mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
gpg: New option --require-compliance.
* g10/options.h (opt): Add field flags.require_compliance. * g10/gpg.c (oRequireCompliance): New. (opts): Add --require-compliance. (main): Set option. * g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant. (check_sig_and_print): Ditto. * g10/encrypt.c (encrypt_crypt): Ditto. -- Note that in the --encrypt and --verify cased other checks may kick in earlier than this new --require-compliance controlled one.
This commit is contained in:
Werner Koch
parent
49c6e58394
commit
ee013c5350
5 changed files with 66 additions and 6 deletions
11
doc/gpg.texi
11
doc/gpg.texi
|
|
@ -2957,6 +2957,17 @@ This option adjusts the compliance mode "de-vs" for stricter key size
|
|||
requirements. For example, a value of 3000 turns rsa2048 and dsa2048
|
||||
keys into non-VS-NfD compliant keys.
|
||||
|
||||
@item --require-compliance
|
||||
@opindex require-compliance
|
||||
To check that data has been encrypted according to the rules of the
|
||||
current compliance mode, a gpg user needs to evaluate the status
|
||||
lines. This is allows frontends to handle compliance check in a more
|
||||
flexible way. However, for scripted use the required evaluation of
|
||||
the status-line requires quite some effort; this option can be used
|
||||
instead to make sure that the gpg process exits with a failure if the
|
||||
compliance rules are not fulfilled. Note that this option has
|
||||
currently an effect only in "de-vs" mode.
|
||||
|
||||
@end table
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue