From 7c5d2909ddaf0d84192405d9f446b95d1806936a Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 4 Oct 2013 14:31:35 +0200 Subject: [PATCH] doc: Some gpg and gpgv clarifications. -- GnuPG-bug-id: 1486, 1537 --- doc/gpg.texi | 8 ++++++++ doc/gpgv.texi | 13 +++++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index a88ddca41..c588d7a1d 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -252,6 +252,14 @@ signed stuff from STDIN, use @samp{-} as the second filename. For security reasons a detached signature cannot read the signed material from STDIN without denoting it in the above way. +Note: When verifying a cleartext signature, @command{gpg} verifies +only what makes up the cleartext signed data and not any extra data +outside of the cleartext signature or header lines following directly +the dash marker line. The option @code{--output} may be used to write +out the actual signed data; but there are other pitfalls with this +format as well. It is suggested to avoid cleartext signatures in +favor of detached signatures. + @item --multifile @opindex multifile This modifies certain other commands to accept multiple files for diff --git a/doc/gpgv.texi b/doc/gpgv.texi index b6047f4ba..0cb2360f8 100644 --- a/doc/gpgv.texi +++ b/doc/gpgv.texi @@ -62,10 +62,15 @@ the public keys used to make the signature are valid. There are no configuration files and only a few options are implemented. @code{@gpgvname} assumes that all keys in the keyring are trustworthy. -By default it uses a keyring named @file{trustedkeys.gpg} which is -assumed to be in the home directory as defined by GnuPG or set by an -option or an environment variable. An option may be used to specify -another keyring or even multiple keyrings. +That does also mean that it does not check for expired or revoked +keys. + +By default a keyring named @file{trustedkeys.gpg} is used. This +default keyring is assumed to be in the home directory of GnuPG, +either the default home directory or the one set by an option or an +environment variable. The option @code{--keyring} may be used to +specify a different keyring or even multiple keyrings. + @noindent @mansect options