security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-10 13:04:23 +01:00
Code Activity

* gpg.sgml: Document --trustdb-name. Document --gnupg in a new compliance

Browse Source 
section, and remove the various --no-PGPX options. Deprecate --no-comment
in favor of --no-sk-comments.
This commit is contained in:
David Shaw 2003-05-24 14:38:58 +00:00
parent 2e821d77f7
commit 96c8bae878
2 changed files with 72 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/ChangeLog
View File

@ -1,3 +1,9 @@
2003-05-24 David Shaw <dshaw@jabberwocky.com>
* gpg.sgml: Document --trustdb-name. Document --gnupg in a new
compliance section, and remove the various --no-PGPX
options. Deprecate --no-comment in favor of --no-sk-comments.
2003-05-04 David Shaw <dshaw@jabberwocky.com> 2003-05-04 David Shaw <dshaw@jabberwocky.com>
* gpg.sgml: Some general language tweaks. Note default algo for * gpg.sgml: Some general language tweaks. Note default algo for

106
doc/gpg.sgml
View File

@ -1248,12 +1248,11 @@ effect when listing all keys.
<varlistentry> <varlistentry>
<term>--keyring &ParmFile;</term> <term>--keyring &ParmFile;</term>
<listitem><para> <listitem><para>
Add &ParmFile to the list of keyrings. Add &ParmFile; to the list of keyrings. If &ParmFile; begins with a
If &ParmFile begins with a tilde and a slash, these tilde and a slash, these are replaced by the HOME directory. If the
are replaced by the HOME directory. If the filename filename does not contain a slash, it is assumed to be in the GnuPG
does not contain a slash, it is assumed to be in the home directory ("~/.gnupg" if --homedir is not used). The filename
home-directory ("~/.gnupg" if --homedir is not used). may be prefixed with a scheme:</para>
The filename may be prefixed with a scheme:</para>
<para>"gnupg-ring:" is the default one.</para> <para>"gnupg-ring:" is the default one.</para>
<para>It might make sense to use it together with --no-default-keyring. <para>It might make sense to use it together with --no-default-keyring.
</para></listitem></varlistentry> </para></listitem></varlistentry>
@ -1273,6 +1272,18 @@ newly imported keys (via --import or keyserver --recv-from) will go to
this keyring. this keyring.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry>
<term>--trustdb-name &ParmFile;</term>
<listitem><para>
Use &ParmFile; instead of the default trustdb. If &ParmFile; begins
with a tilde and a slash, these are replaced by the HOME directory. If
the filename does not contain a slash, it is assumed to be in the
GnuPG home directory ("~/.gnupg" if --homedir is not used).
</para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--homedir &ParmDir;</term> <term>--homedir &ParmDir;</term>
<listitem><para> <listitem><para>
@ -1418,15 +1429,16 @@ option.
<varlistentry> <varlistentry>
<term>--no-comment</term> <term>--no-comment</term>
<listitem><para> <listitem><para>
See --sk-comments. This option is deprecated and may be removed soon. See --no-sk-comments. This option is deprecated and may be removed
soon.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--comment &ParmString;</term> <term>--comment &ParmString;</term>
<listitem><para> <listitem><para>
Use &ParmString; as comment string in clear text signatures. Use &ParmString; as the comment string in clear text signatures. The
The default is not do write a comment string. default behavior is not to use a comment string.
</para></listitem></varlistentry> </para></listitem></varlistentry>
@ -1498,10 +1510,8 @@ Use &ParmString; as Policy URL for signatures (rfc2440:5.2.3.19). If
you prefix it with an exclamation mark, the policy URL packet will be you prefix it with an exclamation mark, the policy URL packet will be
flagged as critical. --sig-policy-url sets a a policy url for data flagged as critical. --sig-policy-url sets a a policy url for data
signatures. --cert-policy-url sets a policy url for key signatures signatures. --cert-policy-url sets a policy url for key signatures
(certifications). -set-policy-url sets both. (certifications). --set-policy-url sets both.
</para> </para><para>
<para>
The same %-expandos used for notation data are available here as well. The same %-expandos used for notation data are available here as well.
</para></listitem></varlistentry> </para></listitem></varlistentry>
@ -1517,8 +1527,9 @@ as when verifying a signature with a policy URL in it.
<varlistentry> <varlistentry>
<term>--set-filename &ParmString;</term> <term>--set-filename &ParmString;</term>
<listitem><para> <listitem><para>
Use &ParmString; as the name of file which is stored in Use &ParmString; as the filename which is stored inside messages.
messages. This overrides the default, which is to use the actual filename of the
file being encrypted.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
@ -1776,16 +1787,44 @@ Override the value of the environment variable
<literal>GPG_AGENT_INFO</>. This is only used when --use-agent has been given <literal>GPG_AGENT_INFO</>. This is only used when --use-agent has been given
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry>
<term>Compliance options</term>
<listitem><para>
These options control what GnuPG is compliant to. Only one of these
options may be active at a time. Note that the default setting of
this is nearly always the correct one. See the INTEROPERABILITY WITH
OTHER OPENPGP PROGRAMS section below before using one of these
options.
<variablelist>
<varlistentry>
<term>--gnupg</term>
<listitem><para>
Use standard GnuPG behavior. This is essentially OpenPGP behavior
(see --openpgp), but with some additional workarounds for common
compatibility problems in different versions of PGP. This is the
default option, so it is not generally needed, but it may be useful to
override a different compliance option in the gpg.conf file.
</para></listitem></varlistentry>
<varlistentry>
<term>--openpgp</term>
<listitem><para>
Reset all packet, cipher and digest options to strict OpenPGP
behavior. Use this option to reset all previous options like
--rfc1991, --force-v3-sigs, --s2k-*, --cipher-algo, --digest-algo and
--compress-algo to OpenPGP compliant values. All PGP workarounds are
disabled.
</para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--rfc1991</term> <term>--rfc1991</term>
<listitem><para> <listitem><para>
Try to be more RFC1991 (PGP 2.x) compliant. Try to be more RFC-1991 (PGP 2.x) compliant.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--pgp2</term> <term>--pgp2</term>
<term>--no-pgp2</term>
<listitem><para> <listitem><para>
Set up all options to be as PGP 2.x compliant as possible, and warn if Set up all options to be as PGP 2.x compliant as possible, and warn if
an action is taken (e.g. encrypting to a non-RSA key) that will create an action is taken (e.g. encrypting to a non-RSA key) that will create
@ -1793,16 +1832,15 @@ a message that PGP 2.x will not be able to handle. Note that `PGP
2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x 2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x
available, but the MIT release is a good common baseline. available, but the MIT release is a good common baseline.
</para><para> </para><para>
This option implies `--rfc1991 --no-openpgp --disable-mdc This option implies `--rfc1991 --disable-mdc --no-force-v4-certs
--no-force-v4-certs --no-comment --escape-from-lines --force-v3-sigs --no-sk-comment --escape-from-lines --force-v3-sigs
--no-ask-sig-expire --no-ask-cert-expire --cipher-algo IDEA --no-ask-sig-expire --no-ask-cert-expire --cipher-algo IDEA
--digest-algo MD5 --compress-algo 1'. It also disables --textmode --digest-algo MD5 --compress-algo 1'. It also disables --textmode
when encrypting. --no-pgp2 disables this option. when encrypting.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--pgp6</term> <term>--pgp6</term>
<term>--no-pgp6</term>
<listitem><para> <listitem><para>
Set up all options to be as PGP 6 compliant as possible. This Set up all options to be as PGP 6 compliant as possible. This
restricts you to the ciphers IDEA (if the IDEA plugin is installed), restricts you to the ciphers IDEA (if the IDEA plugin is installed),
@ -1811,42 +1849,30 @@ compression algorithms none and ZIP. This also disables
--throw-keyid, and making signatures with signing subkeys as PGP 6 --throw-keyid, and making signatures with signing subkeys as PGP 6
does not understand signatures made by signing subkeys. does not understand signatures made by signing subkeys.
</para><para> </para><para>
This option implies `--disable-mdc --no-comment --escape-from-lines This option implies `--disable-mdc --no-sk-comment --escape-from-lines
--force-v3-sigs --no-ask-sig-expire --compress-algo 1' --no-pgp6 --force-v3-sigs --no-ask-sig-expire'
disables this option.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--pgp7</term> <term>--pgp7</term>
<term>--no-pgp7</term>
<listitem><para> <listitem><para>
Set up all options to be as PGP 7 compliant as possible. This is Set up all options to be as PGP 7 compliant as possible. This is
identical to --pgp6 except that MDCs are not disabled, and the list of identical to --pgp6 except that MDCs are not disabled, and the list of
allowable ciphers is expanded to add AES128, AES192, AES256, and allowable ciphers is expanded to add AES128, AES192, AES256, and
TWOFISH. --no-pgp7 disables this option. TWOFISH.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--pgp8</term> <term>--pgp8</term>
<term>--no-pgp8</term>
<listitem><para> <listitem><para>
Set up all options to be as PGP 8 compliant as possible. PGP 8 is a Set up all options to be as PGP 8 compliant as possible. PGP 8 is a
lot closer to the OpenPGP standard than previous versions of PGP, so lot closer to the OpenPGP standard than previous versions of PGP, so
all this does is disable --throw-keyid and set --escape-from-lines and all this does is disable --throw-keyid and set --escape-from-lines.
--compress-algo 1. The allowed algorithms list is the same as --pgp7 The allowed algorithms list is the same as --pgp7 with the addition of
with the addition of the SHA-256 digest algorithm. --no-pgp8 disables the SHA-256 digest algorithm.
this option.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> </variablelist></para></listitem></varlistentry>
<term>--openpgp</term>
<listitem><para>
Reset all packet, cipher and digest options to OpenPGP behavior. Use
this option to reset all previous options like --rfc1991,
--force-v3-sigs, --s2k-*, --cipher-algo, --digest-algo and
--compress-algo to OpenPGP compliant values. All PGP workarounds and
--pgpX modes are also disabled.
</para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--force-v3-sigs</term> <term>--force-v3-sigs</term>