security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-07 23:27:48 +02:00
Code Activity

[w32ce] Do not print the faulty timezone info

Browse Source 
Switch FAQ sources to org-mode
This commit is contained in:
Werner Koch 2010-10-04 21:08:34 +00:00
parent bfbd80feb9
commit adfa280d6f
7 changed files with 440 additions and 234 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,3 +1,7 @@
2010-10-04 Werner Koch <wk@g10code.com>
* configure.ac (GNUPG_CHECK_FAQPROG): Remove.
2010-08-19 Werner Koch <wk@g10code.com> 2010-08-19 Werner Koch <wk@g10code.com>
* configure.ac (AH_BOTTOM): Define GPG_ERR_ENABLE_ERRNO_MACROS. * configure.ac (AH_BOTTOM): Define GPG_ERR_ENABLE_ERRNO_MACROS.

4
common/ChangeLog
View File

@ -1,3 +1,7 @@
2010-10-04 Werner Koch <wk@g10code.com>
* gettime.c (asctimestamp) [W32CE]: Do not print the timezone.
2010-09-30 Werner Koch <wk@g10code.com> 2010-09-30 Werner Koch <wk@g10code.com>
* util.h (GPG_ERR_FULLY_CANCELED): Add replacement. * util.h (GPG_ERR_FULLY_CANCELED): Add replacement.

57
common/gettime.c
View File

@ -330,41 +330,46 @@ isotimestamp (u32 stamp)
* Note: this function returns local time * Note: this function returns local time
*/ */
const char * const char *
asctimestamp( u32 stamp ) asctimestamp (u32 stamp)
{ {
static char buffer[50]; static char buffer[50];
#if defined (HAVE_STRFTIME) && defined (HAVE_NL_LANGINFO) #if defined (HAVE_STRFTIME) && defined (HAVE_NL_LANGINFO)
static char fmt[50]; static char fmt[50];
#endif #endif
struct tm *tp; struct tm *tp;
time_t atime = stamp; time_t atime = stamp;
if (atime < 0) { if (atime < 0)
strcpy (buffer, "????" "-??" "-??"); {
return buffer; strcpy (buffer, "????" "-??" "-??");
return buffer;
} }
tp = localtime( &atime ); tp = localtime( &atime );
#ifdef HAVE_STRFTIME #ifdef HAVE_STRFTIME
#if defined(HAVE_NL_LANGINFO) # if defined(HAVE_NL_LANGINFO)
mem2str( fmt, nl_langinfo(D_T_FMT), DIM(fmt)-3 ); mem2str( fmt, nl_langinfo(D_T_FMT), DIM(fmt)-3 );
if( strstr( fmt, "%Z" ) == NULL ) if (!strstr( fmt, "%Z" ))
strcat( fmt, " %Z"); strcat( fmt, " %Z");
/* NOTE: gcc -Wformat-noliteral will complain here. I have /* NOTE: gcc -Wformat-noliteral will complain here. I have found no
found no way to suppress this warning .*/ way to suppress this warning. */
strftime (buffer, DIM(buffer)-1, fmt, tp); strftime (buffer, DIM(buffer)-1, fmt, tp);
# elif defined(HAVE_W32CE_SYSTEM)
/* tzset is not available but %Z nevertheless prints a default
nonsense timezone ("WILDABBR"). Thus we don't print the time
zone at all. */
strftime (buffer, DIM(buffer)-1, "%c", tp);
# else
/* FIXME: we should check whether the locale appends a " %Z" These
* locales from glibc don't put the " %Z": fi_FI hr_HR ja_JP lt_LT
* lv_LV POSIX ru_RU ru_SU sv_FI sv_SE zh_CN. */
strftime (buffer, DIM(buffer)-1, "%c %Z", tp);
# endif
buffer[DIM(buffer)-1] = 0;
#else #else
/* FIXME: we should check whether the locale appends a " %Z" mem2str( buffer, asctime(tp), DIM(buffer) );
* These locales from glibc don't put the " %Z":
* fi_FI hr_HR ja_JP lt_LT lv_LV POSIX ru_RU ru_SU sv_FI sv_SE zh_CN
*/
strftime( buffer, DIM(buffer)-1, "%c %Z", tp );
#endif #endif
buffer[DIM(buffer)-1] = 0; return buffer;
#else
mem2str( buffer, asctime(tp), DIM(buffer) );
#endif
return buffer;
} }

1
configure.ac
View File

@ -518,7 +518,6 @@ AC_CHECK_TOOL(WINDRES, windres, :)
AC_ISC_POSIX AC_ISC_POSIX
gl_EARLY gl_EARLY
AC_SYS_LARGEFILE AC_SYS_LARGEFILE
GNUPG_CHECK_FAQPROG
GNUPG_CHECK_USTAR GNUPG_CHECK_USTAR
# We need to compile and run a program on the build machine. A # We need to compile and run a program on the build machine. A

7
doc/ChangeLog
View File

@ -1,3 +1,10 @@
2010-10-04 Werner Koch <wk@g10code.com>
* faq.org: New.
* FAQ: Make it a static file with a pointer to the online location.
* Makefile.am (EXTRA_DIST): Remove faq.raw and faq.html.
(FAQ, faq.html): Remove these targets
2010-09-28 Werner Koch <wk@g10code.com> 2010-09-28 Werner Koch <wk@g10code.com>
* Makefile.am (AM_MAKEINFOFLAGS): Add define gpgtwoone. * Makefile.am (AM_MAKEINFOFLAGS): Add define gpgtwoone.

27
doc/Makefile.am
View File

@ -32,12 +32,12 @@ EXTRA_DIST = samplekeys.asc \
gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png \ gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png \
gnupg-card-architecture.eps gnupg-card-architecture.png \ gnupg-card-architecture.eps gnupg-card-architecture.png \
gnupg-card-architecture.pdf \ gnupg-card-architecture.pdf \
faq.raw FAQ faq.html gnupg7.texi \ FAQ gnupg7.texi \
opt-homedir.texi see-also-note.texi specify-user-id.texi \ opt-homedir.texi see-also-note.texi specify-user-id.texi \
gpgv.texi texi.css yat2m.c gpgv.texi texi.css yat2m.c
BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \ BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \
gnupg-card-architecture.pdf FAQ faq.html gnupg-card-architecture.pdf
info_TEXINFOS = gnupg.texi info_TEXINFOS = gnupg.texi
@ -46,7 +46,7 @@ dist_pkgdata_DATA = qualified.txt com-certs.pem $(helpfiles)
nobase_dist_doc_DATA = FAQ DETAILS HACKING TRANSLATE OpenPGP KEYSERVER \ nobase_dist_doc_DATA = FAQ DETAILS HACKING TRANSLATE OpenPGP KEYSERVER \
$(examples) $(examples)
dist_html_DATA = faq.html #dist_html_DATA =
gnupg_TEXINFOS = \ gnupg_TEXINFOS = \
@ -75,7 +75,7 @@ man_MANS = $(myman_pages) gnupg.7
watchgnupg_SOURCE = gnupg.texi watchgnupg_SOURCE = gnupg.texi
CLEANFILES = faq.raw.xref yat2m CLEANFILES = yat2m
DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \ DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
$(myman_pages) gnupg.7 $(myman_pages) gnupg.7
@ -97,25 +97,6 @@ yat2m: yat2m.c
fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@ fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@
FAQ : faq.raw
if WORKING_FAQPROG
$(FAQPROG) -f $< $@ || $(FAQPROG) -f $< $@
else
: Warning: missing faqprog.pl, cannot make $@
echo "No $@ due to missing faqprog.pl" > $@
echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@
endif
faq.html : faq.raw
if WORKING_FAQPROG
$(FAQPROG) -h -f $< $@ 2>&1 || $(FAQPROG) -h -f $< $@
else
: Warning: missing faqprog.pl, cannot make $@
echo "No $@ due to missing faqprog.pl" > $@
echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@
endif
yat2m-stamp: $(myman_sources) yat2m-stamp: $(myman_sources)
@rm -f yat2m-stamp.tmp @rm -f yat2m-stamp.tmp
@touch yat2m-stamp.tmp @touch yat2m-stamp.tmp

574
doc/faq.raw → doc/faq.org
View File

@ -1,76 +1,47 @@
[$htmltitle=GnuPG FAQ] #+STARTUP: overview
[$htmlcharset=<meta http-equiv="content-type" content="text/html; charset=utf-8">] #+OPTIONS: H:2 num:t toc:t \n:nil @:t ::t |:t ^:t *:t TeX:t
[$sfaqheader=The GnuPG FAQ says:] #+EMAIL: wk@gnupg.org
[$sfaqfooter= #+AUTHOR: GnuPG users
The most recent version of the FAQ is available from #+LANGUAGE: en
<http://www.gnupg.org/> #+TITLE: GnuPG Frequently Asked Questions
] #+OPTIONS: H:3 num:nil toc:t \n:nil @:t ::t |:t ^:{} -:t f:t *:t TeX:t LaTeX:t skip:nil d:(HIDE) tags:not-in-toc
[$usenetheader= #+LINK: gnupgweb http://www.gnupg.org/
] #+LINK gnupgftp ftp://ftp.gnupg.org/gcrypt/
[$maintainer=David D. Scribner, <faq 'at' gnupg.org>] #+LINK: roundup https://bugs.g10code.com/gnupg/issue
[$hGPGHTTP=http://www.gnupg.org] #+STYLE: <link rel="stylesheet" type="text/css" href="http://www.gnupg.org/share/site.css" />
[$hGPGFTP=ftp://ftp.gnupg.org]
[$hVERSION=1.2.2]
[H body bgcolor=#ffffff text=#000000 link=#1f00ff alink=#ff0000 vlink=#9900dd] # FIXME: This FAQ needs a heavy cleanup. For now I only switched to
[H h1]GnuPG Frequently Asked Questions[H /h1] # org-mode format for easier maintenance.
#+begin_html
<a href="/"><img src="http://gnupg.org/share/logo-gnupg-light-purple-bg.png" class="logo-link" /></a>
#+end_html
[H p] * Welcome
Version: 1.6.3[H br] :PROPERTIES:
Last-Modified: Jul 30, 2003[H br] :CUSTOM_ID: welcome
Maintained-by: [$maintainer] :END:
[H /p]
Welcome to the GnuPG FAQ. The latest HTML version is available
[[gnupgweb:faq.html][here]].
This is the GnuPG FAQ. The latest HTML version is available The index is generated automatically, so there may be errors. Not
[H a href=[$hGPGHTTP]/documentation/faqs.html]here[H/a]. all questions may be in the section they belong to. Suggestions
about how to improve the structure of this FAQ are welcome.
The index is generated automatically, so there may be errors. Not all Please send additions and corrections to the gnupg users mailing
questions may be in the section they belong to. Suggestions about how list. It would be most convenient if you could provide the answer to
to improve the structure of this FAQ are welcome. be included here as well. Your help is very much appreciated!
Please send additions and corrections to the maintainer. It would be Please, don't send message like "This should be a FAQ - what's the
most convenient if you could provide the answer to be included here answer?". If it hasn't been asked before, it isn't a FAQ. In that case
as well. Your help is very much appreciated! you could search in the mailing list archive.
Please, don't send message like "This should be a FAQ - what's the ** What conventions are used in this FAQ?
answer?". If it hasn't been asked before, it isn't a FAQ. In that case :PROPERTIES:
you could search in the mailing list archive. :CUSTOM_ID: what-conventions-are-used-in-this-faq
:END:
[H hr]
<C>
[H hr]
<S> GENERAL
<Q> What is GnuPG?
[H a href=[$hGPGHTTP]]GnuPG[H /a] stands for GNU Privacy Guard and
is GNU's tool for secure communication and data storage. It can be
used to encrypt data and to create digital signatures. It includes
an advanced key management facility and is compliant with the
proposed OpenPGP Internet standard as described in [H a href=http://www.rfc-editor.org/]RFC 2440[H/a].
As such, it is aimed to be compatible with PGP from PGP Corp. and
other OpenPGP tools
<Q> Is GnuPG compatible with PGP?
In general, yes. GnuPG and newer PGP releases should be implementing
the OpenPGP standard. But there are some interoperability problems.
See question <Rcompat> for details.
<Q> Is GnuPG free to use for personal or commercial use?
Yes. GnuPG is part of the GNU family of tools and applications built
and provided in accordance with the Free Software Foundation (FSF)
General Public License (GPL). Therefore the software is free to copy,
use, modify and distribute in accordance with that license. Please
read the file titled COPYING that accompanies the application for
more information.
<Q> What conventions are used in this FAQ?
Although GnuPG is being developed for several operating systems Although GnuPG is being developed for several operating systems
(often in parallel), the conventions used in this FAQ reflect a (often in parallel), the conventions used in this FAQ reflect a
@ -78,7 +49,7 @@ you could search in the mailing list archive.
prompt (`$') should be interpreted as a command prompt (`>'), prompt (`$') should be interpreted as a command prompt (`>'),
directory names separated by a forward slash (`/') may need to be directory names separated by a forward slash (`/') may need to be
converted to a back slash (`\'), and a tilde (`~') represents a converted to a back slash (`\'), and a tilde (`~') represents a
user's "home" directory (reference question <Rhomedir> for an example). user's "home" directory (reference question [[id:how-do-i-put-my-keyring-in-a-different-directory][How do I put my keyring in a different directory?]] for an example).
Some command-lines presented in this FAQ are too long to properly Some command-lines presented in this FAQ are too long to properly
display in some browsers for the web page version of this file, and display in some browsers for the web page version of this file, and
@ -96,10 +67,48 @@ you could search in the mailing list archive.
file may be interchangable with the newer gpg.conf file in many file may be interchangable with the newer gpg.conf file in many
instances. See question <Roptions> for details. instances. See question <Roptions> for details.
* General Questions
<S> SOURCES of INFORMATION ** What is GnuPG?
:PROPERTIES:
:CUSTOM_ID: what-is-gnupg
:END:
<Q> Where can I find more information on GnuPG? [[gnupgweb][GnuPG]] stands for GNU Privacy Guard and is GNU's tool for secure
communication and data storage. It can be used to encrypt data and
to create digital signatures. It includes an advanced key
management facility and is compliant with the proposed OpenPGP
Internet standard as described in [[http://www.rfc-editor.org/rfc/rfc4880.txt][RFC-4880]]. As such, it is aimed
to be compatible with PGP from PGP Corp. and other OpenPGP tools
** Is GnuPG compatible with PGP?
:PROPERTIES:
:CUSTOM_ID: is-gnupg-compatible-with-pgp
:END:
In general, yes. GnuPG and newer PGP releases should be implementing
the OpenPGP standard. But there are some interoperability problems.
See question <Rcompat> for details.
** Is GnuPG free to use for personal or commercial use?
:PROPERTIES:
:CUSTOM_ID: is-gnupg-free-to-use
:END:
Yes. GnuPG is part of the GNU family of tools and applications built
and provided in accordance with the Free Software Foundation (FSF)
General Public License (GPL). Therefore the software is free to copy,
use, modify and distribute in accordance with that license. Please
read the file titled COPYING that accompanies the application for
more information.
* Sources of Information
** Where can I find more information on GnuPG?
:PROPERTIES:
:CUSTOM_ID: more-information-on-gnupg
:END:
On-line resources: On-line resources:
@ -135,23 +144,24 @@ you could search in the mailing list archive.
for hackers, not the casual user). for hackers, not the casual user).
[H /ul] [H /ul]
<Q> Where do I get GnuPG? ** Where do I get GnuPG?
:PROPERTIES:
:CUSTOM_ID: where-do-i-get-gnupg
:END:
You can download the GNU Privacy Guard from its primary FTP server You can download the GNU Privacy Guard from its primary FTP server
[H a href=[$hGPGFTP]/gcrypt/]<[$hGPGFTP]/gcrypt/>[H /a] or from one of the mirrors: [[gnupgftp:gnupg/][ftp.gnupg.org]] or from one of its [[gnupgweb:download/mirrors.html][mirrors]].
[H a href=[$hGPGHTTP]/download/mirrors.html] The current stable version is FIXME. Please upgrade to this
<[$hGPGHTTP]/download/mirrors.html> version as it includes additional features, functions and security
[H /a] fixes that may not have existed in prior versions.
The current stable version is [$hVERSION]. Please upgrade to this version as * Installation
it includes additional features, functions and security fixes that may
not have existed in prior versions.
** Which OSes does GnuPG run on?
<S> INSTALLATION :PROPERTIES:
:CUSTOM_ID: which-oses-does-gnupg-run-on
<Q> Which OSes does GnuPG run on? :END:
It should run on most Unices as well as Windows versions (including It should run on most Unices as well as Windows versions (including
Windows NT/2000) and Macintosh OS/X. A list of OSes reported to be OK Windows NT/2000) and Macintosh OS/X. A list of OSes reported to be OK
@ -161,7 +171,10 @@ you could search in the mailing list archive.
<[$hGPGHTTP]/download/supported_systems.html> <[$hGPGHTTP]/download/supported_systems.html>
[H /a] [H /a]
<Q> Which random data gatherer should I use? ** Which random data gatherer should I use?
:PROPERTIES:
:CUSTOM_ID: which-random-data-gatherer-should-i-use
:END:
"Good" random numbers are crucial for the security of your encryption. "Good" random numbers are crucial for the security of your encryption.
Different operating systems provide a variety of more or less quality Different operating systems provide a variety of more or less quality
@ -194,7 +207,10 @@ you could search in the mailing list archive.
random quality isn't very good so don't use it on sensitive data. random quality isn't very good so don't use it on sensitive data.
<Didea> <Didea>
<Q> How do I include support for RSA and IDEA? ** How do I include support for RSA and IDEA?
:PROPERTIES:
:CUSTOM_ID: how-do-i-include-support-for-rsa-and-idea
:END:
RSA is included as of GnuPG version 1.0.3. RSA is included as of GnuPG version 1.0.3.
@ -225,9 +241,12 @@ you could search in the mailing list archive.
[H /samp] [H /samp]
<S> USAGE * Usage
<Q> What is the recommended key size? ** What is the recommended key size?
:PROPERTIES:
:CUSTOM_ID: what-is-the-recommended-key-size
:END:
1024 bit for DSA signatures; even for plain Elgamal signatures. 1024 bit for DSA signatures; even for plain Elgamal signatures.
This is sufficient as the size of the hash is probably the weakest This is sufficient as the size of the hash is probably the weakest
@ -248,7 +267,10 @@ you could search in the mailing list archive.
versions. It has only been introduced because at the time it was versions. It has only been introduced because at the time it was
not clear whether there was a patent on DSA. not clear whether there was a patent on DSA.
<Q> Why does it sometimes take so long to create keys? ** Why does it sometimes take so long to create keys?
:PROPERTIES:
:CUSTOM_ID: why-does-it-sometimes-take-so-long-to-create-keys
:END:
The problem here is that we need a lot of random bytes and for that The problem here is that we need a lot of random bytes and for that
we (on Linux the /dev/random device) must collect some random data. we (on Linux the /dev/random device) must collect some random data.
@ -263,7 +285,10 @@ you could search in the mailing list archive.
Another problem might be another program which eats up your random Another problem might be another program which eats up your random
bytes (a program (look at your daemons) that reads from /dev/random). bytes (a program (look at your daemons) that reads from /dev/random).
<Q> And it really takes long when I work on a remote system. Why? ** And it really takes long when I work on a remote system. Why?
:PROPERTIES:
:CUSTOM_ID: it-really-takes-long-when-i-work-on-a-remote-system
:END:
Don't do this at all! You should never create keys or even use GnuPG Don't do this at all! You should never create keys or even use GnuPG
on a remote system because you normally have no physical control on a remote system because you normally have no physical control
@ -280,7 +305,10 @@ you could search in the mailing list archive.
the keys, so I use a special option, --quick-random, to generate the keys, so I use a special option, --quick-random, to generate
insecure keys which are only good for some tests. insecure keys which are only good for some tests.
<Q> What is the difference between options and commands? ** What is the difference between options and commands?
:PROPERTIES:
:CUSTOM_ID: difference-between-options-and-commands
:END:
If you do a 'gpg --help', you will get two separate lists. The first If you do a 'gpg --help', you will get two separate lists. The first
is a list of commands. The second is a list of options. Whenever you is a list of commands. The second is a list of options. Whenever you
@ -349,8 +377,10 @@ you could search in the mailing list archive.
$ gpg [--options] --sign --encrypt foo.txt $ gpg [--options] --sign --encrypt foo.txt
[H /samp] [H /samp]
<Q> I can't delete a user ID on my secret keyring because it has ** I can't delete a user ID on my secret keyring because it has already been deleted on my public keyring. What can I do?
already been deleted on my public keyring. What can I do? :PROPERTIES:
:CUSTOM_ID: delete-user-id-from-secring-if-already-deleted-from-pubring
:END:
Because you can only select from the public key ring, there is no Because you can only select from the public key ring, there is no
direct way to do this. However it is not very complicated to do direct way to do this. However it is not very complicated to do
@ -359,8 +389,10 @@ you could search in the mailing list archive.
ring. Now select this user ID and delete it. Both user IDs will be ring. Now select this user ID and delete it. Both user IDs will be
removed from the secret ring. removed from the secret ring.
<Q> I can't delete my secret key because the public key disappeared. ** I can't delete my secret key because the public key disappeared. What can I do?
What can I do? :PROPERTIES:
:CUSTOM_ID: delete-my-secret-key-because-the-public-key-disappeared
:END:
To select a key a search is always done on the public keyring, To select a key a search is always done on the public keyring,
therefore it is not possible to select a secret key without therefore it is not possible to select a secret key without
@ -375,7 +407,12 @@ you could search in the mailing list archive.
for continued use with your secret key, you may be able to use for continued use with your secret key, you may be able to use
gpgsplit as detailed in question <Rgpgsplit>. gpgsplit as detailed in question <Rgpgsplit>.
<Q> What are trust, validity and ownertrust?
** What are trust, validity and ownertrust?
:PROPERTIES:
:CUSTOM_ID: what-are-trust-validity-and-ownertrust
:END:
With GnuPG, the term "ownertrust" is used instead of "trust" to With GnuPG, the term "ownertrust" is used instead of "trust" to
help clarify that this is the value you have assigned to a key help clarify that this is the value you have assigned to a key
@ -387,7 +424,10 @@ you could search in the mailing list archive.
on trust values see the chapter "The Web of Trust" in The GNU on trust values see the chapter "The Web of Trust" in The GNU
Privacy Handbook. Privacy Handbook.
<Q> How do I sign a patch file? ** How do I sign a patch file?
:PROPERTIES:
:CUSTOM_ID: how-do-i-sign-a-patch-file
:END:
Use "gpg --clearsign --not-dash-escaped ...". The problem with Use "gpg --clearsign --not-dash-escaped ...". The problem with
--clearsign is that all lines starting with a dash are quoted with --clearsign is that all lines starting with a dash are quoted with
@ -400,19 +440,27 @@ you could search in the mailing list archive.
mailer may not preserve these. If you want to mail a file you can mailer may not preserve these. If you want to mail a file you can
simply sign it using your MUA (Mail User Agent). simply sign it using your MUA (Mail User Agent).
<Q> Where is the "encrypt-to-self" option? ** Where is the "encrypt-to-self" option?
:PROPERTIES:
:CUSTOM_ID: where-is-the-encrypt-to-self-option
:END:
Use "--encrypt-to your_keyID". You can use more than one of these Use "--encrypt-to your_keyID". You can use more than one of these
options. To temporarily override the use of this additional key, options. To temporarily override the use of this additional key,
you can use the option "--no-encrypt-to". you can use the option "--no-encrypt-to".
<Q> How can I get rid of the Version and Comment headers in armored ** How can I get rid of the Version and Comment headers in armored messages?
messages? :PROPERTIES:
:CUSTOM_ID: get-rid-of-the-version-and-comment-headers-in-armored-messages
:END:
Use "--no-version --comment ''". Note that the left over blank line Use "--no-version --comment ''". Note that the left over blank line
is required by the protocol. is required by the protocol.
<Q> What does the "You are using the xxxx character set." mean? ** What does the "You are using the xxxx character set." mean?
:PROPERTIES:
:CUSTOM_ID: what-does-the-you-are-using-the-xxx-character-set-mean
:END:
This note is printed when UTF-8 mapping has to be done. Make sure This note is printed when UTF-8 mapping has to be done. Make sure
that the displayed character set is the one you have activated on that the displayed character set is the one you have activated on
@ -421,16 +469,21 @@ you could search in the mailing list archive.
"--charset". It is important that your active character set matches "--charset". It is important that your active character set matches
the one displayed - if not, restrict yourself to plain 7 bit ASCII the one displayed - if not, restrict yourself to plain 7 bit ASCII
and no mapping has to be done. and no mapping has to be done.
<Q> How can I get list of key IDs used to encrypt a message? ** How can I get list of key IDs used to encrypt a message?
:PROPERTIES:
:CUSTOM_ID: how-can-i-get-list-of-key-ids-used-to-encrypt-a-message
:END:
[H samp] [H samp]
$ gpg --batch --decrypt --list-only --status-fd 1 2>/dev/null | $ gpg --batch --decrypt --list-only --status-fd 1 2>/dev/null |
awk '/^\[GNUPG:\] ENC_TO / { print $3 }' awk '/^\[GNUPG:\] ENC_TO / { print $3 }'
[H /samp] [H /samp]
<Q> Why can't I decrypt files encrypted as symmetrical-only (-c) with ** Why can't I decrypt files encrypted as symmetrical-only (-c) with a version of GnuPG prior to 1.0.1.
a version of GnuPG prior to 1.0.1. :PROPERTIES:
:CUSTOM_ID: why-cant-i-decrypt-symmetrical-only-with-gnupg-prior-to-1.0.1
:END:
There was a bug in GnuPG versions prior to 1.0.1 which affected files There was a bug in GnuPG versions prior to 1.0.1 which affected files
only if 3DES or Twofish was used for symmetric-only encryption (this has only if 3DES or Twofish was used for symmetric-only encryption (this has
@ -442,7 +495,10 @@ you could search in the mailing list archive.
updates, so you will need to use a version between 1.0.1 and 1.0.7 to updates, so you will need to use a version between 1.0.1 and 1.0.7 to
re-encrypt any affected files. re-encrypt any affected files.
<Q> How can I use GnuPG in an automated environment? ** How can I use GnuPG in an automated environment?
:PROPERTIES:
:CUSTOM_ID: how-can-i-use-gnupg-in-an-automated-environment
:END:
You should use the option --batch and don't use passphrases as You should use the option --batch and don't use passphrases as
there is usually no way to store it more securely than on the there is usually no way to store it more securely than on the
@ -476,7 +532,10 @@ you could search in the mailing list archive.
install new subkeys. install new subkeys.
[H /ol] [H /ol]
<Q> Which email-client can I use with GnuPG? ** Which email-client can I use with GnuPG?
:PROPERTIES:
:CUSTOM_ID: which-email-client-can-i-use-with-gnupg
:END:
Using GnuPG to encrypt email is one of the most popular uses. Using GnuPG to encrypt email is one of the most popular uses.
Several mail clients or mail user agents (MUAs) support GnuPG to Several mail clients or mail user agents (MUAs) support GnuPG to
@ -551,7 +610,10 @@ you could search in the mailing list archive.
email-relaying server that uses GnuPG to enable many email clients email-relaying server that uses GnuPG to enable many email clients
to send and receive emails that conform to PGP-MIME (RFC 2015). to send and receive emails that conform to PGP-MIME (RFC 2015).
<Q> Can't we have a gpg library? ** Can't we have a gpg library?
:PROPERTIES:
:CUSTOM_ID: cant-we-have-a-gpg-library
:END:
This has been frequently requested. However, the current viewpoint This has been frequently requested. However, the current viewpoint
of the GnuPG maintainers is that this would lead to several security of the GnuPG maintainers is that this would lead to several security
@ -559,8 +621,10 @@ you could search in the mailing list archive.
future. However, for some areas of application gpgme could do the future. However, for some areas of application gpgme could do the
trick. You'll find it at [H a href=[$hGPGFTP]/gcrypt/alpha/gpgme]<[$hGPGFTP]/gcrypt/alpha/gpgme>[H /a]. trick. You'll find it at [H a href=[$hGPGFTP]/gcrypt/alpha/gpgme]<[$hGPGFTP]/gcrypt/alpha/gpgme>[H /a].
<Q> I have successfully generated a revocation certificate, but I don't ** I have successfully generated a revocation certificate, but I don't understand how to send it to the key servers.
understand how to send it to the key servers. :PROPERTIES:
:CUSTOM_ID: how-to-send-a-revocation-to-the-keyservers
:END:
Most keyservers don't accept a 'bare' revocation certificate. You Most keyservers don't accept a 'bare' revocation certificate. You
have to import the certificate into gpg first: have to import the certificate into gpg first:
@ -577,8 +641,10 @@ you could search in the mailing list archive.
(or use a keyserver web interface for this). (or use a keyserver web interface for this).
<Dhomedir> ** How do I put my keyring in a different directory?
<Q> How do I put my keyring in a different directory? :PROPERTIES:
:CUSTOM_ID: how-do-i-put-my-keyring-in-a-different-directory
:END:
GnuPG keeps several files in a special homedir directory. These GnuPG keeps several files in a special homedir directory. These
include the options file, pubring.gpg, secring.gpg, trustdb.gpg, include the options file, pubring.gpg, secring.gpg, trustdb.gpg,
@ -598,7 +664,10 @@ you could search in the mailing list archive.
on a floppy disk. Don't use "--keyring" as its purpose is to specify on a floppy disk. Don't use "--keyring" as its purpose is to specify
additional keyring files. additional keyring files.
<Q> How do I verify signed packages? ** How do I verify signed packages?
:PROPERTIES:
:CUSTOM_ID: how-do-i-verify-signed-packages
:END:
Before you can verify the signature that accompanies a package, Before you can verify the signature that accompanies a package,
you must first have the vendor, organisation, or issueing person's you must first have the vendor, organisation, or issueing person's
@ -628,7 +697,10 @@ you could search in the mailing list archive.
$ gpg --verify foobar.tar.gz.sig $ gpg --verify foobar.tar.gz.sig
[H /samp] [H /samp]
<Q> How do I export a keyring with only selected signatures (keys)? ** How do I export a keyring with only selected signatures (keys)?
:PROPERTIES:
:CUSTOM_ID: how-do-i-export-a-keyring-with-only-selected-signatures
:END:
If you're wanting to create a keyring with only a subset of keys If you're wanting to create a keyring with only a subset of keys
selected from a master keyring (for a club, user group, or company selected from a master keyring (for a club, user group, or company
@ -639,7 +711,10 @@ you could search in the mailing list archive.
[H /samp] [H /samp]
<Dgpgsplit> <Dgpgsplit>
<Q> I still have my secret key, but lost my public key. What can I do? ** I still have my secret key, but lost my public key. What can I do?
:PROPERTIES:
:CUSTOM_ID: i-still-have-my-secret-key-but-lost-my-public-key
:END:
All OpenPGP secret keys have a copy of the public key inside them, All OpenPGP secret keys have a copy of the public key inside them,
and in a worst-case scenario, you can create yourself a new public and in a worst-case scenario, you can create yourself a new public
@ -657,8 +732,10 @@ you could search in the mailing list archive.
one. Using the entire secret keyring should work too. After this has one. Using the entire secret keyring should work too. After this has
been done, the publickey.gpg file can be imported into GnuPG as usual. been done, the publickey.gpg file can be imported into GnuPG as usual.
<Q> Clearsigned messages sent from my web-mail account have an invalid ** Clearsigned messages sent from my web-mail account have an invalid signature. Why?
signature. Why? :PROPERTIES:
:CUSTOM_ID: clearsig-sent-from-webmail-have-an-invalid-signature
:END:
Check to make sure the settings for your web-based email account Check to make sure the settings for your web-based email account
do not use HTML formatting for the pasted clearsigned message. This can do not use HTML formatting for the pasted clearsigned message. This can
@ -669,10 +746,13 @@ you could search in the mailing list archive.
if plaintext messages are not an option. if plaintext messages are not an option.
<S> COMPATIBILITY ISSUES * Compatibility Issues
<Dcompat> <Dcompat>
<Q> How can I encrypt a message with GnuPG so that PGP is able to decrypt it? ** How can I encrypt a message with GnuPG so that PGP is able to decrypt it?
:PROPERTIES:
:CUSTOM_ID: how-can-i-encrypt-a-message-so-that-pgp-is-able-to-decrypt-it
:END:
It depends on the PGP version. It depends on the PGP version.
@ -711,7 +791,10 @@ you could search in the mailing list archive.
This applies to conventional encryption as well. This applies to conventional encryption as well.
[H /UL] [H /UL]
<Q> How do I migrate from PGP 2.x to GnuPG? ** How do I migrate from PGP 2.x to GnuPG?
:PROPERTIES:
:CUSTOM_ID: how-do-i-migrate-from-pgp2-to-gnupg
:END:
PGP 2 uses the RSA and IDEA encryption algorithms. Whereas the RSA PGP 2 uses the RSA and IDEA encryption algorithms. Whereas the RSA
patent has expired and RSA is included as of GnuPG 1.0.3, the IDEA patent has expired and RSA is included as of GnuPG 1.0.3, the IDEA
@ -720,11 +803,10 @@ you could search in the mailing list archive.
<Ridea> about how to add IDEA support to GnuPG and read <Ridea> about how to add IDEA support to GnuPG and read
[H a href=[$hGPGHTTP]/gph/en/pgp2x.html]<[$hGPGHTTP]/gph/en/pgp2x.html>[H /a] to perform the migration. [H a href=[$hGPGHTTP]/gph/en/pgp2x.html]<[$hGPGHTTP]/gph/en/pgp2x.html>[H /a] to perform the migration.
<Q> (removed) ** Why is PGP 5.x not able to encrypt messages with some keys?
:PROPERTIES:
(empty) :CUSTOM_ID: why-is-pgp5-not-able-to-encrypt-messages-with-some-keys
:END:
<Q> Why is PGP 5.x not able to encrypt messages with some keys?
PGP, Inc. refuses to accept Elgamal keys of type 20 even for PGP, Inc. refuses to accept Elgamal keys of type 20 even for
encryption. They only support type 16 (which is identical at least encryption. They only support type 16 (which is identical at least
@ -734,14 +816,20 @@ you could search in the mailing list archive.
16 Elgamal key to your public key, which is easy as your key 16 Elgamal key to your public key, which is easy as your key
signatures are still valid. signatures are still valid.
<Q> Why is PGP 5.x not able to verify my messages? ** Why is PGP 5.x not able to verify my messages?
:PROPERTIES:
:CUSTOM_ID: why-is-pgp5-not-able-to-verify-my-messages
:END:
PGP 5.x does not accept v4 signatures for data material but OpenPGP PGP 5.x does not accept v4 signatures for data material but OpenPGP
requests generation of v4 signatures for all kind of data, that's why requests generation of v4 signatures for all kind of data, that's why
GnuPG defaults to them. Use the option "--force-v3-sigs" to generate GnuPG defaults to them. Use the option "--force-v3-sigs" to generate
v3 signatures for data. v3 signatures for data.
<Q> How do I transfer owner trust values from PGP to GnuPG? ** How do I transfer owner trust values from PGP to GnuPG?
:PROPERTIES:
:CUSTOM_ID: how-do-i-transfer-owner-trust-values-from-pgp-to-gnupg
:END:
There is a script in the tools directory to help you. After you have There is a script in the tools directory to help you. After you have
imported the PGP keyring you can give this command: imported the PGP keyring you can give this command:
@ -753,7 +841,10 @@ you could search in the mailing list archive.
where pgpkeyring is the original keyring and not the GnuPG keyring where pgpkeyring is the original keyring and not the GnuPG keyring
you might have created in the first step. you might have created in the first step.
<Q> PGP does not like my secret key. ** PGP does not like my secret key.
:PROPERTIES:
:CUSTOM_ID: pgp-does-not-like-my-secret-key
:END:
Older PGPs probably bail out on some private comment packets used by Older PGPs probably bail out on some private comment packets used by
GnuPG. These packets are fully in compliance with OpenPGP; however GnuPG. These packets are fully in compliance with OpenPGP; however
@ -788,7 +879,10 @@ you could search in the mailing list archive.
[H /samp] [H /samp]
<Doptions> <Doptions>
<Q> GnuPG no longer installs a ~/.gnupg/options file. Is it missing? ** GnuPG no longer installs a ~/.gnupg/options file. Is it missing?
:PROPERTIES:
:CUSTOM_ID: gnupg-no-longer-installs-a-options-file-is-it-missing
:END:
No. The ~/.gnupg/options file has been renamed to ~/.gnupg/gpg.conf for No. The ~/.gnupg/options file has been renamed to ~/.gnupg/gpg.conf for
new installs as of version 1.1.92. If an existing ~/.gnupg/options file new installs as of version 1.1.92. If an existing ~/.gnupg/options file
@ -798,7 +892,10 @@ you could search in the mailing list archive.
or receiving the message that the "old default options file" is ignored or receiving the message that the "old default options file" is ignored
(occurs if both a gpg.conf and an options file are found). (occurs if both a gpg.conf and an options file are found).
<Q> How do you export GnuPG keys for use with PGP? ** How do you export GnuPG keys for use with PGP?
:PROPERTIES:
:CUSTOM_ID: how-do-you-export-gnupg-keys-for-use-with-pgp
:END:
This has come up fairly often, so here's the HOWTO: This has come up fairly often, so here's the HOWTO:
@ -864,9 +961,12 @@ you could search in the mailing list archive.
Thanks to David Shaw for this information! Thanks to David Shaw for this information!
<S> PROBLEMS and ERROR MESSAGES * Problems and Error Messages
<Q> Why do I get "gpg: Warning: using insecure memory!" ** Why do I get "gpg: Warning: using insecure memory!"
:PROPERTIES:
:CUSTOM_ID: why-do-i-get-gpg_warning_using_insecure_memory
:END:
On many systems this program should be installed as setuid(root). On many systems this program should be installed as setuid(root).
This is necessary to lock memory pages. Locking memory pages prevents This is necessary to lock memory pages. Locking memory pages prevents
@ -919,7 +1019,10 @@ you could search in the mailing list archive.
was thought to be too serious an issue. However, it confused users was thought to be too serious an issue. However, it confused users
too much, so the warning was eventually removed. too much, so the warning was eventually removed.
<Q> Large File Support doesn't work ... ** Large File Support doesn't work
:PROPERTIES:
:CUSTOM_ID: large-file-support-does-not-work
:END:
LFS works correctly in post-1.0.4 versions. If configure doesn't LFS works correctly in post-1.0.4 versions. If configure doesn't
detect it, try a different (i.e., better) compiler. egcs 1.1.2 works detect it, try a different (i.e., better) compiler. egcs 1.1.2 works
@ -927,34 +1030,50 @@ you could search in the mailing list archive.
of GnuPG 1.0.3 and 1.0.4 on HP-UX and Solaris were due to broken LFS of GnuPG 1.0.3 and 1.0.4 on HP-UX and Solaris were due to broken LFS
support. support.
<Q> In the edit menu the trust values are not displayed correctly after ** In the edit menu the trust values are not displayed correctly after signing uids. Why?
signing uids. Why? :PROPERTIES:
:CUSTOM_ID: edit-menu-trust-not-show-correctly-after-signing-uids
:END:
This happens because some information is stored immediately in This happens because some information is stored immediately in
the trustdb, but the actual trust calculation can be done after the the trustdb, but the actual trust calculation can be done after the
save command. This is a "not easy to fix" design bug which will be save command. This is a "not easy to fix" design bug which will be
addressed in some future release. addressed in some future release.
<Q> What does "skipping pubkey 1: already loaded" mean? ** What does "skipping pubkey 1: already loaded" mean?
:PROPERTIES:
:CUSTOM_ID: what-does-skipping_pubkey_1_already_loaded-mean
:END:
As of GnuPG 1.0.3, the RSA algorithm is included. If you still have As of GnuPG 1.0.3, the RSA algorithm is included. If you still have
a "load-extension rsa" in your options file, the above message a "load-extension rsa" in your options file, the above message
occurs. Just remove the load command from the options file. occurs. Just remove the load command from the options file.
<Q> GnuPG 1.0.4 doesn't create ~/.gnupg ... ** GnuPG 1.0.4 doesn't create ~/.gnupg ...
:PROPERTIES:
:CUSTOM_ID: gnupg-1.0.4-does-not-create-.gnupg
:END:
That's a known bug, already fixed in newer versions. That's a known bug, already fixed in newer versions.
<Q> An Elgamal signature does not verify anymore since version 1.0.2 ... ** An Elgamal signature does not verify anymore since version 1.0.2
:PROPERTIES:
:CUSTOM_ID: an-elgamal-signature-does-not-verify-anymore-since-version-1.0.2
:END:
Use the option --emulate-md-encode-bug. Use the option --emulate-md-encode-bug.
<Q> Old versions of GnuPG can't verify Elgamal signatures ** Old versions of GnuPG can't verify Elgamal signatures
:PROPERTIES:
:CUSTOM_ID: old-versions-of-gnupg-cant-verify-elgamal-signatures
:END:
Update to GnuPG 1.0.2 or newer. Update to GnuPG 1.0.2 or newer.
<Q> When I use --clearsign, the plain text has sometimes extra dashes ** When I use --clearsign, the plain text has sometimes extra dashes in it - why?
in it - why? :PROPERTIES:
:CUSTOM_ID: extra-dashes-in-clearsign-messages
:END:
This is called dash-escaped text and is required by OpenPGP. This is called dash-escaped text and is required by OpenPGP.
It always happens when a line starts with a dash ("-") and is It always happens when a line starts with a dash ("-") and is
@ -966,7 +1085,10 @@ you could search in the mailing list archive.
are removed. Good mail clients remove those extra dashes when are removed. Good mail clients remove those extra dashes when
displaying such a message. displaying such a message.
<Q> What is the thing with "can't handle multiple signatures"? ** What is the thing with "can't handle multiple signatures"?
:PROPERTIES:
:CUSTOM_ID: what-is-the-thing-with-cant_handle_multiple_signatures
:END:
Due to different message formats GnuPG is not always able to split Due to different message formats GnuPG is not always able to split
a file with multiple signatures unambiguously into its parts. This a file with multiple signatures unambiguously into its parts. This
@ -976,19 +1098,27 @@ you could search in the mailing list archive.
OpenPGP format with one-pass-signature packets (which is GnuPG's OpenPGP format with one-pass-signature packets (which is GnuPG's
default) or the cleartext signed format. default) or the cleartext signed format.
<Q> If I submit a key to a keyserver, nothing happens ... ** If I submit a key to a keyserver, nothing happens
:PROPERTIES:
:CUSTOM_ID: if-i-submit-a-key-to-a-keyserver-nothing-happens
:END:
You are most likely using GnuPG 1.0.2 or older on Windows. That's You are most likely using GnuPG 1.0.2 or older on Windows. That's
feature isn't yet implemented, but it's a bug not to say it. Newer feature isn't yet implemented, but it's a bug not to say it. Newer
versions issue a warning. Upgrade to 1.4.5 or newer. versions issue a warning. Upgrade to 1.4.5 or newer.
<Q> I get "gpg: waiting for lock ..." ** I get "gpg: waiting for lock ..."
:PROPERTIES:
:CUSTOM_ID: i-get-gpg_waiting_for_lock
:END:
A previous instance of gpg has most likely exited abnormally and left A previous instance of gpg has most likely exited abnormally and left
a lock file. Go to ~/.gnupg and look for .*.lock files and remove them. a lock file. Go to ~/.gnupg and look for .*.lock files and remove them.
<Q> Older gpg binaries (e.g., 1.0) have problems with keys from newer ** Older gpg binaries (e.g., 1.0) have problems with keys from newer gpg binaries
gpg binaries ... :PROPERTIES:
:CUSTOM_ID: gpg-1.0-has-problems-with-keys-from-newer-gpg-versions
:END:
As of 1.0.3, keys generated with gpg are created with preferences to As of 1.0.3, keys generated with gpg are created with preferences to
TWOFISH (and AES since 1.0.4) and that also means that they have the TWOFISH (and AES since 1.0.4) and that also means that they have the
@ -1007,14 +1137,20 @@ you could search in the mailing list archive.
into your options file. into your options file.
<Q> With 1.0.4, I get "this cipher algorithm is deprecated ..." ** With 1.0.4, I get "this cipher algorithm is deprecated ..."
:PROPERTIES:
:CUSTOM_ID: with-1.0.4-i-get-this_cipher_algorithm_is_deprecated
:END:
If you just generated a new key and get this message while If you just generated a new key and get this message while
encrypting, you've witnessed a bug in 1.0.4. It uses the new AES encrypting, you've witnessed a bug in 1.0.4. It uses the new AES
cipher Rijndael that is incorrectly being referred as "deprecated". cipher Rijndael that is incorrectly being referred as "deprecated".
Ignore this warning, more recent versions of gpg are corrected. Ignore this warning, more recent versions of gpg are corrected.
<Q> Some dates are displayed as ????-??-??. Why? ** Some dates are displayed as ????-??-??. Why?
:PROPERTIES:
:CUSTOM_ID: some-dates-are-displayed-as-question-marks
:END:
Due to constraints in most libc implementations, dates beyond Due to constraints in most libc implementations, dates beyond
2038-01-19 can't be displayed correctly. 64-bit OSes are not 2038-01-19 can't be displayed correctly. 64-bit OSes are not
@ -1022,21 +1158,30 @@ you could search in the mailing list archive.
instead prints some question marks. To see the correct value, you instead prints some question marks. To see the correct value, you
can use the options --with-colons and --fixed-list-mode. can use the options --with-colons and --fixed-list-mode.
<Q> I still have a problem. How do I report a bug? ** I still have a problem. How do I report a bug?
:PROPERTIES:
:CUSTOM_ID: i-still-have-a-problem-how-do-i-report-a-bug
:END:
Are you sure that it's not been mentioned somewhere on the mailing Are you sure that it's not been mentioned somewhere on the mailing
lists? Did you have a look at the bug list (you'll find a link to lists? Did you have a look at the bug list (you'll find a link to
the list of reported bugs on the documentation page). If you're not the list of reported bugs on the documentation page). If you're
sure about it being a bug, you can send mail to the gnupg-devel not sure about it being a bug, you can send mail to the
list. Otherwise, use the bug tracking system gnupg-devel list. Otherwise, use the bug tracking system
[H a href=http://bugs.gnupg.org]<http://bugs.gnupg.org>[H /a]. [[http://busg.gnupg.org][bugs.gnupg.org]].
<Q> Why doesn't GnuPG support X.509 certificates? ** Why doesn't GnuPG support X.509 certificates?
:PROPERTIES:
:CUSTOM_ID: why-doesnt-gnupg-support-x509-certificates
:END:
That is only the case for GnuPG version 1.x. GnuPG 2.x fully That is only the case for GnuPG version 1.x. GnuPG 2.x fully
supports X.509 and S/MIME using the gpgsm tool. supports X.509 and S/MIME using the gpgsm tool.
<Q> Why do national characters in my user ID look funny? ** Why do national characters in my user ID look funny?
:PROPERTIES:
:CUSTOM_ID: why-do-national-characters-in-my-user-id-look-funny
:END:
According to OpenPGP, GnuPG encodes user ID strings (and other According to OpenPGP, GnuPG encodes user ID strings (and other
things) using UTF-8. In this encoding of Unicode, most national things) using UTF-8. In this encoding of Unicode, most national
@ -1045,7 +1190,10 @@ you could search in the mailing list archive.
0xA5). This might also be the reason why keyservers can't find 0xA5). This might also be the reason why keyservers can't find
your key. your key.
<Q> I get 'sed' errors when running ./configure on Mac OS X ... ** I get 'sed' errors when running ./configure on Mac OS X ...
:PROPERTIES:
:CUSTOM_ID: i-get-sed-errors-when-running-configure-on-mac-os-x
:END:
This will be fixed after GnuPG has been upgraded to autoconf-2.50. This will be fixed after GnuPG has been upgraded to autoconf-2.50.
Until then, find the line setting CDPATH in the configure script Until then, find the line setting CDPATH in the configure script
@ -1057,23 +1205,29 @@ you could search in the mailing list archive.
statement below it. statement below it.
<Q> Why does GnuPG 1.0.6 bail out on keyrings used with 1.0.7? ** Why does GnuPG 1.0.6 bail out on keyrings used with 1.0.7?
:PROPERTIES:
:CUSTOM_ID: why-does-gnupg-1.0.6-bail-out-on-keyrings-used-with-1.0.7
:END:
There is a small bug in 1.0.6 which didn't parse trust packets There is a small bug in 1.0.6 which didn't parse trust packets
correctly. You may want to apply this patch if you can't upgrade: correctly. You may want to apply this patch if you can't upgrade:
[[http://www.gnupg.org/developer/gpg-woody-fix.txt]].
[H a href=http://www.gnupg.org/developer/gpg-woody-fix.txt]<http://www.gnupg.org/developer/gpg-woody-fix.txt>[H /a] ** I upgraded to GnuPG version 1.0.7 and now it takes longer to load my keyrings. What can I do?
:PROPERTIES:
<Q> I upgraded to GnuPG version 1.0.7 and now it takes longer to load my :CUSTOM_ID: with-gpg-1.0.7-it-takes-longer-to-load-my-keyrings
keyrings. What can I do? :END:
The way signature states are stored has changed so that v3 signatures The way signature states are stored has changed so that v3 signatures
can be supported. You can use the new --rebuild-keydb-caches migration can be supported. You can use the new --rebuild-keydb-caches migration
command, which was built into this release and increases the speed of command, which was built into this release and increases the speed of
many operations for existing keyrings. many operations for existing keyrings.
<Q> Doesn't a fully trusted user ID on a key prevent warning messages ** Doesn't a fully trusted user ID on a key prevent warning messages when encrypting to other IDs on the key?
when encrypting to other IDs on the key? :PROPERTIES:
:CUSTOM_ID: key-validation-bug-in-gpg-1.2.1
:END:
No. That was actually a key validity bug in GnuPG 1.2.1 and earlier No. That was actually a key validity bug in GnuPG 1.2.1 and earlier
versions. As part of the development of GnuPG 1.2.2, a bug was versions. As part of the development of GnuPG 1.2.2, a bug was
@ -1084,10 +1238,12 @@ you could search in the mailing list archive.
More information and a patch for a some pre-1.2.2 versions of GnuPG More information and a patch for a some pre-1.2.2 versions of GnuPG
can be found at: can be found at:
[H a href=http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html]<http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html>[H /a] [[http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html]].
<Q> I just compiled GnuPG from source on my GNU/Linux RPM-based system ** I just compiled GnuPG from source on my GNU/Linux RPM-based system and it's not working. Why?
and it's not working. Why? :PROPERTIES:
:CUSTOM_ID: compiled-on-gnu-linux-rpm-based-system-and-not-working
:END:
Many GNU/Linux distributions that are RPM-based will install a Many GNU/Linux distributions that are RPM-based will install a
version of GnuPG as part of its standard installation, placing the version of GnuPG as part of its standard installation, placing the
@ -1113,9 +1269,12 @@ you could search in the mailing list archive.
located in /usr/local/bin. located in /usr/local/bin.
<S> ADVANCED TOPICS * Advanced Topics
<Q> How does this whole thing work? ** How does this whole thing work?
:PROPERTIES:
:CUSTOM_ID: how-does-this-whole-thing-work
:END:
To generate a secret/public keypair, run: To generate a secret/public keypair, run:
@ -1190,7 +1349,10 @@ you could search in the mailing list archive.
system; to avoid this you should always sign and encrypt a message system; to avoid this you should always sign and encrypt a message
instead of only encrypting it. instead of only encrypting it.
<Q> Why are some signatures with an ELG-E key valid? ** Why are some signatures with an ELG-E key valid?
:PROPERTIES:
:CUSTOM_ID: why-are-some-signatures-with-an-elg-e-key-valid
:END:
These are Elgamal keys generated by GnuPG in v3 (RFC 1991) packets. These are Elgamal keys generated by GnuPG in v3 (RFC 1991) packets.
The OpenPGP draft later changed the algorithm identifier for Elgamal The OpenPGP draft later changed the algorithm identifier for Elgamal
@ -1200,7 +1362,10 @@ you could search in the mailing list archive.
key is in a v3 packet. GnuPG is the only program which had used key is in a v3 packet. GnuPG is the only program which had used
these v3 Elgamal keys - so this assumption is quite safe. these v3 Elgamal keys - so this assumption is quite safe.
<Q> How does the whole trust thing work? ** How does the whole trust thing work?
:PROPERTIES:
:CUSTOM_ID: how-does-the-whole-trust-thing-work
:END:
It works more or less like PGP. The difference is that the trust is It works more or less like PGP. The difference is that the trust is
computed at the time it is needed. This is one of the reasons for computed at the time it is needed. This is one of the reasons for
@ -1257,14 +1422,20 @@ you could search in the mailing list archive.
keyring. GnuPG stores the trust in the trustdb.gpg file so it is okay keyring. GnuPG stores the trust in the trustdb.gpg file so it is okay
to give a gpg keyring away (but we have a --export command too). to give a gpg keyring away (but we have a --export command too).
<Q> What kind of output is this: "key C26EE891.298, uid 09FB: ...."? ** What kind of output is this: "key C26EE891.298, uid 09FB: ...."?
:PROPERTIES:
:CUSTOM_ID: trustb-diagnostics-output-key-uid
:END:
This is the internal representation of a user ID in the trustdb. This is the internal representation of a user ID in the trustdb.
"C26EE891" is the keyid, "298" is the local ID (a record number in "C26EE891" is the keyid, "298" is the local ID (a record number in
the trustdb) and "09FB" is the last two bytes of a ripe-md-160 hash the trustdb) and "09FB" is the last two bytes of a ripe-md-160 hash
of the user ID for this key. of the user ID for this key.
<Q> How do I interpret some of the informational outputs? ** How do I interpret some of the informational outputs?
:PROPERTIES:
:CUSTOM_ID: how-do-i-interpret-some-of-the-informational-outputs
:END:
While checking the validity of a key, GnuPG sometimes prints some While checking the validity of a key, GnuPG sometimes prints some
information which is prefixed with information about the checked information which is prefixed with information about the checked
@ -1293,15 +1464,20 @@ you could search in the mailing list archive.
and user ID, if it is a signature which is direct on a key, the user and user ID, if it is a signature which is direct on a key, the user
ID part is empty (..//..). ID part is empty (..//..).
<Q> Are the header lines of a cleartext signature part of the signed ** Are the header lines of a cleartext signature part of the signed material?
material? :PROPERTIES:
:CUSTOM_ID: are-header-lines-of-cleartext-sigs-part-of-the-signed-material
:END:
No. For example you can add or remove "Comment:" lines. They have No. For example you can add or remove "Comment:" lines. They have
a purpose like the mail header lines. However a "Hash:" line is a purpose like the mail header lines. However a "Hash:" line is
needed for OpenPGP signatures to tell the parser which hash needed for OpenPGP signatures to tell the parser which hash
algorithm to use. algorithm to use.
<Q> What is the list of preferred algorithms? ** What is the list of preferred algorithms?
:PROPERTIES:
:CUSTOM_ID: what-is-the-list-of-preferred-algorithms
:END:
The list of preferred algorithms is a list of cipher, hash and The list of preferred algorithms is a list of cipher, hash and
compression algorithms stored in the self-signature of a key during compression algorithms stored in the self-signature of a key during
@ -1310,7 +1486,10 @@ you could search in the mailing list archive.
to use. Basically it tells other people what algorithms the to use. Basically it tells other people what algorithms the
recipient is able to handle and provides an order of preference. recipient is able to handle and provides an order of preference.
<Q> How do I change the list of preferred algorithms? ** How do I change the list of preferred algorithms?
:PROPERTIES:
:CUSTOM_ID: how-do-i-change-the-list-of-preferred-algorithms
:END:
In version 1.0.7 or later, you can use the edit menu and set the In version 1.0.7 or later, you can use the edit menu and set the
new list of preference using the command "setpref"; the format of new list of preference using the command "setpref"; the format of
@ -1322,7 +1501,10 @@ you could search in the mailing list archive.
timestamp of the self-signature is increased by one second when timestamp of the self-signature is increased by one second when
running this command. running this command.
<Q> How can I import all the missing signer keys? ** How can I import all the missing signer keys?
:PROPERTIES:
:CUSTOM_ID: how-can-i-import-all-the-missing-signer-keys
:END:
If you imported a key and you want to also import all the signer's If you imported a key and you want to also import all the signer's
keys, you can do this with this command: keys, you can do this with this command:
@ -1335,20 +1517,44 @@ you could search in the mailing list archive.
of the listing before before starting the import. of the listing before before starting the import.
<S> ACKNOWLEDGEMENTS * Acknowledgements
:PROPERTIES:
:CUSTOM_ID: acknowledgements
:END:
Many thanks to Nils Ellmenreich for maintaining this FAQ file for Many thanks to Nils Ellmenreich for maintaining this FAQ file for
such a long time, Werner Koch for the original FAQ file, and to all such a long time, Werner Koch for the original FAQ file, David
posters to gnupg-users and gnupg-devel. They all provided most of D. Scribner as another maintainer and to all posters to
the answers. gnupg-users and gnupg-devel. They all provided most of the
answers.
Also thanks to Casper Dik for providing us with a script to generate Copyright (C) 2000, 2001, 2002, 2003, 2010 Free Software
this FAQ (he uses it for the excellent Solaris2 FAQ). Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02111, USA
[H hr] Verbatim copying and distribution of this entire article is
permitted in any medium, provided this notice is preserved.
Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc., * COMMENT HTML style specifications
51 Franklin Street, Fifth Floor, Boston, MA 02111, USA
Verbatim copying and distribution of this entire article is permitted in #+begin_src emacs-lisp
any medium, provided this notice is preserved. (defun org-faq-make-target ()
"Make hard target for current headline."
(interactive)
(if (not (org-on-heading-p))
(error "Not on a headline"))
(let ((h (org-trim (org-get-heading 'no-tags))))
(if (string-match "[ \t]*\\?\\'" h)
(setq h (replace-match "" t t h)))
(while (string-match "[ \t]+" h)
(setq h (replace-match "-" t t h)))
(setq h (downcase h))
(org-entry-put nil "CUSTOM_ID" h)))
#+end_src
# Local Variables:
# org-export-html-style-include-default: nil
# org-export-html-style-include-scripts: nil
# End: