diff options
author | David Shaw <dshaw@jabberwocky.com> | 2002-07-30 23:38:14 +0200 |
---|---|---|
committer | David Shaw <dshaw@jabberwocky.com> | 2002-07-30 23:38:14 +0200 |
commit | 46e07daa31ee8eb79b3a4720ae7a4205a72fd091 (patch) | |
tree | 6e6ef481a4846dcd7e4562359c2c58683a9140fa /doc | |
parent | Changed the lincese for Assuan to LGPL. (diff) | |
download | gnupg2-46e07daa31ee8eb79b3a4720ae7a4205a72fd091.tar.xz gnupg2-46e07daa31ee8eb79b3a4720ae7a4205a72fd091.zip |
* gpg.sgml: Clarify --edit/addrevoker (sensitive), and --keyserver-options
(--import/export-options may be used as well). Document --import-options
and --export-options with their various options. --show-photos now works
during signature verification as well. Document --exec-path. Note in
--simple-sk-checksum that the passphrase must be changed for this to take
effect. Note that --pgp7 does not disable MDC. Document
--no-mdc-warning.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/ChangeLog | 10 | ||||
-rw-r--r-- | doc/gpg.sgml | 110 |
2 files changed, 111 insertions, 9 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog index 0cea43a9a..b8e7e6551 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,13 @@ +2002-07-30 David Shaw <dshaw@jabberwocky.com> + + * gpg.sgml: Clarify --edit/addrevoker (sensitive), and + --keyserver-options (--import/export-options may be used as well). + Document --import-options and --export-options with their various + options. --show-photos now works during signature verification as + well. Document --exec-path. Note in --simple-sk-checksum that + the passphrase must be changed for this to take effect. Note that + --pgp7 does not disable MDC. Document --no-mdc-warning. + 2002-07-25 David Shaw <dshaw@jabberwocky.com> * gpg.sgml: Clarify the differences between "pref" and "showpref". diff --git a/doc/gpg.sgml b/doc/gpg.sgml index 892591058..2ae5a7d80 100644 --- a/doc/gpg.sgml +++ b/doc/gpg.sgml @@ -349,7 +349,10 @@ Remove a subkey.</para></listitem></varlistentry> <varlistentry> <term>addrevoker</term> <listitem><para> -Add a designated revoker.</para></listitem></varlistentry> +Add a designated revoker. This takes one optional argument: +"sensitive". If a designated revoker is marked as sensitive, it will +not be exported by default (see +export-options).</para></listitem></varlistentry> <varlistentry> <term>revkey</term> <listitem><para> @@ -962,8 +965,10 @@ each time. <listitem><para> This is a space or comma delimited string that gives options for the keyserver. Options can be prepended with a `no-' to give the opposite -meaning. While not all options are available for all keyserver types, -some common options are: +meaning. Valid import-options or export-options may be used here as +well to apply to importing (--recv-key) or exporting (--send-key) a +key from a keyserver. While not all options are available for all +keyserver types, some common options are: <variablelist> <varlistentry> @@ -1027,11 +1032,80 @@ keyring. </para></listitem></varlistentry> <varlistentry> +<term>--import-options <parameter>parameters</parameter></term> +<listitem><para> +This is a space or comma delimited string that gives options for +importing keys. Options can be prepended with a `no-' to give the +opposite meaning. The options are: +<variablelist> + +<varlistentry> +<term>allow-local-sigs</term> +<listitem><para> +Allow importing key signatures marked as "local". This is not +generally useful unless a shared keyring scheme is being used. +Defaults to no. +</para></listitem></varlistentry> + +<varlistentry> +<term>repair-hkp-subkey-bug</term> +<listitem><para> +During import, attempt to repair the HKP keyserver mangling multiple +subkeys bug. Note that this cannot completely repair the damaged key +as some crucial data is removed by the keyserver, but it does at least +give you back one subkey. Defaults to no for regular --import and to +yes for keyserver --recv-keys. +</para></listitem></varlistentry> + +</variablelist> +</para></listitem></varlistentry> + +<varlistentry> +<term>--export-options <parameter>parameters</parameter></term> +<listitem><para> +This is a space or comma delimited string that gives options for +exporting keys. Options can be prepended with a `no-' to give the +opposite meaning. The options are: +<variablelist> + +<varlistentry> +<term>include-non-rfc</term> +<listitem><para> +Include non-RFC compliant keys in the export. Defaults to yes. +</para></listitem></varlistentry> + +<varlistentry> +<term>include-local-sigs</term> +<listitem><para> +Allow exporting key signatures marked as "local". This is not +generally useful unless a shared keyring scheme is being used. +Defaults to no. +</para></listitem></varlistentry> + +<varlistentry> +<term>include-attributes</term> +<listitem><para> +Include attribute user IDs (photo IDs) while exporting. This is +useful to export keys if they are going to be used by an OpenPGP +program that does not accept attribute user IDs. Defaults to yes. +</para></listitem></varlistentry> + +<varlistentry> +<term>include-sensitive-revkeys</term> +<listitem><para> +Include designated revoker information that was marked as +"sensitive". Defaults to no. +</para></listitem></varlistentry> + +</variablelist> +</para></listitem></varlistentry> + +<varlistentry> <term>--show-photos</term> <listitem><para> -Causes --list-keys, --list-sigs, --list-public-keys, and ---list-secret-keys to also display the photo ID attached to a key, if -any. +Causes --list-keys, --list-sigs, --list-public-keys, +--list-secret-keys, and verifying a signature to also display the +photo ID attached to the key, if any. See also --photo-viewer. </para></listitem></varlistentry> @@ -1058,6 +1132,15 @@ stdin" </para></listitem></varlistentry> <varlistentry> +<term>--exec-path &ParmString;</term> +<listitem><para> +Sets a list of directories to search for photo viewers and keyserver +helpers. If not provided, keyserver helpers use the compiled-in +default directory, and photo viewers use the $PATH environment +variable. +</para></listitem></varlistentry> + +<varlistentry> <term>--show-keyring</term> <listitem><para> Causes --list-keys, --list-public-keys, and --list-secret-keys to @@ -1427,7 +1510,10 @@ method will be part of an enhanced OpenPGP specification but GnuPG already uses it as a countermeasure against certain attacks. Old applications don't understand this new format, so this option may be used to switch back to the old behaviour. Using this this option -bears a security risk. +bears a security risk. Note that using this option only takes effect +when the secret key is encrypted - the simplest way to make this +happen is to change the passphrase on the key (even changing it to the +same value is acceptable). </para></listitem></varlistentry> @@ -1617,8 +1703,9 @@ Resets the --pgp6 option. <term>--pgp7</term> <listitem><para> Set up all options to be as PGP 7 compliant as possible. This is -identical to --pgp6 except that the list of allowable ciphers is -expanded to add AES128, AES192, AES256, and TWOFISH. +identical to --pgp6 except that MDCs are not disabled, and the list of +allowable ciphers is expanded to add AES128, AES192, AES256, and +TWOFISH. </para></listitem></varlistentry> <varlistentry> @@ -1792,6 +1879,11 @@ Suppress the warning about "using insecure memory". Suppress the warning about unsafe file permissions. </para></listitem></varlistentry> +<varlistentry> +<term>--no-mdc-warning</term> +<listitem><para> +Suppress the warning about missing MDC integrity protection. +</para></listitem></varlistentry> <varlistentry> <term>--no-armor</term> |