1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

doc: Update from master.

This commit is contained in:
Werner Koch 2013-10-04 21:01:16 +02:00
parent 4a06d9a600
commit f5c32bd1c6
3 changed files with 74 additions and 25 deletions

View File

@ -252,6 +252,14 @@ signed stuff from STDIN, use @samp{-} as the second filename. For
security reasons a detached signature cannot read the signed material security reasons a detached signature cannot read the signed material
from STDIN without denoting it in the above way. from STDIN without denoting it in the above way.
Note: When verifying a cleartext signature, @command{gpg} verifies
only what makes up the cleartext signed data and not any extra data
outside of the cleartext signature or header lines following directly
the dash marker line. The option @code{--output} may be used to write
out the actual signed data; but there are other pitfalls with this
format as well. It is suggested to avoid cleartext signatures in
favor of detached signatures.
@item --multifile @item --multifile
@opindex multifile @opindex multifile
This modifies certain other commands to accept multiple files for This modifies certain other commands to accept multiple files for
@ -926,7 +934,9 @@ behaviour and to change the default configuration.
* GPG Key related Options:: Key related options. * GPG Key related Options:: Key related options.
* GPG Input and Output:: Input and Output. * GPG Input and Output:: Input and Output.
* OpenPGP Options:: OpenPGP protocol specific options. * OpenPGP Options:: OpenPGP protocol specific options.
* Compliance Options:: Compliance options.
* GPG Esoteric Options:: Doing things one usually don't want to do. * GPG Esoteric Options:: Doing things one usually don't want to do.
* Deprecated Options:: Deprecated options.
@end menu @end menu
Long options can be put in an options file (default Long options can be put in an options file (default
@ -1293,9 +1303,7 @@ encoded in the character set as specified by
@option{--display-charset}. These options affect all following @option{--display-charset}. These options affect all following
arguments. Both options may be used multiple times. arguments. Both options may be used multiple times.
@ifset gpgone @anchor{gpg-option --options}
@anchor{option --options}
@end ifset
@item --options @code{file} @item --options @code{file}
@opindex options @opindex options
Read options from @code{file} and do not try to read them from the Read options from @code{file} and do not try to read them from the
@ -2185,6 +2193,7 @@ meaningful if @option{--s2k-mode} is 3.
@c *************************** @c ***************************
@c ******* Compliance ******** @c ******* Compliance ********
@c *************************** @c ***************************
@node Compliance Options
@subsection Compliance options @subsection Compliance options
These options control what GnuPG is compliant to. Only one of these These options control what GnuPG is compliant to. Only one of these
@ -2418,7 +2427,7 @@ check. @code{value} may be any printable string; it will be encoded in
UTF8, so you should check that your @option{--display-charset} is set UTF8, so you should check that your @option{--display-charset} is set
correctly. If you prefix @code{name} with an exclamation mark (!), the correctly. If you prefix @code{name} with an exclamation mark (!), the
notation data will be flagged as critical notation data will be flagged as critical
(rfc2440:5.2.3.15). @option{--sig-notation} sets a notation for data (rfc4880:5.2.3.16). @option{--sig-notation} sets a notation for data
signatures. @option{--cert-notation} sets a notation for key signatures signatures. @option{--cert-notation} sets a notation for key signatures
(certifications). @option{--set-notation} sets both. (certifications). @option{--set-notation} sets both.
@ -2440,7 +2449,7 @@ meaningful when using the OpenPGP smartcard.
@opindex sig-policy-url @opindex sig-policy-url
@opindex cert-policy-url @opindex cert-policy-url
@opindex set-policy-url @opindex set-policy-url
Use @code{string} as a Policy URL for signatures (rfc2440:5.2.3.19). If Use @code{string} as a Policy URL for signatures (rfc4880:5.2.3.20). If
you prefix it with an exclamation mark (!), the policy URL packet will you prefix it with an exclamation mark (!), the policy URL packet will
be flagged as critical. @option{--sig-policy-url} sets a policy url for be flagged as critical. @option{--sig-policy-url} sets a policy url for
data signatures. @option{--cert-policy-url} sets a policy url for key data signatures. @option{--cert-policy-url} sets a policy url for key
@ -2611,6 +2620,26 @@ Note that this passphrase is only used if the option @option{--batch}
has also been given. This is different from @command{gpg}. has also been given. This is different from @command{gpg}.
@end ifclear @end ifclear
@ifset gpgtwoone
@item --pinentry-mode @code{mode}
@opindex pinentry-mode
Set the pinentry mode to @code{mode}. Allowed values for @code{mode}
are:
@table @asis
@item default
Use the default of the agent, which is @code{ask}.
@item ask
Force the use of the Pinentry.
@item cancel
Emulate use of Pinentry's cancel button.
@item error
Return a Pinentry error (``No Pinentry'').
@item loopback
Redirect Pinentry queries to the caller. Note that in contrast to
Pinentry the user is not prompted again if he enters a bad password.
@end table
@end ifset
@item --command-fd @code{n} @item --command-fd @code{n}
@opindex command-fd @opindex command-fd
This is a replacement for the deprecated shared-memory IPC mode. This is a replacement for the deprecated shared-memory IPC mode.
@ -2827,6 +2856,7 @@ on the configuration file.
@c ******************************* @c *******************************
@c ******* Deprecated ************ @c ******* Deprecated ************
@c ******************************* @c *******************************
@node Deprecated Options
@subsection Deprecated options @subsection Deprecated options
@table @gnupgtabopt @table @gnupgtabopt
@ -2909,7 +2939,7 @@ current home directory (@pxref{option --homedir}).
This is the standard configuration file read by @command{@gpgname} on This is the standard configuration file read by @command{@gpgname} on
startup. It may contain any valid long option; the leading two dashes startup. It may contain any valid long option; the leading two dashes
may not be entered and the option may not be abbreviated. This default may not be entered and the option may not be abbreviated. This default
name may be changed on the command line (@pxref{option --options}). name may be changed on the command line (@pxref{gpg-option --options}).
You should backup this file. You should backup this file.
@end table @end table
@ -2972,9 +3002,9 @@ Operation is further controlled by a few environment variables:
@item GPG_AGENT_INFO @item GPG_AGENT_INFO
Used to locate the gpg-agent. Used to locate the gpg-agent.
@ifset gpgone @ifset gpgone
This is only honored when @option{--use-agent} is set. This is only honored when @option{--use-agent} is set.
@end ifset @end ifset
The value consists of 3 colon delimited fields: The first is the path The value consists of 3 colon delimited fields: The first is the path
to the Unix Domain Socket, the second the PID of the gpg-agent and the to the Unix Domain Socket, the second the PID of the gpg-agent and the
protocol version which should be set to 1. When starting the gpg-agent protocol version which should be set to 1. When starting the gpg-agent
@ -3149,8 +3179,8 @@ are almost always required for this.
@end menu @end menu
@node Unattended GPG key generation,,,Unattended Usage of GPG @node Unattended GPG key generation
@section Unattended key generation @subsection Unattended key generation
The command @option{--gen-key} may be used along with the option The command @option{--gen-key} may be used along with the option
@option{--batch} for unattended key generation. The parameters are @option{--batch} for unattended key generation. The parameters are
@ -3290,21 +3320,23 @@ If you don't give any of them, no user ID is created.
@item Expire-Date: @var{iso-date}|(@var{number}[d|w|m|y]) @item Expire-Date: @var{iso-date}|(@var{number}[d|w|m|y])
Set the expiration date for the key (and the subkey). It may either Set the expiration date for the key (and the subkey). It may either
be entered in ISO date format (2000-08-15) or as number of days, be entered in ISO date format (e.g. "20000815T145012") or as number of
weeks, month or years. The special notation "seconds=N" is also days, weeks, month or years after the creation date. The special
allowed to directly give an Epoch value. Without a letter days are notation "seconds=N" is also allowed to specify a number of seconds
assumed. Note that there is no check done on the overflow of the type since creation. Without a letter days are assumed. Note that there
used by OpenPGP for timestamps. Thus you better make sure that the is no check done on the overflow of the type used by OpenPGP for
given value make sense. Although OpenPGP works with time intervals, timestamps. Thus you better make sure that the given value make
GnuPG uses an absolute value internally and thus the last year we can sense. Although OpenPGP works with time intervals, GnuPG uses an
represent is 2105. absolute value internally and thus the last year we can represent is
2105.
@item Ceation-Date: @var{iso-date} @item Ceation-Date: @var{iso-date}
Set the creation date of the key as stored in the key information and Set the creation date of the key as stored in the key information and
which is also part of the fingerprint calculation. Either a date like which is also part of the fingerprint calculation. Either a date like
"1986-04-26" or a full timestamp like "19860426T042640" may be used. "1986-04-26" or a full timestamp like "19860426T042640" may be used.
The time is considered to be UTC. If it is not given the current time The time is considered to be UTC. The special notation "seconds=N"
is used. may be used to directly specify a the number of seconds since Epoch
(Unix time). If it is not given the current time is used.
@item Preferences: @var{string} @item Preferences: @var{string}
Set the cipher, hash, and compression preference values for this key. Set the cipher, hash, and compression preference values for this key.

View File

@ -62,10 +62,15 @@ the public keys used to make the signature are valid. There are
no configuration files and only a few options are implemented. no configuration files and only a few options are implemented.
@code{@gpgvname} assumes that all keys in the keyring are trustworthy. @code{@gpgvname} assumes that all keys in the keyring are trustworthy.
By default it uses a keyring named @file{trustedkeys.gpg} which is That does also mean that it does not check for expired or revoked
assumed to be in the home directory as defined by GnuPG or set by an keys.
option or an environment variable. An option may be used to specify
another keyring or even multiple keyrings. By default a keyring named @file{trustedkeys.gpg} is used. This
default keyring is assumed to be in the home directory of GnuPG,
either the default home directory or the one set by an option or an
environment variable. The option @code{--keyring} may be used to
specify a different keyring or even multiple keyrings.
@noindent @noindent
@mansect options @mansect options

View File

@ -5,6 +5,18 @@ Set the name of the home directory to @var{dir}. If this option is not
used, the home directory defaults to @file{~/.gnupg}. It is only used, the home directory defaults to @file{~/.gnupg}. It is only
recognized when given on the command line. It also overrides any home recognized when given on the command line. It also overrides any home
directory stated through the environment variable @env{GNUPGHOME} or directory stated through the environment variable @env{GNUPGHOME} or
(on W32 systems) by means of the Registry entry (on Windows systems) by means of the Registry entry
@var{HKCU\Software\GNU\GnuPG:HomeDir}. @var{HKCU\Software\GNU\GnuPG:HomeDir}.
On Windows systems it is possible to install GnuPG as a portable
application. In this case only this command line option is
considered, all other ways to set a home directory are ignored.
To install GnuPG as a portable application under Windows, create an
empty file name @file{gpgconf.ctl} in the same directory as the tool
@file{gpgconf.exe}. The root of the installation is than that
directory; or, if @file{gpgconf.exe} has been installed directly below
a directory named @file{bin}, its parent directory. You also need to
make sure that the following directories exist and are writable:
@file{ROOT/home} for the GnuPG home and @file{ROOT/var/cache/gnupg}
for internal cache files.