security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

[w32ce] Do not print the faulty timezone info 

Switch FAQ sources to org-mode
This commit is contained in:
Werner Koch 2010-10-04 21:08:34 +00:00
parent bfbd80feb9
commit adfa280d6f
7 changed files with 440 additions and 234 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,3 +1,7 @@
2010-10-04 Werner Koch <wk@g10code.com>
* configure.ac (GNUPG_CHECK_FAQPROG): Remove.
2010-08-19 Werner Koch <wk@g10code.com>
* configure.ac (AH_BOTTOM): Define GPG_ERR_ENABLE_ERRNO_MACROS.

4
common/ChangeLog
View File

@ -1,3 +1,7 @@
2010-10-04 Werner Koch <wk@g10code.com>
* gettime.c (asctimestamp) [W32CE]: Do not print the timezone.
2010-09-30 Werner Koch <wk@g10code.com>
* util.h (GPG_ERR_FULLY_CANCELED): Add replacement.

57
common/gettime.c
View File

@ -330,41 +330,46 @@ isotimestamp (u32 stamp)
* Note: this function returns local time
*/
const char *
asctimestamp( u32 stamp )
asctimestamp (u32 stamp)
{
static char buffer[50];
static char buffer[50];
#if defined (HAVE_STRFTIME) && defined (HAVE_NL_LANGINFO)
static char fmt[50];
static char fmt[50];
#endif
struct tm *tp;
time_t atime = stamp;
struct tm *tp;
time_t atime = stamp;
if (atime < 0) {
strcpy (buffer, "????" "-??" "-??");
return buffer;
if (atime < 0)
{
strcpy (buffer, "????" "-??" "-??");
return buffer;
}
tp = localtime( &atime );
tp = localtime( &atime );
#ifdef HAVE_STRFTIME
#if defined(HAVE_NL_LANGINFO)
mem2str( fmt, nl_langinfo(D_T_FMT), DIM(fmt)-3 );
if( strstr( fmt, "%Z" ) == NULL )
strcat( fmt, " %Z");
/* NOTE: gcc -Wformat-noliteral will complain here. I have
found no way to suppress this warning .*/
strftime (buffer, DIM(buffer)-1, fmt, tp);
# if defined(HAVE_NL_LANGINFO)
mem2str( fmt, nl_langinfo(D_T_FMT), DIM(fmt)-3 );
if (!strstr( fmt, "%Z" ))
strcat( fmt, " %Z");
/* NOTE: gcc -Wformat-noliteral will complain here. I have found no
way to suppress this warning. */
strftime (buffer, DIM(buffer)-1, fmt, tp);
# elif defined(HAVE_W32CE_SYSTEM)
/* tzset is not available but %Z nevertheless prints a default
nonsense timezone ("WILDABBR"). Thus we don't print the time
zone at all. */
strftime (buffer, DIM(buffer)-1, "%c", tp);
# else
/* FIXME: we should check whether the locale appends a " %Z" These
* locales from glibc don't put the " %Z": fi_FI hr_HR ja_JP lt_LT
* lv_LV POSIX ru_RU ru_SU sv_FI sv_SE zh_CN. */
strftime (buffer, DIM(buffer)-1, "%c %Z", tp);
# endif
buffer[DIM(buffer)-1] = 0;
#else
/* FIXME: we should check whether the locale appends a " %Z"
* These locales from glibc don't put the " %Z":
* fi_FI hr_HR ja_JP lt_LT lv_LV POSIX ru_RU ru_SU sv_FI sv_SE zh_CN
*/
strftime( buffer, DIM(buffer)-1, "%c %Z", tp );
mem2str( buffer, asctime(tp), DIM(buffer) );
#endif
buffer[DIM(buffer)-1] = 0;
#else
mem2str( buffer, asctime(tp), DIM(buffer) );
#endif
return buffer;
return buffer;
}

1
configure.ac
View File

@ -518,7 +518,6 @@ AC_CHECK_TOOL(WINDRES, windres, :)
AC_ISC_POSIX
gl_EARLY
AC_SYS_LARGEFILE
GNUPG_CHECK_FAQPROG
GNUPG_CHECK_USTAR
# We need to compile and run a program on the build machine. A

7
doc/ChangeLog
View File

@ -1,3 +1,10 @@
2010-10-04 Werner Koch <wk@g10code.com>
* faq.org: New.
* FAQ: Make it a static file with a pointer to the online location.
* Makefile.am (EXTRA_DIST): Remove faq.raw and faq.html.
(FAQ, faq.html): Remove these targets
2010-09-28 Werner Koch <wk@g10code.com>
* Makefile.am (AM_MAKEINFOFLAGS): Add define gpgtwoone.

27
doc/Makefile.am
View File

@ -32,12 +32,12 @@ EXTRA_DIST = samplekeys.asc \
gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png \
gnupg-card-architecture.eps gnupg-card-architecture.png \
gnupg-card-architecture.pdf \
faq.raw FAQ faq.html gnupg7.texi \
FAQ gnupg7.texi \
opt-homedir.texi see-also-note.texi specify-user-id.texi \
gpgv.texi texi.css yat2m.c
BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \
gnupg-card-architecture.pdf FAQ faq.html
gnupg-card-architecture.pdf
info_TEXINFOS = gnupg.texi
@ -46,7 +46,7 @@ dist_pkgdata_DATA = qualified.txt com-certs.pem $(helpfiles)
nobase_dist_doc_DATA = FAQ DETAILS HACKING TRANSLATE OpenPGP KEYSERVER \
$(examples)
dist_html_DATA = faq.html
#dist_html_DATA =
gnupg_TEXINFOS = \
@ -75,7 +75,7 @@ man_MANS = $(myman_pages) gnupg.7
watchgnupg_SOURCE = gnupg.texi
CLEANFILES = faq.raw.xref yat2m
CLEANFILES = yat2m
DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
$(myman_pages) gnupg.7
@ -97,25 +97,6 @@ yat2m: yat2m.c
fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@
FAQ : faq.raw
if WORKING_FAQPROG
$(FAQPROG) -f $< $@ || $(FAQPROG) -f $< $@
else
: Warning: missing faqprog.pl, cannot make $@
echo "No $@ due to missing faqprog.pl" > $@
echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@
endif
faq.html : faq.raw
if WORKING_FAQPROG
$(FAQPROG) -h -f $< $@ 2>&1 || $(FAQPROG) -h -f $< $@
else
: Warning: missing faqprog.pl, cannot make $@
echo "No $@ due to missing faqprog.pl" > $@
echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@
endif
yat2m-stamp: $(myman_sources)
@rm -f yat2m-stamp.tmp
@touch yat2m-stamp.tmp

574
doc/faq.raw → doc/faq.org
View File

@ -1,76 +1,47 @@
[$htmltitle=GnuPG FAQ]
[$htmlcharset=<meta http-equiv="content-type" content="text/html; charset=utf-8">]
[$sfaqheader=The GnuPG FAQ says:]
[$sfaqfooter=
The most recent version of the FAQ is available from
<http://www.gnupg.org/>
]
[$usenetheader=
]
[$maintainer=David D. Scribner, <faq 'at' gnupg.org>]
[$hGPGHTTP=http://www.gnupg.org]
[$hGPGFTP=ftp://ftp.gnupg.org]
[$hVERSION=1.2.2]
#+STARTUP: overview
#+OPTIONS: H:2 num:t toc:t \n:nil @:t ::t |:t ^:t *:t TeX:t
#+EMAIL: wk@gnupg.org
#+AUTHOR: GnuPG users
#+LANGUAGE: en
#+TITLE: GnuPG Frequently Asked Questions
#+OPTIONS: H:3 num:nil toc:t \n:nil @:t ::t |:t ^:{} -:t f:t *:t TeX:t LaTeX:t skip:nil d:(HIDE) tags:not-in-toc
#+LINK: gnupgweb http://www.gnupg.org/
#+LINK gnupgftp ftp://ftp.gnupg.org/gcrypt/
#+LINK: roundup https://bugs.g10code.com/gnupg/issue
#+STYLE: <link rel="stylesheet" type="text/css" href="http://www.gnupg.org/share/site.css" />
[H body bgcolor=#ffffff text=#000000 link=#1f00ff alink=#ff0000 vlink=#9900dd]
[H h1]GnuPG Frequently Asked Questions[H /h1]
# FIXME: This FAQ needs a heavy cleanup. For now I only switched to
# org-mode format for easier maintenance.
#+begin_html
<a href="/"><img src="http://gnupg.org/share/logo-gnupg-light-purple-bg.png" class="logo-link" /></a>
#+end_html
[H p]
Version: 1.6.3[H br]
Last-Modified: Jul 30, 2003[H br]
Maintained-by: [$maintainer]
[H /p]
* Welcome
:PROPERTIES:
:CUSTOM_ID: welcome
:END:
Welcome to the GnuPG FAQ. The latest HTML version is available
[[gnupgweb:faq.html][here]].
This is the GnuPG FAQ. The latest HTML version is available
[H a href=[$hGPGHTTP]/documentation/faqs.html]here[H/a].
The index is generated automatically, so there may be errors. Not
all questions may be in the section they belong to. Suggestions
about how to improve the structure of this FAQ are welcome.
The index is generated automatically, so there may be errors. Not all
questions may be in the section they belong to. Suggestions about how
to improve the structure of this FAQ are welcome.
Please send additions and corrections to the gnupg users mailing
list. It would be most convenient if you could provide the answer to
be included here as well. Your help is very much appreciated!
Please send additions and corrections to the maintainer. It would be
most convenient if you could provide the answer to be included here
as well. Your help is very much appreciated!
Please, don't send message like "This should be a FAQ - what's the
answer?". If it hasn't been asked before, it isn't a FAQ. In that case
you could search in the mailing list archive.
Please, don't send message like "This should be a FAQ - what's the
answer?". If it hasn't been asked before, it isn't a FAQ. In that case
you could search in the mailing list archive.
[H hr]
<C>
[H hr]
<S> GENERAL
<Q> What is GnuPG?
[H a href=[$hGPGHTTP]]GnuPG[H /a] stands for GNU Privacy Guard and
is GNU's tool for secure communication and data storage. It can be
used to encrypt data and to create digital signatures. It includes
an advanced key management facility and is compliant with the
proposed OpenPGP Internet standard as described in [H a href=http://www.rfc-editor.org/]RFC 2440[H/a].
As such, it is aimed to be compatible with PGP from PGP Corp. and
other OpenPGP tools
<Q> Is GnuPG compatible with PGP?
In general, yes. GnuPG and newer PGP releases should be implementing
the OpenPGP standard. But there are some interoperability problems.
See question <Rcompat> for details.
<Q> Is GnuPG free to use for personal or commercial use?
Yes. GnuPG is part of the GNU family of tools and applications built
and provided in accordance with the Free Software Foundation (FSF)
General Public License (GPL). Therefore the software is free to copy,
use, modify and distribute in accordance with that license. Please
read the file titled COPYING that accompanies the application for
more information.
<Q> What conventions are used in this FAQ?
** What conventions are used in this FAQ?
:PROPERTIES:
:CUSTOM_ID: what-conventions-are-used-in-this-faq
:END:
Although GnuPG is being developed for several operating systems
(often in parallel), the conventions used in this FAQ reflect a
@ -78,7 +49,7 @@ you could search in the mailing list archive.
prompt (`$') should be interpreted as a command prompt (`>'),
directory names separated by a forward slash (`/') may need to be
converted to a back slash (`\'), and a tilde (`~') represents a
user's "home" directory (reference question <Rhomedir> for an example).
user's "home" directory (reference question [[id:how-do-i-put-my-keyring-in-a-different-directory][How do I put my keyring in a different directory?]] for an example).
Some command-lines presented in this FAQ are too long to properly
display in some browsers for the web page version of this file, and
@ -96,10 +67,48 @@ you could search in the mailing list archive.
file may be interchangable with the newer gpg.conf file in many
instances. See question <Roptions> for details.
* General Questions
<S> SOURCES of INFORMATION
** What is GnuPG?
:PROPERTIES:
:CUSTOM_ID: what-is-gnupg
:END:
<Q> Where can I find more information on GnuPG?
[[gnupgweb][GnuPG]] stands for GNU Privacy Guard and is GNU's tool for secure
communication and data storage. It can be used to encrypt data and
to create digital signatures. It includes an advanced key
management facility and is compliant with the proposed OpenPGP
Internet standard as described in [[http://www.rfc-editor.org/rfc/rfc4880.txt][RFC-4880]]. As such, it is aimed
to be compatible with PGP from PGP Corp. and other OpenPGP tools
** Is GnuPG compatible with PGP?
:PROPERTIES:
:CUSTOM_ID: is-gnupg-compatible-with-pgp
:END:
In general, yes. GnuPG and newer PGP releases should be implementing
the OpenPGP standard. But there are some interoperability problems.
See question <Rcompat> for details.
** Is GnuPG free to use for personal or commercial use?
:PROPERTIES:
:CUSTOM_ID: is-gnupg-free-to-use
:END:
Yes. GnuPG is part of the GNU family of tools and applications built
and provided in accordance with the Free Software Foundation (FSF)
General Public License (GPL). Therefore the software is free to copy,
use, modify and distribute in accordance with that license. Please
read the file titled COPYING that accompanies the application for
more information.
* Sources of Information
** Where can I find more information on GnuPG?
:PROPERTIES:
:CUSTOM_ID: more-information-on-gnupg
:END:
On-line resources:
@ -135,23 +144,24 @@ you could search in the mailing list archive.
for hackers, not the casual user).
[H /ul]
<Q> Where do I get GnuPG?
** Where do I get GnuPG?
:PROPERTIES:
:CUSTOM_ID: where-do-i-get-gnupg
:END:
You can download the GNU Privacy Guard from its primary FTP server
[H a href=[$hGPGFTP]/gcrypt/]<[$hGPGFTP]/gcrypt/>[H /a] or from one of the mirrors:
[[gnupgftp:gnupg/][ftp.gnupg.org]] or from one of its [[gnupgweb:download/mirrors.html][mirrors]].
[H a href=[$hGPGHTTP]/download/mirrors.html]
<[$hGPGHTTP]/download/mirrors.html>
[H /a]
The current stable version is FIXME. Please upgrade to this
version as it includes additional features, functions and security
fixes that may not have existed in prior versions.
The current stable version is [$hVERSION]. Please upgrade to this version as
it includes additional features, functions and security fixes that may
not have existed in prior versions.
* Installation
<S> INSTALLATION
<Q> Which OSes does GnuPG run on?
** Which OSes does GnuPG run on?
:PROPERTIES:
:CUSTOM_ID: which-oses-does-gnupg-run-on
:END:
It should run on most Unices as well as Windows versions (including
Windows NT/2000) and Macintosh OS/X. A list of OSes reported to be OK
@ -161,7 +171,10 @@ you could search in the mailing list archive.
<[$hGPGHTTP]/download/supported_systems.html>
[H /a]
<Q> Which random data gatherer should I use?
** Which random data gatherer should I use?
:PROPERTIES:
:CUSTOM_ID: which-random-data-gatherer-should-i-use
:END:
"Good" random numbers are crucial for the security of your encryption.
Different operating systems provide a variety of more or less quality
@ -194,7 +207,10 @@ you could search in the mailing list archive.
random quality isn't very good so don't use it on sensitive data.
<Didea>
<Q> How do I include support for RSA and IDEA?
** How do I include support for RSA and IDEA?
:PROPERTIES:
:CUSTOM_ID: how-do-i-include-support-for-rsa-and-idea
:END:
RSA is included as of GnuPG version 1.0.3.
@ -225,9 +241,12 @@ you could search in the mailing list archive.
[H /samp]
<S> USAGE
* Usage
<Q> What is the recommended key size?
** What is the recommended key size?
:PROPERTIES:
:CUSTOM_ID: what-is-the-recommended-key-size
:END:
1024 bit for DSA signatures; even for plain Elgamal signatures.
This is sufficient as the size of the hash is probably the weakest
@ -248,7 +267,10 @@ you could search in the mailing list archive.
versions. It has only been introduced because at the time it was
not clear whether there was a patent on DSA.
<Q> Why does it sometimes take so long to create keys?
** Why does it sometimes take so long to create keys?
:PROPERTIES:
:CUSTOM_ID: why-does-it-sometimes-take-so-long-to-create-keys
:END:
The problem here is that we need a lot of random bytes and for that
we (on Linux the /dev/random device) must collect some random data.
@ -263,7 +285,10 @@ you could search in the mailing list archive.
Another problem might be another program which eats up your random
bytes (a program (look at your daemons) that reads from /dev/random).
<Q> And it really takes long when I work on a remote system. Why?
** And it really takes long when I work on a remote system. Why?
:PROPERTIES:
:CUSTOM_ID: it-really-takes-long-when-i-work-on-a-remote-system
:END:
Don't do this at all! You should never create keys or even use GnuPG
on a remote system because you normally have no physical control
@ -280,7 +305,10 @@ you could search in the mailing list archive.
the keys, so I use a special option, --quick-random, to generate
insecure keys which are only good for some tests.
<Q> What is the difference between options and commands?
** What is the difference between options and commands?
:PROPERTIES:
:CUSTOM_ID: difference-between-options-and-commands
:END:
If you do a 'gpg --help', you will get two separate lists. The first
is a list of commands. The second is a list of options. Whenever you
@ -349,8 +377,10 @@ you could search in the mailing list archive.
$ gpg [--options] --sign --encrypt foo.txt
[H /samp]
<Q> I can't delete a user ID on my secret keyring because it has
already been deleted on my public keyring. What can I do?
** I can't delete a user ID on my secret keyring because it has already been deleted on my public keyring. What can I do?
:PROPERTIES:
:CUSTOM_ID: delete-user-id-from-secring-if-already-deleted-from-pubring
:END:
Because you can only select from the public key ring, there is no
direct way to do this. However it is not very complicated to do
@ -359,8 +389,10 @@ you could search in the mailing list archive.
ring. Now select this user ID and delete it. Both user IDs will be
removed from the secret ring.
<Q> I can't delete my secret key because the public key disappeared.
What can I do?
** I can't delete my secret key because the public key disappeared. What can I do?
:PROPERTIES:
:CUSTOM_ID: delete-my-secret-key-because-the-public-key-disappeared
:END:
To select a key a search is always done on the public keyring,
therefore it is not possible to select a secret key without
@ -375,7 +407,12 @@ you could search in the mailing list archive.
for continued use with your secret key, you may be able to use
gpgsplit as detailed in question <Rgpgsplit>.
<Q> What are trust, validity and ownertrust?
** What are trust, validity and ownertrust?
:PROPERTIES:
:CUSTOM_ID: what-are-trust-validity-and-ownertrust
:END:
With GnuPG, the term "ownertrust" is used instead of "trust" to
help clarify that this is the value you have assigned to a key
@ -387,7 +424,10 @@ you could search in the mailing list archive.
on trust values see the chapter "The Web of Trust" in The GNU
Privacy Handbook.
<Q> How do I sign a patch file?
** How do I sign a patch file?
:PROPERTIES:
:CUSTOM_ID: how-do-i-sign-a-patch-file
:END:
Use "gpg --clearsign --not-dash-escaped ...". The problem with
--clearsign is that all lines starting with a dash are quoted with
@ -400,19 +440,27 @@ you could search in the mailing list archive.
mailer may not preserve these. If you want to mail a file you can
simply sign it using your MUA (Mail User Agent).
<Q> Where is the "encrypt-to-self" option?
** Where is the "encrypt-to-self" option?
:PROPERTIES:
:CUSTOM_ID: where-is-the-encrypt-to-self-option
:END:
Use "--encrypt-to your_keyID". You can use more than one of these
options. To temporarily override the use of this additional key,
you can use the option "--no-encrypt-to".
<Q> How can I get rid of the Version and Comment headers in armored
messages?
** How can I get rid of the Version and Comment headers in armored messages?
:PROPERTIES:
:CUSTOM_ID: get-rid-of-the-version-and-comment-headers-in-armored-messages
:END:
Use "--no-version --comment ''". Note that the left over blank line
is required by the protocol.
<Q> What does the "You are using the xxxx character set." mean?
** What does the "You are using the xxxx character set." mean?
:PROPERTIES:
:CUSTOM_ID: what-does-the-you-are-using-the-xxx-character-set-mean
:END:
This note is printed when UTF-8 mapping has to be done. Make sure
that the displayed character set is the one you have activated on
@ -421,16 +469,21 @@ you could search in the mailing list archive.
"--charset". It is important that your active character set matches
the one displayed - if not, restrict yourself to plain 7 bit ASCII
and no mapping has to be done.
<Q> How can I get list of key IDs used to encrypt a message?
** How can I get list of key IDs used to encrypt a message?
:PROPERTIES:
:CUSTOM_ID: how-can-i-get-list-of-key-ids-used-to-encrypt-a-message
:END:
[H samp]
$ gpg --batch --decrypt --list-only --status-fd 1 2>/dev/null |
awk '/^\[GNUPG:\] ENC_TO / { print $3 }'
[H /samp]
<Q> Why can't I decrypt files encrypted as symmetrical-only (-c) with
a version of GnuPG prior to 1.0.1.
** Why can't I decrypt files encrypted as symmetrical-only (-c) with a version of GnuPG prior to 1.0.1.
:PROPERTIES:
:CUSTOM_ID: why-cant-i-decrypt-symmetrical-only-with-gnupg-prior-to-1.0.1
:END:
There was a bug in GnuPG versions prior to 1.0.1 which affected files
only if 3DES or Twofish was used for symmetric-only encryption (this has
@ -442,7 +495,10 @@ you could search in the mailing list archive.
updates, so you will need to use a version between 1.0.1 and 1.0.7 to
re-encrypt any affected files.
<Q> How can I use GnuPG in an automated environment?
** How can I use GnuPG in an automated environment?
:PROPERTIES:
:CUSTOM_ID: how-can-i-use-gnupg-in-an-automated-environment
:END:
You should use the option --batch and don't use passphrases as
there is usually no way to store it more securely than on the
@ -476,7 +532,10 @@ you could search in the mailing list archive.
install new subkeys.
[H /ol]
<Q> Which email-client can I use with GnuPG?
** Which email-client can I use with GnuPG?
:PROPERTIES:
:CUSTOM_ID: which-email-client-can-i-use-with-gnupg
:END:
Using GnuPG to encrypt email is one of the most popular uses.
Several mail clients or mail user agents (MUAs) support GnuPG to
@ -551,7 +610,10 @@ you could search in the mailing list archive.
email-relaying server that uses GnuPG to enable many email clients
to send and receive emails that conform to PGP-MIME (RFC 2015).
<Q> Can't we have a gpg library?
** Can't we have a gpg library?
:PROPERTIES:
:CUSTOM_ID: cant-we-have-a-gpg-library
:END:
This has been frequently requested. However, the current viewpoint
of the GnuPG maintainers is that this would lead to several security
@ -559,8 +621,10 @@ you could search in the mailing list archive.
future. However, for some areas of application gpgme could do the
trick. You'll find it at [H a href=[$hGPGFTP]/gcrypt/alpha/gpgme]<[$hGPGFTP]/gcrypt/alpha/gpgme>[H /a].
<Q> I have successfully generated a revocation certificate, but I don't
understand how to send it to the key servers.
** I have successfully generated a revocation certificate, but I don't understand how to send it to the key servers.
:PROPERTIES:
:CUSTOM_ID: how-to-send-a-revocation-to-the-keyservers
:END:
Most keyservers don't accept a 'bare' revocation certificate. You
have to import the certificate into gpg first:
@ -577,8 +641,10 @@ you could search in the mailing list archive.
(or use a keyserver web interface for this).
<Dhomedir>
<Q> How do I put my keyring in a different directory?
** How do I put my keyring in a different directory?
:PROPERTIES:
:CUSTOM_ID: how-do-i-put-my-keyring-in-a-different-directory
:END:
GnuPG keeps several files in a special homedir directory. These
include the options file, pubring.gpg, secring.gpg, trustdb.gpg,
@ -598,7 +664,10 @@ you could search in the mailing list archive.
on a floppy disk. Don't use "--keyring" as its purpose is to specify
additional keyring files.
<Q> How do I verify signed packages?
** How do I verify signed packages?
:PROPERTIES:
:CUSTOM_ID: how-do-i-verify-signed-packages
:END:
Before you can verify the signature that accompanies a package,
you must first have the vendor, organisation, or issueing person's
@ -628,7 +697,10 @@ you could search in the mailing list archive.
$ gpg --verify foobar.tar.gz.sig
[H /samp]
<Q> How do I export a keyring with only selected signatures (keys)?
** How do I export a keyring with only selected signatures (keys)?
:PROPERTIES:
:CUSTOM_ID: how-do-i-export-a-keyring-with-only-selected-signatures
:END:
If you're wanting to create a keyring with only a subset of keys
selected from a master keyring (for a club, user group, or company
@ -639,7 +711,10 @@ you could search in the mailing list archive.
[H /samp]
<Dgpgsplit>
<Q> I still have my secret key, but lost my public key. What can I do?
** I still have my secret key, but lost my public key. What can I do?
:PROPERTIES:
:CUSTOM_ID: i-still-have-my-secret-key-but-lost-my-public-key
:END:
All OpenPGP secret keys have a copy of the public key inside them,
and in a worst-case scenario, you can create yourself a new public
@ -657,8 +732,10 @@ you could search in the mailing list archive.
one. Using the entire secret keyring should work too. After this has
been done, the publickey.gpg file can be imported into GnuPG as usual.
<Q> Clearsigned messages sent from my web-mail account have an invalid
signature. Why?
** Clearsigned messages sent from my web-mail account have an invalid signature. Why?
:PROPERTIES:
:CUSTOM_ID: clearsig-sent-from-webmail-have-an-invalid-signature
:END:
Check to make sure the settings for your web-based email account
do not use HTML formatting for the pasted clearsigned message. This can
@ -669,10 +746,13 @@ you could search in the mailing list archive.
if plaintext messages are not an option.
<S> COMPATIBILITY ISSUES
* Compatibility Issues
<Dcompat>
<Q> How can I encrypt a message with GnuPG so that PGP is able to decrypt it?
** How can I encrypt a message with GnuPG so that PGP is able to decrypt it?
:PROPERTIES:
:CUSTOM_ID: how-can-i-encrypt-a-message-so-that-pgp-is-able-to-decrypt-it
:END:
It depends on the PGP version.
@ -711,7 +791,10 @@ you could search in the mailing list archive.
This applies to conventional encryption as well.
[H /UL]
<Q> How do I migrate from PGP 2.x to GnuPG?
** How do I migrate from PGP 2.x to GnuPG?
:PROPERTIES:
:CUSTOM_ID: how-do-i-migrate-from-pgp2-to-gnupg
:END:
PGP 2 uses the RSA and IDEA encryption algorithms. Whereas the RSA
patent has expired and RSA is included as of GnuPG 1.0.3, the IDEA
@ -720,11 +803,10 @@ you could search in the mailing list archive.
<Ridea> about how to add IDEA support to GnuPG and read
[H a href=[$hGPGHTTP]/gph/en/pgp2x.html]<[$hGPGHTTP]/gph/en/pgp2x.html>[H /a] to perform the migration.
<Q> (removed)
(empty)
<Q> Why is PGP 5.x not able to encrypt messages with some keys?
** Why is PGP 5.x not able to encrypt messages with some keys?
:PROPERTIES:
:CUSTOM_ID: why-is-pgp5-not-able-to-encrypt-messages-with-some-keys
:END:
PGP, Inc. refuses to accept Elgamal keys of type 20 even for
encryption. They only support type 16 (which is identical at least
@ -734,14 +816,20 @@ you could search in the mailing list archive.
16 Elgamal key to your public key, which is easy as your key
signatures are still valid.
<Q> Why is PGP 5.x not able to verify my messages?
** Why is PGP 5.x not able to verify my messages?
:PROPERTIES:
:CUSTOM_ID: why-is-pgp5-not-able-to-verify-my-messages
:END:
PGP 5.x does not accept v4 signatures for data material but OpenPGP
requests generation of v4 signatures for all kind of data, that's why
GnuPG defaults to them. Use the option "--force-v3-sigs" to generate
v3 signatures for data.
<Q> How do I transfer owner trust values from PGP to GnuPG?
** How do I transfer owner trust values from PGP to GnuPG?
:PROPERTIES:
:CUSTOM_ID: how-do-i-transfer-owner-trust-values-from-pgp-to-gnupg
:END:
There is a script in the tools directory to help you. After you have
imported the PGP keyring you can give this command:
@ -753,7 +841,10 @@ you could search in the mailing list archive.
where pgpkeyring is the original keyring and not the GnuPG keyring
you might have created in the first step.
<Q> PGP does not like my secret key.
** PGP does not like my secret key.
:PROPERTIES:
:CUSTOM_ID: pgp-does-not-like-my-secret-key
:END:
Older PGPs probably bail out on some private comment packets used by
GnuPG. These packets are fully in compliance with OpenPGP; however
@ -788,7 +879,10 @@ you could search in the mailing list archive.
[H /samp]
<Doptions>
<Q> GnuPG no longer installs a ~/.gnupg/options file. Is it missing?
** GnuPG no longer installs a ~/.gnupg/options file. Is it missing?
:PROPERTIES:
:CUSTOM_ID: gnupg-no-longer-installs-a-options-file-is-it-missing
:END:
No. The ~/.gnupg/options file has been renamed to ~/.gnupg/gpg.conf for
new installs as of version 1.1.92. If an existing ~/.gnupg/options file
@ -798,7 +892,10 @@ you could search in the mailing list archive.
or receiving the message that the "old default options file" is ignored
(occurs if both a gpg.conf and an options file are found).
<Q> How do you export GnuPG keys for use with PGP?
** How do you export GnuPG keys for use with PGP?
:PROPERTIES:
:CUSTOM_ID: how-do-you-export-gnupg-keys-for-use-with-pgp
:END:
This has come up fairly often, so here's the HOWTO:
@ -864,9 +961,12 @@ you could search in the mailing list archive.
Thanks to David Shaw for this information!
<S> PROBLEMS and ERROR MESSAGES
* Problems and Error Messages
<Q> Why do I get "gpg: Warning: using insecure memory!"
** Why do I get "gpg: Warning: using insecure memory!"
:PROPERTIES:
:CUSTOM_ID: why-do-i-get-gpg_warning_using_insecure_memory
:END:
On many systems this program should be installed as setuid(root).
This is necessary to lock memory pages. Locking memory pages prevents
@ -919,7 +1019,10 @@ you could search in the mailing list archive.
was thought to be too serious an issue. However, it confused users
too much, so the warning was eventually removed.
<Q> Large File Support doesn't work ...
** Large File Support doesn't work
:PROPERTIES:
:CUSTOM_ID: large-file-support-does-not-work
:END:
LFS works correctly in post-1.0.4 versions. If configure doesn't
detect it, try a different (i.e., better) compiler. egcs 1.1.2 works
@ -927,34 +1030,50 @@ you could search in the mailing list archive.
of GnuPG 1.0.3 and 1.0.4 on HP-UX and Solaris were due to broken LFS
support.
<Q> In the edit menu the trust values are not displayed correctly after
signing uids. Why?
** In the edit menu the trust values are not displayed correctly after signing uids. Why?
:PROPERTIES:
:CUSTOM_ID: edit-menu-trust-not-show-correctly-after-signing-uids
:END:
This happens because some information is stored immediately in
the trustdb, but the actual trust calculation can be done after the
save command. This is a "not easy to fix" design bug which will be
addressed in some future release.
<Q> What does "skipping pubkey 1: already loaded" mean?
** What does "skipping pubkey 1: already loaded" mean?
:PROPERTIES:
:CUSTOM_ID: what-does-skipping_pubkey_1_already_loaded-mean
:END:
As of GnuPG 1.0.3, the RSA algorithm is included. If you still have
a "load-extension rsa" in your options file, the above message
occurs. Just remove the load command from the options file.
<Q> GnuPG 1.0.4 doesn't create ~/.gnupg ...
** GnuPG 1.0.4 doesn't create ~/.gnupg ...
:PROPERTIES:
:CUSTOM_ID: gnupg-1.0.4-does-not-create-.gnupg
:END:
That's a known bug, already fixed in newer versions.
<Q> An Elgamal signature does not verify anymore since version 1.0.2 ...
** An Elgamal signature does not verify anymore since version 1.0.2
:PROPERTIES:
:CUSTOM_ID: an-elgamal-signature-does-not-verify-anymore-since-version-1.0.2
:END:
Use the option --emulate-md-encode-bug.
<Q> Old versions of GnuPG can't verify Elgamal signatures
** Old versions of GnuPG can't verify Elgamal signatures
:PROPERTIES:
:CUSTOM_ID: old-versions-of-gnupg-cant-verify-elgamal-signatures
:END:
Update to GnuPG 1.0.2 or newer.
<Q> When I use --clearsign, the plain text has sometimes extra dashes
in it - why?
** When I use --clearsign, the plain text has sometimes extra dashes in it - why?
:PROPERTIES:
:CUSTOM_ID: extra-dashes-in-clearsign-messages
:END:
This is called dash-escaped text and is required by OpenPGP.
It always happens when a line starts with a dash ("-") and is
@ -966,7 +1085,10 @@ you could search in the mailing list archive.
are removed. Good mail clients remove those extra dashes when
displaying such a message.
<Q> What is the thing with "can't handle multiple signatures"?
** What is the thing with "can't handle multiple signatures"?
:PROPERTIES:
:CUSTOM_ID: what-is-the-thing-with-cant_handle_multiple_signatures
:END:
Due to different message formats GnuPG is not always able to split
a file with multiple signatures unambiguously into its parts. This
@ -976,19 +1098,27 @@ you could search in the mailing list archive.
OpenPGP format with one-pass-signature packets (which is GnuPG's
default) or the cleartext signed format.
<Q> If I submit a key to a keyserver, nothing happens ...
** If I submit a key to a keyserver, nothing happens
:PROPERTIES:
:CUSTOM_ID: if-i-submit-a-key-to-a-keyserver-nothing-happens
:END:
You are most likely using GnuPG 1.0.2 or older on Windows. That's
feature isn't yet implemented, but it's a bug not to say it. Newer
versions issue a warning. Upgrade to 1.4.5 or newer.
<Q> I get "gpg: waiting for lock ..."
** I get "gpg: waiting for lock ..."
:PROPERTIES:
:CUSTOM_ID: i-get-gpg_waiting_for_lock
:END:
A previous instance of gpg has most likely exited abnormally and left
a lock file. Go to ~/.gnupg and look for .*.lock files and remove them.
<Q> Older gpg binaries (e.g., 1.0) have problems with keys from newer
gpg binaries ...
** Older gpg binaries (e.g., 1.0) have problems with keys from newer gpg binaries
:PROPERTIES:
:CUSTOM_ID: gpg-1.0-has-problems-with-keys-from-newer-gpg-versions
:END:
As of 1.0.3, keys generated with gpg are created with preferences to
TWOFISH (and AES since 1.0.4) and that also means that they have the
@ -1007,14 +1137,20 @@ you could search in the mailing list archive.
into your options file.
<Q> With 1.0.4, I get "this cipher algorithm is deprecated ..."
** With 1.0.4, I get "this cipher algorithm is deprecated ..."
:PROPERTIES:
:CUSTOM_ID: with-1.0.4-i-get-this_cipher_algorithm_is_deprecated
:END:
If you just generated a new key and get this message while
encrypting, you've witnessed a bug in 1.0.4. It uses the new AES
cipher Rijndael that is incorrectly being referred as "deprecated".
Ignore this warning, more recent versions of gpg are corrected.
<Q> Some dates are displayed as ????-??-??. Why?
** Some dates are displayed as ????-??-??. Why?
:PROPERTIES:
:CUSTOM_ID: some-dates-are-displayed-as-question-marks
:END:
Due to constraints in most libc implementations, dates beyond
2038-01-19 can't be displayed correctly. 64-bit OSes are not
@ -1022,21 +1158,30 @@ you could search in the mailing list archive.
instead prints some question marks. To see the correct value, you
can use the options --with-colons and --fixed-list-mode.
<Q> I still have a problem. How do I report a bug?
** I still have a problem. How do I report a bug?
:PROPERTIES:
:CUSTOM_ID: i-still-have-a-problem-how-do-i-report-a-bug
:END:
Are you sure that it's not been mentioned somewhere on the mailing
lists? Did you have a look at the bug list (you'll find a link to
the list of reported bugs on the documentation page). If you're not
sure about it being a bug, you can send mail to the gnupg-devel
list. Otherwise, use the bug tracking system
[H a href=http://bugs.gnupg.org]<http://bugs.gnupg.org>[H /a].
the list of reported bugs on the documentation page). If you're
not sure about it being a bug, you can send mail to the
gnupg-devel list. Otherwise, use the bug tracking system
[[http://busg.gnupg.org][bugs.gnupg.org]].
<Q> Why doesn't GnuPG support X.509 certificates?
** Why doesn't GnuPG support X.509 certificates?
:PROPERTIES:
:CUSTOM_ID: why-doesnt-gnupg-support-x509-certificates
:END:
That is only the case for GnuPG version 1.x. GnuPG 2.x fully
supports X.509 and S/MIME using the gpgsm tool.
<Q> Why do national characters in my user ID look funny?
** Why do national characters in my user ID look funny?
:PROPERTIES:
:CUSTOM_ID: why-do-national-characters-in-my-user-id-look-funny
:END:
According to OpenPGP, GnuPG encodes user ID strings (and other
things) using UTF-8. In this encoding of Unicode, most national
@ -1045,7 +1190,10 @@ you could search in the mailing list archive.
0xA5). This might also be the reason why keyservers can't find
your key.
<Q> I get 'sed' errors when running ./configure on Mac OS X ...
** I get 'sed' errors when running ./configure on Mac OS X ...
:PROPERTIES:
:CUSTOM_ID: i-get-sed-errors-when-running-configure-on-mac-os-x
:END:
This will be fixed after GnuPG has been upgraded to autoconf-2.50.
Until then, find the line setting CDPATH in the configure script
@ -1057,23 +1205,29 @@ you could search in the mailing list archive.
statement below it.
<Q> Why does GnuPG 1.0.6 bail out on keyrings used with 1.0.7?
** Why does GnuPG 1.0.6 bail out on keyrings used with 1.0.7?
:PROPERTIES:
:CUSTOM_ID: why-does-gnupg-1.0.6-bail-out-on-keyrings-used-with-1.0.7
:END:
There is a small bug in 1.0.6 which didn't parse trust packets
correctly. You may want to apply this patch if you can't upgrade:
[[http://www.gnupg.org/developer/gpg-woody-fix.txt]].
[H a href=http://www.gnupg.org/developer/gpg-woody-fix.txt]<http://www.gnupg.org/developer/gpg-woody-fix.txt>[H /a]
<Q> I upgraded to GnuPG version 1.0.7 and now it takes longer to load my
keyrings. What can I do?
** I upgraded to GnuPG version 1.0.7 and now it takes longer to load my keyrings. What can I do?
:PROPERTIES:
:CUSTOM_ID: with-gpg-1.0.7-it-takes-longer-to-load-my-keyrings
:END:
The way signature states are stored has changed so that v3 signatures
can be supported. You can use the new --rebuild-keydb-caches migration
command, which was built into this release and increases the speed of
many operations for existing keyrings.
<Q> Doesn't a fully trusted user ID on a key prevent warning messages
when encrypting to other IDs on the key?
** Doesn't a fully trusted user ID on a key prevent warning messages when encrypting to other IDs on the key?
:PROPERTIES:
:CUSTOM_ID: key-validation-bug-in-gpg-1.2.1
:END:
No. That was actually a key validity bug in GnuPG 1.2.1 and earlier
versions. As part of the development of GnuPG 1.2.2, a bug was
@ -1084,10 +1238,12 @@ you could search in the mailing list archive.
More information and a patch for a some pre-1.2.2 versions of GnuPG
can be found at:
[H a href=http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html]<http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html>[H /a]
[[http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html]].
<Q> I just compiled GnuPG from source on my GNU/Linux RPM-based system
and it's not working. Why?
** I just compiled GnuPG from source on my GNU/Linux RPM-based system and it's not working. Why?
:PROPERTIES:
:CUSTOM_ID: compiled-on-gnu-linux-rpm-based-system-and-not-working
:END:
Many GNU/Linux distributions that are RPM-based will install a
version of GnuPG as part of its standard installation, placing the
@ -1113,9 +1269,12 @@ you could search in the mailing list archive.
located in /usr/local/bin.
<S> ADVANCED TOPICS
* Advanced Topics
<Q> How does this whole thing work?
** How does this whole thing work?
:PROPERTIES:
:CUSTOM_ID: how-does-this-whole-thing-work
:END:
To generate a secret/public keypair, run:
@ -1190,7 +1349,10 @@ you could search in the mailing list archive.
system; to avoid this you should always sign and encrypt a message
instead of only encrypting it.
<Q> Why are some signatures with an ELG-E key valid?
** Why are some signatures with an ELG-E key valid?
:PROPERTIES:
:CUSTOM_ID: why-are-some-signatures-with-an-elg-e-key-valid
:END:
These are Elgamal keys generated by GnuPG in v3 (RFC 1991) packets.
The OpenPGP draft later changed the algorithm identifier for Elgamal
@ -1200,7 +1362,10 @@ you could search in the mailing list archive.
key is in a v3 packet. GnuPG is the only program which had used
these v3 Elgamal keys - so this assumption is quite safe.
<Q> How does the whole trust thing work?
** How does the whole trust thing work?
:PROPERTIES:
:CUSTOM_ID: how-does-the-whole-trust-thing-work
:END:
It works more or less like PGP. The difference is that the trust is
computed at the time it is needed. This is one of the reasons for
@ -1257,14 +1422,20 @@ you could search in the mailing list archive.
keyring. GnuPG stores the trust in the trustdb.gpg file so it is okay
to give a gpg keyring away (but we have a --export command too).
<Q> What kind of output is this: "key C26EE891.298, uid 09FB: ...."?
** What kind of output is this: "key C26EE891.298, uid 09FB: ...."?
:PROPERTIES:
:CUSTOM_ID: trustb-diagnostics-output-key-uid
:END:
This is the internal representation of a user ID in the trustdb.
"C26EE891" is the keyid, "298" is the local ID (a record number in
the trustdb) and "09FB" is the last two bytes of a ripe-md-160 hash
of the user ID for this key.
<Q> How do I interpret some of the informational outputs?
** How do I interpret some of the informational outputs?
:PROPERTIES:
:CUSTOM_ID: how-do-i-interpret-some-of-the-informational-outputs
:END:
While checking the validity of a key, GnuPG sometimes prints some
information which is prefixed with information about the checked
@ -1293,15 +1464,20 @@ you could search in the mailing list archive.
and user ID, if it is a signature which is direct on a key, the user
ID part is empty (..//..).
<Q> Are the header lines of a cleartext signature part of the signed
material?
** Are the header lines of a cleartext signature part of the signed material?
:PROPERTIES:
:CUSTOM_ID: are-header-lines-of-cleartext-sigs-part-of-the-signed-material
:END:
No. For example you can add or remove "Comment:" lines. They have
a purpose like the mail header lines. However a "Hash:" line is
needed for OpenPGP signatures to tell the parser which hash
algorithm to use.
<Q> What is the list of preferred algorithms?
** What is the list of preferred algorithms?
:PROPERTIES:
:CUSTOM_ID: what-is-the-list-of-preferred-algorithms
:END:
The list of preferred algorithms is a list of cipher, hash and
compression algorithms stored in the self-signature of a key during
@ -1310,7 +1486,10 @@ you could search in the mailing list archive.
to use. Basically it tells other people what algorithms the
recipient is able to handle and provides an order of preference.
<Q> How do I change the list of preferred algorithms?
** How do I change the list of preferred algorithms?
:PROPERTIES:
:CUSTOM_ID: how-do-i-change-the-list-of-preferred-algorithms
:END:
In version 1.0.7 or later, you can use the edit menu and set the
new list of preference using the command "setpref"; the format of
@ -1322,7 +1501,10 @@ you could search in the mailing list archive.
timestamp of the self-signature is increased by one second when
running this command.
<Q> How can I import all the missing signer keys?
** How can I import all the missing signer keys?
:PROPERTIES:
:CUSTOM_ID: how-can-i-import-all-the-missing-signer-keys
:END:
If you imported a key and you want to also import all the signer's
keys, you can do this with this command:
@ -1335,20 +1517,44 @@ you could search in the mailing list archive.
of the listing before before starting the import.
<S> ACKNOWLEDGEMENTS
* Acknowledgements
:PROPERTIES:
:CUSTOM_ID: acknowledgements
:END:
Many thanks to Nils Ellmenreich for maintaining this FAQ file for
such a long time, Werner Koch for the original FAQ file, and to all
posters to gnupg-users and gnupg-devel. They all provided most of
the answers.
such a long time, Werner Koch for the original FAQ file, David
D. Scribner as another maintainer and to all posters to
gnupg-users and gnupg-devel. They all provided most of the
answers.
Also thanks to Casper Dik for providing us with a script to generate
this FAQ (he uses it for the excellent Solaris2 FAQ).
Copyright (C) 2000, 2001, 2002, 2003, 2010 Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02111, USA
[H hr]
Verbatim copying and distribution of this entire article is
permitted in any medium, provided this notice is preserved.
Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02111, USA
* COMMENT HTML style specifications
Verbatim copying and distribution of this entire article is permitted in
any medium, provided this notice is preserved.
#+begin_src emacs-lisp
(defun org-faq-make-target ()
"Make hard target for current headline."
(interactive)
(if (not (org-on-heading-p))
(error "Not on a headline"))
(let ((h (org-trim (org-get-heading 'no-tags))))
(if (string-match "[ \t]*\\?\\'" h)
(setq h (replace-match "" t t h)))
(while (string-match "[ \t]+" h)
(setq h (replace-match "-" t t h)))
(setq h (downcase h))
(org-entry-put nil "CUSTOM_ID" h)))
#+end_src
# Local Variables:
# org-export-html-style-include-default: nil
# org-export-html-style-include-scripts: nil
# End: