mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
See ChangeLog: Fri Jan 14 18:32:01 CET 2000 Werner Koch
This commit is contained in:
Werner Koch
parent
e8164f20ab
commit
932049cbe4
25 changed files with 249 additions and 65 deletions
|
|
@ -494,6 +494,15 @@ There is one enhancement used with the old style packet headers:
|
|||
+ that this is the last packet.
|
||||
|
||||
|
||||
GNU extensions to the S2K algorithm
|
||||
===================================
|
||||
S2K mode 101 is used to identify these extensions.
|
||||
After the hash algorithm the 3 bytes "GNU" are used to make
|
||||
clear that these are extensions for GNU, the next bytes gives the
|
||||
GNU protection mode - 1000. Defined modes are:
|
||||
1001 - do not store the secret part at all
|
||||
|
||||
|
||||
Usage of gdbm files for keyrings
|
||||
================================
|
||||
The key to store the keyblock is it's fingerprint, other records
|
||||
|
|
|
|||
27
doc/FAQ
27
doc/FAQ
|
|
@ -372,3 +372,30 @@
|
|||
message and encrypt it again without this option. The option will
|
||||
be removed in 1.1, so better re-encrypt your message now.
|
||||
|
||||
Q: How can I used GnuPG in an automated environment?
|
||||
A: You should use the option --batch and don't use passphrases as
|
||||
there is usually no way to store it more secure than the secret
|
||||
keyring itself. The suggested way to create the keys for the
|
||||
automated envirionment ist:
|
||||
On a secure machine:
|
||||
1. If you want to do automatic signing, create a signing subkey
|
||||
for your key (edit menu, choose "addkey" and the DSA).
|
||||
2. Make sure that you use a passphrase (Needed by the current
|
||||
implementation)
|
||||
3. gpg --export-secret-subkeys --no-comment foo >secring.auto
|
||||
4. Copy secring.auto and the public keyring to a test directory.
|
||||
5. Cd to this diectory
|
||||
6. gpg --homedir . --edit foo
|
||||
and use "passwd" to remove the passphrase from the subkeys.
|
||||
You may also want to remove all unused subkeys.
|
||||
7. copy secring.auto to a floppy and carry it to the
|
||||
target box
|
||||
On the target machine:
|
||||
8. Install secring.auto as secret keyring.
|
||||
9. Now you can start your new service. It is a good idea to
|
||||
install some intrusion detection system so that you hopefully
|
||||
get a notice of an successful intrusion, so that you in turn can
|
||||
revoke all the subkeys installed on that machine and install new
|
||||
subkeys.
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -33,6 +33,15 @@
|
|||
which can be considered to be in compliance with RFC1991; this
|
||||
format is only created if a special option is active.
|
||||
|
||||
GnuPG uses a S2K mode of 101 for GNU extensions to the secret key
|
||||
protection algorithms. This number is not defined in OpenPGP, but
|
||||
given the fact that this number is in a range which used at many
|
||||
other places in OpenPGP for private/experimenat algorithm identifiers,
|
||||
this should be not a so bad choice. The 3 bytes "GNU" are used
|
||||
to identify this as a GNU extension - see the file DETAILS for a
|
||||
definition of the used data formats.
|
||||
|
||||
|
||||
|
||||
Some Notes on OpenPGP / PGP Compatibility:
|
||||
==========================================
|
||||
|
|
|
|||
10
doc/gpg.sgml
10
doc/gpg.sgml
|
|
@ -27,7 +27,7 @@
|
|||
-->
|
||||
|
||||
|
||||
<!DOCTYPE RefEntry PUBLIC "-//Davenport//DTD DocBook V3.0//EN" [
|
||||
<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN" [
|
||||
<!entity ParmDir "<parameter>directory</parameter>">
|
||||
<!entity ParmFile "<parameter>file</parameter>">
|
||||
<!entity OptParmFile "<optional>&ParmFile;</optional>">
|
||||
|
|
@ -157,7 +157,7 @@ and the remaining files are the signed stuff.
|
|||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--verify-files <optional><optional><parameter/files/</optional>
|
||||
<term>--verify-files <optional><parameter/files/</optional></term>
|
||||
<listitem><para>
|
||||
This is a special version of the --verify command which does not work with
|
||||
detached signatures. The command expects the files to bee verified either
|
||||
|
|
@ -431,9 +431,14 @@ are not compatible to OpenPGP.
|
|||
|
||||
<varlistentry>
|
||||
<term>--export-secret-keys &OptParmNames;</term>
|
||||
<term>--export-secret-subkeys &OptParmNames;</term>
|
||||
<listitem><para>
|
||||
Same as --export, but does export the secret keys.
|
||||
This is normally not very useful and a security risk.
|
||||
the second form of the command has the special property to
|
||||
render the secret part of the primary key useless; this is
|
||||
a GNU extension to OpenPGP and other implementations can
|
||||
not be expected to successful import such a key.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
|
|
@ -1418,6 +1423,7 @@ constructed by cutting off the extension (".asc" or ".sig") of
|
|||
<term>GNUPGHOME</term>
|
||||
<listitem><para>If set directory used instead of "~/.gnupg".</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>http_proxy</term>
|
||||
<listitem><para>Only honored when the option --honor-http-proxy is set.</para></listitem>
|
||||
</varlistentry>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue