From 7fe578ce225d8bb3e4049ef94905b0d4791625eb Mon Sep 17 00:00:00 2001 From: David Shaw Date: Sun, 27 Apr 2003 20:37:26 +0000 Subject: [PATCH] * DETAILS (VALIDSIG): Add version, pk algo, digest algo, sig class, and a reserved field for flags in a future version. * gpg.sgml: Document --no-textmode and --no-use-agent. Clarify the interoperability section. Clarify that "hkp corruption" (repair-hkp-subkey-bug) is really "pks corruption" (repair-pks-subkey-bug). --- doc/ChangeLog | 10 ++++++++++ doc/DETAILS | 24 ++++++++++++++---------- doc/gpg.sgml | 43 ++++++++++++++++++++++++------------------- 3 files changed, 48 insertions(+), 29 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index aaea7a303..77fff5983 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,13 @@ +2003-04-27 David Shaw + + * DETAILS (VALIDSIG): Add version, pk algo, digest algo, sig + class, and a reserved field for flags in a future version. + + * gpg.sgml: Document --no-textmode and --no-use-agent. Clarify + the interoperability section. Clarify that "hkp corruption" + (repair-hkp-subkey-bug) is really "pks corruption" + (repair-pks-subkey-bug). + 2003-04-15 Werner Koch * gpg.sgml: Document --enable-progress-filter. diff --git a/doc/DETAILS b/doc/DETAILS index b5bca781b..ad7c60942 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -164,17 +164,21 @@ more arguments in future versions. this signature. sig_class is a 2 byte hex-value. VALIDSIG - + + - The signature with the keyid is good. This is the same - as GOODSIG but has the fingerprint as the argument. Both - status lines are emitted for a good signature. - sig-timestamp is the signature creation time in seconds after - the epoch. expire-timestamp is the signature expiration time - in seconds after the epoch (zero means "does not expire"). - PRIMARY-KEY-FPR is the fingerprint of the primary key or - identical to the first argument. This is useful to get back - to the primary key without running gpg again for this purpose. + The signature with the keyid is good. This is the same as + GOODSIG but has the fingerprint as the argument. Both status + lines are emitted for a good signature. All arguments here + are on one long line. sig-timestamp is the signature creation + time in seconds after the epoch. expire-timestamp is the + signature expiration time in seconds after the epoch (zero + means "does not expire"). sig-version, pubkey-algo, hash-algo, + and sig-class (a 2-byte hex value) are all straight from the + signature packet. PRIMARY-KEY-FPR is the fingerprint of the + primary key or identical to the first argument. This is + useful to get back to the primary key without running gpg + again for this purpose. SIG_ID This is emitted only for signatures of class 0 or 1 which diff --git a/doc/gpg.sgml b/doc/gpg.sgml index 2cd93f217..1989c572a 100644 --- a/doc/gpg.sgml +++ b/doc/gpg.sgml @@ -895,13 +895,13 @@ compression level of zlib (normally 6). -t, --textmode +--no-textmode -Use canonical text mode. If -t (but not ---textmode) is used together with armoring -and signing, this enables clearsigned messages. -This kludge is needed for PGP compatibility; -normally you would use --sign or --clearsign -to selected the type of the signature. +Use canonical text mode. --no-textmode disables this option. If -t +(but not --textmode) is used together with armoring and signing, this +enables clearsigned messages. This kludge is needed for PGP +compatibility; normally you would use --sign or --clearsign to +selected the type of the signature. @@ -1146,11 +1146,12 @@ Defaults to no. -repair-hkp-subkey-bug +repair-pks-subkey-bug -During import, attempt to repair the HKP keyserver mangling multiple -subkeys bug. Note that this cannot completely repair the damaged key -as some crucial data is removed by the keyserver, but it does at least +During import, attempt to repair the damage caused by the PKS +keyserver bug (pre version 0.9.6) that mangles keys with multiple +subkeys. Note that this cannot completely repair the damaged key as +some crucial data is removed by the keyserver, but it does at least give you back one subkey. Defaults to no for regular --import and to yes for keyserver --recv-keys. @@ -1757,10 +1758,12 @@ distribution for details on how to use it. --use-agent +--no-use-agent Try to use the GnuPG-Agent. Please note that this agent is still under development. With this option, GnuPG first tries to connect to the -agent before it asks for a passphrase. +agent before it asks for a passphrase. --no-use-agent disables this +option. @@ -2535,17 +2538,19 @@ cannot be read by the intended recipient. For example, as of this writing, no version of official PGP supports the BLOWFISH cipher algorithm. If you use it, no PGP user will be able to decrypt your message. The same thing applies to the ZLIB -compression algorithm. By default, GnuPG will do the right thing and -create messages that are usable by any OpenPGP program. Only override -this safe default if you know what you are doing. +compression algorithm. By default, GnuPG uses the OpenPGP preferences +system that will always do the right thing and create messages that +are usable by all recipients, regardless of which OpenPGP program they +use. Only override this safe default if you know what you are doing. -If you absolutely must override the safe default, you are far better -off using the --pgp2, --pgp6, or --pgp7 options. These options are -safe as they do not force any particular algorithms in violation of -OpenPGP, but rather reduce the available algorithms to a "PGP-safe" -list. +If you absolutely must override the safe default, or if the +preferences on a given key are invalid for some reason, you are far +better off using the --pgp2, --pgp6, --pgp7, or --pgp8 options. These +options are safe as they do not force any particular algorithms in +violation of OpenPGP, but rather reduce the available algorithms to a +"PGP-safe" list.