See ChangeLog: Thu Mar 11 16:39:46 CET 1999 Werner Koch

author: Werner Koch <wk@gnupg.org> 1999-03-11 16:42:06 +0100
committer: Werner Koch <wk@gnupg.org> 1999-03-11 16:42:06 +0100
commit: e95a22a6d214edbb604ffe3292ad11ee096bf9a0 (patch)
tree: db513c500ee4997d2645cbe71dbda7701e9f213a /doc
parent: See ChangeLog: Wed Mar 10 11:26:18 CET 1999 Werner Koch (diff)
download: gnupg2-e95a22a6d214edbb604ffe3292ad11ee096bf9a0.tar.xz
gnupg2-e95a22a6d214edbb604ffe3292ad11ee096bf9a0.zip
2 files changed, 30 insertions, 45 deletions
diff --git a/doc/DETAILS b/doc/DETAILS
index e204b44b0..81b9dce5d 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -131,6 +131,9 @@ Key generation
     8) Continue with step 4 if we did not find a prime in step 7.
     9) Find a generator for that prime.
 
+    This algorithm is based on Lim and Lee's suggestion from the
+    Crypto '97 proceedings p. 260.
+
 
 
 Layout of the TrustDB
@@ -158,7 +161,9 @@ Record type 1:
 	    validity value from the dir record can be used.
      1 u32  locked flags
      1 u32  timestamp of trustdb creation
-     1 u32  timestamp of last modification
+     1 u32  timestamp of last modification which may affect the validity
+	    of keys in the trustdb.  This value is checked against the
+	    validity timestamp in the dir records.
      1 u32  timestamp of last validation
 	    (Used to keep track of the time, when this TrustDB was checked
 	     against the pubring)
@@ -183,8 +188,9 @@ Record type 2: (directory record)
      1 u32   cache record
      1 byte  ownertrust
      1 byte  dirflag
-     1 byte  validity of the key calucalted over all user ids
-    19 byte reserved
+     1 byte  maximum validity of all the user ids
+     4 byte  time of last validity check.
+    15 byte reserved
 
 
 Record type 3:	(key record)
@@ -247,7 +253,7 @@ Record type 6  (sigrec)
      6 times
 	1 u32  Local_id of signators dir or shadow dir record
 	1 byte Flag: Bit 0 = checked: Bit 1 is valid (we have a real
-			      directory record for this)
+			     directory record for this)
 			 1 = valid is set (but my be revoked)
 
 
@@ -276,7 +282,7 @@ Record type 8: (shadow directory record)
 
 
 
-Record type 9:	(cache record)
+Record type 9:	(cache record) NOT USED
 --------------
     Used to bind the trustDB to the concrete instance of keyblock in
     a pubring. This is used to cache information.
@@ -298,13 +304,7 @@ Record type 9:	(cache record)
      1 byte   number of marginal trusted signatures.
      1 byte   number of fully trusted signatures.
 	      (255 is stored for all values greater than 254)
-     1 byte   Trustlevel
-		0 = undefined (not calculated)
-		1 = unknown
-		2 = not trusted
-		3 = marginally trusted
-		4 = fully trusted
-		5 = ultimately trusted (have secret key too).
+     1 byte   Trustlevel  (see trustdb.h)
 
 
 Record Type 10 (hash table)
@@ -459,13 +459,6 @@ Other Notes
       to keep them small.
 
 
-Supported targets:
-------------------
-      powerpc-unknown-linux-gnu  (linuxppc)
-      hppa1.1-hp-hpux10.20
-
-
-
 
 
 
diff --git a/doc/gpg.1pod b/doc/gpg.1pod
index 5fa703dab..e0703e66e 100644
--- a/doc/gpg.1pod
+++ b/doc/gpg.1pod
@@ -75,7 +75,7 @@ B<-k> [I<username>] [I<keyring>]
     B<-kvc>   List fingerprints
     B<-kvvc>  List fingerprints and signatures
 
-B<--list-keys>	[I<names>]
+B<--list-keys>  [I<names>]
     List all keys from the public keyrings, or just the
     ones given on the command line.
 
@@ -83,7 +83,7 @@ B<--list-secret-keys> [I<names>]
     List all keys from the secret keyrings, or just the
     ones given on the command line.
 
-B<--list-sigs>	[I<names>]
+B<--list-sigs>  [I<names>]
     Same as B<--list-keys>, but the signatures are listed
     too.
 
@@ -117,6 +117,11 @@ B<--edit-key> I<name>
       asks whether it should be signed. This
       question is repeated for all users specified
       with B<-u>.
+    B<lsign>
+      Same as B<sign> but the signature is marked as
+      non-exportbale and will therefore never be used
+      by others.  This may be used to make keys valid
+      only in the local environment.
     B<trust>
       Change the owner trust value. This updates the
       trust-db immediately and no save is required.
@@ -129,7 +134,7 @@ B<--edit-key> I<name>
     B<delkey>
        Remove a subkey.
     B<expire>
-       Change the key expiration time.	If a key is
+       Change the key expiration time.  If a key is
        selected, the time of this key will be changed.
        With no selection the key expiration of the
        primary key is changed.
@@ -200,7 +205,7 @@ B<--export-secret-keys> [I<names>]
     This is normally not very useful.
 
 B<--import>, B<--fast-import>
-    Import/merge keys.	The fast version does not build
+    Import/merge keys.  The fast version does not build
     the trustdb; this can be done at any time with the
     command B<--update-trustdb>.
 
@@ -217,7 +222,7 @@ B<--import-ownertrust> [I<filename>]
 
 Long options can be put in an options file (default F<~/.gnupg/options>).
 Do not write the 2 dashes, but simply the name of the option and any
-required arguments.	Lines with a hash as the first non-white-space
+required arguments.     Lines with a hash as the first non-white-space
 character are ignored. Commands may be put in this file too, but that
 does not make sense.
 
@@ -240,20 +245,7 @@ B<--default-key>  I<name>
     is not used the default user-id is the first user-id
     from the secret keyring.
 
-B<--trusted-key>  I<keyid>
-    Assume that the key with the I<keyid> (which must be
-    a full (8 byte) keyid) is as trustworthy as one of
-    your own secret keys.  This may be used to make keys
-    valid which are not directly certified by you but
-    by a CA you trust.	The advantage of this option is
-    that it shortens the path of certification.
-
-    You may also use this option to skip the verification
-    of your own secret keys which is normally done every
-    time GnuPG starts up by using the I<keyid> of
-    your key.
-
-B<-r>  I<name>, B<--recipient>	I<name>
+B<-r>  I<name>, B<--recipient>  I<name>
     Encrypt for user id I<name>.  If this option is not
     specified, GnuPG asks for the user id.
 
@@ -523,11 +515,11 @@ a signature was bad, and other error codes for fatal errors.
 
 =head1 EXAMPLES
 
-  -se -r Bob [file]	     sign and encrypt for user Bob
-  -sat [file]		     make a clear text signature
-  -sb  [file]		     make a detached signature
-  -k   [userid] 	     show keys
-  -kc  [userid] 	     show fingerprint
+  -se -r Bob [file]          sign and encrypt for user Bob
+  -sat [file]                make a clear text signature
+  -sb  [file]                make a detached signature
+  -k   [userid]              show keys
+  -kc  [userid]              show fingerprint
 
 =head1 ENVIRONMENT
 
@@ -545,14 +537,14 @@ F<~/.gnupg/pubring.gpg.lock> and the lock file
 F<~/.gnupg/trustdb.gpg>      The trust database
 F<~/.gnupg/trustdb.gpg.lock> and the lock file
 
-F<~/.gnupg/options>	    May contain options
+F<~/.gnupg/options>         May contain options
 F</usr[/local]/share/gnupg/options.skel> Skeleton file
 
 F</usr[/local]/lib/gnupg/>  Default location for extensions
 
 =head1 SEE ALSO
 
-gpg(1)	gpgm(1)
+gpg(1)  gpgm(1)
 
 
 =head1 WARNINGS
author	Werner Koch <wk@gnupg.org>	1999-03-11 16:42:06 +0100
committer	Werner Koch <wk@gnupg.org>	1999-03-11 16:42:06 +0100
commit	e95a22a6d214edbb604ffe3292ad11ee096bf9a0 (patch)
tree	db513c500ee4997d2645cbe71dbda7701e9f213a /doc
parent	See ChangeLog: Wed Mar 10 11:26:18 CET 1999 Werner Koch (diff)
download	gnupg2-e95a22a6d214edbb604ffe3292ad11ee096bf9a0.tar.xz gnupg2-e95a22a6d214edbb604ffe3292ad11ee096bf9a0.zip