security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

Update texinfo source from master.

Browse Source 
* doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi
* doc/scdaemon.texi,  doc/tools.texi: Update.
* doc/yat2m.c: Update.
This commit is contained in:
Werner Koch 2012-03-27 10:05:28 +02:00
parent cc4de72e7d
commit e23ca51ba0
6 changed files with 902 additions and 682 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/gpg-agent.texi
View File

@ -204,7 +204,6 @@ below the home directory of the user.
@item -v
@item --verbose
@opindex v
@opindex verbose
Outputs additional information while running.
You can increase the verbosity by giving several
@ -212,7 +211,6 @@ verbose commands to @command{gpgsm}, such as @samp{-vv}.
@item -q
@item --quiet
@opindex q
@opindex quiet
Try to be as quiet as possible.
@ -300,9 +298,7 @@ debugging.
@itemx --sh
@itemx -c
@itemx --csh
@opindex s
@opindex sh
@opindex c
@opindex csh
Format the info output in daemon mode for use with the standard Bourne
shell or the C-shell respectively. The default is to guess it based on
@ -1369,7 +1365,7 @@ used a default value is used.
@ifset gpgtwoone
@item s2k-count
Instead of using the standard S2K counted (which is computed on the
Instead of using the standard S2K count (which is computed on the
fly), the given S2K count is used for new keys or when changing the
passphrase of a key. Values below 65536 are considered to be 0. This
option is valid for the entire session or until reset to 0. This

197
doc/gpg.texi
View File

File diff suppressed because it is too large Load Diff

48
doc/gpgsm.texi
View File

@ -304,7 +304,7 @@ and to change the default configuration.
* Certificate Options:: Certificate related options.
* Input and Output:: Input and Output.
* CMS Options:: How to change how the CMS is created.
* Esoteric Options:: Doing things one usually don't want to do.
* Esoteric Options:: Doing things one usually do not want to do.
@end menu
@ -346,14 +346,14 @@ Change the default name of the policy file to @var{filename}.
Specify an agent program to be used for secret key operations. The
default value is the @file{/usr/local/bin/gpg-agent}. This is only used
as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
set or a running agent can't be connected.
set or a running agent cannot be connected.
@item --dirmngr-program @var{file}
@opindex dirmnr-program
Specify a dirmngr program to be used for @acronym{CRL} checks. The
default value is @file{/usr/sbin/dirmngr}. This is only used as a
fallback when the environment variable @code{DIRMNGR_INFO} is not set or
a running dirmngr can't be connected.
a running dirmngr cannot be connected.
@item --prefer-system-dirmngr
@opindex prefer-system-dirmngr
@ -367,7 +367,7 @@ Entirely disable the use of the Dirmngr.
@item --no-secmem-warning
@opindex no-secmem-warning
Don't print a warning when the so called "secure memory" can't be used.
Do not print a warning when the so called "secure memory" cannot be used.
@item --log-file @var{file}
@opindex log-file
@ -407,7 +407,7 @@ By default the @acronym{CRL} for trusted root certificates are checked
like for any other certificates. This allows a CA to revoke its own
certificates voluntary without the need of putting all ever issued
certificates into a CRL. The disable option may be used to switch this
extra check off. Due to the caching done by the Dirmngr, there won't be
extra check off. Due to the caching done by the Dirmngr, there will not be
any noticeable performance gain. Note, that this also disables possible
OCSP checks for trusted root certificates. A more specific way of
disabling this check is by adding the ``relax'' keyword to the root CA
@ -428,12 +428,12 @@ command. This option should not be used in a configuration file.
@itemx --disable-ocsp
@opindex enable-ocsp
@opindex disable-ocsp
Be default @acronym{OCSP} checks are disabled. The enable option may
By default @acronym{OCSP} checks are disabled. The enable option may
be used to enable OCSP checks via Dirmngr. If @acronym{CRL} checks
are also enabled, CRLs will be used as a fallback if for some reason an
OCSP request won't succeed. Note, that you have to allow OCSP
OCSP request will not succeed. Note, that you have to allow OCSP
requests in Dirmngr's configuration too (option
@option{--allow-ocsp} and configure dirmngr properly. If you don't do
@option{--allow-ocsp}) and configure Dirmngr properly. If you do not do
so you will get the error code @samp{Not supported}.
@item --auto-issuer-key-retrieve
@ -451,10 +451,11 @@ address and the time when you verified the signature.
@item --validation-model @var{name}
@opindex validation-model
This option changes the default validation model. The only possible
values are "shell" (which is the default) and "chain" which forces the
use of the chain model. The chain model is also used if an option in
the @file{trustlist.txt} or an attribute of the certificate requests it.
However the standard model (shell) is in that case always tried first.
values are "shell" (which is the default), "chain" which forces the
use of the chain model and "steed" for a new simplified model. The
chain model is also used if an option in the @file{trustlist.txt} or
an attribute of the certificate requests it. However the standard
model (shell) is in that case always tried first.
@item --ignore-cert-extension @var{oid}
@opindex ignore-cert-extension
@ -463,7 +464,7 @@ Add @var{oid} to the list of ignored certificate extensions. The
@code{2.5.29.3}. This option may be used more than once. Critical
flagged certificate extensions matching one of the OIDs in the list
are treated as if they are actually handled and thus the certificate
won't be rejected due to an unknown critical extension. Use this
will not be rejected due to an unknown critical extension. Use this
option with care because extensions are usually flagged as critical
for a reason.
@ -479,7 +480,6 @@ for a reason.
@item --armor
@itemx -a
@opindex armor
@opindex -a
Create PEM encoded output. Default is binary output.
@item --base64
@ -506,7 +506,7 @@ Assume the input data is binary encoded.
PKCS#12 files. This option may be used to force the passphrase to be
encoded in the specified encoding @var{name}. This is useful if the
application used to import the key uses a different encoding and thus
won't be able to import a file generated by @command{gpgsm}. Commonly
will not be able to import a file generated by @command{gpgsm}. Commonly
used values for @var{name} are @code{Latin1} and @code{CP850}. Note
that @command{gpgsm} itself automagically imports any file with a
passphrase encoded to the most commonly used encodings.
@ -523,7 +523,6 @@ set; however @option{--default-key} always overrides this.
@item --local-user @var{user_id}
@item -u @var{user_id}
@opindex local-user
@opindex -u
Set the user(s) to be used for signing. The default is the first
secret key found in the database.
@ -605,7 +604,7 @@ interoperability problems.
@c ******** ESOTERIC OPTIONS ***************
@c *******************************************
@node Esoteric Options
@subsection Doing things one usually don't want to do.
@subsection Doing things one usually do not want to do.
@table @gnupgtabopt
@ -954,7 +953,7 @@ of af a transfer error, a program error or tampering with the message).
@end table
@item Error verifying a signature
For some reason the signature could not be verified, i.e. it can't be
For some reason the signature could not be verified, i.e. it cannot be
decided whether the signature is valid or invalid. A common reason for
this is a missing certificate.
@ -1044,9 +1043,9 @@ already existing key. Key-Length will be ignored when given.
@item Key-Usage: @var{usage-list}
Space or comma delimited list of key usage, allowed values are
@samp{encrypt} and @samp{sign}. This is used to generate the keyUsage
extension. Please make sure that the algorithm is capable of this
usage. Default is to allow encrypt and sign.
@samp{encrypt}, @samp{sign} and @samp{cert}. This is used to generate
the keyUsage extension. Please make sure that the algorithm is
capable of this usage. Default is to allow encrypt and sign.
@item Name-DN: @var{subject-name}
This is the Distinguished Name (DN) of the subject in RFC-2253 format.
@ -1158,7 +1157,7 @@ Set the recipient for the encryption. @var{userID} should be the
internal representation of the key; the server may accept any other way
of specification. If this is a valid and trusted recipient the server
does respond with OK, otherwise the return is an ERR with the reason why
the recipient can't be used, the encryption will then not be done for
the recipient cannot be used, the encryption will then not be done for
this recipient. If the policy is not to encrypt at all if not all
recipients are valid, the client has to take care of this. All
@code{RECIPIENT} commands are cumulative until a @code{RESET} or an
@ -1206,7 +1205,8 @@ It takes the plaintext from the @code{INPUT} command, writes to the
ciphertext to the file descriptor set with the @code{OUTPUT} command,
take the recipients from all the recipients set so far. If this command
fails the clients should try to delete all output currently done or
otherwise mark it as invalid. @command{GPGSM} does ensure that there won't be any
otherwise mark it as invalid. @command{GPGSM} does ensure that there
will not be any
security problem with leftover data on the output in this case.
This command should in general not fail, as all necessary checks have
@ -1274,7 +1274,7 @@ to the signer's key. @var{userID} should be the
internal representation of the key; the server may accept any other way
of specification. If this is a valid and trusted recipient the server
does respond with OK, otherwise the return is an ERR with the reason why
the key can't be used, the signature will then not be created using
the key cannot be used, the signature will then not be created using
this key. If the policy is not to sign at all if not all
keys are valid, the client has to take care of this. All
@code{SIGNER} commands are cumulative until a @code{RESET} is done.

22
doc/scdaemon.texi
View File

@ -178,9 +178,11 @@ show memory statistics.
@item 9 (512)
write hashed data to files named @code{dbgmd-000*}
@item 10 (1024)
trace Assuan protocol
trace Assuan protocol. See also option @option{--debug-assuan-log-cats}.
@item 11 (2048)
trace APDU I/O to the card. This may reveal sensitive data.
@item 12 (4096)
trace some card reader related function calls.
@end table
@item --debug-all
@ -215,6 +217,15 @@ dump. This options enables it and also changes the working directory to
@opindex debug-log-tid
This option appends a thread ID to the PID in the log output.
@item --debug-assuan-log-cats @var{cats}
@opindex debug-assuan-log-cats
Changes the active Libassuan logging categories to @var{cats}. The
value for @var{cats} is an unsigned integer given in usual C-Syntax.
A value of of 0 switches to a default category. If this option is not
used the categories are taken from the environment variable
@samp{ASSUAN_DEBUG}. Note that this option has only an effect if the
Assuan debug flag has also been with the option @option{--debug}. For
a list of categories see the Libassuan manual.
@item --no-detach
@opindex no-detach
@ -318,6 +329,7 @@ stripping off the two leading dashes.
* DINSIG Card:: The DINSIG card application
* PKCS#15 Card:: The PKCS#15 card application
* Geldkarte Card:: The Geldkarte application
* Undefined Card:: The Undefined stub application
@end menu
@node OpenPGP Card
@ -358,6 +370,14 @@ This is a simple application to display information of a German
Geldkarte. The Geldkarte is a small amount debit card application which
comes with almost all German banking cards.
@node Undefined Card
@subsection The Undefined card application ``undefined''
This is a stub application to allow the use of the APDU command even
if no supported application is found on the card. This application is
not used automatically but must be explicitly requested using the
SERIALNO command.
@c *******************************************
@c *************** ****************

18
doc/tools.texi
View File

@ -1193,7 +1193,6 @@ Specify the agent program to be started if none is running.
@item -S
@itemx --raw-socket @var{name}
@opindex S
@opindex raw-socket
Connect to socket @var{name} assuming this is an Assuan style server.
Do not run any special initializations or environment checks. This may
@ -1408,11 +1407,11 @@ input lines which makes scripts easier to read.
@item /while @var{condition}
@itemx /end
These commands provide a way for executing loops. All lines between the
@code{while} and the corresponding @code{end} are executed as long as
the evaluation of @var{condition} yields a non-zero value. The
evaluation is done by passing @var{condition} to the @code{strtol}
function. Example:
These commands provide a way for executing loops. All lines between
the @code{while} and the corresponding @code{end} are executed as long
as the evaluation of @var{condition} yields a non-zero value or is the
string @code{true} or @code{yes}. The evaluation is done by passing
@var{condition} to the @code{strtol} function. Example:
@smallexample
/subst
@ -1423,6 +1422,13 @@ function. Example:
/end
@end smallexample
@item /if @var{condition}
@itemx /end
These commands provide a way for conditional execution. All lines between
the @code{if} and the corresponding @code{end} are executed only if
the evaluation of @var{condition} yields a non-zero value or is the
string @code{true} or @code{yes}. The evaluation is done by passing
@var{condition} to the @code{strtol} function.
@item /run @var{file}
Run commands from @var{file}.

43
doc/yat2m.c
View File

@ -1,6 +1,6 @@
/* yat2m.c - Yet Another Texi 2 Man converter
* Copyright (C) 2005 g10 Code GmbH
* Copyright (C) 2006, 2008 Free Software Foundation, Inc.
* Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -72,7 +72,21 @@
extracted from one file, either using the --store or the --select
option.
If you want to indent tables in the source use this style:
@table foo
@item
@item
@table
@item
@end
@end
Don't change the indentation within a table and keep the same
number of white space at the start of the line. yat2m simply
detects the number of white spaces in front of an @item and remove
this number of spaces from all following lines until a new @item
is found or there are less spaces than for the last @item.
*/
#include <stdio.h>
@ -856,6 +870,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
int in_gpgone = 0; /* Keep track of "@ifset gpgone" parts. */
int not_in_gpgone = 0; /* Keep track of "@ifclear gpgone" parts. */
int not_in_man = 0; /* Keep track of "@ifclear isman" parts. */
int item_indent = 0; /* How far is the current @item indented. */
/* Helper to define a macro. */
char *macroname = NULL;
@ -879,6 +894,24 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
}
line[--n] = 0;
/* Kludge to allow indentation of tables. */
for (p=line; *p == ' ' || *p == '\t'; p++)
;
if (*p)
{
if (*p == '@' && !strncmp (p+1, "item", 4))
item_indent = p - line; /* Set a new indent level. */
else if (p - line < item_indent)
item_indent = 0; /* Switch off indention. */
if (item_indent)
{
memmove (line, line+item_indent, n - item_indent + 1);
n -= item_indent;
}
}
if (*line == '@')
{
for (p=line+1, n=1; *p && *p != ' ' && *p != '\t'; p++)
@ -1170,10 +1203,10 @@ top_parse_file (const char *fname, FILE *fp)
if not in a section. */
while (macrolist)
{
macro_t m = macrolist->next;
free (m->value);
free (m);
macrolist = m;
macro_t next = macrolist->next;
free (macrolist->value);
free (macrolist);
macrolist = next;
}
parse_file (fname, fp, &section_name, 0);