1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

doc: Update from master.

This commit is contained in:
Werner Koch 2013-10-04 21:01:16 +02:00
parent 4a06d9a600
commit f5c32bd1c6
3 changed files with 74 additions and 25 deletions

View File

@ -252,6 +252,14 @@ signed stuff from STDIN, use @samp{-} as the second filename. For
security reasons a detached signature cannot read the signed material
from STDIN without denoting it in the above way.
Note: When verifying a cleartext signature, @command{gpg} verifies
only what makes up the cleartext signed data and not any extra data
outside of the cleartext signature or header lines following directly
the dash marker line. The option @code{--output} may be used to write
out the actual signed data; but there are other pitfalls with this
format as well. It is suggested to avoid cleartext signatures in
favor of detached signatures.
@item --multifile
@opindex multifile
This modifies certain other commands to accept multiple files for
@ -926,7 +934,9 @@ behaviour and to change the default configuration.
* GPG Key related Options:: Key related options.
* GPG Input and Output:: Input and Output.
* OpenPGP Options:: OpenPGP protocol specific options.
* Compliance Options:: Compliance options.
* GPG Esoteric Options:: Doing things one usually don't want to do.
* Deprecated Options:: Deprecated options.
@end menu
Long options can be put in an options file (default
@ -1293,9 +1303,7 @@ encoded in the character set as specified by
@option{--display-charset}. These options affect all following
arguments. Both options may be used multiple times.
@ifset gpgone
@anchor{option --options}
@end ifset
@anchor{gpg-option --options}
@item --options @code{file}
@opindex options
Read options from @code{file} and do not try to read them from the
@ -2185,6 +2193,7 @@ meaningful if @option{--s2k-mode} is 3.
@c ***************************
@c ******* Compliance ********
@c ***************************
@node Compliance Options
@subsection Compliance options
These options control what GnuPG is compliant to. Only one of these
@ -2418,7 +2427,7 @@ check. @code{value} may be any printable string; it will be encoded in
UTF8, so you should check that your @option{--display-charset} is set
correctly. If you prefix @code{name} with an exclamation mark (!), the
notation data will be flagged as critical
(rfc2440:5.2.3.15). @option{--sig-notation} sets a notation for data
(rfc4880:5.2.3.16). @option{--sig-notation} sets a notation for data
signatures. @option{--cert-notation} sets a notation for key signatures
(certifications). @option{--set-notation} sets both.
@ -2440,7 +2449,7 @@ meaningful when using the OpenPGP smartcard.
@opindex sig-policy-url
@opindex cert-policy-url
@opindex set-policy-url
Use @code{string} as a Policy URL for signatures (rfc2440:5.2.3.19). If
Use @code{string} as a Policy URL for signatures (rfc4880:5.2.3.20). If
you prefix it with an exclamation mark (!), the policy URL packet will
be flagged as critical. @option{--sig-policy-url} sets a policy url for
data signatures. @option{--cert-policy-url} sets a policy url for key
@ -2611,6 +2620,26 @@ Note that this passphrase is only used if the option @option{--batch}
has also been given. This is different from @command{gpg}.
@end ifclear
@ifset gpgtwoone
@item --pinentry-mode @code{mode}
@opindex pinentry-mode
Set the pinentry mode to @code{mode}. Allowed values for @code{mode}
are:
@table @asis
@item default
Use the default of the agent, which is @code{ask}.
@item ask
Force the use of the Pinentry.
@item cancel
Emulate use of Pinentry's cancel button.
@item error
Return a Pinentry error (``No Pinentry'').
@item loopback
Redirect Pinentry queries to the caller. Note that in contrast to
Pinentry the user is not prompted again if he enters a bad password.
@end table
@end ifset
@item --command-fd @code{n}
@opindex command-fd
This is a replacement for the deprecated shared-memory IPC mode.
@ -2827,6 +2856,7 @@ on the configuration file.
@c *******************************
@c ******* Deprecated ************
@c *******************************
@node Deprecated Options
@subsection Deprecated options
@table @gnupgtabopt
@ -2909,7 +2939,7 @@ current home directory (@pxref{option --homedir}).
This is the standard configuration file read by @command{@gpgname} on
startup. It may contain any valid long option; the leading two dashes
may not be entered and the option may not be abbreviated. This default
name may be changed on the command line (@pxref{option --options}).
name may be changed on the command line (@pxref{gpg-option --options}).
You should backup this file.
@end table
@ -2972,9 +3002,9 @@ Operation is further controlled by a few environment variables:
@item GPG_AGENT_INFO
Used to locate the gpg-agent.
@ifset gpgone
@ifset gpgone
This is only honored when @option{--use-agent} is set.
@end ifset
@end ifset
The value consists of 3 colon delimited fields: The first is the path
to the Unix Domain Socket, the second the PID of the gpg-agent and the
protocol version which should be set to 1. When starting the gpg-agent
@ -3149,8 +3179,8 @@ are almost always required for this.
@end menu
@node Unattended GPG key generation,,,Unattended Usage of GPG
@section Unattended key generation
@node Unattended GPG key generation
@subsection Unattended key generation
The command @option{--gen-key} may be used along with the option
@option{--batch} for unattended key generation. The parameters are
@ -3290,21 +3320,23 @@ If you don't give any of them, no user ID is created.
@item Expire-Date: @var{iso-date}|(@var{number}[d|w|m|y])
Set the expiration date for the key (and the subkey). It may either
be entered in ISO date format (2000-08-15) or as number of days,
weeks, month or years. The special notation "seconds=N" is also
allowed to directly give an Epoch value. Without a letter days are
assumed. Note that there is no check done on the overflow of the type
used by OpenPGP for timestamps. Thus you better make sure that the
given value make sense. Although OpenPGP works with time intervals,
GnuPG uses an absolute value internally and thus the last year we can
represent is 2105.
be entered in ISO date format (e.g. "20000815T145012") or as number of
days, weeks, month or years after the creation date. The special
notation "seconds=N" is also allowed to specify a number of seconds
since creation. Without a letter days are assumed. Note that there
is no check done on the overflow of the type used by OpenPGP for
timestamps. Thus you better make sure that the given value make
sense. Although OpenPGP works with time intervals, GnuPG uses an
absolute value internally and thus the last year we can represent is
2105.
@item Ceation-Date: @var{iso-date}
Set the creation date of the key as stored in the key information and
which is also part of the fingerprint calculation. Either a date like
"1986-04-26" or a full timestamp like "19860426T042640" may be used.
The time is considered to be UTC. If it is not given the current time
is used.
The time is considered to be UTC. The special notation "seconds=N"
may be used to directly specify a the number of seconds since Epoch
(Unix time). If it is not given the current time is used.
@item Preferences: @var{string}
Set the cipher, hash, and compression preference values for this key.

View File

@ -62,10 +62,15 @@ the public keys used to make the signature are valid. There are
no configuration files and only a few options are implemented.
@code{@gpgvname} assumes that all keys in the keyring are trustworthy.
By default it uses a keyring named @file{trustedkeys.gpg} which is
assumed to be in the home directory as defined by GnuPG or set by an
option or an environment variable. An option may be used to specify
another keyring or even multiple keyrings.
That does also mean that it does not check for expired or revoked
keys.
By default a keyring named @file{trustedkeys.gpg} is used. This
default keyring is assumed to be in the home directory of GnuPG,
either the default home directory or the one set by an option or an
environment variable. The option @code{--keyring} may be used to
specify a different keyring or even multiple keyrings.
@noindent
@mansect options

View File

@ -5,6 +5,18 @@ Set the name of the home directory to @var{dir}. If this option is not
used, the home directory defaults to @file{~/.gnupg}. It is only
recognized when given on the command line. It also overrides any home
directory stated through the environment variable @env{GNUPGHOME} or
(on W32 systems) by means of the Registry entry
(on Windows systems) by means of the Registry entry
@var{HKCU\Software\GNU\GnuPG:HomeDir}.
On Windows systems it is possible to install GnuPG as a portable
application. In this case only this command line option is
considered, all other ways to set a home directory are ignored.
To install GnuPG as a portable application under Windows, create an
empty file name @file{gpgconf.ctl} in the same directory as the tool
@file{gpgconf.exe}. The root of the installation is than that
directory; or, if @file{gpgconf.exe} has been installed directly below
a directory named @file{bin}, its parent directory. You also need to
make sure that the following directories exist and are writable:
@file{ROOT/home} for the GnuPG home and @file{ROOT/var/cache/gnupg}
for internal cache files.