* DETAILS (VALIDSIG): Add version, pk algo, digest algo, sig class, and a

reserved field for flags in a future version.

* gpg.sgml: Document --no-textmode and --no-use-agent.  Clarify the
interoperability section.  Clarify that "hkp corruption"
(repair-hkp-subkey-bug) is really "pks corruption"
(repair-pks-subkey-bug).

doc/ChangeLog

@@ -1,3 +1,13 @@
+2003-04-27  David Shaw  <dshaw@jabberwocky.com>
+
+	* DETAILS (VALIDSIG): Add version, pk algo, digest algo, sig
+	class, and a reserved field for flags in a future version.
+
+	* gpg.sgml: Document --no-textmode and --no-use-agent.  Clarify
+	the interoperability section.  Clarify that "hkp corruption"
+	(repair-hkp-subkey-bug) is really "pks corruption"
+	(repair-pks-subkey-bug).
+
 2003-04-15  Werner Koch  <wk@gnupg.org>
 
 	* gpg.sgml: Document --enable-progress-filter.

doc/DETAILS

@@ -164,17 +164,21 @@ more arguments in future versions.
 	this signature.  sig_class is a 2 byte hex-value.
 
     VALIDSIG	<fingerprint in hex> <sig_creation_date> <sig-timestamp>
-		<expire-timestamp> <primary-key-fpr>
+		<expire-timestamp> <sig-version> <reserved> <pubkey-algo>
+		<hash-algo> <sig-class> <primary-key-fpr>
 
-	The signature with the keyid is good. This is the same
+	The signature with the keyid is good. This is the same as
-	as GOODSIG but has the fingerprint as the argument. Both
+	GOODSIG but has the fingerprint as the argument. Both status
-	status lines are emitted for a good signature.
+	lines are emitted for a good signature.  All arguments here
-	sig-timestamp is the signature creation time in seconds after
+	are on one long line.  sig-timestamp is the signature creation
-	the epoch. expire-timestamp is the signature expiration time
+	time in seconds after the epoch. expire-timestamp is the
-	in seconds after the epoch (zero means "does not expire").
+	signature expiration time in seconds after the epoch (zero
-        PRIMARY-KEY-FPR is the fingerprint of the primary key or
+	means "does not expire"). sig-version, pubkey-algo, hash-algo,
-        identical to the first argument.  This is useful to get back
+	and sig-class (a 2-byte hex value) are all straight from the
-        to the primary key without running gpg again for this purpose.
+	signature packet.  PRIMARY-KEY-FPR is the fingerprint of the
+	primary key or identical to the first argument.  This is
+	useful to get back to the primary key without running gpg
+	again for this purpose.
 
     SIG_ID  <radix64_string>  <sig_creation_date>  <sig-timestamp>
 	This is emitted only for signatures of class 0 or 1 which

doc/gpg.sgml

@@ -895,13 +895,13 @@ compression level of zlib (normally 6).
 
 <varlistentry>
 <term>-t, --textmode</term>
+<term>--no-textmode</term>
 <listitem><para>
-Use canonical text mode.  If -t (but not
+Use canonical text mode.  --no-textmode disables this option.  If -t
---textmode) is used together with armoring
+(but not --textmode) is used together with armoring and signing, this
-and signing, this enables clearsigned messages.
+enables clearsigned messages.  This kludge is needed for PGP
-This kludge is needed for PGP compatibility;
+compatibility; normally you would use --sign or --clearsign to
-normally you would use --sign or --clearsign
+selected the type of the signature.
-to selected the type of the signature.
 </para></listitem></varlistentry>
 
 
@@ -1146,11 +1146,12 @@ Defaults to no.
 </para></listitem></varlistentry>
 
 <varlistentry>
-<term>repair-hkp-subkey-bug</term>
+<term>repair-pks-subkey-bug</term>
 <listitem><para>
-During import, attempt to repair the HKP keyserver mangling multiple
+During import, attempt to repair the damage caused by the PKS
-subkeys bug.  Note that this cannot completely repair the damaged key
+keyserver bug (pre version 0.9.6) that mangles keys with multiple
-as some crucial data is removed by the keyserver, but it does at least
+subkeys.  Note that this cannot completely repair the damaged key as
+some crucial data is removed by the keyserver, but it does at least
 give you back one subkey.  Defaults to no for regular --import and to
 yes for keyserver --recv-keys.
 </para></listitem></varlistentry>
@@ -1757,10 +1758,12 @@ distribution for details on how to use it.
 
 <varlistentry>
 <term>--use-agent</term>
+<term>--no-use-agent</term>
 <listitem><para>
 Try to use the GnuPG-Agent. Please note that this agent is still under
 development.  With this option, GnuPG first tries to connect to the
-agent before it asks for a passphrase.
+agent before it asks for a passphrase.  --no-use-agent disables this
+option.
 </para></listitem></varlistentry>
 
 <varlistentry>
@@ -2535,17 +2538,19 @@ cannot be read by the intended recipient.
 For example, as of this writing, no version of official PGP supports
 the BLOWFISH cipher algorithm.  If you use it, no PGP user will be
 able to decrypt your message.  The same thing applies to the ZLIB
-compression algorithm.  By default, GnuPG will do the right thing and
+compression algorithm.  By default, GnuPG uses the OpenPGP preferences
-create messages that are usable by any OpenPGP program.  Only override
+system that will always do the right thing and create messages that
-this safe default if you know what you are doing.
+are usable by all recipients, regardless of which OpenPGP program they
+use.  Only override this safe default if you know what you are doing.
 </para>
 
 <para>
-If you absolutely must override the safe default, you are far better
+If you absolutely must override the safe default, or if the
-off using the --pgp2, --pgp6, or --pgp7 options.  These options are
+preferences on a given key are invalid for some reason, you are far
-safe as they do not force any particular algorithms in violation of
+better off using the --pgp2, --pgp6, --pgp7, or --pgp8 options.  These
-OpenPGP, but rather reduce the available algorithms to a "PGP-safe"
+options are safe as they do not force any particular algorithms in
-list.
+violation of OpenPGP, but rather reduce the available algorithms to a
+"PGP-safe" list.
 </para>
 
 </refsect1>