd
@ -212,6 +247,12 @@ smartcard is not yet supported.
@end table
@c *******************************************
@c *************** ****************
@c *************** OPTIONS ****************
@c *************** ****************
@c *******************************************
@mansect options
@node GPGSM Options
@section Option Summary
@ -226,8 +267,10 @@ and to change the default configuration.
* Esoteric Options:: Doing things one usually don't want to do.
@end menu
@c man begin OPTIONS
@c *******************************************
@c ******** CONFIGURATION OPTIONS **********
@c *******************************************
@node Configuration Options
@subsection How to change the configuration
@ -296,6 +339,9 @@ When running in server mode, append all logging output to @var{file}.
@end table
@c *******************************************
@c ******** CERTIFICATE OPTIONS ************
@c *******************************************
@node Certificate Options
@subsection Certificate related options
@ -335,7 +381,7 @@ performance, the dirmngr will actually optimize this by suppressing
the loading for short time intervalls (e.g. 30 minutes). This option
is useful to make sure that a fresh CRL is available for certificates
hold in the keybox. The suggested way of doing this is by using it
along with the option @option{--with-validation} for a ke listing
along with the option @option{--with-validation} for a key listing
command. This option should not be used in a configuration file.
@item --enable-ocsp
@ -352,6 +398,9 @@ so you will get the error code @samp{Not supported}.
@end table
@c *******************************************
@c *********** INPUT AND OUTPUT ************
@c *******************************************
@node Input and Output
@subsection Input and Output
@ -411,6 +460,9 @@ certificate.
@end table
@c *******************************************
@c ************* CMS OPTIONS ***************
@c *******************************************
@node CMS Options
@subsection How to change how the CMS is created.
@ -425,6 +477,9 @@ values include up to @var{n} certificates starting with the signer cert.
@c *******************************************
@c ******** ESOTERIC OPTIONS ***************
@c *******************************************
@node Esoteric Options
@subsection Doing things one usually don't want to do.
@ -527,8 +582,12 @@ All the long options may also be given in the configuration file after
stripping off the two leading dashes.
@c man begin FILES
@c *******************************************
@c *************** ****************
@c *************** FILES ****************
@c *************** ****************
@c *******************************************
@mansect files
@node GPGSM Configuration
@section Configuration files
@ -558,10 +617,12 @@ in this file will fail the signature verification.
For example, to allow only the policy 2.289.9.9, the file should look
like this:
@c man:.RS
@example
# Allowed policies
2.289.9.9
@end example
@c man:.RE
@item qualified.txt
@cindex qualified.txt
@ -601,16 +662,17 @@ certificates, appropriate notices will be shown to indicate this fact.
@end table
@c man:.RE
Note that on larger installations, it is useful to put predefined files
into the directory @file{/etc/skel/.gnupg/} so that newly created users
start up with a working configuration. For existing users the a small
helper script is provided to create these files (@pxref{addgnupghome}).
For internal purposes gpgsm creates and maintaines a few other files;
They all live in in the current home directory (@pxref{option
--homedir}). Only @command{gpgsm} may modify these files.
@table @file
@item pubring.kbx
@cindex pubring.kbx
@ -627,25 +689,28 @@ other programs of this software too.
@end table
@c
@c Examples
@c
@c *******************************************
@c *************** ****************
@c *************** EXAMPLES ****************
@c *************** ****************
@c *******************************************
@mansect examples
@node GPGSM Examples
@section Examples
@c man begin EXAMPLES
@example
$ gpgsm -er goo@@bar.net <plaintext >ciphertext
@end example
@c man end
@c ---------------------------------
@c The machine interface
@c --------------------------------
@c *******************************************
@c *************** **************
@c *************** UNATTENDED **************
@c *************** **************
@c *******************************************
@node Unattended Usage
@section Unattended Usage
@ -704,9 +769,12 @@ this is a missing certificate.
@end table
@c
@c Assuan Protocol
@c
@c *******************************************
@c *************** *****************
@c *************** ASSSUAN *****************
@c *************** *****************
@c *******************************************
@mansect assuan
@node GPGSM Protocol
@section The Protocol the Server Mode Uses.

110
doc/scdaemon.texi
View File

@ -8,14 +8,41 @@
@cindex command options
@cindex options, SCDAEMON command
@c man begin DESCRIPTION
@manpage scdaemon.1
@ifset manverb
.B scdaemon
.R \- Smartcard daemon for the GnuPG system
@end ifset
@mansect synopsis
@ifset manverb
.B scdaemon
.RB [ \-\-homedir
.IR dir ]
.RB [ \-\-options
.IR file ]
.RI [ options ]
.B \-\-server
.br
.B scdaemon
.RB [ \-\-homedir
.IR dir ]
.RB [ \-\-options
.IR file ]
.RI [ options ]
.B \-\-daemon
.RI [ command_line ]
@end ifset
@mansect description
The @command{scdaemon} is a daemon to manage smartcards. It is usually
invoked by gpg-agent and in general not used directly.
invoked by @command{gpg-agent} and in general not used directly.
@c man end
@xref{Option Index}, for an index to GPG-AGENTS's commands and options.
@manpause
@xref{Option Index}, for an index to @command{scdaemon}'s commands and
options.
@mancont
@menu
* Scdaemon Commands:: List of all commands.
@ -25,7 +52,7 @@ invoked by gpg-agent and in general not used directly.
* Scdaemon Protocol:: The protocol the daemon uses.
@end menu
@c man begin COMMANDS
@mansect commands
@node Scdaemon Commands
@section Commands
@ -73,7 +100,7 @@ This is mainly a debugging command, used to print the ATR
@end table
@c man begin OPTIONS
@mansect options
@node Scdaemon Options
@section Option Summary
@ -109,18 +136,18 @@ verbose commands to @command{gpgsm}, such as @samp{-vv}.
Select the debug level for investigating problems. @var{level} may be
one of:
@table @code
@item none
no debugging at all.
@item basic
some basic debug messages
@item advanced
more verbose debug messages
@item expert
even more detailed messages
@item guru
all of the debug messages you can get
@end table
@table @code
@item none
no debugging at all.
@item basic
some basic debug messages
@item advanced
more verbose debug messages
@item expert
even more detailed messages
@item guru
all of the debug messages you can get
@end table
How these messages are mapped to the actual debugging flags is not
specified and may change with newer releaes of this program. They are
@ -139,26 +166,26 @@ This option is only useful for debugging and the behaviour may change at
any time without notice. FLAGS are bit encoded and may be given in
usual C-Syntax. The currently defined bits are:
@table @code
@item 0 (1)
command I/O
@item 1 (2)
values of big number integers
@item 2 (4)
low level crypto operations
@item 5 (32)
memory allocation
@item 6 (64)
caching
@item 7 (128)
show memory statistics.
@item 9 (512)
write hashed data to files named @code{dbgmd-000*}
@item 10 (1024)
trace Assuan protocol
@item 11 (2048)
trace APDU I/O to the card. This may reveal sensitive data.
@end table
@table @code
@item 0 (1)
command I/O
@item 1 (2)
values of big number integers
@item 2 (4)
low level crypto operations
@item 5 (32)
memory allocation
@item 6 (64)
caching
@item 7 (128)
show memory statistics.
@item 9 (512)
write hashed data to files named @code{dbgmd-000*}
@item 10 (1024)
trace Assuan protocol
@item 11 (2048)
trace APDU I/O to the card. This may reveal sensitive data.
@end table
@item --debug-all
@opindex debug-all
@ -256,8 +283,7 @@ All the long options may also be given in the configuration file after
stripping off the two leading dashes.
@c man begin CARD APPLICATIONS
@mansect card applications
@node Card applications
@section Description of card applications
@ -304,6 +330,7 @@ This is common fraqmework for smart card applications. It is used by
@c
@c Examples
@c
@mansect examples
@node Scdaemon Examples
@section Examples
@ -318,6 +345,7 @@ $ scdaemon --server -v
@c
@c Assuan Protocol
@c
@mansect assuan
@node Scdaemon Protocol
@section Scdaemon's Assuan Protocol

1031
doc/yat2m.c Normal file
View File

File diff suppressed because it is too large Load Diff