security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-12 22:11:29 +02:00
Code Activity

* gpg.text: Suggested new ordering for --edit-key.

Browse Source
This commit is contained in:
David Shaw 2009-08-24 22:21:39 +00:00
parent 7cde92403c
commit fa4a237b6c
2 changed files with 129 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/ChangeLog
View File

@ -1,3 +1,7 @@
2009-08-24 David Shaw <dshaw@jabberwocky.com>
* gpg.text: Suggested new ordering for --edit-key.
2009-08-17 David Shaw <dshaw@jabberwocky.com> 2009-08-17 David Shaw <dshaw@jabberwocky.com>
* gpg.texi (OpenPGP Options): Clarify that * gpg.texi (OpenPGP Options): Clarify that

249
doc/gpg.texi
View File

@ -589,6 +589,16 @@ line.
@c ******** Begin Edit-key Options ********** @c ******** Begin Edit-key Options **********
@table @asis @table @asis
@item uid @code{n}
@opindex keyedit:uid
Toggle selection of user ID or photographic user ID with index @code{n}.
Use 0 to deselect all.
@item key @code{n}
@opindex keyedit:key
Toggle selection of subkey with index @code{n}.
Use 0 to deselect all.
@item sign @item sign
@opindex keyedit:sign @opindex keyedit:sign
Make a signature on key of user @code{name} If the key is not yet Make a signature on key of user @code{name} If the key is not yet
@ -625,106 +635,47 @@ create a signature of any type desired.
@table @asis @table @asis
@item revsig
@opindex keyedit:revsig
Revoke a signature. For every signature which has been generated by
one of the secret keys, GnuPG asks whether a revocation certificate
should be generated.
@item trust
@opindex keyedit:trust
Change the owner trust value. This updates the
trust-db immediately and no save is required.
@item disable
@itemx enable
@opindex keyedit:disable
@opindex keyedit:enable
Disable or enable an entire key. A disabled key can not normally be
used for encryption.
@item adduid
@opindex keyedit:adduid
Create an alternate user id.
@item addphoto
@opindex keyedit:addphoto
Create a photographic user id. This will prompt for a JPEG file that
will be embedded into the user ID. Note that a very large JPEG will make
for a very large key. Also note that some programs will display your
JPEG unchanged (GnuPG), and some programs will scale it to fit in a
dialog box (PGP).
@item deluid
@opindex keyedit:deluid
Delete a user id. Note that it is not possible to retract a user id,
once it has been send to the public (i.e. to a keyserver). In that case
you better use @code{revuid}.
@item delsig @item delsig
@opindex keyedit:delsig @opindex keyedit:delsig
Delete a signature. Note that it is not possible to retract a signature, Delete a signature. Note that it is not possible to retract a signature,
once it has been send to the public (i.e. to a keyserver). In that case once it has been send to the public (i.e. to a keyserver). In that case
you better use @code{revsig}. you better use @code{revsig}.
@item revsig
@opindex keyedit:revsig
Revoke a signature. For every signature which has been generated by
one of the secret keys, GnuPG asks whether a revocation certificate
should be generated.
@item check
@opindex keyedit:check
Check the signatures on all selected user IDs.
@item adduid
@opindex keyedit:adduid
Create an additional user ID.
@item addphoto
@opindex keyedit:addphoto
Create a photographic user ID. This will prompt for a JPEG file that
will be embedded into the user ID. Note that a very large JPEG will make
for a very large key. Also note that some programs will display your
JPEG unchanged (GnuPG), and some programs will scale it to fit in a
dialog box (PGP).
@item showphoto
@opindex keyedit:showphoto
Display the selected photographic user ID.
@item deluid
@opindex keyedit:deluid
Delete a user ID or photographic user ID. Note that it is not
possible to retract a user id, once it has been send to the public
(i.e. to a keyserver). In that case you better use @code{revuid}.
@item revuid @item revuid
@opindex keyedit:revuid @opindex keyedit:revuid
Revoke a user id. Revoke a user ID or photographic user ID.
@item addkey
@opindex keyedit:addkey
Add a subkey to this key.
@item addcardkey
@opindex keyedit:addcardkey
Generate a key on a card and add it to this key.
@item keytocard
@opindex keyedit:keytocard
Transfer the selected secret key (or the primary key if no key has been
selected) to a smartcard. The secret key in the keyring will be replaced
by a stub if the key could be stored successfully on the card and you
use the save command later. Only certain key types may be transferred to
the card. A sub menu allows you to select on what card to store the
key. Note that it is not possible to get that key back from the card -
if the card gets broken your secret key will be lost unless you have a
backup somewhere.
@item bkuptocard @code{file}
@opindex keyedit:bkuptocard
Restore the given file to a card. This command may be used to restore a
backup key (as generated during card initialization) to a new card. In
almost all cases this will be the encryption key. You should use this
command only with the corresponding public key and make sure that the
file given as argument is indeed the backup to restore. You should then
select 2 to restore as encryption key. You will first be asked to enter
the passphrase of the backup key and then for the Admin PIN of the card.
@item delkey
@opindex keyedit:delkey
Remove a subkey (secondart key). Note that it is not possible to retract
a subkey, once it has been send to the public (i.e. to a keyserver). In
that case you better use @code{revkey}.
@item addrevoker
@opindex keyedit:addrevoker
Add a designated revoker. This takes one optional argument:
"sensitive". If a designated revoker is marked as sensitive, it will not
be exported by default (see export-options).
@item revkey
@opindex keyedit:revkey
Revoke a subkey.
@item expire
@opindex keyedit:expire
Change the key expiration time. If a subkey is selected, the
expiration time of this subkey will be changed. With no selection,
the key expiration of the primary key is changed.
@item passwd
@opindex keyedit:passwd
Change the passphrase of the secret key.
@item primary @item primary
@opindex keyedit:primary @opindex keyedit:primary
@ -735,24 +686,21 @@ as primary makes it primary over other photo user IDs, and setting a
regular user ID as primary makes it primary over other regular user regular user ID as primary makes it primary over other regular user
IDs. IDs.
@item uid @code{n} @item keyserver
@opindex keyedit:uid @opindex keyedit:keyserver
Toggle selection of user id with index @code{n}. Set a preferred keyserver for the specified user ID(s). This allows
Use 0 to deselect all. other users to know where you prefer they get your key from. See
@option{--keyserver-options honor-keyserver-url} for more on how this
works. Setting a value of "none" removes an existing preferred
keyserver.
@item key @code{n} @item notation
@opindex keyedit:key @opindex keyedit:notation
Toggle selection of subkey with index @code{n}. Set a name=value notation for the specified user ID(s). See
Use 0 to deselect all. @option{--cert-notation} for more on how this works. Setting a value of
"none" removes all notations, setting a notation prefixed with a minus
@item check sign (-) removes that notation, and setting a notation name (without the
@opindex keyedit:check =value) prefixed with a minus sign removes all notations with that name.
Check all selected user ids.
@item showphoto
@opindex keyedit:showphoto
Display the selected photographic user
id.
@item pref @item pref
@opindex keyedit:pref @opindex keyedit:pref
@ -790,21 +738,72 @@ message. It will, however, only choose an algorithm that is present
on the preference list of every recipient key. See also the on the preference list of every recipient key. See also the
INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS section below. INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS section below.
@item keyserver @item addkey
@opindex keyedit:keyserver @opindex keyedit:addkey
Set a preferred keyserver for the specified user ID(s). This allows Add a subkey to this key.
other users to know where you prefer they get your key from. See
@option{--keyserver-options honor-keyserver-url} for more on how this
works. Setting a value of "none" removes an existing preferred
keyserver.
@item notation @item addcardkey
@opindex keyedit:notation @opindex keyedit:addcardkey
Set a name=value notation for the specified user ID(s). See Generate a subkey on a card and add it to this key.
@option{--cert-notation} for more on how this works. Setting a value of
"none" removes all notations, setting a notation prefixed with a minus @item keytocard
sign (-) removes that notation, and setting a notation name (without the @opindex keyedit:keytocard
=value) prefixed with a minus sign removes all notations with that name. Transfer the selected secret subkey (or the primary key if no subkey
has been selected) to a smartcard. The secret key in the keyring will
be replaced by a stub if the key could be stored successfully on the
card and you use the save command later. Only certain key types may be
transferred to the card. A sub menu allows you to select on what card
to store the key. Note that it is not possible to get that key back
from the card - if the card gets broken your secret key will be lost
unless you have a backup somewhere.
@item bkuptocard @code{file}
@opindex keyedit:bkuptocard
Restore the given file to a card. This command may be used to restore a
backup key (as generated during card initialization) to a new card. In
almost all cases this will be the encryption key. You should use this
command only with the corresponding public key and make sure that the
file given as argument is indeed the backup to restore. You should then
select 2 to restore as encryption key. You will first be asked to enter
the passphrase of the backup key and then for the Admin PIN of the card.
@item delkey
@opindex keyedit:delkey
Remove a subkey (secondart key). Note that it is not possible to retract
a subkey, once it has been send to the public (i.e. to a keyserver). In
that case you better use @code{revkey}.
@item revkey
@opindex keyedit:revkey
Revoke a subkey.
@item expire
@opindex keyedit:expire
Change the key or subkey expiration time. If a subkey is selected, the
expiration time of this subkey will be changed. With no selection, the
key expiration of the primary key is changed.
@item trust
@opindex keyedit:trust
Change the owner trust value for the key. This updates the trust-db
immediately and no save is required.
@item disable
@itemx enable
@opindex keyedit:disable
@opindex keyedit:enable
Disable or enable an entire key. A disabled key can not normally be
used for encryption.
@item addrevoker
@opindex keyedit:addrevoker
Add a designated revoker to the key. This takes one optional argument:
"sensitive". If a designated revoker is marked as sensitive, it will
not be exported by default (see export-options).
@item passwd
@opindex keyedit:passwd
Change the passphrase of the secret key.
@item toggle @item toggle
@opindex keyedit:toggle @opindex keyedit:toggle
@ -829,7 +828,9 @@ each user ID except for the most recent self-signature.
Add cross-certification signatures to signing subkeys that may not Add cross-certification signatures to signing subkeys that may not
currently have them. Cross-certification signatures protect against a currently have them. Cross-certification signatures protect against a
subtle attack against signing subkeys. See subtle attack against signing subkeys. See
@option{--require-cross-certification}. @option{--require-cross-certification}. All new keys generated have
this signature by default, so this option is only useful to bring
older keys up to date.
@item save @item save
@opindex keyedit:save @opindex keyedit:save