summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorDavid Shaw <dshaw@jabberwocky.com>2002-07-30 23:38:14 +0200
committerDavid Shaw <dshaw@jabberwocky.com>2002-07-30 23:38:14 +0200
commit46e07daa31ee8eb79b3a4720ae7a4205a72fd091 (patch)
tree6e6ef481a4846dcd7e4562359c2c58683a9140fa /doc
parentChanged the lincese for Assuan to LGPL. (diff)
downloadgnupg2-46e07daa31ee8eb79b3a4720ae7a4205a72fd091.tar.xz
gnupg2-46e07daa31ee8eb79b3a4720ae7a4205a72fd091.zip
* gpg.sgml: Clarify --edit/addrevoker (sensitive), and --keyserver-options
(--import/export-options may be used as well). Document --import-options and --export-options with their various options. --show-photos now works during signature verification as well. Document --exec-path. Note in --simple-sk-checksum that the passphrase must be changed for this to take effect. Note that --pgp7 does not disable MDC. Document --no-mdc-warning.
Diffstat (limited to 'doc')
-rw-r--r--doc/ChangeLog10
-rw-r--r--doc/gpg.sgml110
2 files changed, 111 insertions, 9 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 0cea43a9a..b8e7e6551 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,13 @@
+2002-07-30 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.sgml: Clarify --edit/addrevoker (sensitive), and
+ --keyserver-options (--import/export-options may be used as well).
+ Document --import-options and --export-options with their various
+ options. --show-photos now works during signature verification as
+ well. Document --exec-path. Note in --simple-sk-checksum that
+ the passphrase must be changed for this to take effect. Note that
+ --pgp7 does not disable MDC. Document --no-mdc-warning.
+
2002-07-25 David Shaw <dshaw@jabberwocky.com>
* gpg.sgml: Clarify the differences between "pref" and "showpref".
diff --git a/doc/gpg.sgml b/doc/gpg.sgml
index 892591058..2ae5a7d80 100644
--- a/doc/gpg.sgml
+++ b/doc/gpg.sgml
@@ -349,7 +349,10 @@ Remove a subkey.</para></listitem></varlistentry>
<varlistentry>
<term>addrevoker</term>
<listitem><para>
-Add a designated revoker.</para></listitem></varlistentry>
+Add a designated revoker. This takes one optional argument:
+"sensitive". If a designated revoker is marked as sensitive, it will
+not be exported by default (see
+export-options).</para></listitem></varlistentry>
<varlistentry>
<term>revkey</term>
<listitem><para>
@@ -962,8 +965,10 @@ each time.
<listitem><para>
This is a space or comma delimited string that gives options for the
keyserver. Options can be prepended with a `no-' to give the opposite
-meaning. While not all options are available for all keyserver types,
-some common options are:
+meaning. Valid import-options or export-options may be used here as
+well to apply to importing (--recv-key) or exporting (--send-key) a
+key from a keyserver. While not all options are available for all
+keyserver types, some common options are:
<variablelist>
<varlistentry>
@@ -1027,11 +1032,80 @@ keyring.
</para></listitem></varlistentry>
<varlistentry>
+<term>--import-options <parameter>parameters</parameter></term>
+<listitem><para>
+This is a space or comma delimited string that gives options for
+importing keys. Options can be prepended with a `no-' to give the
+opposite meaning. The options are:
+<variablelist>
+
+<varlistentry>
+<term>allow-local-sigs</term>
+<listitem><para>
+Allow importing key signatures marked as "local". This is not
+generally useful unless a shared keyring scheme is being used.
+Defaults to no.
+</para></listitem></varlistentry>
+
+<varlistentry>
+<term>repair-hkp-subkey-bug</term>
+<listitem><para>
+During import, attempt to repair the HKP keyserver mangling multiple
+subkeys bug. Note that this cannot completely repair the damaged key
+as some crucial data is removed by the keyserver, but it does at least
+give you back one subkey. Defaults to no for regular --import and to
+yes for keyserver --recv-keys.
+</para></listitem></varlistentry>
+
+</variablelist>
+</para></listitem></varlistentry>
+
+<varlistentry>
+<term>--export-options <parameter>parameters</parameter></term>
+<listitem><para>
+This is a space or comma delimited string that gives options for
+exporting keys. Options can be prepended with a `no-' to give the
+opposite meaning. The options are:
+<variablelist>
+
+<varlistentry>
+<term>include-non-rfc</term>
+<listitem><para>
+Include non-RFC compliant keys in the export. Defaults to yes.
+</para></listitem></varlistentry>
+
+<varlistentry>
+<term>include-local-sigs</term>
+<listitem><para>
+Allow exporting key signatures marked as "local". This is not
+generally useful unless a shared keyring scheme is being used.
+Defaults to no.
+</para></listitem></varlistentry>
+
+<varlistentry>
+<term>include-attributes</term>
+<listitem><para>
+Include attribute user IDs (photo IDs) while exporting. This is
+useful to export keys if they are going to be used by an OpenPGP
+program that does not accept attribute user IDs. Defaults to yes.
+</para></listitem></varlistentry>
+
+<varlistentry>
+<term>include-sensitive-revkeys</term>
+<listitem><para>
+Include designated revoker information that was marked as
+"sensitive". Defaults to no.
+</para></listitem></varlistentry>
+
+</variablelist>
+</para></listitem></varlistentry>
+
+<varlistentry>
<term>--show-photos</term>
<listitem><para>
-Causes --list-keys, --list-sigs, --list-public-keys, and
---list-secret-keys to also display the photo ID attached to a key, if
-any.
+Causes --list-keys, --list-sigs, --list-public-keys,
+--list-secret-keys, and verifying a signature to also display the
+photo ID attached to the key, if any.
See also --photo-viewer.
</para></listitem></varlistentry>
@@ -1058,6 +1132,15 @@ stdin"
</para></listitem></varlistentry>
<varlistentry>
+<term>--exec-path &ParmString;</term>
+<listitem><para>
+Sets a list of directories to search for photo viewers and keyserver
+helpers. If not provided, keyserver helpers use the compiled-in
+default directory, and photo viewers use the $PATH environment
+variable.
+</para></listitem></varlistentry>
+
+<varlistentry>
<term>--show-keyring</term>
<listitem><para>
Causes --list-keys, --list-public-keys, and --list-secret-keys to
@@ -1427,7 +1510,10 @@ method will be part of an enhanced OpenPGP specification but GnuPG
already uses it as a countermeasure against certain attacks. Old
applications don't understand this new format, so this option may be
used to switch back to the old behaviour. Using this this option
-bears a security risk.
+bears a security risk. Note that using this option only takes effect
+when the secret key is encrypted - the simplest way to make this
+happen is to change the passphrase on the key (even changing it to the
+same value is acceptable).
</para></listitem></varlistentry>
@@ -1617,8 +1703,9 @@ Resets the --pgp6 option.
<term>--pgp7</term>
<listitem><para>
Set up all options to be as PGP 7 compliant as possible. This is
-identical to --pgp6 except that the list of allowable ciphers is
-expanded to add AES128, AES192, AES256, and TWOFISH.
+identical to --pgp6 except that MDCs are not disabled, and the list of
+allowable ciphers is expanded to add AES128, AES192, AES256, and
+TWOFISH.
</para></listitem></varlistentry>
<varlistentry>
@@ -1792,6 +1879,11 @@ Suppress the warning about "using insecure memory".
Suppress the warning about unsafe file permissions.
</para></listitem></varlistentry>
+<varlistentry>
+<term>--no-mdc-warning</term>
+<listitem><para>
+Suppress the warning about missing MDC integrity protection.
+</para></listitem></varlistentry>
<varlistentry>
<term>--no-armor</term>