mirror of git://git.gnupg.org/gnupg.git
* DETAILS: Don't specify which hash is used to make up the namehash since
it may change in the future. * samplekeys.asc: Updated. * gpg.sgml: Document "revuid". Clarify that --openpgp resets --pgpX. Some cleanup of --no-xxx options, make sure that all SGML tags are closed, clarify --pgp8 allows SHA-256, and document --no-emit-version. * Makefile.am: Allow CVS version to build without faqprog.pl.
This commit is contained in:
David Shaw
parent
fe5e3e594a
commit
cf6fcc0b4b
|
|
@ -1,3 +1,17 @@
|
|||
2003-04-07 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* DETAILS: Don't specify which hash is used to make up the
|
||||
namehash since it may change in the future.
|
||||
|
||||
* samplekeys.asc: Updated.
|
||||
|
||||
* gpg.sgml: Document "revuid". Clarify that --openpgp resets
|
||||
--pgpX. Some cleanup of --no-xxx options, make sure that all SGML
|
||||
tags are closed, clarify --pgp8 allows SHA-256, and document
|
||||
--no-emit-version.
|
||||
|
||||
* Makefile.am: Allow CVS version to build without faqprog.pl.
|
||||
|
||||
2003-01-27 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* DETAILS: Document trust depth, value, and regexp.
|
||||
|
|
|
|||
|
|
@ -66,11 +66,11 @@ record.
|
|||
6. Field: Creation Date (in UTC). For UID and UAT records, this is the
|
||||
self-signature date.
|
||||
7. Field: Key or user ID/user attribute expiration date or empty if none.
|
||||
|
||||
8. Field: Used for serial number in crt records (used to be the Local-ID).
|
||||
For UID and UAT records, this is the namehash: a RIPEMD/160 hash
|
||||
of the user ID contents. For trust signatures, this is
|
||||
the trust depth seperated by the trust value by a space.
|
||||
For UID and UAT records, this is a hash of the user ID contents
|
||||
used to represent that exact user ID. For trust signatures,
|
||||
this is the trust depth seperated by the trust value by a
|
||||
space.
|
||||
9. Field: Ownertrust (primary public keys only)
|
||||
This is a single letter, but be prepared that additional
|
||||
information may follow in some future versions. For trust
|
||||
|
|
|
|||
|
|
@ -67,16 +67,24 @@ else
|
|||
echo "No man page due to missing docbook-to-man" >>$@
|
||||
endif
|
||||
|
||||
|
||||
FAQ : faq.raw
|
||||
if WORKING_FAQPROG
|
||||
$(FAQPROG) -f $< $@ || $(FAQPROG) -f $< $@
|
||||
else
|
||||
: Warning: missing faqprog.pl, cannot make $@
|
||||
echo "No $@ due to missing faqprog.pl" > $@
|
||||
echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@
|
||||
endif
|
||||
|
||||
faq.html : faq.raw
|
||||
if WORKING_FAQPROG
|
||||
$(FAQPROG) -h -f $< $@ 2>&1 || $(FAQPROG) -h -f $< $@
|
||||
else
|
||||
: Warning: missing faqprog.pl, cannot make $@
|
||||
echo "No $@ due to missing faqprog.pl" > $@
|
||||
echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@
|
||||
endif
|
||||
|
||||
dist-hook:
|
||||
@if test "`wc -c < gpg.1`" -lt 200; then \
|
||||
echo 'ERROR: dummy man page'; false; fi
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
204
doc/gpg.sgml
204
doc/gpg.sgml
|
|
@ -343,11 +343,16 @@ Create an alternate user id.</para></listitem></varlistentry>
|
|||
<varlistentry>
|
||||
<term>addphoto</term>
|
||||
<listitem><para>
|
||||
Create a photographic user id.</para></listitem></varlistentry>
|
||||
Create a photographic user id. This will prompt for a JPEG file that
|
||||
will be embedded into the user ID.</para></listitem></varlistentry>
|
||||
<varlistentry>
|
||||
<term>deluid</term>
|
||||
<listitem><para>
|
||||
Delete a user id.</para></listitem></varlistentry>
|
||||
<varlistentry>
|
||||
<term>revuid</term>
|
||||
<listitem><para>
|
||||
Revoke a user id.</para></listitem></varlistentry>
|
||||
<varlistentry>
|
||||
<term>addkey</term>
|
||||
<listitem><para>
|
||||
|
|
@ -915,11 +920,13 @@ Prompt before overwriting any files.
|
|||
|
||||
<varlistentry>
|
||||
<term>--batch</term>
|
||||
<term>--no-batch</term>
|
||||
<listitem><para>
|
||||
Use batch mode. Never ask, do not allow interactive
|
||||
commands.
|
||||
Use batch mode. Never ask, do not allow interactive commands.
|
||||
--no-batch disables this option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-tty</term>
|
||||
<listitem><para>
|
||||
|
|
@ -929,14 +936,6 @@ warnings to the TTY if --batch is used.
|
|||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-batch</term>
|
||||
<listitem><para>
|
||||
Disable batch mode. This may be of use if --batch
|
||||
is enabled from an options file.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>--yes</term>
|
||||
<listitem><para>
|
||||
|
|
@ -1200,17 +1199,12 @@ Include designated revoker information that was marked as
|
|||
|
||||
<varlistentry>
|
||||
<term>--show-photos</term>
|
||||
<term>--no-show-photos</term>
|
||||
<listitem><para>
|
||||
Causes --list-keys, --list-sigs, --list-public-keys,
|
||||
--list-secret-keys, and verifying a signature to also display the
|
||||
photo ID attached to the key, if any.
|
||||
See also --photo-viewer.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-show-photos</term>
|
||||
<listitem><para>
|
||||
Resets the --show-photos flag.
|
||||
photo ID attached to the key, if any. See also --photo-viewer.
|
||||
--no-show-photos disables this option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
@ -1398,18 +1392,15 @@ delivered to the file descriptor.
|
|||
|
||||
<varlistentry>
|
||||
<term>--sk-comments</term>
|
||||
<term>--no-sk-comments</term>
|
||||
<listitem><para>
|
||||
Include secret key comment packets when exporting secret keys. This
|
||||
is a GnuPG extension to the OpenPGP standard, and is off by default.
|
||||
Please note that this has nothing to do with the comments in clear
|
||||
text signatures or armor headers.
|
||||
text signatures or armor headers. --no-sk-comments disables this
|
||||
option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-sk-comments</term>
|
||||
<listitem><para>
|
||||
Resets the --sk-comments option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-comment</term>
|
||||
|
|
@ -1436,19 +1427,12 @@ default comment string anymore.
|
|||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-version</term>
|
||||
<listitem><para>
|
||||
Omit the version string in clear text signatures.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>--emit-version</term>
|
||||
<term>--no-emit-version</term>
|
||||
<listitem><para>
|
||||
Force to write the version string in clear text
|
||||
signatures. Use this to overwrite a previous
|
||||
--no-version from a config file.
|
||||
Force inclusion of the version string in ASCII armored output.
|
||||
--no-emit-version disables this option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
|
|
@ -1484,16 +1468,13 @@ making a key signature (certification).
|
|||
|
||||
<varlistentry>
|
||||
<term>--show-notation</term>
|
||||
<term>--no-show-notation</term>
|
||||
<listitem><para>
|
||||
Show signature notations in the --list-sigs or --check-sigs listings
|
||||
as well as when verifying a signature with a notation in it.
|
||||
--no-show-notation disables this option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-show-notation</term>
|
||||
<listitem><para>
|
||||
Do not show signature notations.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--sig-policy-url &ParmString;</term>
|
||||
|
|
@ -1513,15 +1494,11 @@ The same %-expandos used for notation data are available here as well.
|
|||
|
||||
<varlistentry>
|
||||
<term>--show-policy-url</term>
|
||||
<term>--no-show-policy-url</term>
|
||||
<listitem><para>
|
||||
Show policy URLs in the --list-sigs or --check-sigs listings as well
|
||||
as when verifying a signature with a policy URL in it.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-show-policy-url</term>
|
||||
<listitem><para>
|
||||
Do not show policy URLs.
|
||||
--no-show-policy-url disables this option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
@ -1533,18 +1510,14 @@ messages.
|
|||
|
||||
<varlistentry>
|
||||
<term>--for-your-eyes-only</term>
|
||||
<term>--no-for-your-eyes-only</term>
|
||||
<listitem><para>
|
||||
Set the `for your eyes only' flag in the message. This causes GnuPG
|
||||
to refuse to save the file unless the --output option is given, and
|
||||
PGP to use the "secure viewer" with a Tempest-resistant font to
|
||||
display the message. This option overrides --set-filename.
|
||||
</para></listitem></varlistentry
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-for-your-eyes-only</term>
|
||||
<listitem><para>
|
||||
Resets the --for-your-eyes-only flag.
|
||||
</para></listitem></varlistentry
|
||||
--no-for-your-eyes-only disables this option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--use-embedded-filename</term>
|
||||
|
|
@ -1705,16 +1678,12 @@ interaction, this performance penalty does not matter in most settings.
|
|||
|
||||
<varlistentry>
|
||||
<term>--auto-check-trustdb</term>
|
||||
<listitem><para>
|
||||
If GnuPG feels that its information about the Web-of-Trust has to be
|
||||
updated, it automatically runs the --check-trustdb command
|
||||
internally. This may be a time consuming process.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-auto-check-trustdb</term>
|
||||
<listitem><para>
|
||||
Resets the --auto-check-trustdb option.
|
||||
If GnuPG feels that its information about the Web-of-Trust has to be
|
||||
updated, it automatically runs the --check-trustdb command internally.
|
||||
This may be a time consuming process. --no-auto-check-trustdb
|
||||
disables this option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
@ -1800,6 +1769,7 @@ Try to be more RFC1991 (PGP 2.x) compliant.
|
|||
|
||||
<varlistentry>
|
||||
<term>--pgp2</term>
|
||||
<term>--no-pgp2</term>
|
||||
<listitem><para>
|
||||
Set up all options to be as PGP 2.x compliant as possible, and warn if
|
||||
an action is taken (e.g. encrypting to a non-RSA key) that will create
|
||||
|
|
@ -1811,17 +1781,12 @@ This option implies `--rfc1991 --no-openpgp --disable-mdc
|
|||
--no-force-v4-certs --no-comment --escape-from-lines --force-v3-sigs
|
||||
--no-ask-sig-expire --no-ask-cert-expire --cipher-algo IDEA
|
||||
--digest-algo MD5 --compress-algo 1'. It also disables --textmode
|
||||
when encrypting.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-pgp2</term>
|
||||
<listitem><para>
|
||||
Resets the --pgp2 option.
|
||||
when encrypting. --no-pgp2 disables this option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--pgp6</term>
|
||||
<term>--no-pgp6</term>
|
||||
<listitem><para>
|
||||
Set up all options to be as PGP 6 compliant as possible. This
|
||||
restricts you to the ciphers IDEA (if the IDEA plugin is installed),
|
||||
|
|
@ -1831,43 +1796,30 @@ compression algorithms none and ZIP. This also disables
|
|||
does not understand signatures made by signing subkeys.
|
||||
</para><para>
|
||||
This option implies `--disable-mdc --no-comment --escape-from-lines
|
||||
--force-v3-sigs --no-ask-sig-expire --compress-algo 1'
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-pgp6</term>
|
||||
<listitem><para>
|
||||
Resets the --pgp6 option.
|
||||
--force-v3-sigs --no-ask-sig-expire --compress-algo 1' --no-pgp6
|
||||
disables this option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--pgp7</term>
|
||||
<term>--no-pgp7</term>
|
||||
<listitem><para>
|
||||
Set up all options to be as PGP 7 compliant as possible. This is
|
||||
identical to --pgp6 except that MDCs are not disabled, and the list of
|
||||
allowable ciphers is expanded to add AES128, AES192, AES256, and
|
||||
TWOFISH.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-pgp7</term>
|
||||
<listitem><para>
|
||||
Resets the --pgp7 option.
|
||||
TWOFISH. --no-pgp7 disables this option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--pgp8</term>
|
||||
<term>--no-pgp8</term>
|
||||
<listitem><para>
|
||||
Set up all options to be as PGP 8 compliant as possible. PGP 8 is a
|
||||
lot closer to the OpenPGP standard than previous versions of PGP, so
|
||||
all this does is disable --throw-keyid and set --escape-from-lines and
|
||||
--compress-algo 1. The allowed algorithms list is the same as --pgp7.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-pgp8</term>
|
||||
<listitem><para>
|
||||
Resets the --pgp8 option.
|
||||
--compress-algo 1. The allowed algorithms list is the same as --pgp7
|
||||
with the addition of the SHA-256 digest algorithm. --no-pgp8 disables
|
||||
this option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
@ -1876,38 +1828,29 @@ Resets the --pgp8 option.
|
|||
Reset all packet, cipher and digest options to OpenPGP behavior. Use
|
||||
this option to reset all previous options like --rfc1991,
|
||||
--force-v3-sigs, --s2k-*, --cipher-algo, --digest-algo and
|
||||
--compress-algo to OpenPGP compliant values. All PGP workarounds are
|
||||
also disabled.
|
||||
--compress-algo to OpenPGP compliant values. All PGP workarounds and
|
||||
--pgpX modes are also disabled.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>--force-v3-sigs</term>
|
||||
<term>--no-force-v3-sigs</term>
|
||||
<listitem><para>
|
||||
OpenPGP states that an implementation should generate v4 signatures
|
||||
but PGP versions 5 and higher only recognize v4 signatures on key
|
||||
material. This option forces v3 signatures for signatures on data.
|
||||
Note that this option overrides --ask-sig-expire, as v3 signatures
|
||||
cannot have expiration dates.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-force-v3-sigs</term>
|
||||
<listitem><para>
|
||||
Reset the --force-v3-sigs option.
|
||||
cannot have expiration dates. --no-force-v3-sigs disables this
|
||||
option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--force-v4-certs</term>
|
||||
<term>--no-force-v4-certs</term>
|
||||
<listitem><para>
|
||||
Always use v4 key signatures even on v3 keys. This option also
|
||||
changes the default hash algorithm for v3 RSA keys from MD5 to SHA-1.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-force-v4-certs</term>
|
||||
<listitem><para>
|
||||
Reset the --force-v4-certs option.
|
||||
--no-force-v4-certs disables this option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
@ -1915,8 +1858,8 @@ Reset the --force-v4-certs option.
|
|||
<listitem><para>
|
||||
Force the use of encryption with a modification detection code. This
|
||||
is always used with the newer ciphers (those with a blocksize greater
|
||||
than 64 bits), or if the recipient key has one of those ciphers as a
|
||||
preference.
|
||||
than 64 bits), or if all of the recipient keys indicate MDC support in
|
||||
their feature flags.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
@ -1929,16 +1872,11 @@ message modification attack.
|
|||
|
||||
<varlistentry>
|
||||
<term>--allow-non-selfsigned-uid</term>
|
||||
<term>--no-allow-non-selfsigned-uid</term>
|
||||
<listitem><para>
|
||||
Allow the import and use of keys with user IDs which are not
|
||||
self-signed. This is not recommended, as a non self-signed user ID is
|
||||
trivial to forge.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-allow-non-selfsigned-uid</term>
|
||||
<listitem><para>
|
||||
Reset the --allow-non-selfsigned-uid option.
|
||||
trivial to forge. --no-allow-non-selfsigned-uid disables.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
@ -1949,7 +1887,6 @@ one. This option should only be used in very special environments as
|
|||
it does not ensure the de-facto standard format of user IDs.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>--ignore-time-conflict</term>
|
||||
<listitem><para>
|
||||
|
|
@ -1996,7 +1933,6 @@ and do not release the lock until the process
|
|||
terminates.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>--lock-multiple</term>
|
||||
<listitem><para>
|
||||
|
|
@ -2024,19 +1960,16 @@ are not desired. This option can be used to achieve that with the cost of
|
|||
slower random generation.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-verbose</term>
|
||||
<listitem><para>
|
||||
Reset verbose level to 0.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-greeting</term>
|
||||
<listitem><para>
|
||||
Suppress the initial copyright message but do not
|
||||
enter batch mode.
|
||||
Suppress the initial copyright message.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
@ -2179,32 +2112,25 @@ handing out the secret key.
|
|||
|
||||
<varlistentry>
|
||||
<term>--ask-sig-expire</term>
|
||||
<term>--no-ask-sig-expire</term>
|
||||
<listitem><para>
|
||||
When making a data signature, prompt for an expiration time. If this
|
||||
option is not specified, the expiration time is "never".
|
||||
</para></listitem></varlistentry
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-ask-sig-expire</term>
|
||||
<listitem><para>
|
||||
Resets the --ask-sig-expire option.
|
||||
</para></listitem></varlistentry
|
||||
--no-ask-sig-expire disables this option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--ask-cert-expire</term>
|
||||
<term>--no-ask-cert-expire</term>
|
||||
<listitem><para>
|
||||
When making a key signature, prompt for an expiration time. If this
|
||||
option is not specified, the expiration time is "never".
|
||||
</para></listitem></varlistentry
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-ask-cert-expire</term>
|
||||
<listitem><para>
|
||||
Resets the --ask-cert-expire option.
|
||||
</para></listitem></varlistentry
|
||||
--no-ask-cert-expire disables this option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--expert</term>
|
||||
<term>--no-expert</term>
|
||||
<listitem><para>
|
||||
Allow the user to do certain nonsensical or "silly" things like
|
||||
signing an expired or revoked key, or certain potentially incompatible
|
||||
|
|
@ -2212,14 +2138,8 @@ things like generating deprecated key types. This also disables
|
|||
certain warning messages about potentially incompatible actions. As
|
||||
the name implies, this option is for experts only. If you don't fully
|
||||
understand the implications of what it allows you to do, leave this
|
||||
off.
|
||||
</para></listitem></varlistentry
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-expert</term>
|
||||
<listitem><para>
|
||||
Resets the --expert option.
|
||||
</para></listitem></varlistentry
|
||||
off. --no-expert disables this option.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--merge-only</term>
|
||||
|
|
|
|||
1824
doc/samplekeys.asc
1824
doc/samplekeys.asc
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue