From fa4a237b6c90a9c90935f68afaf44caa77e77dd7 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Mon, 24 Aug 2009 22:21:39 +0000 Subject: [PATCH] * gpg.text: Suggested new ordering for --edit-key. --- doc/ChangeLog | 4 + doc/gpg.texi | 249 +++++++++++++++++++++++++------------------------- 2 files changed, 129 insertions(+), 124 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index eb4fe82bd..41548320c 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,7 @@ +2009-08-24 David Shaw + + * gpg.text: Suggested new ordering for --edit-key. + 2009-08-17 David Shaw * gpg.texi (OpenPGP Options): Clarify that diff --git a/doc/gpg.texi b/doc/gpg.texi index 84aa799a9..212ab95bc 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -589,6 +589,16 @@ line. @c ******** Begin Edit-key Options ********** @table @asis +@item uid @code{n} +@opindex keyedit:uid +Toggle selection of user ID or photographic user ID with index @code{n}. +Use 0 to deselect all. + +@item key @code{n} +@opindex keyedit:key +Toggle selection of subkey with index @code{n}. +Use 0 to deselect all. + @item sign @opindex keyedit:sign Make a signature on key of user @code{name} If the key is not yet @@ -625,106 +635,47 @@ create a signature of any type desired. @table @asis -@item revsig -@opindex keyedit:revsig -Revoke a signature. For every signature which has been generated by -one of the secret keys, GnuPG asks whether a revocation certificate -should be generated. - -@item trust -@opindex keyedit:trust -Change the owner trust value. This updates the -trust-db immediately and no save is required. - -@item disable -@itemx enable -@opindex keyedit:disable -@opindex keyedit:enable -Disable or enable an entire key. A disabled key can not normally be -used for encryption. - -@item adduid -@opindex keyedit:adduid -Create an alternate user id. - -@item addphoto -@opindex keyedit:addphoto -Create a photographic user id. This will prompt for a JPEG file that -will be embedded into the user ID. Note that a very large JPEG will make -for a very large key. Also note that some programs will display your -JPEG unchanged (GnuPG), and some programs will scale it to fit in a -dialog box (PGP). - -@item deluid -@opindex keyedit:deluid -Delete a user id. Note that it is not possible to retract a user id, -once it has been send to the public (i.e. to a keyserver). In that case -you better use @code{revuid}. - @item delsig @opindex keyedit:delsig Delete a signature. Note that it is not possible to retract a signature, once it has been send to the public (i.e. to a keyserver). In that case you better use @code{revsig}. +@item revsig +@opindex keyedit:revsig +Revoke a signature. For every signature which has been generated by +one of the secret keys, GnuPG asks whether a revocation certificate +should be generated. + +@item check +@opindex keyedit:check +Check the signatures on all selected user IDs. + +@item adduid +@opindex keyedit:adduid +Create an additional user ID. + +@item addphoto +@opindex keyedit:addphoto +Create a photographic user ID. This will prompt for a JPEG file that +will be embedded into the user ID. Note that a very large JPEG will make +for a very large key. Also note that some programs will display your +JPEG unchanged (GnuPG), and some programs will scale it to fit in a +dialog box (PGP). + +@item showphoto +@opindex keyedit:showphoto +Display the selected photographic user ID. + +@item deluid +@opindex keyedit:deluid +Delete a user ID or photographic user ID. Note that it is not +possible to retract a user id, once it has been send to the public +(i.e. to a keyserver). In that case you better use @code{revuid}. + @item revuid @opindex keyedit:revuid -Revoke a user id. - -@item addkey -@opindex keyedit:addkey -Add a subkey to this key. - -@item addcardkey -@opindex keyedit:addcardkey -Generate a key on a card and add it to this key. - -@item keytocard -@opindex keyedit:keytocard -Transfer the selected secret key (or the primary key if no key has been -selected) to a smartcard. The secret key in the keyring will be replaced -by a stub if the key could be stored successfully on the card and you -use the save command later. Only certain key types may be transferred to -the card. A sub menu allows you to select on what card to store the -key. Note that it is not possible to get that key back from the card - -if the card gets broken your secret key will be lost unless you have a -backup somewhere. - -@item bkuptocard @code{file} -@opindex keyedit:bkuptocard -Restore the given file to a card. This command may be used to restore a -backup key (as generated during card initialization) to a new card. In -almost all cases this will be the encryption key. You should use this -command only with the corresponding public key and make sure that the -file given as argument is indeed the backup to restore. You should then -select 2 to restore as encryption key. You will first be asked to enter -the passphrase of the backup key and then for the Admin PIN of the card. - -@item delkey -@opindex keyedit:delkey -Remove a subkey (secondart key). Note that it is not possible to retract -a subkey, once it has been send to the public (i.e. to a keyserver). In -that case you better use @code{revkey}. - -@item addrevoker -@opindex keyedit:addrevoker -Add a designated revoker. This takes one optional argument: -"sensitive". If a designated revoker is marked as sensitive, it will not -be exported by default (see export-options). - -@item revkey -@opindex keyedit:revkey -Revoke a subkey. - -@item expire -@opindex keyedit:expire -Change the key expiration time. If a subkey is selected, the -expiration time of this subkey will be changed. With no selection, -the key expiration of the primary key is changed. - -@item passwd -@opindex keyedit:passwd -Change the passphrase of the secret key. +Revoke a user ID or photographic user ID. @item primary @opindex keyedit:primary @@ -735,24 +686,21 @@ as primary makes it primary over other photo user IDs, and setting a regular user ID as primary makes it primary over other regular user IDs. -@item uid @code{n} -@opindex keyedit:uid -Toggle selection of user id with index @code{n}. -Use 0 to deselect all. +@item keyserver +@opindex keyedit:keyserver +Set a preferred keyserver for the specified user ID(s). This allows +other users to know where you prefer they get your key from. See +@option{--keyserver-options honor-keyserver-url} for more on how this +works. Setting a value of "none" removes an existing preferred +keyserver. -@item key @code{n} -@opindex keyedit:key -Toggle selection of subkey with index @code{n}. -Use 0 to deselect all. - -@item check -@opindex keyedit:check -Check all selected user ids. - -@item showphoto -@opindex keyedit:showphoto -Display the selected photographic user -id. +@item notation +@opindex keyedit:notation +Set a name=value notation for the specified user ID(s). See +@option{--cert-notation} for more on how this works. Setting a value of +"none" removes all notations, setting a notation prefixed with a minus +sign (-) removes that notation, and setting a notation name (without the +=value) prefixed with a minus sign removes all notations with that name. @item pref @opindex keyedit:pref @@ -790,21 +738,72 @@ message. It will, however, only choose an algorithm that is present on the preference list of every recipient key. See also the INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS section below. -@item keyserver -@opindex keyedit:keyserver -Set a preferred keyserver for the specified user ID(s). This allows -other users to know where you prefer they get your key from. See -@option{--keyserver-options honor-keyserver-url} for more on how this -works. Setting a value of "none" removes an existing preferred -keyserver. +@item addkey +@opindex keyedit:addkey +Add a subkey to this key. -@item notation -@opindex keyedit:notation -Set a name=value notation for the specified user ID(s). See -@option{--cert-notation} for more on how this works. Setting a value of -"none" removes all notations, setting a notation prefixed with a minus -sign (-) removes that notation, and setting a notation name (without the -=value) prefixed with a minus sign removes all notations with that name. +@item addcardkey +@opindex keyedit:addcardkey +Generate a subkey on a card and add it to this key. + +@item keytocard +@opindex keyedit:keytocard +Transfer the selected secret subkey (or the primary key if no subkey +has been selected) to a smartcard. The secret key in the keyring will +be replaced by a stub if the key could be stored successfully on the +card and you use the save command later. Only certain key types may be +transferred to the card. A sub menu allows you to select on what card +to store the key. Note that it is not possible to get that key back +from the card - if the card gets broken your secret key will be lost +unless you have a backup somewhere. + +@item bkuptocard @code{file} +@opindex keyedit:bkuptocard +Restore the given file to a card. This command may be used to restore a +backup key (as generated during card initialization) to a new card. In +almost all cases this will be the encryption key. You should use this +command only with the corresponding public key and make sure that the +file given as argument is indeed the backup to restore. You should then +select 2 to restore as encryption key. You will first be asked to enter +the passphrase of the backup key and then for the Admin PIN of the card. + +@item delkey +@opindex keyedit:delkey +Remove a subkey (secondart key). Note that it is not possible to retract +a subkey, once it has been send to the public (i.e. to a keyserver). In +that case you better use @code{revkey}. + +@item revkey +@opindex keyedit:revkey +Revoke a subkey. + +@item expire +@opindex keyedit:expire +Change the key or subkey expiration time. If a subkey is selected, the +expiration time of this subkey will be changed. With no selection, the +key expiration of the primary key is changed. + +@item trust +@opindex keyedit:trust +Change the owner trust value for the key. This updates the trust-db +immediately and no save is required. + +@item disable +@itemx enable +@opindex keyedit:disable +@opindex keyedit:enable +Disable or enable an entire key. A disabled key can not normally be +used for encryption. + +@item addrevoker +@opindex keyedit:addrevoker +Add a designated revoker to the key. This takes one optional argument: +"sensitive". If a designated revoker is marked as sensitive, it will +not be exported by default (see export-options). + +@item passwd +@opindex keyedit:passwd +Change the passphrase of the secret key. @item toggle @opindex keyedit:toggle @@ -829,7 +828,9 @@ each user ID except for the most recent self-signature. Add cross-certification signatures to signing subkeys that may not currently have them. Cross-certification signatures protect against a subtle attack against signing subkeys. See -@option{--require-cross-certification}. +@option{--require-cross-certification}. All new keys generated have +this signature by default, so this option is only useful to bring +older keys up to date. @item save @opindex keyedit:save