doc: Some gpg and gpgv clarifications.

-- GnuPG-bug-id: 1486, 1537
2013-10-04 14:31:35 +02:00 · 2013-10-04 14:31:35 +02:00 · 7c5d2909dd
parent e6175055fb
commit 7c5d2909dd
2 changed files with 17 additions and 4 deletions
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -252,6 +252,14 @@ signed stuff from STDIN, use @samp{-} as the second filename.  For
 security reasons a detached signature cannot read the signed material
 from STDIN without denoting it in the above way.

+Note: When verifying a cleartext signature, @command{gpg} verifies
+only what makes up the cleartext signed data and not any extra data
+outside of the cleartext signature or header lines following directly
+the dash marker line.  The option @code{--output} may be used to write
+out the actual signed data; but there are other pitfalls with this
+format as well.  It is suggested to avoid cleartext signatures in
+favor of detached signatures.
+
@item --multifile
@opindex multifile
 This modifies certain other commands to accept multiple files for
--- a/doc/gpgv.texi
+++ b/doc/gpgv.texi
@ -62,10 +62,15 @@ the public keys used to make the signature are valid. There are
 no configuration files and only a few options are implemented.

@code{@gpgvname} assumes that all keys in the keyring are trustworthy.
-By default it uses a keyring named @file{trustedkeys.gpg} which is
-assumed to be in the home directory as defined by GnuPG or set by an
-option or an environment variable. An option may be used to specify
-another keyring or even multiple keyrings.
+That does also mean that it does not check for expired or revoked
+keys.
+
+By default a keyring named @file{trustedkeys.gpg} is used.  This
+default keyring is assumed to be in the home directory of GnuPG,
+either the default home directory or the one set by an option or an
+environment variable.  The option @code{--keyring} may be used to
+specify a different keyring or even multiple keyrings.
+

@noindent
@mansect options