diff options
| author | Werner Koch <wk@gnupg.org> | 2007-08-10 18:52:05 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2007-08-10 18:52:05 +0200 |
| commit | 74d344a521c8a7a294b8da2cf2647e112fd5b310 (patch) | |
| tree | c2cc77b642ad52a26ea4d99a05f82f725f536d11 /doc/DETAILS | |
| parent | Factored common gpgconf constants out (diff) | |
| download | gnupg2-74d344a521c8a7a294b8da2cf2647e112fd5b310.tar.xz gnupg2-74d344a521c8a7a294b8da2cf2647e112fd5b310.zip | |
Implemented the chain model for X.509 validation.
Diffstat (limited to 'doc/DETAILS')
| -rw-r--r-- | doc/DETAILS | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/doc/DETAILS b/doc/DETAILS index ca5f346aa..2d60aae6a 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -253,8 +253,8 @@ more arguments in future versions. presence of the letter 'T' inside. VALIDSIG <fingerprint in hex> <sig_creation_date> <sig-timestamp> - <expire-timestamp> [ <sig-version> <reserved> <pubkey-algo> - <hash-algo> <sig-class> <primary-key-fpr> ] + <expire-timestamp> <sig-version> <reserved> <pubkey-algo> + <hash-algo> <sig-class> [ <primary-key-fpr> ] The signature with the keyid is good. This is the same as GOODSIG but has the fingerprint as the argument. Both status @@ -269,8 +269,9 @@ more arguments in future versions. useful to get back to the primary key without running gpg again for this purpose. - The optional parameters are used for OpenPGP and are not - available for CMS signatures. + The primary-key-fpr parameter is used for OpenPGP and not + available for CMS signatures. The sig-version as well as the + sig class is not defined for CMS and currently set to 0 and 00. Note, that *-TIMESTAMP may either be a number with seconds since epoch or an ISO 8601 string which can be detected by the @@ -310,13 +311,21 @@ more arguments in future versions. TRUST_UNDEFINED <error token> - TRUST_NEVER <error token> - TRUST_MARGINAL - TRUST_FULLY - TRUST_ULTIMATE - For good signatures one of these status lines are emitted - to indicate how trustworthy the signature is. The error token - values are currently only emitted by gpgsm. + TRUST_NEVER <error token> + TRUST_MARGINAL [0 [<validation_model>]] + TRUST_FULLY [0 [<validation_model>]] + TRUST_ULTIMATE [0 [<validation_model>]] + For good signatures one of these status lines are emitted to + indicate how trustworthy the signature is. The error token + values are currently only emitted by gpgsm. VALIDATION_MODEL + describes the algorithm used to check the validity of the key. + The default is the standard gpg Web of Trust model respective + the standard X.509 model. The defined values are + + "pgp" for the standard PGP WoT. + "shell" for the standard X.509 model. + "chain" for the chain model. + PKA_TRUST_GOOD <mailbox> PKA_TRUST_BAD <mailbox> |