1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

* gpg.sgml: Document backsign, --require-backsigs, and

--no-require-backsigs.

* DETAILS: Clarify Key-Usage.
This commit is contained in:
David Shaw 2005-10-27 19:18:05 +00:00
parent b3ea683ac9
commit 74ee007922
3 changed files with 34 additions and 3 deletions

View File

@ -1,3 +1,10 @@
2005-10-27 David Shaw <dshaw@jabberwocky.com>
* gpg.sgml: Document backsign, --require-backsigs, and
--no-require-backsigs.
* DETAILS: Clarify Key-Usage.
2005-10-07 Werner Koch <wk@g10code.com>
* gpgv.sgml: Small spelling corrections by Mike Dowling.

View File

@ -587,7 +587,7 @@ more arguments in future versions.
PIN change really worked.
BACKUP_KEY_CREATED fingerprint fname
A backup key named FNAME has been created for the key wityh
A backup key named FNAME has been created for the key with
KEYID.
@ -750,8 +750,13 @@ The format of this file is as follows:
Length of the key in bits. Default is 1024.
Key-Usage: <usage-list>
Space or comma delimited list of key usage, allowed values are
"encrypt" and "sign". This is used to generate the key flags.
Please make sure that the algorithm is capable of this usage.
"encrypt", "sign", and "auth". This is used to generate the
key flags. Please make sure that the algorithm is capable of
this usage. Note that OpenPGP requires that all primary keys
are capable of certification, so no matter what usage is given
here, the "cert" flag will be on. If no Key-Usage is
specified, all the allowed usages for that particular
algorithm are used.
Subkey-Type: <algo-number>|<algo-string>
This generates a secondary key. Currently only one subkey
can be handled.

View File

@ -563,6 +563,14 @@ that is no longer usable (e.g. revoked, or expired).
</variablelist>
If invoked with no arguments, both `sigs' and `uids' are cleaned.
</para></listitem></varlistentry>
<varlistentry>
<term>backsign</term>
<listitem></para>
Add back signatures to signing subkeys that may not currently have
back signatures. Back signatures protect against a subtle attack
against signing subkeys. See --require-backsigs.
</para></listitem></varlistentry>
<varlistentry>
@ -2712,6 +2720,17 @@ content of an encrypted message; using this option you can do this without
handing out the secret key.
</para></listitem></varlistentry>
<varlistentry>
<term>--require-backsigs</term>
<term>--no-require-backsigs</term>
<listitem><para>
When verifying a signature made from a subkey, ensure that the "back
signature" on the subkey is present and valid. This protects against
a subtle attack against subkeys that can sign. Currently defaults to
--no-require-backsigs, but will be changed to --require-backsigs in
the future.
</para></listitem></varlistentry>
<varlistentry>
<term>--ask-sig-expire</term>
<term>--no-ask-sig-expire</term>