mirror of git://git.gnupg.org/gnupg.git
* gpg.text: Suggested new ordering for --edit-key.
This commit is contained in:
David Shaw
parent
7cde92403c
commit
fa4a237b6c
|
|
@ -1,3 +1,7 @@
|
|||
2009-08-24 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* gpg.text: Suggested new ordering for --edit-key.
|
||||
|
||||
2009-08-17 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* gpg.texi (OpenPGP Options): Clarify that
|
||||
|
|
|
|||
249
doc/gpg.texi
249
doc/gpg.texi
|
|
@ -589,6 +589,16 @@ line.
|
|||
@c ******** Begin Edit-key Options **********
|
||||
@table @asis
|
||||
|
||||
@item uid @code{n}
|
||||
@opindex keyedit:uid
|
||||
Toggle selection of user ID or photographic user ID with index @code{n}.
|
||||
Use 0 to deselect all.
|
||||
|
||||
@item key @code{n}
|
||||
@opindex keyedit:key
|
||||
Toggle selection of subkey with index @code{n}.
|
||||
Use 0 to deselect all.
|
||||
|
||||
@item sign
|
||||
@opindex keyedit:sign
|
||||
Make a signature on key of user @code{name} If the key is not yet
|
||||
|
|
@ -625,106 +635,47 @@ create a signature of any type desired.
|
|||
|
||||
@table @asis
|
||||
|
||||
@item revsig
|
||||
@opindex keyedit:revsig
|
||||
Revoke a signature. For every signature which has been generated by
|
||||
one of the secret keys, GnuPG asks whether a revocation certificate
|
||||
should be generated.
|
||||
|
||||
@item trust
|
||||
@opindex keyedit:trust
|
||||
Change the owner trust value. This updates the
|
||||
trust-db immediately and no save is required.
|
||||
|
||||
@item disable
|
||||
@itemx enable
|
||||
@opindex keyedit:disable
|
||||
@opindex keyedit:enable
|
||||
Disable or enable an entire key. A disabled key can not normally be
|
||||
used for encryption.
|
||||
|
||||
@item adduid
|
||||
@opindex keyedit:adduid
|
||||
Create an alternate user id.
|
||||
|
||||
@item addphoto
|
||||
@opindex keyedit:addphoto
|
||||
Create a photographic user id. This will prompt for a JPEG file that
|
||||
will be embedded into the user ID. Note that a very large JPEG will make
|
||||
for a very large key. Also note that some programs will display your
|
||||
JPEG unchanged (GnuPG), and some programs will scale it to fit in a
|
||||
dialog box (PGP).
|
||||
|
||||
@item deluid
|
||||
@opindex keyedit:deluid
|
||||
Delete a user id. Note that it is not possible to retract a user id,
|
||||
once it has been send to the public (i.e. to a keyserver). In that case
|
||||
you better use @code{revuid}.
|
||||
|
||||
@item delsig
|
||||
@opindex keyedit:delsig
|
||||
Delete a signature. Note that it is not possible to retract a signature,
|
||||
once it has been send to the public (i.e. to a keyserver). In that case
|
||||
you better use @code{revsig}.
|
||||
|
||||
@item revsig
|
||||
@opindex keyedit:revsig
|
||||
Revoke a signature. For every signature which has been generated by
|
||||
one of the secret keys, GnuPG asks whether a revocation certificate
|
||||
should be generated.
|
||||
|
||||
@item check
|
||||
@opindex keyedit:check
|
||||
Check the signatures on all selected user IDs.
|
||||
|
||||
@item adduid
|
||||
@opindex keyedit:adduid
|
||||
Create an additional user ID.
|
||||
|
||||
@item addphoto
|
||||
@opindex keyedit:addphoto
|
||||
Create a photographic user ID. This will prompt for a JPEG file that
|
||||
will be embedded into the user ID. Note that a very large JPEG will make
|
||||
for a very large key. Also note that some programs will display your
|
||||
JPEG unchanged (GnuPG), and some programs will scale it to fit in a
|
||||
dialog box (PGP).
|
||||
|
||||
@item showphoto
|
||||
@opindex keyedit:showphoto
|
||||
Display the selected photographic user ID.
|
||||
|
||||
@item deluid
|
||||
@opindex keyedit:deluid
|
||||
Delete a user ID or photographic user ID. Note that it is not
|
||||
possible to retract a user id, once it has been send to the public
|
||||
(i.e. to a keyserver). In that case you better use @code{revuid}.
|
||||
|
||||
@item revuid
|
||||
@opindex keyedit:revuid
|
||||
Revoke a user id.
|
||||
|
||||
@item addkey
|
||||
@opindex keyedit:addkey
|
||||
Add a subkey to this key.
|
||||
|
||||
@item addcardkey
|
||||
@opindex keyedit:addcardkey
|
||||
Generate a key on a card and add it to this key.
|
||||
|
||||
@item keytocard
|
||||
@opindex keyedit:keytocard
|
||||
Transfer the selected secret key (or the primary key if no key has been
|
||||
selected) to a smartcard. The secret key in the keyring will be replaced
|
||||
by a stub if the key could be stored successfully on the card and you
|
||||
use the save command later. Only certain key types may be transferred to
|
||||
the card. A sub menu allows you to select on what card to store the
|
||||
key. Note that it is not possible to get that key back from the card -
|
||||
if the card gets broken your secret key will be lost unless you have a
|
||||
backup somewhere.
|
||||
|
||||
@item bkuptocard @code{file}
|
||||
@opindex keyedit:bkuptocard
|
||||
Restore the given file to a card. This command may be used to restore a
|
||||
backup key (as generated during card initialization) to a new card. In
|
||||
almost all cases this will be the encryption key. You should use this
|
||||
command only with the corresponding public key and make sure that the
|
||||
file given as argument is indeed the backup to restore. You should then
|
||||
select 2 to restore as encryption key. You will first be asked to enter
|
||||
the passphrase of the backup key and then for the Admin PIN of the card.
|
||||
|
||||
@item delkey
|
||||
@opindex keyedit:delkey
|
||||
Remove a subkey (secondart key). Note that it is not possible to retract
|
||||
a subkey, once it has been send to the public (i.e. to a keyserver). In
|
||||
that case you better use @code{revkey}.
|
||||
|
||||
@item addrevoker
|
||||
@opindex keyedit:addrevoker
|
||||
Add a designated revoker. This takes one optional argument:
|
||||
"sensitive". If a designated revoker is marked as sensitive, it will not
|
||||
be exported by default (see export-options).
|
||||
|
||||
@item revkey
|
||||
@opindex keyedit:revkey
|
||||
Revoke a subkey.
|
||||
|
||||
@item expire
|
||||
@opindex keyedit:expire
|
||||
Change the key expiration time. If a subkey is selected, the
|
||||
expiration time of this subkey will be changed. With no selection,
|
||||
the key expiration of the primary key is changed.
|
||||
|
||||
@item passwd
|
||||
@opindex keyedit:passwd
|
||||
Change the passphrase of the secret key.
|
||||
Revoke a user ID or photographic user ID.
|
||||
|
||||
@item primary
|
||||
@opindex keyedit:primary
|
||||
|
|
@ -735,24 +686,21 @@ as primary makes it primary over other photo user IDs, and setting a
|
|||
regular user ID as primary makes it primary over other regular user
|
||||
IDs.
|
||||
|
||||
@item uid @code{n}
|
||||
@opindex keyedit:uid
|
||||
Toggle selection of user id with index @code{n}.
|
||||
Use 0 to deselect all.
|
||||
@item keyserver
|
||||
@opindex keyedit:keyserver
|
||||
Set a preferred keyserver for the specified user ID(s). This allows
|
||||
other users to know where you prefer they get your key from. See
|
||||
@option{--keyserver-options honor-keyserver-url} for more on how this
|
||||
works. Setting a value of "none" removes an existing preferred
|
||||
keyserver.
|
||||
|
||||
@item key @code{n}
|
||||
@opindex keyedit:key
|
||||
Toggle selection of subkey with index @code{n}.
|
||||
Use 0 to deselect all.
|
||||
|
||||
@item check
|
||||
@opindex keyedit:check
|
||||
Check all selected user ids.
|
||||
|
||||
@item showphoto
|
||||
@opindex keyedit:showphoto
|
||||
Display the selected photographic user
|
||||
id.
|
||||
@item notation
|
||||
@opindex keyedit:notation
|
||||
Set a name=value notation for the specified user ID(s). See
|
||||
@option{--cert-notation} for more on how this works. Setting a value of
|
||||
"none" removes all notations, setting a notation prefixed with a minus
|
||||
sign (-) removes that notation, and setting a notation name (without the
|
||||
=value) prefixed with a minus sign removes all notations with that name.
|
||||
|
||||
@item pref
|
||||
@opindex keyedit:pref
|
||||
|
|
@ -790,21 +738,72 @@ message. It will, however, only choose an algorithm that is present
|
|||
on the preference list of every recipient key. See also the
|
||||
INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS section below.
|
||||
|
||||
@item keyserver
|
||||
@opindex keyedit:keyserver
|
||||
Set a preferred keyserver for the specified user ID(s). This allows
|
||||
other users to know where you prefer they get your key from. See
|
||||
@option{--keyserver-options honor-keyserver-url} for more on how this
|
||||
works. Setting a value of "none" removes an existing preferred
|
||||
keyserver.
|
||||
@item addkey
|
||||
@opindex keyedit:addkey
|
||||
Add a subkey to this key.
|
||||
|
||||
@item notation
|
||||
@opindex keyedit:notation
|
||||
Set a name=value notation for the specified user ID(s). See
|
||||
@option{--cert-notation} for more on how this works. Setting a value of
|
||||
"none" removes all notations, setting a notation prefixed with a minus
|
||||
sign (-) removes that notation, and setting a notation name (without the
|
||||
=value) prefixed with a minus sign removes all notations with that name.
|
||||
@item addcardkey
|
||||
@opindex keyedit:addcardkey
|
||||
Generate a subkey on a card and add it to this key.
|
||||
|
||||
@item keytocard
|
||||
@opindex keyedit:keytocard
|
||||
Transfer the selected secret subkey (or the primary key if no subkey
|
||||
has been selected) to a smartcard. The secret key in the keyring will
|
||||
be replaced by a stub if the key could be stored successfully on the
|
||||
card and you use the save command later. Only certain key types may be
|
||||
transferred to the card. A sub menu allows you to select on what card
|
||||
to store the key. Note that it is not possible to get that key back
|
||||
from the card - if the card gets broken your secret key will be lost
|
||||
unless you have a backup somewhere.
|
||||
|
||||
@item bkuptocard @code{file}
|
||||
@opindex keyedit:bkuptocard
|
||||
Restore the given file to a card. This command may be used to restore a
|
||||
backup key (as generated during card initialization) to a new card. In
|
||||
almost all cases this will be the encryption key. You should use this
|
||||
command only with the corresponding public key and make sure that the
|
||||
file given as argument is indeed the backup to restore. You should then
|
||||
select 2 to restore as encryption key. You will first be asked to enter
|
||||
the passphrase of the backup key and then for the Admin PIN of the card.
|
||||
|
||||
@item delkey
|
||||
@opindex keyedit:delkey
|
||||
Remove a subkey (secondart key). Note that it is not possible to retract
|
||||
a subkey, once it has been send to the public (i.e. to a keyserver). In
|
||||
that case you better use @code{revkey}.
|
||||
|
||||
@item revkey
|
||||
@opindex keyedit:revkey
|
||||
Revoke a subkey.
|
||||
|
||||
@item expire
|
||||
@opindex keyedit:expire
|
||||
Change the key or subkey expiration time. If a subkey is selected, the
|
||||
expiration time of this subkey will be changed. With no selection, the
|
||||
key expiration of the primary key is changed.
|
||||
|
||||
@item trust
|
||||
@opindex keyedit:trust
|
||||
Change the owner trust value for the key. This updates the trust-db
|
||||
immediately and no save is required.
|
||||
|
||||
@item disable
|
||||
@itemx enable
|
||||
@opindex keyedit:disable
|
||||
@opindex keyedit:enable
|
||||
Disable or enable an entire key. A disabled key can not normally be
|
||||
used for encryption.
|
||||
|
||||
@item addrevoker
|
||||
@opindex keyedit:addrevoker
|
||||
Add a designated revoker to the key. This takes one optional argument:
|
||||
"sensitive". If a designated revoker is marked as sensitive, it will
|
||||
not be exported by default (see export-options).
|
||||
|
||||
@item passwd
|
||||
@opindex keyedit:passwd
|
||||
Change the passphrase of the secret key.
|
||||
|
||||
@item toggle
|
||||
@opindex keyedit:toggle
|
||||
|
|
@ -829,7 +828,9 @@ each user ID except for the most recent self-signature.
|
|||
Add cross-certification signatures to signing subkeys that may not
|
||||
currently have them. Cross-certification signatures protect against a
|
||||
subtle attack against signing subkeys. See
|
||||
@option{--require-cross-certification}.
|
||||
@option{--require-cross-certification}. All new keys generated have
|
||||
this signature by default, so this option is only useful to bring
|
||||
older keys up to date.
|
||||
|
||||
@item save
|
||||
@opindex keyedit:save
|
||||
|
|
|
|||
Loading…
Reference in New Issue