security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

.

Browse source
This commit is contained in:
Werner Koch 2006-11-11 14:17:09 +00:00
parent cd3e8c9b89
commit b5a8d7d268
37 changed files with 1720 additions and 3136 deletions
Download patch file Download diff file Expand all files Collapse all files

4
doc/ChangeLog
View file

@ -1,3 +1,7 @@
2006-11-11 Werner Koch <wk@g10code.com>
* gnupg.texi (Top): Move gpg-agent part before gpg.
2006-11-05 David Shaw <dshaw@jabberwocky.com>
* gpg.texi: Reference to --s2k-count in --s2k-mode.

26
doc/DETAILS
View file

@ -58,30 +58,38 @@ record.
u = The key is ultimately trusted. This often means
that the secret key is available, but any key may
be marked as ultimately trusted.
3. Field: length of key in bits.
4. Field: Algorithm: 1 = RSA
16 = Elgamal (encrypt only)
17 = DSA (sometimes called DH, sign only)
20 = Elgamal (sign and encrypt - don't use them!)
(for other id's see include/cipher.h)
5. Field: KeyID
6. Field: Creation Date (in UTC). For UID and UAT records, this is the
self-signature date. Note that the dae is usally printed
in seconds since epoch, however, we are migrating to an ISO
8601 format (e.g. "19660205T091500"). This is currently
only relevant for X.509, A simple way to detect the format
is be scannning for the 'T'.
7. Field: Key or user ID/user attribute expiration date or empty if none.
8. Field: Used for serial number in crt records (used to be the Local-ID).
For UID and UAT records, this is a hash of the user ID contents
used to represent that exact user ID. For trust signatures,
this is the trust depth seperated by the trust value by a
space.
9. Field: Ownertrust (primary public keys only)
This is a single letter, but be prepared that additional
information may follow in some future versions. For trust
signatures with a regular expression, this is the regular
expression value, quoted as in field 10.
10. Field: User-ID. The value is quoted like a C string to avoid
control characters (the colon is quoted "\x3a").
This is not used with --fixed-list-mode in gpg.
@ -90,11 +98,13 @@ record.
In gpgsm the issuer name comes here
An FPR record stores the fingerprint here.
The fingerprint of an revocation key is stored here.
11. Field: Signature class. This is a 2 digit hexnumber followed by
either the letter 'x' for an exportable signature or the
letter 'l' for a local-only signature.
The class byte of an revocation key is also given here,
'x' and 'l' ist used the same way.
12. Field: Key capabilities:
e = encrypt
s = sign
@ -105,13 +115,15 @@ record.
versions of the letters to denote the _usable_
capabilities of the entire key, and a potential letter 'D'
to indicate a disabled key.
13. Field: Used in FPR records for S/MIME keys to store the fingerprint of
the issuer certificate. This is useful to build the
certificate path based on certificates stored in the local
keyDB; it is only filled if the issue certificate is
available. The advantage of using this value is that it is
guaranteed to have been been build by the same lookup
algorithm as gpgsm uses.
13. Field: Used in FPR records for S/MIME keys to store the
fingerprint of the issuer certificate. This is useful to
build the certificate path based on certificates stored in
the local keyDB; it is only filled if the issuer
certificate is available. The root has been reached if
this is the same string as the fingerprint. The advantage
of using this value is that it is guaranteed to have been
been build by the same lookup algorithm as gpgsm uses.
For "uid" recods this lists the preferences n the sameway the
-edit menu does.
For "sig" records, this is the fingerprint of the key that

4
doc/gnupg.texi
View file

@ -116,9 +116,9 @@ the administration and the architecture.
@menu
* Installation:: A short installation guide.
* Invoking GPG-AGENT:: How to launch the secret key daemon.
* Invoking GPG:: Using the OpenPGP protocol.
* Invoking GPGSM:: Using the S/MIME protocol.
* Invoking GPG-AGENT:: How to launch the secret key daemon.
* Invoking SCDAEMON:: How to handle Smartcards.
* Specify a User ID:: How to Specify a User Id.
@ -152,9 +152,9 @@ the administration and the architecture.
@include instguide.texi
@include gpg-agent.texi
@include gpg.texi
@include gpgsm.texi
@include gpg-agent.texi
@include scdaemon.texi
@node Specify a User ID

21
doc/instguide.texi
View file

@ -6,16 +6,29 @@
@node Installation
@chapter A short installation guide.
Unfortunately the installation guide has not been finished in time.
Instead of delaying the release of GnuPG 2.0 even further, I decided to
release without that guide. The chapter on gpg-agent and gpgsm do
include brief information on how to set up the whole thing. Please
watch the GnuPG website for updates of the documentation. In the
meantime you may search the GnuPG mailing list archives or ask on the
gnupg-users mailing listsfor advise on how to solve problems or how to
get that whole thing up and running.
Such questions may also help to write a proper installation guide.
[to be written]
Tell how to setup the system, install certificates, how dirmngr relates
XXX Tell how to setup the system, install certificates, how dirmngr relates
to GnuPG etc.
** Explain how to setup a root CA key as trusted
X.509 is based on a hierarchical key infrastructure. At the root of the
tree a trusted anchor (root certificate) is required. There are usually
no other means of verfying whether this root certificate is trutsworthy
no other means of verifying whether this root certificate is trustworthy
than looking it up in a list. GnuPG uses a file (@file{trustlist.txt})
to keep track of all root certificates it knows about. There are 3 ways
to get certificates into this list:
@ -43,10 +56,12 @@ XXX decribe how to maintain trustlist.txt and /etc/gnupg/trustlist.txt.
** How to get the ssh support running
How to use the ssh support.
XXX How to use the ssh support.
@section Installation Overview
XXXX