mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-20 14:37:08 +01:00
gpg: Improve header text of the auto-created revocations.
* g10/revoke.c (gen_standard_revoke): Improve header text for the file. Add info output. -- GnuPG-bug-id: 1724 Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
09117e769a
commit
bb99b40bd1
@ -950,11 +950,6 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
|
|||||||
All other data after this header is raw image (JPEG) data.
|
All other data after this header is raw image (JPEG) data.
|
||||||
|
|
||||||
|
|
||||||
* Unattended key generation
|
|
||||||
|
|
||||||
Please see the GnuPG manual for a description.
|
|
||||||
|
|
||||||
|
|
||||||
* Layout of the TrustDB
|
* Layout of the TrustDB
|
||||||
|
|
||||||
The TrustDB is built from fixed length records, where the first byte
|
The TrustDB is built from fixed length records, where the first byte
|
||||||
|
20
doc/gpg.texi
20
doc/gpg.texi
@ -587,7 +587,9 @@ may be used.
|
|||||||
@item --gen-key
|
@item --gen-key
|
||||||
@opindex gen-key
|
@opindex gen-key
|
||||||
Generate a new key pair using the current default parameters. This is
|
Generate a new key pair using the current default parameters. This is
|
||||||
the standard command to create a new key.
|
the standard command to create a new key. In addition to the key a
|
||||||
|
revocation certificate is created and stored in the
|
||||||
|
@file{openpgp-revocs.d} directory below the GnuPG home directory.
|
||||||
|
|
||||||
@item --full-gen-key
|
@item --full-gen-key
|
||||||
@opindex gen-key
|
@opindex gen-key
|
||||||
@ -595,13 +597,23 @@ Generate a new key pair with dialogs for all options. This is an
|
|||||||
extended version of @option{--gen-key}.
|
extended version of @option{--gen-key}.
|
||||||
|
|
||||||
There is also a feature which allows you to create keys in batch
|
There is also a feature which allows you to create keys in batch
|
||||||
mode. See the the manual section ``Unattended key generation'' on how
|
mode. See the manual section ``Unattended key generation'' on how
|
||||||
to use this.
|
to use this.
|
||||||
|
|
||||||
@item --gen-revoke @code{name}
|
@item --gen-revoke @code{name}
|
||||||
@opindex gen-revoke
|
@opindex gen-revoke
|
||||||
Generate a revocation certificate for the complete key. To revoke
|
Generate a revocation certificate for the complete key. To only revoke
|
||||||
a subkey or a signature, use the @option{--edit} command.
|
a subkey or a key signature, use the @option{--edit} command.
|
||||||
|
|
||||||
|
This command merely creates the revocation certificate so that it can
|
||||||
|
be used to revoke the key if that is ever needed. To actually revoke
|
||||||
|
a key the created revocation certificate needs to be merged with the
|
||||||
|
key to revoke. This is done by importing the revocation certificate
|
||||||
|
using the @option{--import} command. Then the revoked key needs to be
|
||||||
|
published, which is best done by sending the key to a keyserver
|
||||||
|
(command @option{--send-key}) and by exporting (@option{--export}) it
|
||||||
|
to a file which is then send to frequent communication partners.
|
||||||
|
|
||||||
|
|
||||||
@item --desig-revoke @code{name}
|
@item --desig-revoke @code{name}
|
||||||
@opindex desig-revoke
|
@opindex desig-revoke
|
||||||
|
13
g10/revoke.c
13
g10/revoke.c
@ -564,14 +564,18 @@ gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce)
|
|||||||
(int)len, tmpstr);
|
(int)len, tmpstr);
|
||||||
xfree (tmpstr);
|
xfree (tmpstr);
|
||||||
|
|
||||||
es_fprintf (memfp, "%s\n\n%s\n\n:",
|
es_fprintf (memfp, "%s\n\n%s\n\n%s\n\n:",
|
||||||
|
_("A revocation certificate is a kind of \"kill switch\" to publicly\n"
|
||||||
|
"declare that a key shall not anymore be used. It is not possible\n"
|
||||||
|
"to retract such a revocation certificate once it has been published."),
|
||||||
_("Use it to revoke this key in case of a compromise or loss of\n"
|
_("Use it to revoke this key in case of a compromise or loss of\n"
|
||||||
"the secret key. However, if the secret key is still accessible,\n"
|
"the secret key. However, if the secret key is still accessible,\n"
|
||||||
"it is better to generate a new revocation certificate and give\n"
|
"it is better to generate a new revocation certificate and give\n"
|
||||||
"a reason for the revocation."),
|
"a reason for the revocation. For details see the description of\n"
|
||||||
|
"of the gpg command \"--gen-revoke\" in the GnuPG manual."),
|
||||||
_("To avoid an accidental use of this file, a colon has been inserted\n"
|
_("To avoid an accidental use of this file, a colon has been inserted\n"
|
||||||
"before the 5 dashes below. Remove this colon with a text editor\n"
|
"before the 5 dashes below. Remove this colon with a text editor\n"
|
||||||
"before making use of this revocation certificate."));
|
"before importing and publishing this revocation certificate."));
|
||||||
|
|
||||||
es_putc (0, memfp);
|
es_putc (0, memfp);
|
||||||
|
|
||||||
@ -583,6 +587,9 @@ gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce)
|
|||||||
reason.code = 0x00; /* No particular reason. */
|
reason.code = 0x00; /* No particular reason. */
|
||||||
reason.desc = NULL;
|
reason.desc = NULL;
|
||||||
rc = create_revocation (fname, &reason, psk, NULL, leadin, 3, cache_nonce);
|
rc = create_revocation (fname, &reason, psk, NULL, leadin, 3, cache_nonce);
|
||||||
|
if (!rc && !opt.quiet)
|
||||||
|
log_info (_("revocation certificate stored as '%s.rev'\n"), fname);
|
||||||
|
|
||||||
xfree (leadin);
|
xfree (leadin);
|
||||||
xfree (fname);
|
xfree (fname);
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user