* DETAILS: Don't specify which hash is used to make up the namehash since

it may change in the future. * samplekeys.asc: Updated. * gpg.sgml: Document "revuid". Clarify that --openpgp resets --pgpX. Some cleanup of --no-xxx options, make sure that all SGML tags are closed, clarify --pgp8 allows SHA-256, and document --no-emit-version. * Makefile.am: Allow CVS version to build without faqprog.pl.
2025-01-21 14:47:03 +01:00 · 2003-04-07 22:23:42 +00:00 · 2003-04-07 22:23:42 +00:00 · cf6fcc0b4b
commit cf6fcc0b4b
parent fe5e3e594a
5 changed files with 1192 additions and 874 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,17 @@
+2003-04-07  David Shaw  <dshaw@jabberwocky.com>
+
+	* DETAILS: Don't specify which hash is used to make up the
+	namehash since it may change in the future.
+
+	* samplekeys.asc: Updated.
+
+	* gpg.sgml: Document "revuid".  Clarify that --openpgp resets
+	--pgpX.  Some cleanup of --no-xxx options, make sure that all SGML
+	tags are closed, clarify --pgp8 allows SHA-256, and document
+	--no-emit-version.
+
+	* Makefile.am: Allow CVS version to build without faqprog.pl.
+
 2003-01-27  David Shaw  <dshaw@jabberwocky.com>

 	* DETAILS: Document trust depth, value, and regexp.
--- a/doc/DETAILS
+++ b/doc/DETAILS
@ -66,11 +66,11 @@ record.
 6. Field:  Creation Date (in UTC).  For UID and UAT records, this is the
            self-signature date.
 7. Field:  Key or user ID/user attribute expiration date or empty if none.
-
 8. Field:  Used for serial number in crt records (used to be the Local-ID).
-            For UID and UAT records, this is the namehash: a RIPEMD/160 hash
-            of the user ID contents.  For trust signatures, this is
-            the trust depth seperated by the trust value by a space.
+            For UID and UAT records, this is a hash of the user ID contents
+            used to represent that exact user ID.  For trust signatures,
+            this is the trust depth seperated by the trust value by a
+            space.
 9. Field:  Ownertrust (primary public keys only)
 	    This is a single letter, but be prepared that additional
 	    information may follow in some future versions.  For trust
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@ -67,16 +67,24 @@ else
 	echo "No man page due to missing docbook-to-man" >>$@
 endif

-
 FAQ : faq.raw
+if WORKING_FAQPROG
 	$(FAQPROG) -f $<  $@ || $(FAQPROG) -f $< $@
+else
+	: Warning: missing faqprog.pl, cannot make $@
+	echo "No $@ due to missing faqprog.pl" > $@
+	echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@
+endif

 faq.html : faq.raw
+if WORKING_FAQPROG
 	$(FAQPROG) -h -f $< $@ 2>&1 || $(FAQPROG) -h -f $< $@
+else
+	: Warning: missing faqprog.pl, cannot make $@
+	echo "No $@ due to missing faqprog.pl" > $@
+	echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@
+endif

 dist-hook:
 	@if test "`wc -c < gpg.1`" -lt 200; then \
 	    echo 'ERROR: dummy man page'; false; fi
-
-
-
--- a/doc/gpg.sgml
+++ b/doc/gpg.sgml
@ -343,11 +343,16 @@ Create an alternate user id.</para></listitem></varlistentry>
    <varlistentry>
    <term>addphoto</term>
    <listitem><para>
-Create a photographic user id.</para></listitem></varlistentry>
+Create a photographic user id.  This will prompt for a JPEG file that
+will be embedded into the user ID.</para></listitem></varlistentry>
    <varlistentry>
    <term>deluid</term>
    <listitem><para>
 Delete a user id.</para></listitem></varlistentry>
+    <varlistentry>
+    <term>revuid</term>
+    <listitem><para>
+Revoke a user id.</para></listitem></varlistentry>
    <varlistentry>
    <term>addkey</term>
    <listitem><para>
@ -915,11 +920,13 @@ Prompt before overwriting any files.

 <varlistentry>
 <term>--batch</term>
+<term>--no-batch</term>
 <listitem><para>
-Use batch mode.  Never ask, do not allow interactive
-commands.
+Use batch mode.  Never ask, do not allow interactive commands.
+--no-batch disables this option.
 </para></listitem></varlistentry>

+
 <varlistentry>
 <term>--no-tty</term>
 <listitem><para>
@ -929,14 +936,6 @@ warnings to the TTY if --batch is used.
 </para></listitem></varlistentry>


-<varlistentry>
-<term>--no-batch</term>
-<listitem><para>
-Disable batch mode.  This may be of use if --batch
-is enabled from an options file.
-</para></listitem></varlistentry>
-
-
 <varlistentry>
 <term>--yes</term>
 <listitem><para>
@ -1200,17 +1199,12 @@ Include designated revoker information that was marked as

 <varlistentry>
 <term>--show-photos</term>
+<term>--no-show-photos</term>
 <listitem><para>
 Causes --list-keys, --list-sigs, --list-public-keys,
 --list-secret-keys, and verifying a signature to also display the
-photo ID attached to the key, if any.
-See also --photo-viewer.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-show-photos</term>
-<listitem><para>
-Resets the --show-photos flag.
+photo ID attached to the key, if any.  See also --photo-viewer.
+--no-show-photos disables this option.
 </para></listitem></varlistentry>

 <varlistentry>
@ -1398,18 +1392,15 @@ delivered to the file descriptor.

 <varlistentry>
 <term>--sk-comments</term>
+<term>--no-sk-comments</term>
 <listitem><para>
 Include secret key comment packets when exporting secret keys.  This
 is a GnuPG extension to the OpenPGP standard, and is off by default.
 Please note that this has nothing to do with the comments in clear
-text signatures or armor headers.
+text signatures or armor headers.  --no-sk-comments disables this
+option.
 </para></listitem></varlistentry>

-<varlistentry>
-<term>--no-sk-comments</term>
-<listitem><para>
-Resets the --sk-comments option.
-</para></listitem></varlistentry>

 <varlistentry>
 <term>--no-comment</term>
@ -1436,19 +1427,12 @@ default comment string anymore.
 </para></listitem></varlistentry>


-<varlistentry>
-<term>--no-version</term>
-<listitem><para>
-Omit the version string in clear text signatures.
-</para></listitem></varlistentry>
-
-
 <varlistentry>
 <term>--emit-version</term>
+<term>--no-emit-version</term>
 <listitem><para>
-Force to write the version string in clear text
-signatures.  Use this to overwrite a previous
--no-version from a config file.
+Force inclusion of the version string in ASCII armored output.
+--no-emit-version disables this option.
 </para></listitem></varlistentry>


@ -1484,16 +1468,13 @@ making a key signature (certification).

 <varlistentry>
 <term>--show-notation</term>
+<term>--no-show-notation</term>
 <listitem><para>
 Show signature notations in the --list-sigs or --check-sigs listings
 as well as when verifying a signature with a notation in it.
+--no-show-notation disables this option.
 </para></listitem></varlistentry>

-<varlistentry>
-<term>--no-show-notation</term>
-<listitem><para>
-Do not show signature notations.
-</para></listitem></varlistentry>

 <varlistentry>
 <term>--sig-policy-url &ParmString;</term>
@ -1513,15 +1494,11 @@ The same %-expandos used for notation data are available here as well.

 <varlistentry>
 <term>--show-policy-url</term>
+<term>--no-show-policy-url</term>
 <listitem><para>
 Show policy URLs in the --list-sigs or --check-sigs listings as well
 as when verifying a signature with a policy URL in it.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-show-policy-url</term>
-<listitem><para>
-Do not show policy URLs.
+--no-show-policy-url disables this option.
 </para></listitem></varlistentry>

 <varlistentry>
@ -1533,18 +1510,14 @@ messages.

 <varlistentry>
 <term>--for-your-eyes-only</term>
+<term>--no-for-your-eyes-only</term>
 <listitem><para>
 Set the `for your eyes only' flag in the message.  This causes GnuPG
 to refuse to save the file unless the --output option is given, and
 PGP to use the "secure viewer" with a Tempest-resistant font to
 display the message.  This option overrides --set-filename.
-</para></listitem></varlistentry
-
-<varlistentry>
-<term>--no-for-your-eyes-only</term>
-<listitem><para>
-Resets the --for-your-eyes-only flag.
-</para></listitem></varlistentry
+--no-for-your-eyes-only disables this option.
+</para></listitem></varlistentry>

 <varlistentry>
 <term>--use-embedded-filename</term>
@ -1705,16 +1678,12 @@ interaction, this performance penalty does not matter in most settings.

 <varlistentry>
 <term>--auto-check-trustdb</term>
-<listitem><para>
-If GnuPG feels that its information about the Web-of-Trust has to be
-updated, it automatically runs the --check-trustdb command 
-internally.  This may be a time consuming process.
-</para></listitem></varlistentry>
-
-<varlistentry>
 <term>--no-auto-check-trustdb</term>
 <listitem><para>
-Resets the --auto-check-trustdb option.
+If GnuPG feels that its information about the Web-of-Trust has to be
+updated, it automatically runs the --check-trustdb command internally.
+This may be a time consuming process.  --no-auto-check-trustdb
+disables this option.
 </para></listitem></varlistentry>

 <varlistentry>
@ -1800,6 +1769,7 @@ Try to be more RFC1991 (PGP 2.x) compliant.

 <varlistentry>
 <term>--pgp2</term>
+<term>--no-pgp2</term>
 <listitem><para>
 Set up all options to be as PGP 2.x compliant as possible, and warn if
 an action is taken (e.g. encrypting to a non-RSA key) that will create
@ -1811,17 +1781,12 @@ This option implies `--rfc1991 --no-openpgp --disable-mdc
 --no-force-v4-certs --no-comment --escape-from-lines --force-v3-sigs
 --no-ask-sig-expire --no-ask-cert-expire --cipher-algo IDEA
 --digest-algo MD5 --compress-algo 1'.  It also disables --textmode
-when encrypting.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-pgp2</term>
-<listitem><para>
-Resets the --pgp2 option.
+when encrypting.  --no-pgp2 disables this option.
 </para></listitem></varlistentry>

 <varlistentry>
 <term>--pgp6</term>
+<term>--no-pgp6</term>
 <listitem><para>
 Set up all options to be as PGP 6 compliant as possible.  This
 restricts you to the ciphers IDEA (if the IDEA plugin is installed),
@ -1831,43 +1796,30 @@ compression algorithms none and ZIP.  This also disables
 does not understand signatures made by signing subkeys.
 </para><para>
 This option implies `--disable-mdc --no-comment --escape-from-lines
--force-v3-sigs --no-ask-sig-expire --compress-algo 1'
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-pgp6</term>
-<listitem><para>
-Resets the --pgp6 option.
+--force-v3-sigs --no-ask-sig-expire --compress-algo 1' --no-pgp6
+disables this option.
 </para></listitem></varlistentry>

 <varlistentry>
 <term>--pgp7</term>
+<term>--no-pgp7</term>
 <listitem><para>
 Set up all options to be as PGP 7 compliant as possible.  This is
 identical to --pgp6 except that MDCs are not disabled, and the list of
 allowable ciphers is expanded to add AES128, AES192, AES256, and
-TWOFISH.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-pgp7</term>
-<listitem><para>
-Resets the --pgp7 option.
+TWOFISH.  --no-pgp7 disables this option.
 </para></listitem></varlistentry>

 <varlistentry>
 <term>--pgp8</term>
+<term>--no-pgp8</term>
 <listitem><para>
 Set up all options to be as PGP 8 compliant as possible.  PGP 8 is a
 lot closer to the OpenPGP standard than previous versions of PGP, so
 all this does is disable --throw-keyid and set --escape-from-lines and
--compress-algo 1.  The allowed algorithms list is the same as --pgp7.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-pgp8</term>
-<listitem><para>
-Resets the --pgp8 option.
+--compress-algo 1.  The allowed algorithms list is the same as --pgp7
+with the addition of the SHA-256 digest algorithm.  --no-pgp8 disables
+this option.
 </para></listitem></varlistentry>

 <varlistentry>
@ -1876,38 +1828,29 @@ Resets the --pgp8 option.
 Reset all packet, cipher and digest options to OpenPGP behavior. Use
 this option to reset all previous options like --rfc1991,
 --force-v3-sigs, --s2k-*, --cipher-algo, --digest-algo and
--compress-algo to OpenPGP compliant values.  All PGP workarounds are
-also disabled.
+--compress-algo to OpenPGP compliant values.  All PGP workarounds and
+--pgpX modes are also disabled.
 </para></listitem></varlistentry>

-
 <varlistentry>
 <term>--force-v3-sigs</term>
+<term>--no-force-v3-sigs</term>
 <listitem><para>
 OpenPGP states that an implementation should generate v4 signatures
 but PGP versions 5 and higher only recognize v4 signatures on key
 material.  This option forces v3 signatures for signatures on data.
 Note that this option overrides --ask-sig-expire, as v3 signatures
-cannot have expiration dates.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-force-v3-sigs</term>
-<listitem><para>
-Reset the --force-v3-sigs option.
+cannot have expiration dates.  --no-force-v3-sigs disables this
+option.
 </para></listitem></varlistentry>

 <varlistentry>
 <term>--force-v4-certs</term>
+<term>--no-force-v4-certs</term>
 <listitem><para>
 Always use v4 key signatures even on v3 keys.  This option also
 changes the default hash algorithm for v3 RSA keys from MD5 to SHA-1.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-force-v4-certs</term>
-<listitem><para>
-Reset the --force-v4-certs option.
+--no-force-v4-certs disables this option.
 </para></listitem></varlistentry>

 <varlistentry>
@ -1915,8 +1858,8 @@ Reset the --force-v4-certs option.
 <listitem><para>
 Force the use of encryption with a modification detection code.  This
 is always used with the newer ciphers (those with a blocksize greater
-than 64 bits), or if the recipient key has one of those ciphers as a
-preference.
+than 64 bits), or if all of the recipient keys indicate MDC support in
+their feature flags.
 </para></listitem></varlistentry>

 <varlistentry>
@ -1929,16 +1872,11 @@ message modification attack.

 <varlistentry>
 <term>--allow-non-selfsigned-uid</term>
+<term>--no-allow-non-selfsigned-uid</term>
 <listitem><para>
 Allow the import and use of keys with user IDs which are not
 self-signed.  This is not recommended, as a non self-signed user ID is
-trivial to forge.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-allow-non-selfsigned-uid</term>
-<listitem><para>
-Reset the --allow-non-selfsigned-uid option.
+trivial to forge.  --no-allow-non-selfsigned-uid disables.
 </para></listitem></varlistentry>

 <varlistentry>
@ -1949,7 +1887,6 @@ one.  This option should only be used in very special environments as
 it does not ensure the de-facto standard format of user IDs.
 </para></listitem></varlistentry>

-
 <varlistentry>
 <term>--ignore-time-conflict</term>
 <listitem><para>
@ -1996,7 +1933,6 @@ and do not release the lock until the process
 terminates.
 </para></listitem></varlistentry>

-
 <varlistentry>
 <term>--lock-multiple</term>
 <listitem><para>
@ -2024,19 +1960,16 @@ are not desired.  This option can be used to achieve that with the cost of
 slower random generation.
 </para></listitem></varlistentry>

-
 <varlistentry>
 <term>--no-verbose</term>
 <listitem><para>
 Reset verbose level to 0.
 </para></listitem></varlistentry>

-
 <varlistentry>
 <term>--no-greeting</term>
 <listitem><para>
-Suppress the initial copyright message but do not
-enter batch mode.
+Suppress the initial copyright message.
 </para></listitem></varlistentry>

 <varlistentry>
@ -2179,32 +2112,25 @@ handing out the secret key.

 <varlistentry>
 <term>--ask-sig-expire</term>
+<term>--no-ask-sig-expire</term>
 <listitem><para>
 When making a data signature, prompt for an expiration time.  If this
 option is not specified, the expiration time is "never".
-</para></listitem></varlistentry
-
-<varlistentry>
-<term>--no-ask-sig-expire</term>
-<listitem><para>
-Resets the --ask-sig-expire option.
-</para></listitem></varlistentry
+--no-ask-sig-expire disables this option.
+</para></listitem></varlistentry>

 <varlistentry>
 <term>--ask-cert-expire</term>
+<term>--no-ask-cert-expire</term>
 <listitem><para>
 When making a key signature, prompt for an expiration time.  If this
 option is not specified, the expiration time is "never".
-</para></listitem></varlistentry
-
-<varlistentry>
-<term>--no-ask-cert-expire</term>
-<listitem><para>
-Resets the --ask-cert-expire option.
-</para></listitem></varlistentry
+--no-ask-cert-expire disables this option.
+</para></listitem></varlistentry>

 <varlistentry>
 <term>--expert</term>
+<term>--no-expert</term>
 <listitem><para>
 Allow the user to do certain nonsensical or "silly" things like
 signing an expired or revoked key, or certain potentially incompatible
@ -2212,14 +2138,8 @@ things like generating deprecated key types.  This also disables
 certain warning messages about potentially incompatible actions.  As
 the name implies, this option is for experts only.  If you don't fully
 understand the implications of what it allows you to do, leave this
-off.
-</para></listitem></varlistentry
-
-<varlistentry>
-<term>--no-expert</term>
-<listitem><para>
-Resets the --expert option.
-</para></listitem></varlistentry
+off.  --no-expert disables this option.
+</para></listitem></varlistentry>

 <varlistentry>
 <term>--merge-only</term>
--- a/doc/samplekeys.asc
+++ b/doc/samplekeys.asc