security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Code Activity

* gpg.sgml: Document backsign, --require-backsigs, and

Browse Source 
--no-require-backsigs.

* DETAILS: Clarify Key-Usage.
This commit is contained in:
David Shaw 2005-10-27 19:18:05 +00:00
parent b3ea683ac9
commit 74ee007922
3 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/ChangeLog
View File

@ -1,3 +1,10 @@
2005-10-27 David Shaw <dshaw@jabberwocky.com>
* gpg.sgml: Document backsign, --require-backsigs, and
--no-require-backsigs.
* DETAILS: Clarify Key-Usage.
2005-10-07 Werner Koch <wk@g10code.com> 2005-10-07 Werner Koch <wk@g10code.com>
* gpgv.sgml: Small spelling corrections by Mike Dowling. * gpgv.sgml: Small spelling corrections by Mike Dowling.

11
doc/DETAILS
View File

@ -587,7 +587,7 @@ more arguments in future versions.
PIN change really worked. PIN change really worked.
BACKUP_KEY_CREATED fingerprint fname BACKUP_KEY_CREATED fingerprint fname
A backup key named FNAME has been created for the key wityh A backup key named FNAME has been created for the key with
KEYID. KEYID.
@ -750,8 +750,13 @@ The format of this file is as follows:
Length of the key in bits. Default is 1024. Length of the key in bits. Default is 1024.
Key-Usage: <usage-list> Key-Usage: <usage-list>
Space or comma delimited list of key usage, allowed values are Space or comma delimited list of key usage, allowed values are
"encrypt" and "sign". This is used to generate the key flags. "encrypt", "sign", and "auth". This is used to generate the
Please make sure that the algorithm is capable of this usage. key flags. Please make sure that the algorithm is capable of
this usage. Note that OpenPGP requires that all primary keys
are capable of certification, so no matter what usage is given
here, the "cert" flag will be on. If no Key-Usage is
specified, all the allowed usages for that particular
algorithm are used.
Subkey-Type: <algo-number>|<algo-string> Subkey-Type: <algo-number>|<algo-string>
This generates a secondary key. Currently only one subkey This generates a secondary key. Currently only one subkey
can be handled. can be handled.

19
doc/gpg.sgml
View File

@ -563,6 +563,14 @@ that is no longer usable (e.g. revoked, or expired).
</variablelist> </variablelist>
If invoked with no arguments, both `sigs' and `uids' are cleaned. If invoked with no arguments, both `sigs' and `uids' are cleaned.
</para></listitem></varlistentry>
<varlistentry>
<term>backsign</term>
<listitem></para>
Add back signatures to signing subkeys that may not currently have
back signatures. Back signatures protect against a subtle attack
against signing subkeys. See --require-backsigs.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
@ -2712,6 +2720,17 @@ content of an encrypted message; using this option you can do this without
handing out the secret key. handing out the secret key.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry>
<term>--require-backsigs</term>
<term>--no-require-backsigs</term>
<listitem><para>
When verifying a signature made from a subkey, ensure that the "back
signature" on the subkey is present and valid. This protects against
a subtle attack against subkeys that can sign. Currently defaults to
--no-require-backsigs, but will be changed to --require-backsigs in
the future.
</para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--ask-sig-expire</term> <term>--ask-sig-expire</term>
<term>--no-ask-sig-expire</term> <term>--no-ask-sig-expire</term>