summaryrefslogtreecommitdiffstats
path: root/doc/gpg.sgml
diff options
context:
space:
mode:
Diffstat (limited to 'doc/gpg.sgml')
-rw-r--r--doc/gpg.sgml48
1 files changed, 43 insertions, 5 deletions
diff --git a/doc/gpg.sgml b/doc/gpg.sgml
index 6b851662b..ced9b313c 100644
--- a/doc/gpg.sgml
+++ b/doc/gpg.sgml
@@ -35,10 +35,10 @@
<!entity OptParmFile "<optional>&ParmFile;</optional>">
<!entity ParmFiles "<parameter>files</parameter>">
<!entity OptParmFiles "<optional>&ParmFiles;</optional>">
-<!entity ParmNames "<parameter>names</parameter>">
-<!entity OptParmNames "<optional>&ParmNames;</optional>">
<!entity ParmName "<parameter>name</parameter>">
<!entity OptParmName "<optional>&ParmName;</optional>">
+<!entity ParmNames "<parameter>names</parameter>">
+<!entity OptParmNames "<optional>&ParmNames;</optional>">
<!entity ParmKeyIDs "<parameter>key IDs</parameter>">
<!entity OptParmKeyIDs "<optional>&ParmKeyIDs</optional>">
<!entity ParmN "<parameter>n</parameter>">
@@ -1238,7 +1238,6 @@ Select the trust model depending on whatever the internal trust
database says and enable the PKA sub model.
</para></listitem></varlistentry>
-
</variablelist></para></listitem></varlistentry>
<varlistentry>
@@ -1248,6 +1247,47 @@ Identical to `--trust-model always'. This option is deprecated.
</para></listitem></varlistentry>
<varlistentry>
+<term>--auto-key-locate <parameter>parameters</parameter></term>
+
+<listitem><para>
+
+GnuPG can automatically locate and retrieve keys as needed using this
+option. This happens when encrypting to an email address (in the
+"user@example.com" form), and there are no user@example.com keys on
+the local keyring. This option takes any number of the following
+arguments, in the order they are to be tried:
+
+<variablelist>
+
+<varlistentry><term>cert</term><listitem><para>
+locate a key using DNS CERT, as specified in 2538bis (currently in
+draft): http://www.josefsson.org/rfc2538bis/
+</para></listitem></varlistentry>
+
+<varlistentry><term>pka</term><listitem><para>
+locate a key using DNS PKA.
+</para></listitem></varlistentry>
+
+<varlistentry><term>ldap</term><listitem><para>
+locate a key using the PGP Universal method of checking
+"ldap://keys.(thedomain)".
+</para></listitem></varlistentry>
+
+<varlistentry><term>keyserver</term><listitem><para>
+locate a key using whatever keyserver is defined using the --keyserver
+option.
+</para></listitem></varlistentry>
+
+<varlistentry><term>(keyserver URL)</term><listitem><para>
+In addition, a keyserver URL as used in the --keyserver option may be
+used here to query that particular keyserver.
+</para></listitem></varlistentry>
+
+</variablelist>
+</para></listitem></varlistentry>
+
+
+<varlistentry>
<term>--allow-pka-lookup</term>
<listitem><para>
This option enables PKA lookups. PKA is based on DNS; thus enabling
@@ -1979,7 +2019,6 @@ Force inclusion of the version string in ASCII armored output.
<term>--cert-notation &ParmNameValue;</term>
<term>-N, --set-notation &ParmNameValue;</term>
<listitem><para>
-
Put the name value pair into the signature as notation data.
&ParmName; must consist only of printable characters or spaces, and
must contain a '@' character in the form keyname@domain.example.com
@@ -1992,7 +2031,6 @@ check that your --display-charset is set correctly. If you prefix
flagged as critical (rfc2440:5.2.3.15). --sig-notation sets a
notation for data signatures. --cert-notation sets a notation for key
signatures (certifications). --set-notation sets both.
-
</para>
<para>