doc: Fix typos.

* doc/debugging.texi, doc/dirmngr.texi, doc/glossary.texi
* doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi
* doc/instguide.texi, doc/opt-homedir.texi, doc/scdaemon.texi
* doc/specify-user-id.texi, doc/tools.texi: Fix.

doc/debugging.texi

@@ -10,7 +10,7 @@ there is a need to track down problems.  We call this debugging in a
 reminiscent to the moth jamming a relay in a Mark II box back in 1947.
 
 Most of the problems a merely configuration and user problems but
-nevertheless there are the most annoying ones and responsible for many
+nevertheless they are the most annoying ones and responsible for many
 gray hairs.  We try to give some guidelines here on how to identify and
 solve the problem at hand.
 
@@ -131,7 +131,7 @@ but Dirmngr's OCSP feature has not been enabled using
 
 The far most common reason for this is that the environment variable
 @code{GPG_TTY} has not been set correctly.  Make sure that it has been
-set to a real tty devce and not just to @samp{/dev/tty};
+set to a real tty device and not just to @samp{/dev/tty};
 i.e. @samp{GPG_TTY=tty} is plainly wrong; what you want is
 @samp{GPG_TTY=`tty`} --- note the back ticks.  Also make sure that
 this environment variable gets exported, that is you should follow up
@@ -162,7 +162,7 @@ making use of ssh.
 
 @item Exporting a secret key without a certificate
 
-I may happen that you have created a certificate request using
+It may happen that you have created a certificate request using
 @command{gpgsm} but not yet received and imported the certificate from
 the CA.  However, you want to export the secret key to another machine
 right now to import the certificate over there then.  You can do this

doc/dirmngr.texi

@@ -102,7 +102,7 @@ so that @code{gpgsm} can help dirmngr.
 @item --fetch-crl @var{url}
 @opindex fetch-crl
 This command requires an URL as additional argument, and it will make
-dirmngr try to retrieve an import the CRL from that @var{url} into
+dirmngr try to retrieve and import the CRL from that @var{url} into
 it's cache.  This is mainly useful for debugging purposes.  The
 @command{dirmngr-client} provides the same feature for a running dirmngr.
 
@@ -364,11 +364,11 @@ out. The default is currently 100 seconds.  0 will never timeout.
 
 @item --add-servers
 @opindex add-servers
-This options makes dirmngr add any servers it discovers when validating
+This option makes dirmngr add any servers it discovers when validating
 certificates against CRLs to the internal list of servers to consult for
 certificates and CRLs.
 
-This options is useful when trying to validate a certificate that has
+This option is useful when trying to validate a certificate that has
 a CRL distribution point that points to a server that is not already
 listed in the ldapserverlist. Dirmngr will always go to this server and
 try to download the CRL, but chances are high that the certificate used
@@ -397,8 +397,8 @@ not contain information about an assigned responder.  Note, that
 @item --ocsp-signer @var{fpr}|@var{file}
 @opindex ocsp-signer
 Use the certificate with the fingerprint @var{fpr} to check the
-responses of the default OCSP Responder.  Alternativly a filename can be
-given in which case the respinse is expected to be signed by one of the
+responses of the default OCSP Responder.  Alternatively a filename can be
+given in which case the response is expected to be signed by one of the
 certificates described in that file.  Any argument which contains a
 slash, dot or tilde is considered a filename.  Usual filename expansion
 takes place: A tilde at the start followed by a slash is replaced by the
@@ -550,7 +550,7 @@ Here is a list of supported signals:
 
 @item SIGHUP
 @cpindex SIGHUP
-This signals flushes all internally cached CRLs as well as any cached
+This signal flushes all internally cached CRLs as well as any cached
 certificates.  Then the certificate cache is reinitialized as on
 startup.  Options are re-read from the configuration file.  Instead of
 sending this signal it is better to use
@@ -756,7 +756,7 @@ Only this answer will let Dirmngr consider the CRL as valid.
 Check whether the certificate with FINGERPRINT (SHA-1 hash of the
 entire X.509 certificate blob) is valid or not by consulting the CRL
 responsible for this certificate.  If the fingerprint has not been
-given or the certificate is not know, the function inquires the
+given or the certificate is not known, the function inquires the
 certificate using:
 
 @example

doc/glossary.texi

@@ -61,7 +61,7 @@ on a disk; the latter is often called a Soft-PSE.
 @item Shell model
 The standard model for validation of certificates under X.509.  At the
 time of the verification all certificates must be valid and not expired.
-See also @emph{Chain mode}.
+See also @emph{Chain model}.
 
 
 @item X.509

doc/gpg-agent.texi

@@ -708,7 +708,7 @@ that key.  The flag is automatically set if a new key was loaded into
 @code{gpg-agent} using the option @option{-c} of the @code{ssh-add}
 command.
 
-The keygrip may be prefixed with a @code{!} to disable an entry entry.
+The keygrip may be prefixed with a @code{!} to disable an entry.
 
 The following example lists exactly one key.  Note that keys available
 through a OpenPGP smartcard in the active smartcard reader are
@@ -939,7 +939,7 @@ Here is an example session:
    S: # session key follows
    S: S PADDING 0
    S: D (value 1234567890ABCDEF0)
-   S: OK descryption successful
+   S: OK decryption successful
 @end smallexample
 @end cartouche
 
@@ -951,7 +951,7 @@ that the padding has been removed.
 @node Agent PKSIGN
 @subsection Signing a Hash
 
-The client ask the agent to sign a given hash value.  A default key
+The client asks the agent to sign a given hash value.  A default key
 will be chosen if no key has been set.  To set a key a client first
 uses:
 
@@ -961,7 +961,7 @@ uses:
 
 This can be used multiple times to create multiple signature, the list
 of keys is reset with the next PKSIGN command or a RESET.  The server
-test whether the key is a valid key to sign something and responds with
+tests whether the key is a valid key to sign something and responds with
 okay.
 
 @example
@@ -993,7 +993,7 @@ The actual signing is done using
    PKSIGN <options>
 @end example
 
-Options are not yet defined, but my later be used to choose among
+Options are not yet defined, but may later be used to choose among
 different algorithms.  The agent does then some checks, asks for the
 passphrase and as a result the server returns the signature as an SPKI
 like S-expression in "D" lines:
@@ -1113,7 +1113,7 @@ are to be used for this.
 
 There is no actual need because we can expect that secret keys
 created by a 3rd party are stored on a smartcard.  If we have
-generated the key ourself, we do not need to import it.
+generated the key ourselves, we do not need to import it.
 
 @node Agent EXPORT
 @subsection Export a Secret Key
@@ -1292,7 +1292,7 @@ passphrase will be retrieved from the pinentry module unless the
 retrieved from the client.
 
 The @var{timeout} parameter keeps the passphrase cached for the specified
-number of seconds. A value of @code{-1} means infinate while @code{0} means
+number of seconds. A value of @code{-1} means infinite while @code{0} means
 the default (currently only a timeout of -1 is allowed, which means to never
 expire it).
 
@@ -1342,7 +1342,7 @@ least one of the keygrips corresponds to an available secret key.
 @end example
 
 This command is used to register a smartcard.  With the --send
-option given the certificates are send back.
+option given the certificates are sent back.
 
 
 @node Agent PASSWD

doc/gpg.texi

@@ -284,7 +284,7 @@ Avoid using the output of this command in scripts or other programs as
 it is likely to change as GnuPG changes.  See @option{--with-colons}
 for a machine-parseable key listing command that is appropriate for
 use in scripts and other programs.  Never use the regular output for
-scripts - it is only for human consumption.
+scripts --- it is only for human consumption.
 
 @item --list-secret-keys
 @itemx -K
@@ -379,7 +379,7 @@ safeguard against accidental deletion of multiple keys.
 
 @item --delete-secret-keys @code{name}
 @opindex delete-secret-keys
-gRemove key from the secret keyring. In batch mode the key must be
+Remove key from the secret keyring. In batch mode the key must be
 specified by fingerprint.  The option @option{--yes} can be used to
 advice gpg-agent not to request a confirmation.  This extra
 pre-caution is done because @command{gpg} can't be sure that the
@@ -420,7 +420,7 @@ exported keys are written to STDOUT or to the file given with option
 @option{--armor} to allow easy printing of the key for paper backup;
 however the external tool @command{paperkey} does a better job for
 creating backups on paper.  Note that exporting a secret key can be a
-security risk if the exported keys are send over an insecure channel.
+security risk if the exported keys are sent over an insecure channel.
 
 The second form of the command has the special property to render the
 secret part of the primary key useless; this is a GNU extension to
@@ -533,7 +533,7 @@ corrupted trustdb.  Example:
 Update the trustdb with the ownertrust values stored in @code{files} (or
 STDIN if not given); existing values will be overwritten.  In case of a
 severely damaged trustdb and if you have a recent backup of the
-ownertrust values (e.g. in the file @file{otrust.txt}, you may re-create
+ownertrust values (e.g. in the file @file{otrust.txt}), you may re-create
 the trustdb using these commands:
 @c man:.RS
 @example
@@ -1082,7 +1082,7 @@ behaviour and to change the default configuration.
 * GPG Input and Output::        Input and Output.
 * OpenPGP Options::             OpenPGP protocol specific options.
 * Compliance Options::          Compliance options.
-* GPG Esoteric Options::        Doing things one usually don't want to do.
+* GPG Esoteric Options::        Doing things one usually doesn't want to do.
 * Deprecated Options::          Deprecated options.
 @end menu
 
@@ -1808,7 +1808,7 @@ are available for all keyserver types, some common options are:
   @option{--recv-keys} command as a whole. Defaults to 30 seconds.
 
   @item http-proxy=@code{value}
-  This options is deprecated.
+  This option is deprecated.
   Set the proxy to use for HTTP and HKP keyservers.
   This overrides any proxy defined in @file{dirmngr.conf}.
 
@@ -2174,7 +2174,7 @@ stop by the OS limits. Defaults to 0, which means "no limit".
 @opindex input-size-hint
 This option can be used to tell GPG the size of the input data in
 bytes.  @var{n} must be a positive base-10 number.  This option is
-only useful if the input is not taken from a file.  GPG may use thos
+only useful if the input is not taken from a file.  GPG may use this
 hint to optimize its buffer allocation strategy.  It is also used by
 the @option{--status-fd} line ``PROGRESS'' to provide a value for
 ``total'' if that is not available by other means.
@@ -3171,7 +3171,7 @@ workaround!
 
 @item --enable-special-filenames
 @opindex enable-special-filenames
-This options enables a mode in which filenames of the form
+This option enables a mode in which filenames of the form
 @file{-&n}, where n is a non-negative decimal number,
 refer to the file descriptor n and not to a file with that name.
 
@@ -3324,7 +3324,7 @@ files; They all live in in the current home directory (@pxref{option
 
   @item ~/.gnupg/pubring.kbx
   @efindex pubring.kbx
-  The public keyring using a different format.  This file is sharred
+  The public keyring using a different format.  This file is shared
   with @command{gpgsm}.  You should backup this file.
 
   @item ~/.gnupg/pubring.kbx.lock
@@ -3804,7 +3804,7 @@ can be handled.  See also @samp{Key-Type} above.
 
 @item Subkey-Length: @var{nbits}
 Length of the secondary key (subkey) in bits.  The default is returned
-by running the command @samp{@gpgname --gpgconf-list}".
+by running the command @samp{@gpgname --gpgconf-list}.
 
 @item Subkey-Usage: @var{usage-list}
 Key usage lists for a subkey; similar to @samp{Key-Usage}.

doc/gpgsm.texi

@@ -108,7 +108,7 @@ abbreviate this command.
 @table @gnupgtabopt
 @item --encrypt
 @opindex encrypt
-Perform an encryption.  The keys the data is encrypted too must be set
+Perform an encryption.  The keys the data is encrypted to must be set
 using the option @option{--recipient}.
 
 @item --decrypt
@@ -136,7 +136,7 @@ Run in server mode and wait for commands on the @code{stdin}.
 Behave as a Dirmngr client issuing the request @var{command} with the
 optional list of @var{args}.  The output of the Dirmngr is printed
 stdout.  Please note that file names given as arguments should have an
-absolute file name (i.e. commencing with @code{/} because they are
+absolute file name (i.e. commencing with @code{/}) because they are
 passed verbatim to the Dirmngr and the working directory of the
 Dirmngr might not be the same as the one of this client.  Currently it
 is not possible to pass data via stdin to the Dirmngr.  @var{command}
@@ -835,7 +835,7 @@ signatures in the same way as handwritten signatures are.  Comments
 start with a hash mark and empty lines are ignored.  Lines do have a
 length limit but this is not a serious limitation as the format of the
 entries is fixed and checked by gpgsm: A non-comment line starts with
-optional whitespace, followed by exactly 40 hex character, white space
+optional whitespace, followed by exactly 40 hex characters, white space
 and a lowercased 2 letter country code.  Additional data delimited with
 by a white space is current ignored but might late be used for other
 purposes.
@@ -988,7 +988,7 @@ these status codes:
 
 @item The signature is invalid
 This means that the signature verification failed (this is an indication
-of af a transfer error, a program error or tampering with the message).
+of a transfer error, a program error or tampering with the message).
 @command{gpgsm} issues one of these status codes sequences:
   @table @code
   @item  @code{BADSIG}
@@ -1075,7 +1075,7 @@ parameter.  The only supported value for @var{algo} is @samp{rsa}.
 The requested length of a generated key in bits.  Defaults to 2048.
 
 @item Key-Grip: @var{hexstring}
-This is optional and used to generate a CSR or certificatet for an
+This is optional and used to generate a CSR or certificate for an
 already existing key.  Key-Length will be ignored when given.
 
 @item Key-Usage: @var{usage-list}
@@ -1227,7 +1227,7 @@ correct.
 
 Set the file descriptor to be used for the output (i.e. the encrypted
 message). Obviously the pipe must be open at that point, the server
-establishes its own end.  If the server returns an error he client
+establishes its own end.  If the server returns an error the client
 should consider this session failed.
 
 The option armor encodes the output in @acronym{PEM} format, the
@@ -1309,7 +1309,7 @@ possible to use the command
   SIGNER @var{userID}
 @end example
 
-to the signer's key.  @var{userID} should be the
+to set the signer's key.  @var{userID} should be the
 internal representation of the key; the server may accept any other way
 of specification.  If this is a valid and trusted recipient the server
 does respond with OK, otherwise the return is an ERR with the reason why
@@ -1318,13 +1318,13 @@ this key.  If the policy is not to sign at all if not all
 keys are valid, the client has to take care of this.  All
 @code{SIGNER} commands are cumulative until a @code{RESET} is done.
 Note that a @code{SIGN} does not reset this list of signers which is in
-contrats to the @code{RECIPIENT} command.
+contrast to the @code{RECIPIENT} command.
 
 
 @node GPGSM VERIFY
 @subsection Verifying a Message
 
-To verify a mesage the command:
+To verify a message the command:
 
 @example
   VERIFY
@@ -1387,7 +1387,7 @@ in turn this requires that the usual escape quoting rules are done.
 
 Lists only the keys where a secret key is available.
 
-The list commands  commands are affected by the option
+The list commands are affected by the option
 
 @example
   OPTION list-mode=@var{mode}

doc/instguide.texi

@@ -12,7 +12,7 @@ release without that guide.  The chapter on gpg-agent and gpgsm do
 include brief information on how to set up the whole thing.  Please
 watch the GnuPG website for updates of the documentation.  In the
 meantime you may search the GnuPG mailing list archives or ask on the
-gnupg-users mailing listsfor advise on how to solve problems or how to
+gnupg-users mailing list for advise on how to solve problems or how to
 get that whole thing up and running.
 
 ** Building the software

doc/opt-homedir.texi

@@ -16,8 +16,8 @@ considered, all other ways to set a home directory are ignored.
 
 @efindex gpgconf.ctl
 To install GnuPG as a portable application under Windows, create an
-empty file name @file{gpgconf.ctl} in the same directory as the tool
-@file{gpgconf.exe}.  The root of the installation is than that
+empty file named @file{gpgconf.ctl} in the same directory as the tool
+@file{gpgconf.exe}.  The root of the installation is then that
 directory; or, if @file{gpgconf.exe} has been installed directly below
 a directory named @file{bin}, its parent directory.  You also need to
 make sure that the following directories exist and are writable:

doc/scdaemon.texi

@@ -81,7 +81,7 @@ abbreviate this command.
 
 @item --server
 @opindex server
-Run in server mode and wait for commands on the @code{stdin}.  This is
+Run in server mode and wait for commands on the @code{stdin}.  The
 default mode is to create a socket and listen for commands there.
 
 @item --multi-server
@@ -213,7 +213,7 @@ insertions.
 @opindex debug-allow-core-dump
 For security reasons we won't create a core dump when the process
 aborts.  For debugging purposes it is sometimes better to allow core
-dump.  This options enables it and also changes the working directory to
+dump.  This option enables it and also changes the working directory to
 @file{/tmp} when running in @option{--server} mode.
 
 @item --debug-log-tid
@@ -390,7 +390,7 @@ comes with almost all German banking cards.
 @node SmartCard-HSM
 @subsection The SmartCard-HSM card application ``sc-hsm''
 
-This application adds read/only support for keys and certificates
+This application adds read-only support for keys and certificates
 stored on a @uref{http://www.smartcard-hsm.com, SmartCard-HSM}.
 
 To generate keys and store certifiates you may use
@@ -433,12 +433,12 @@ name may be changed on the command line (@pxref{option --options}).
 
 @item scd-event
 @cindex scd-event
-If this file is present and executable, it will be called on veyer card
-reader's status changed. An example of this script is provided with the
+If this file is present and executable, it will be called on every card
+reader's status change.  An example of this script is provided with the
 distribution
 
 @item reader_@var{n}.status
-This file is created by @command{sdaemon} to let other applications now
+This file is created by @command{scdaemon} to let other applications now
 about reader status changes.  Its use is now deprecated in favor of
 @file{scd-event}.
 
@@ -469,7 +469,7 @@ $ scdaemon --server -v
 
 The SC-Daemon should be started by the system to provide access to
 external tokens.  Using Smartcards on a multi-user system does not
-make much sense expect for system services, but in this case no
+make much sense except for system services, but in this case no
 regular user accounts are hosted on the machine.
 
 A client connects to the SC-Daemon by connecting to the socket named
@@ -490,7 +490,7 @@ synchronizing access to a token between sessions.
 * Scdaemon SETATTR::      Update an attribute's value.
 * Scdaemon WRITEKEY::     Write a key to a card.
 * Scdaemon GENKEY::       Generate a new key on-card.
-* Scdaemon RANDOM::       Return random bytes generate on-card.
+* Scdaemon RANDOM::       Return random bytes generated on-card.
 * Scdaemon PASSWD::       Change PINs.
 * Scdaemon CHECKPIN::     Perform a VERIFY operation.
 * Scdaemon RESTART::      Restart connection
@@ -561,7 +561,7 @@ returned in @var{hexstring_with_keygrip}.
 
 This function is used to read a certificate identified by
 @var{hexified_certid} from the card.  With OpenPGP cards the keyid
-@code{OpenPGP.3} may be used to rad the certificate of version 2 cards.
+@code{OpenPGP.3} may be used to read the certificate of version 2 cards.
 
 
 @node Scdaemon READKEY
@@ -622,7 +622,7 @@ using the command
 
 where @var{keyid} is the hexified ID of the key to be used.
 
-If the card is ware of the apdding format a status line with padding
+If the card is aware of the apdding format a status line with padding
 information is send before the plaintext data.  The key for this
 status line is @code{PADDING} with the only defined value being 0 and
 meaning padding has been removed.

doc/specify-user-id.texi

@@ -99,7 +99,7 @@ This uses a substring search but considers only the mail address
 @item By exact match on the subject's DN.
 This is indicated by a leading slash, directly followed by the RFC-2253
 encoded DN of the subject.  Note that you can't use the string printed
-by "gpgsm --list-keys" because that one as been reordered and modified
+by "gpgsm --list-keys" because that one has been reordered and modified
 for better readability; use --with-colons to print the raw (but standard
 escaped) RFC-2253 string
 

doc/tools.texi

@@ -166,7 +166,7 @@ name for remote debugging.
 If GnuPG is installed on a system with existing user accounts, it is
 sometimes required to populate the GnuPG home directory with existing
 files.  Especially a @file{trustlist.txt} and a keybox with some
-initial certificates are often desired.  This scripts help to do this
+initial certificates are often desired.  This script helps to do this
 by copying all files from @file{/etc/skel/.gnupg} to the home
 directories of the accounts given on the command line.  It takes care
 not to overwrite existing GnuPG home directories.
@@ -246,7 +246,7 @@ throughout this section.
 * Invoking gpgconf::       List of all commands and options.
 * Format conventions::     Formatting conventions relevant for all commands.
 * Listing components::     List all gpgconf components.
-* Checking programs::      Check all programs know to gpgconf.
+* Checking programs::      Check all programs known to gpgconf.
 * Listing options::        List all options of a component.
 * Changing options::       Changing options of a component.
 * Listing global options:: List all global options.
@@ -507,7 +507,7 @@ the locale environment of the @command{gpgconf} program.
 The command @code{--list-components} will list all components that can
 be configured with @command{gpgconf}.  Usually, one component will
 correspond to one GnuPG-related program and contain the options of
-that programs configuration file that can be modified using
+that program's configuration file that can be modified using
 @command{gpgconf}.  However, this is not necessarily the case.  A
 component might also be a group of selected options from several
 programs, or contain entirely virtual options that have a special
@@ -1208,7 +1208,7 @@ be used to directly connect to any Assuan style socket server.
 @itemx --exec
 @opindex exec
 Take the rest of the command line as a program and it's arguments and
-execute it as an assuan server. Here is how you would run @command{gpgsm}:
+execute it as an Assuan server. Here is how you would run @command{gpgsm}:
 @smallexample
  gpg-connect-agent --exec gpgsm --server
 @end smallexample
@@ -1217,7 +1217,7 @@ Note that you may not use options on the command line in this case.
 @item --no-ext-connect
 @opindex no-ext-connect
 When using @option{-S} or @option{--exec}, @command{gpg-connect-agent}
-connects to the assuan server in extended mode to allow descriptor
+connects to the Assuan server in extended mode to allow descriptor
 passing.  This option makes it use the old mode.
 
 @item --no-autostart
@@ -1566,7 +1566,7 @@ Do the check using the OCSP protocol and ignore any CRLs.
 
 @item --force-default-responder
 @opindex force-default-responder
-When checking using the OCSP protocl, force the use of the default OCSP
+When checking using the OCSP protocol, force the use of the default OCSP
 responder.  That is not to use the Reponder as given by the certificate.
 
 @item --ping