mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
* gpg.sgml: Document backsign, --require-backsigs, and
--no-require-backsigs. * DETAILS: Clarify Key-Usage.
This commit is contained in:
parent
b3ea683ac9
commit
74ee007922
@ -1,3 +1,10 @@
|
|||||||
|
2005-10-27 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* gpg.sgml: Document backsign, --require-backsigs, and
|
||||||
|
--no-require-backsigs.
|
||||||
|
|
||||||
|
* DETAILS: Clarify Key-Usage.
|
||||||
|
|
||||||
2005-10-07 Werner Koch <wk@g10code.com>
|
2005-10-07 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
* gpgv.sgml: Small spelling corrections by Mike Dowling.
|
* gpgv.sgml: Small spelling corrections by Mike Dowling.
|
||||||
|
11
doc/DETAILS
11
doc/DETAILS
@ -587,7 +587,7 @@ more arguments in future versions.
|
|||||||
PIN change really worked.
|
PIN change really worked.
|
||||||
|
|
||||||
BACKUP_KEY_CREATED fingerprint fname
|
BACKUP_KEY_CREATED fingerprint fname
|
||||||
A backup key named FNAME has been created for the key wityh
|
A backup key named FNAME has been created for the key with
|
||||||
KEYID.
|
KEYID.
|
||||||
|
|
||||||
|
|
||||||
@ -750,8 +750,13 @@ The format of this file is as follows:
|
|||||||
Length of the key in bits. Default is 1024.
|
Length of the key in bits. Default is 1024.
|
||||||
Key-Usage: <usage-list>
|
Key-Usage: <usage-list>
|
||||||
Space or comma delimited list of key usage, allowed values are
|
Space or comma delimited list of key usage, allowed values are
|
||||||
"encrypt" and "sign". This is used to generate the key flags.
|
"encrypt", "sign", and "auth". This is used to generate the
|
||||||
Please make sure that the algorithm is capable of this usage.
|
key flags. Please make sure that the algorithm is capable of
|
||||||
|
this usage. Note that OpenPGP requires that all primary keys
|
||||||
|
are capable of certification, so no matter what usage is given
|
||||||
|
here, the "cert" flag will be on. If no Key-Usage is
|
||||||
|
specified, all the allowed usages for that particular
|
||||||
|
algorithm are used.
|
||||||
Subkey-Type: <algo-number>|<algo-string>
|
Subkey-Type: <algo-number>|<algo-string>
|
||||||
This generates a secondary key. Currently only one subkey
|
This generates a secondary key. Currently only one subkey
|
||||||
can be handled.
|
can be handled.
|
||||||
|
19
doc/gpg.sgml
19
doc/gpg.sgml
@ -563,6 +563,14 @@ that is no longer usable (e.g. revoked, or expired).
|
|||||||
</variablelist>
|
</variablelist>
|
||||||
|
|
||||||
If invoked with no arguments, both `sigs' and `uids' are cleaned.
|
If invoked with no arguments, both `sigs' and `uids' are cleaned.
|
||||||
|
</para></listitem></varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>backsign</term>
|
||||||
|
<listitem></para>
|
||||||
|
Add back signatures to signing subkeys that may not currently have
|
||||||
|
back signatures. Back signatures protect against a subtle attack
|
||||||
|
against signing subkeys. See --require-backsigs.
|
||||||
</para></listitem></varlistentry>
|
</para></listitem></varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
@ -2712,6 +2720,17 @@ content of an encrypted message; using this option you can do this without
|
|||||||
handing out the secret key.
|
handing out the secret key.
|
||||||
</para></listitem></varlistentry>
|
</para></listitem></varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>--require-backsigs</term>
|
||||||
|
<term>--no-require-backsigs</term>
|
||||||
|
<listitem><para>
|
||||||
|
When verifying a signature made from a subkey, ensure that the "back
|
||||||
|
signature" on the subkey is present and valid. This protects against
|
||||||
|
a subtle attack against subkeys that can sign. Currently defaults to
|
||||||
|
--no-require-backsigs, but will be changed to --require-backsigs in
|
||||||
|
the future.
|
||||||
|
</para></listitem></varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>--ask-sig-expire</term>
|
<term>--ask-sig-expire</term>
|
||||||
<term>--no-ask-sig-expire</term>
|
<term>--no-ask-sig-expire</term>
|
||||||
|
Loading…
x
Reference in New Issue
Block a user