* DETAILS: Don't specify which hash is used to make up the namehash since

it may change in the future. * samplekeys.asc: Updated. * gpg.sgml: Document "revuid". Clarify that --openpgp resets --pgpX. Some cleanup of --no-xxx options, make sure that all SGML tags are closed, clarify --pgp8 allows SHA-256, and document --no-emit-version. * Makefile.am: Allow CVS version to build without faqprog.pl.
2003-04-07 22:23:42 +00:00 · 2003-04-07 22:23:42 +00:00 · cf6fcc0b4b
parent fe5e3e594a
commit cf6fcc0b4b
5 changed files with 1192 additions and 874 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,17 @@
 2003-04-07  David Shaw  <dshaw@jabberwocky.com>
 	* DETAILS: Don't specify which hash is used to make up the
 	namehash since it may change in the future.
 	* samplekeys.asc: Updated.
 	* gpg.sgml: Document "revuid".  Clarify that --openpgp resets
 	--pgpX.  Some cleanup of --no-xxx options, make sure that all SGML
 	tags are closed, clarify --pgp8 allows SHA-256, and document
 	--no-emit-version.
 	* Makefile.am: Allow CVS version to build without faqprog.pl.
 2003-01-27  David Shaw  <dshaw@jabberwocky.com>
 	* DETAILS: Document trust depth, value, and regexp.
--- a/doc/DETAILS
+++ b/doc/DETAILS
@ -66,11 +66,11 @@ record.
 6. Field:  Creation Date (in UTC).  For UID and UAT records, this is the
            self-signature date.
 7. Field:  Key or user ID/user attribute expiration date or empty if none.
 8. Field:  Used for serial number in crt records (used to be the Local-ID).
-            For UID and UAT records, this is the namehash: a RIPEMD/160 hash
+            For UID and UAT records, this is a hash of the user ID contents
-            of the user ID contents.  For trust signatures, this is
+            used to represent that exact user ID.  For trust signatures,
-            the trust depth seperated by the trust value by a space.
+            this is the trust depth seperated by the trust value by a
            space.
 9. Field:  Ownertrust (primary public keys only)
 	    This is a single letter, but be prepared that additional
 	    information may follow in some future versions.  For trust
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@ -67,16 +67,24 @@ else
 	echo "No man page due to missing docbook-to-man" >>$@
 endif
 FAQ : faq.raw
 if WORKING_FAQPROG
 	$(FAQPROG) -f $<  $@ || $(FAQPROG) -f $< $@
 else
 	: Warning: missing faqprog.pl, cannot make $@
 	echo "No $@ due to missing faqprog.pl" > $@
 	echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@
 endif
 faq.html : faq.raw
 if WORKING_FAQPROG
 	$(FAQPROG) -h -f $< $@ 2>&1 || $(FAQPROG) -h -f $< $@
 else
 	: Warning: missing faqprog.pl, cannot make $@
 	echo "No $@ due to missing faqprog.pl" > $@
 	echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@
 endif
 dist-hook:
 	@if test "`wc -c < gpg.1`" -lt 200; then \
 	    echo 'ERROR: dummy man page'; false; fi
--- a/doc/gpg.sgml
+++ b/doc/gpg.sgml
@ -343,11 +343,16 @@ Create an alternate user id.</para></listitem></varlistentry>
    <varlistentry>
    <term>addphoto</term>
    <listitem><para>
-Create a photographic user id.</para></listitem></varlistentry>
+Create a photographic user id.  This will prompt for a JPEG file that
 will be embedded into the user ID.</para></listitem></varlistentry>
    <varlistentry>
    <term>deluid</term>
    <listitem><para>
 Delete a user id.</para></listitem></varlistentry>
    <varlistentry>
    <term>revuid</term>
    <listitem><para>
 Revoke a user id.</para></listitem></varlistentry>
    <varlistentry>
    <term>addkey</term>
    <listitem><para>
@ -915,11 +920,13 @@ Prompt before overwriting any files.
 <varlistentry>
 <term>--batch</term>
 <term>--no-batch</term>
 <listitem><para>
-Use batch mode.  Never ask, do not allow interactive
+Use batch mode.  Never ask, do not allow interactive commands.
-commands.
+--no-batch disables this option.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--no-tty</term>
 <listitem><para>
@ -929,14 +936,6 @@ warnings to the TTY if --batch is used.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--no-batch</term>
 <listitem><para>
 Disable batch mode.  This may be of use if --batch
 is enabled from an options file.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--yes</term>
 <listitem><para>
@ -1200,17 +1199,12 @@ Include designated revoker information that was marked as
 <varlistentry>
 <term>--show-photos</term>
 <term>--no-show-photos</term>
 <listitem><para>
 Causes --list-keys, --list-sigs, --list-public-keys,
 --list-secret-keys, and verifying a signature to also display the
-photo ID attached to the key, if any.
+photo ID attached to the key, if any.  See also --photo-viewer.
-See also --photo-viewer.
+--no-show-photos disables this option.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--no-show-photos</term>
 <listitem><para>
 Resets the --show-photos flag.
 </para></listitem></varlistentry>
 <varlistentry>
@ -1398,18 +1392,15 @@ delivered to the file descriptor.
 <varlistentry>
 <term>--sk-comments</term>
 <term>--no-sk-comments</term>
 <listitem><para>
 Include secret key comment packets when exporting secret keys.  This
 is a GnuPG extension to the OpenPGP standard, and is off by default.
 Please note that this has nothing to do with the comments in clear
-text signatures or armor headers.
+text signatures or armor headers.  --no-sk-comments disables this
 option.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--no-sk-comments</term>
 <listitem><para>
 Resets the --sk-comments option.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--no-comment</term>
@ -1436,19 +1427,12 @@ default comment string anymore.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--no-version</term>
 <listitem><para>
 Omit the version string in clear text signatures.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--emit-version</term>
 <term>--no-emit-version</term>
 <listitem><para>
-Force to write the version string in clear text
+Force inclusion of the version string in ASCII armored output.
-signatures.  Use this to overwrite a previous
+--no-emit-version disables this option.
 --no-version from a config file.
 </para></listitem></varlistentry>
@ -1484,16 +1468,13 @@ making a key signature (certification).
 <varlistentry>
 <term>--show-notation</term>
 <term>--no-show-notation</term>
 <listitem><para>
 Show signature notations in the --list-sigs or --check-sigs listings
 as well as when verifying a signature with a notation in it.
 --no-show-notation disables this option.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--no-show-notation</term>
 <listitem><para>
 Do not show signature notations.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--sig-policy-url &ParmString;</term>
@ -1513,15 +1494,11 @@ The same %-expandos used for notation data are available here as well.
 <varlistentry>
 <term>--show-policy-url</term>
 <term>--no-show-policy-url</term>
 <listitem><para>
 Show policy URLs in the --list-sigs or --check-sigs listings as well
 as when verifying a signature with a policy URL in it.
-</para></listitem></varlistentry>
+--no-show-policy-url disables this option.
 <varlistentry>
 <term>--no-show-policy-url</term>
 <listitem><para>
 Do not show policy URLs.
 </para></listitem></varlistentry>
 <varlistentry>
@ -1533,18 +1510,14 @@ messages.
 <varlistentry>
 <term>--for-your-eyes-only</term>
 <term>--no-for-your-eyes-only</term>
 <listitem><para>
 Set the `for your eyes only' flag in the message.  This causes GnuPG
 to refuse to save the file unless the --output option is given, and
 PGP to use the "secure viewer" with a Tempest-resistant font to
 display the message.  This option overrides --set-filename.
-</para></listitem></varlistentry
+--no-for-your-eyes-only disables this option.
-
+</para></listitem></varlistentry>
 <varlistentry>
 <term>--no-for-your-eyes-only</term>
 <listitem><para>
 Resets the --for-your-eyes-only flag.
 </para></listitem></varlistentry
 <varlistentry>
 <term>--use-embedded-filename</term>
@ -1705,16 +1678,12 @@ interaction, this performance penalty does not matter in most settings.
 <varlistentry>
 <term>--auto-check-trustdb</term>
 <listitem><para>
 If GnuPG feels that its information about the Web-of-Trust has to be
 updated, it automatically runs the --check-trustdb command 
 internally.  This may be a time consuming process.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--no-auto-check-trustdb</term>
 <listitem><para>
-Resets the --auto-check-trustdb option.
+If GnuPG feels that its information about the Web-of-Trust has to be
 updated, it automatically runs the --check-trustdb command internally.
 This may be a time consuming process.  --no-auto-check-trustdb
 disables this option.
 </para></listitem></varlistentry>
 <varlistentry>
@ -1800,6 +1769,7 @@ Try to be more RFC1991 (PGP 2.x) compliant.
 <varlistentry>
 <term>--pgp2</term>
 <term>--no-pgp2</term>
 <listitem><para>
 Set up all options to be as PGP 2.x compliant as possible, and warn if
 an action is taken (e.g. encrypting to a non-RSA key) that will create
@ -1811,17 +1781,12 @@ This option implies `--rfc1991 --no-openpgp --disable-mdc
 --no-force-v4-certs --no-comment --escape-from-lines --force-v3-sigs
 --no-ask-sig-expire --no-ask-cert-expire --cipher-algo IDEA
 --digest-algo MD5 --compress-algo 1'.  It also disables --textmode
-when encrypting.
+when encrypting.  --no-pgp2 disables this option.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--no-pgp2</term>
 <listitem><para>
 Resets the --pgp2 option.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--pgp6</term>
 <term>--no-pgp6</term>
 <listitem><para>
 Set up all options to be as PGP 6 compliant as possible.  This
 restricts you to the ciphers IDEA (if the IDEA plugin is installed),
@ -1831,43 +1796,30 @@ compression algorithms none and ZIP.  This also disables
 does not understand signatures made by signing subkeys.
 </para><para>
 This option implies `--disable-mdc --no-comment --escape-from-lines
--force-v3-sigs --no-ask-sig-expire --compress-algo 1'
+--force-v3-sigs --no-ask-sig-expire --compress-algo 1' --no-pgp6
-</para></listitem></varlistentry>
+disables this option.
 <varlistentry>
 <term>--no-pgp6</term>
 <listitem><para>
 Resets the --pgp6 option.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--pgp7</term>
 <term>--no-pgp7</term>
 <listitem><para>
 Set up all options to be as PGP 7 compliant as possible.  This is
 identical to --pgp6 except that MDCs are not disabled, and the list of
 allowable ciphers is expanded to add AES128, AES192, AES256, and
-TWOFISH.
+TWOFISH.  --no-pgp7 disables this option.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--no-pgp7</term>
 <listitem><para>
 Resets the --pgp7 option.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--pgp8</term>
 <term>--no-pgp8</term>
 <listitem><para>
 Set up all options to be as PGP 8 compliant as possible.  PGP 8 is a
 lot closer to the OpenPGP standard than previous versions of PGP, so
 all this does is disable --throw-keyid and set --escape-from-lines and
--compress-algo 1.  The allowed algorithms list is the same as --pgp7.
+--compress-algo 1.  The allowed algorithms list is the same as --pgp7
-</para></listitem></varlistentry>
+with the addition of the SHA-256 digest algorithm.  --no-pgp8 disables
-
+this option.
 <varlistentry>
 <term>--no-pgp8</term>
 <listitem><para>
 Resets the --pgp8 option.
 </para></listitem></varlistentry>
 <varlistentry>
@ -1876,38 +1828,29 @@ Resets the --pgp8 option.
 Reset all packet, cipher and digest options to OpenPGP behavior. Use
 this option to reset all previous options like --rfc1991,
 --force-v3-sigs, --s2k-*, --cipher-algo, --digest-algo and
--compress-algo to OpenPGP compliant values.  All PGP workarounds are
+--compress-algo to OpenPGP compliant values.  All PGP workarounds and
-also disabled.
+--pgpX modes are also disabled.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--force-v3-sigs</term>
 <term>--no-force-v3-sigs</term>
 <listitem><para>
 OpenPGP states that an implementation should generate v4 signatures
 but PGP versions 5 and higher only recognize v4 signatures on key
 material.  This option forces v3 signatures for signatures on data.
 Note that this option overrides --ask-sig-expire, as v3 signatures
-cannot have expiration dates.
+cannot have expiration dates.  --no-force-v3-sigs disables this
-</para></listitem></varlistentry>
+option.
 <varlistentry>
 <term>--no-force-v3-sigs</term>
 <listitem><para>
 Reset the --force-v3-sigs option.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--force-v4-certs</term>
 <term>--no-force-v4-certs</term>
 <listitem><para>
 Always use v4 key signatures even on v3 keys.  This option also
 changes the default hash algorithm for v3 RSA keys from MD5 to SHA-1.
-</para></listitem></varlistentry>
+--no-force-v4-certs disables this option.
 <varlistentry>
 <term>--no-force-v4-certs</term>
 <listitem><para>
 Reset the --force-v4-certs option.
 </para></listitem></varlistentry>
 <varlistentry>
@ -1915,8 +1858,8 @@ Reset the --force-v4-certs option.
 <listitem><para>
 Force the use of encryption with a modification detection code.  This
 is always used with the newer ciphers (those with a blocksize greater
-than 64 bits), or if the recipient key has one of those ciphers as a
+than 64 bits), or if all of the recipient keys indicate MDC support in
-preference.
+their feature flags.
 </para></listitem></varlistentry>
 <varlistentry>
@ -1929,16 +1872,11 @@ message modification attack.
 <varlistentry>
 <term>--allow-non-selfsigned-uid</term>
 <term>--no-allow-non-selfsigned-uid</term>
 <listitem><para>
 Allow the import and use of keys with user IDs which are not
 self-signed.  This is not recommended, as a non self-signed user ID is
-trivial to forge.
+trivial to forge.  --no-allow-non-selfsigned-uid disables.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--no-allow-non-selfsigned-uid</term>
 <listitem><para>
 Reset the --allow-non-selfsigned-uid option.
 </para></listitem></varlistentry>
 <varlistentry>
@ -1949,7 +1887,6 @@ one.  This option should only be used in very special environments as
 it does not ensure the de-facto standard format of user IDs.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--ignore-time-conflict</term>
 <listitem><para>
@ -1996,7 +1933,6 @@ and do not release the lock until the process
 terminates.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--lock-multiple</term>
 <listitem><para>
@ -2024,19 +1960,16 @@ are not desired.  This option can be used to achieve that with the cost of
 slower random generation.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--no-verbose</term>
 <listitem><para>
 Reset verbose level to 0.
 </para></listitem></varlistentry>
 <varlistentry>
 <term>--no-greeting</term>
 <listitem><para>
-Suppress the initial copyright message but do not
+Suppress the initial copyright message.
 enter batch mode.
 </para></listitem></varlistentry>
 <varlistentry>
@ -2179,32 +2112,25 @@ handing out the secret key.
 <varlistentry>
 <term>--ask-sig-expire</term>
 <term>--no-ask-sig-expire</term>
 <listitem><para>
 When making a data signature, prompt for an expiration time.  If this
 option is not specified, the expiration time is "never".
-</para></listitem></varlistentry
+--no-ask-sig-expire disables this option.
-
+</para></listitem></varlistentry>
 <varlistentry>
 <term>--no-ask-sig-expire</term>
 <listitem><para>
 Resets the --ask-sig-expire option.
 </para></listitem></varlistentry
 <varlistentry>
 <term>--ask-cert-expire</term>
 <term>--no-ask-cert-expire</term>
 <listitem><para>
 When making a key signature, prompt for an expiration time.  If this
 option is not specified, the expiration time is "never".
-</para></listitem></varlistentry
+--no-ask-cert-expire disables this option.
-
+</para></listitem></varlistentry>
 <varlistentry>
 <term>--no-ask-cert-expire</term>
 <listitem><para>
 Resets the --ask-cert-expire option.
 </para></listitem></varlistentry
 <varlistentry>
 <term>--expert</term>
 <term>--no-expert</term>
 <listitem><para>
 Allow the user to do certain nonsensical or "silly" things like
 signing an expired or revoked key, or certain potentially incompatible
@ -2212,14 +2138,8 @@ things like generating deprecated key types.  This also disables
 certain warning messages about potentially incompatible actions.  As
 the name implies, this option is for experts only.  If you don't fully
 understand the implications of what it allows you to do, leave this
-off.
+off.  --no-expert disables this option.
-</para></listitem></varlistentry
+</para></listitem></varlistentry>
 <varlistentry>
 <term>--no-expert</term>
 <listitem><para>
 Resets the --expert option.
 </para></listitem></varlistentry
 <varlistentry>
 <term>--merge-only</term>
--- a/doc/samplekeys.asc
+++ b/doc/samplekeys.asc