From 7f8ccb67e337b3d1b598ee1cdf5f72086af0a156 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 9 Sep 2021 17:45:33 +0200 Subject: [PATCH] doc: Clarify some gpg keyring options -- GnuPG-bug-id: 5594 --- doc/gpg.texi | 50 ++++++++++++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index 5919366d8..9fd3c0d9b 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -445,7 +445,7 @@ request a confirmation. @item --export @opindex export -Either export all keys from all keyrings (default keyrings and those +Either export all keys from all keyrings (default keyring and those registered via option @option{--keyring}), or if at least one name is given, those of the given name. The exported keys are written to STDOUT or to the file given with option @option{--output}. Use together with @@ -1105,12 +1105,12 @@ signing. @item save @opindex keyedit:save - Save all changes to the keyrings and quit. + Save all changes to the keyring and quit. @item quit @opindex keyedit:quit Quit the program without updating the - keyrings. + keyring. @end table @c man:.RS @@ -1523,7 +1523,7 @@ photo viewers use the @code{PATH} environment variable. Add @var{file} to the current list of keyrings. If @var{file} begins with a tilde and a slash, these are replaced by the $HOME directory. If the filename does not contain a slash, it is assumed to be in the GnuPG -home directory ("~/.gnupg" if @option{--homedir} or $GNUPGHOME is not +home directory ("~/.gnupg" unless @option{--homedir} or $GNUPGHOME is used). Note that this adds a keyring to the current list. If the intent is to @@ -1533,18 +1533,23 @@ use the specified keyring alone, use @option{--keyring} along with If the option @option{--no-keyring} has been used no keyrings will be used at all. +Note that if the option @option{use-keyboxd} is enabled in +@file{common.conf}, no keyrings are used at all and keys are all +maintained by the keyboxd process in its own database. + +@item --primary-keyring @var{file} +@opindex primary-keyring +This is a varian of @option{--keyring} and designates @var{file} as +the primary public keyring. This means that newly imported keys (via +@option{--import} or keyserver @option{--recv-from}) will go to this +keyring. + @item --secret-keyring @var{file} @opindex secret-keyring This is an obsolete option and ignored. All secret keys are stored in the @file{private-keys-v1.d} directory below the GnuPG home directory. -@item --primary-keyring @var{file} -@opindex primary-keyring -Designate @var{file} as the primary public keyring. This means that -newly imported keys (via @option{--import} or keyserver -@option{--recv-from}) will go to this keyring. - @item --trustdb-name @var{file} @opindex trustdb-name Use @var{file} instead of the default trustdb. If @var{file} begins @@ -2485,9 +2490,9 @@ opposite meaning. The options are: signatures. Defaults to yes. @item bulk-import - When used the keyboxd (option "use-keyboxd" in @file{common.conf}) - do the import within a single - transaction. This is an experimental feature. + When used the keyboxd (option @option{use-keyboxd} in @file{common.conf}) + does the import within a single + transaction. @item import-minimal Import the smallest key possible. This removes all signatures except @@ -3024,10 +3029,8 @@ and may thus be changed or removed at any time without notice. @item --debug-allow-large-chunks @opindex debug-allow-large-chunks -To facilitate in-memory decryption on the receiving site, the largest -recommended chunk size is 128 MiB (@code{--chunk-size 27}). This -option allows to specify a limit of up to 4 EiB (@code{--chunk-size -62}) for experiments. +To facilitate software tests and experiments this option allows to +specify a limit of up to 4 EiB (@code{--chunk-size 62}). @item --faked-system-time @var{epoch} @opindex faked-system-time @@ -3470,11 +3473,14 @@ invalid. This options allows to override this restriction. @item --no-default-keyring @opindex no-default-keyring -Do not add the default keyrings to the list of keyrings. Note that -GnuPG will not operate without any keyrings, so if you use this option -and do not provide alternate keyrings via @option{--keyring} or -@option{--secret-keyring}, then GnuPG will still use the default public or -secret keyrings. +Do not add the default keyring to the list of keyrings. Note that +GnuPG needs for almost all operations a keyring. Thus if you use this +option and do not provide alternate keyrings via @option{--keyring}, +then GnuPG will still use the default keyring. + +Note that if the option @option{use-keyboxd} is enabled in +@file{common.conf}, no keyrings are used at all and keys are all +maintained by the keyboxd process in its own database. @item --no-keyring @opindex no-keyring