mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
Merge branch 'STABLE-BRANCH-2-4'
-- Fixed conflicts: NEWS configure.ac doc/gpg.texi
This commit is contained in:
Werner Koch
commit
dfa60c09f5
88 changed files with 2655 additions and 1419 deletions
|
|
@ -623,19 +623,30 @@ are touched.
|
|||
|
||||
@anchor{option --enable-ssh-support}
|
||||
@item --enable-ssh-support
|
||||
@itemx --enable-win32-openssh-support
|
||||
@itemx --enable-putty-support
|
||||
@opindex enable-ssh-support
|
||||
@opindex enable-win32-openssh-support
|
||||
@opindex enable-putty-support
|
||||
|
||||
The OpenSSH Agent protocol is always enabled, but @command{gpg-agent}
|
||||
will only set the @code{SSH_AUTH_SOCK} variable if this flag is given.
|
||||
On Unix platforms the OpenSSH Agent protocol is always enabled, but
|
||||
@command{gpg-agent} will only set the @code{SSH_AUTH_SOCK} variable if
|
||||
the option @option{enable-ssh-support} is given. Some Linux
|
||||
distributions use the presence of this option to decide whether the
|
||||
old ssh-agent shall be started.
|
||||
|
||||
On Windows support for the native ssh implementation must be enabled
|
||||
using the the option @option{enable-win32-openssh-support}. For using
|
||||
gpg-agent as a replacement for PuTTY's Pageant, the option
|
||||
@option{enable-putty-support} must be enabled.
|
||||
|
||||
In this mode of operation, the agent does not only implement the
|
||||
gpg-agent protocol, but also the agent protocol used by OpenSSH
|
||||
(through a separate socket). Consequently, it should be possible to use
|
||||
the gpg-agent as a drop-in replacement for the well known ssh-agent.
|
||||
(through a separate socket or via Named Pipes) or the protocol used by
|
||||
PuTTY. Consequently, this allows to use the gpg-agent as a drop-in
|
||||
replacement for the ssh-agent.
|
||||
|
||||
SSH Keys, which are to be used through the agent, need to be added to
|
||||
SSH keys, which are to be used through the agent, need to be added to
|
||||
the gpg-agent initially through the ssh-add utility. When a key is
|
||||
added, ssh-add will ask for the password of the provided key file and
|
||||
send the unprotected key material to the agent; this causes the
|
||||
|
|
|
|||
|
|
@ -316,6 +316,40 @@ Write a private key object identified by @var{keygrip} to the card
|
|||
under the id @var{keyref}. Option @option{--force} allows overwriting
|
||||
an existing key.
|
||||
|
||||
@item CHECKKEYS [--ondisk] [--delete-clear-copy] [--delete-protected-copy]
|
||||
@opindex checkkeys
|
||||
Print a list of keys noticed on all inserted cards. With
|
||||
@option{--ondisk} only smartcard keys with a copy on disk are listed.
|
||||
With @option{--delete-clear-copy} copies of smartcard keys stored on
|
||||
disk without any protection will be deleted. With
|
||||
@option{--delete-protected-copy} password protected copies of
|
||||
smartcard keys stored on disk will be deleted.
|
||||
|
||||
This command creates missing shadow keys. The delete options print
|
||||
the status of the keys before they are deleted.
|
||||
|
||||
The format of the output is:
|
||||
@table @var
|
||||
@item Serial number
|
||||
A hex-string with the serial number of the card.
|
||||
@item Type
|
||||
This gives the type of the card's application. For example "OpenPGP"
|
||||
or "PIV".
|
||||
@item Keygrip
|
||||
A hex-string identifying a key.
|
||||
@item Keyref
|
||||
The application slot where the key is stored on the card. For example
|
||||
"OpenPGP.1"
|
||||
@item Status
|
||||
The status of the key. The most common value is "shadowed" for a key
|
||||
where only the public key along with the card's serial number is
|
||||
stored on the disk. The value "clear" indicates that a copy of the
|
||||
card's key is stored unprotected on disk. The value "protected"
|
||||
indicated that a copy of the car's key is stored on disk but is
|
||||
protected by a password. The value "error" may also be shown if there
|
||||
was a problem reading information from the card.
|
||||
@end table
|
||||
|
||||
@item YUBIKEY @var{cmd} @var{args}
|
||||
@opindex yubikey
|
||||
Various commands pertaining to Yubikey tokens with @var{cmd} being:
|
||||
|
|
|
|||
24
doc/gpg.texi
24
doc/gpg.texi
|
|
@ -638,12 +638,11 @@ The @option{--dearmor} command can also be used to dearmor PEM armors.
|
|||
|
||||
@item --unwrap
|
||||
@opindex unwrap
|
||||
This command is similar to @option{--decrypt} with the difference that the
|
||||
output is not the usual plaintext but the original message with the
|
||||
encryption layer removed. Thus the output will be an OpenPGP data
|
||||
structure which often means a signed OpenPGP message. Note that this
|
||||
option may or may not remove a compression layer which is often found
|
||||
beneath the encryption layer.
|
||||
This option modifies the command @option{--decrypt} to output the
|
||||
original message with the encryption layer removed. Thus the output
|
||||
will be an OpenPGP data structure which often means a signed OpenPGP
|
||||
message. Note that this option may or may not remove a compression
|
||||
layer which is often found beneath the encryption layer.
|
||||
|
||||
@item --tofu-policy @{auto|good|unknown|bad|ask@} @var{keys}
|
||||
@opindex tofu-policy
|
||||
|
|
@ -2580,6 +2579,10 @@ opposite meaning. The options are:
|
|||
import-clean it suppresses the final clean step after merging the
|
||||
imported key into the existing key.
|
||||
|
||||
@item ignore-attributes
|
||||
Ignore all attribute user IDs (photo IDs) and their signatures while
|
||||
importing a key.
|
||||
|
||||
@item repair-keys
|
||||
After import, fix various problems with the
|
||||
keys. For example, this reorders signatures, and strips duplicate
|
||||
|
|
@ -4637,10 +4640,11 @@ in the @option{--edit-key} menu.
|
|||
|
||||
@item Revoker: @var{algo}:@var{fpr} [sensitive]
|
||||
Add a designated revoker to the generated key. Algo is the public key
|
||||
algorithm of the designated revoker (i.e., RSA=1, DSA=17, etc.)
|
||||
@var{fpr} is the fingerprint of the designated revoker. The optional
|
||||
@samp{sensitive} flag marks the designated revoker as sensitive
|
||||
information. Only v4 keys may be designated revokers.
|
||||
algorithm of the designated revoker (i.e. RSA=1, DSA=17, etc.)
|
||||
@var{fpr} is the fingerprint of the designated revoker. @var{fpr} may
|
||||
not contain spaces or colons. The optional @samp{sensitive} flag
|
||||
marks the designated revoker as sensitive information. Only v4 and v5
|
||||
keys may be designated revokers.
|
||||
|
||||
@item Keyserver: @var{string}
|
||||
This is an optional parameter that specifies the preferred keyserver
|
||||
|
|
|
|||
|
|
@ -387,12 +387,23 @@ daemons. Note that as of now reload and kill have the same effect for
|
|||
Create a directory for sockets below /run/user or /var/run/user. This
|
||||
is command is only required if a non default home directory is used
|
||||
and the /run based sockets shall be used. For the default home
|
||||
directory GnUPG creates a directory on the fly.
|
||||
directory GnuPG creates a directory on the fly.
|
||||
|
||||
@item --remove-socketdir
|
||||
@opindex remove-socketdir
|
||||
Remove a directory created with command @option{--create-socketdir}.
|
||||
|
||||
@item --unlock @var{name}
|
||||
@itemx --lock @var{name}
|
||||
Remove a stale lock file hold for @file{file}. The file is
|
||||
expected in the current GnuPG home directory. This command is usually
|
||||
not required because GnuPG is able to detect and remove stale lock
|
||||
files. Before using the command make sure that the file protected by
|
||||
the lock file is actually not in use. The lock command may be used to
|
||||
lock an accidently removed lock file. Note that the commands have no
|
||||
effect on Windows because the mere existence of a lock file does not
|
||||
mean that the lock is active.
|
||||
|
||||
@end table
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue