See ChangeLog: Wed Feb 10 17:15:39 CET 1999 Werner Koch

3 files changed, 128 insertions, 133 deletions

diff --git a/doc/DETAILS b/doc/DETAILS
index 5e765728d..ed2ad04c3 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -79,7 +79,7 @@ more arguments in future versions.
 	The used key has been revoked by his owner.  No arguments yet.
 
     BADARMOR
-	The ascii armor is corrupted.  No arguments yet.
+	The ASCII armor is corrupted.  No arguments yet.
 
     RSA_OR_IDEA
 	The RSA or IDEA algorithms has been used in the data.  A
@@ -175,7 +175,7 @@ Record type 2: (directory record)
      1 u32   cache record
      1 byte  ownertrust
      1 byte  dirflag
-     1 byte  validity
+     1 byte  validity of the key calucalted over all user ids
     19 byte reserved
 
 
@@ -208,7 +208,7 @@ Record type 4: (uid record)
      1 u32  pointer to preference record
      1 u32  siglist  list of valid signatures
      1 byte uidflags
-     1 byte reserved
+     1 byte validity of the key calculated over this user id
      20 bytes ripemd160 hash of the username.
 
 
@@ -418,7 +418,7 @@ Usage of gdbm files for keyrings
 ================================
     The key to store the keyblock is it's fingerprint, other records
     are used for secondary keys.  fingerprints are always 20 bytes
-    where 16 bit fingerprints are appded with zero.
+    where 16 bit fingerprints are appended with zero.
     The first byte of the key gives some information on the type of the
     key.
       1 = key is a 20 bit fingerprint (16 bytes fpr are padded with zeroes)
diff --git a/doc/FAQ b/doc/FAQ
index b61bc5461..be2b6dc15 100644
--- a/doc/FAQ
+++ b/doc/FAQ
@@ -23,11 +23,10 @@
 
   GNUPG is also useful for signing things.  Things that are encrypted with
   the secret key can be decrypted with the public key. To sign something, a
-  hash is taken of the data, and then the hash is in some form encoded
-  with the secret
-  key. If someone has your public key, they can verify that it is from
-  you and that it hasn't changed by checking the encoded form of the
-  hash with the public key.
+  hash is taken of the data, and then the hash is in some form encoded with
+  the secret key. If someone has your public key, they can verify that it
+  is from you and that it hasn't changed by checking the encoded form of
+  the hash with the public key.
 
   A keyring is just a large file that stores keys. You have a public keyring
   where you store yours and your friend's public keys.  You have a secret
@@ -63,12 +62,12 @@
   or at a meeting of your local GNU/Linux User Group.
 
   Hmm, what else.  You may use the option  "-o filename" to force output
-  to this filename (use "-" to force output to stdout).
-  "-r" just lets you specify the recipient (which public key you encrypt with)
-  on the command line instead of typing it interactively.
+  to this filename (use "-" to force output to stdout). "-r" just lets you
+  specify the recipient (which public key you encrypt with) on the command
+  line instead of typing it interactively.
 
   Oh yeah, this is important. By default all data is encrypted in some weird
-  binary format.  If you want to have things appear in ascii text that is
+  binary format.  If you want to have things appear in ASCII text that is
   readable, just add the '-a' option.  But the preferred method is to use
   a MIME aware mail reader (Mutt, Pine and many more).
 
@@ -94,31 +93,31 @@
     a v3 packet.  GNUPG is the only program which had used
     these v3 ElGamal keys - so this assumption is quite safe.
 
- Q: Why is PGP 5.x not able to encrypt messages with my public key.
+ Q: Why is PGP 5.x not able to encrypt messages with my public key?
  A: PGP Inc refuses to accept ElGamal keys of type 20 even for
     encryption.  They only supports type 16 (which are identical
-    at least for decryption).  To be better interoperable, GNUPG
+    at least for decryption).  To be more inter-operable, GNUPG
     (starting with version 0.3.3) now also uses type 16 for the
     ElGamal subkey which is created if the default key algorithm
     is chosen.  You may add an type 16 ElGamal key to your public
     key which is easy as your key signatures are still valid.
 
- Q: Why is PGP 5.x not able to verify my messages.
+ Q: Why is PGP 5.x not able to verify my messages?
  A: PGP 5.x does not accept V4 signatures for data material but
     OpenPGP requires generation of V3 signatures for all kind of
     data.  Use the option "--force-v3-sigs" to generate V3 signatures
     for data.
 
  Q: I can't delete an user id because it is already deleted on my
-    public keyring.
+    public keyring?
  A: Because you can only select from the public key ring, there is
-    no direct way to do this.  However it is not so complicated
-    do to it anyway:  Create a new user id with exactly the same name,
-    you will notice that there are two identical user ids on the
-    secret ring now.  Now select this user id and delete it; both
-    user ids from the secret ring will be removed.
+    no direct way to do this.  However it is not very complicated
+    to do it anyway.  Create a new user id with exactly the same name
+    and you will see that there are now two identical user ids on the
+    secret ring.  Now select this user id and delete it.  Both user
+    ids will be removed from the secret ring.
 
- Q: How can I encrypt a message in way pgp 2.x is able to decrypt it later?
+ Q: How can I encrypt a message so that pgp 2.x is able to decrypt it?
  A: You can't do that because pgp 2.x normally uses IDEA which is not
     supported by GNUPG because it is patented, but if you have a modified
     version of PGP you can try this:
@@ -130,11 +129,11 @@
 
        gpg -c --cipher-algo 3des --compress-algo 1 --no-comment myfile
 
-    You may replace "3des" by "cast5"; "blowfish" does not work with
+    You may replace "3des" by "cast5". "blowfish" does not work with
     all versions of pgp5.  You may also want to put
        no-comment
        compress-algo 1
-    into your ~/.gnupg/options file - this does not affect the normal
+    into your ~/.gnupg/options file - this does not affect normal
     gnupg operation.
 
 
@@ -142,42 +141,40 @@
   A: The problem here is that we need a lot of random bytes and for that
   we (on Linux the /dev/random device) must collect some random data.
   It is really not easy to fill the Linux internal entropy buffer; I
-  talked to Ted Ts'o and he commited that the best way to fill the
-  buffer is to play with your keyboard.
-  Good security has it's price.
-  What I do is to hit several times on the shift,control, alternate,
-  capslock keys, as these keys do not produce any output to the screen.
-  This way you get your keys really fast (it's the same thing pgp2 does).
+  talked to Ted Ts'o and he commented that the best way to fill the buffer
+  is to play with your keyboard. Good security has it's price. What I do
+  is to hit several times on the shift, control, alternate, and capslock
+  keys, because these keys do not produce output to the screen. This way
+  you get your keys really fast (it's the same thing pgp2 does).
 
   Another problem might be another program which eats up your random bytes
   (a program (look at your daemons) that reads from /dev/[u]random).
 
   Q: And it really takes long when I work on a remote system. Why?
-  A: Don't do this at all!
-  You should never create keys or even use gnupg on a remote system because
-  you normally have
-  no physical control over your secret keyring (which is in most cases
-  vulnerable to advanced dictionary attacks) - I strongly encourage
-  everyone to only create keys on a local computer (a disconnected
-  laptop is probably the best choice) and if you need it on your
-  connected box (I know: We all do this) be sure to have a strong
-  password for your account, your secret key and trust your Root.
+  A: Don't do this at all! You should never create keys or even use gnupg
+  on a remote system because you normally have no physical control over
+  your secret keyring (which is in most cases vulnerable to advanced
+  dictionary attacks) - I strongly encourage everyone to only create keys
+  on a local computer (a disconnected laptop is probably the best choice)
+  and if you need it on your connected box (I know: We all do this) be
+  sure to have a strong password for your account and for your secret key
+  and trust your Root.
 
   When I check gnupg on a remote system via ssh (I have no Alpha here ;-)
-  I have the same problem too: it takes *very* long to create the keys,
-  so I use a special option --quick-random to generate insecure keys which are
-  only good for some tests.
+  I have the same problem.  It takes a *very* long time to create the
+  keys, so I use a special option, --quick-random, to generate insecure
+  keys which are only good for some tests.
 
 
   Q: How does the whole trust thing work?
-  A: It works more or less like PGP.  The difference is, that the trust is
-  computed at the time it is needed; this is one of the reasons for the
+  A: It works more or less like PGP.  The difference is that the trust is
+  computed at the time it is needed. This is one of the reasons for the
   trustdb which holds a list of valid key signatures.  If you are not
   running in batch mode you will be asked to assign a trust parameter
   (ownertrust) to a key.  I have plans to use a cache for calculated
   trust values to speed up calculation.
 
-  You can see the validity (calculated trust value) using this command:
+  You can see the validity (calculated trust value) using this command.
 
       gpgm --list-keys --with-colons
 
@@ -193,13 +190,13 @@
 	 is only used for keys for which
 	 the secret key is also available.
 
-  You can get a list of the assigned trust values (how far you trust
-  the owner to correctly sign another one's key)
+  You can get a list of the assigned trust values (how much you trust
+  the owner to correctly sign another person's key)
 
       gpgm --list-ownertrust
 
-  The first field is the fingerprint of the primary key, the second one
-  the assigned value:
+  The first field is the fingerprint of the primary key, the second field
+  is the assigned value:
 
       - = No Ownertrust value yet assigned.
       n = Never trust this keyholder to correctly verify others signatures.
@@ -207,42 +204,42 @@
       f = Assume that the key holder really knows how to sign keys.
       u = No need to trust ourself because we have the secret key.
 
-  Please keep these values confidential, as they express some opinions of
-  you about others. PGP does store these information with the keyring, so
-  it is not a good idea to publish the keyring instead of exporting the
-  keyring - gnupg stores the trust in the trust-DB and therefor it is okay
-  to give the keyring away (but we have a --export command too).
+  Keep these values confidential because they express your opinions
+  about others.  PGP stores this information with the keyring thus
+  it is not a good idea to publish a PGP keyring instead of exporting the
+  keyring.  gnupg stores the trust in the trust-DB so it is okay
+  to give a gpg keyring away (but we have a --export command too).
 
 
   Q: What is the difference between options and commands?
-  A: If you do a "gpg --help", you will get two separate lists. The first is a list
-  of commands. The second is a list of options. Whenever you run GPG, you *must*
-  pick exactly one command (**with one exception, see below). You *may* pick one
-  or more options.  The command should, just by convention, come at the end of the
-  argument list, after all the options. If the command takes a file (all the
-  basic ones do), the filename comes at the very end. So the basic way to
-  run gpg is:
+  A: If you do a "gpg --help", you will get two separate lists. The first is
+  a list of commands. The second is a list of options. Whenever you run GPG,
+  you *must* pick exactly one command (**with one exception, see below). You
+  *may* pick one or more options.  The command should, just by convention,
+  come at the end of the argument list, after all the options. If the
+  command takes a file (all the basic ones do), the filename comes at the
+  very end. So the basic way to run gpg is:
 
    gpg [--option something] [--option2] [--option3 something] --command file
 
   Some options take arguments, for example the --output option (which can be
-  abbreviated -o) is an option which takes a filename. The option's argument
-  must follow immediately after the option itself: otherwise gpg doesn't know
+  abbreviated -o) is an option that takes a filename. The option's argument
+  must follow immediately after the option itself, otherwise gpg doesn't know
   which option the argument is supposed to go with. As an option, --output and
   its filename must come before the command. The --remote-user (-r) option takes
   a name or keyid to encrypt the message to, which must come right after the -r
-  argument.  The --encrypt (or -e) command comes after all the options, followed
-  by the file you wish to encrypt. So use:
+  argument.  The --encrypt (or -e) command comes after all the options followed
+  by the file you wish to encrypt. So use
 
    gpg -r alice -o secret.txt -e test.txt
 
-  If you write the options out in full, it is easier to read:
+  If you write the options out in full, it is easier to read
 
    gpg --remote-user alice --output secret.txt --encrypt test.txt
 
   If you're saving it in a file called ".txt" then you'd probably expect to see
-  ascii-armored text in there, so you need to add the --armor (-a) option,
-  which doesn't take any arguments:
+  ASCII-armored text in there, so you need to add the --armor (-a) option,
+  which doesn't take any arguments.
 
    gpg --armor --remote-user alice --output secret.txt --encrypt test.txt
 
@@ -251,7 +248,7 @@
 
    gpg [--armor] [--remote-user alice] [--output secret.txt] --encrypt test.txt
 
-  The optional parts can be rearranged any way you want:
+  The optional parts can be rearranged any way you want.
 
    gpg --output secret.txt --remote-user alice --armor --encrypt test.txt
 
@@ -268,30 +265,30 @@
   Q: What kind of output is this: "key C26EE891.298, uid 09FB: ...."?
   A: This is the internal representation of an user id in the trustdb.
      "C26EE891" is the keyid, "298" is the local id (a record number
-     in the trustdb) and "09FB" are the last two bytes of a ripe-md-160
+     in the trustdb) and "09FB" is the last two bytes of a ripe-md-160
      hash of the user id for this key.
 
 
   Q: What is trust, validity and ownertrust?
   A: "ownertrust" is used instead of "trust" to make clear that
-     this is the value you have assigned to key to express, how far you
+     this is the value you have assigned to key to express how much you
      trust the owner of this key to correctly sign (and so introduce)
-     other keys.  "validity" or calculated trust is a value which
-     says, how far the gnupg thinks a key is valid (that it really belongs
+     other keys.  "validity", or calculated trust, is a value which
+     says how much the gnupg thinks a key is valid (that it really belongs
      to the one who claims to be the owner of the key).
      For more see the chapter "The Web of Trust" in the
      Manual [gpg: Oops: Internal error: manual not found - sorry]
 
-  Q: How do interpret some of the informational outputs:
-  A: While checking the validness of a key, GnuPG sometimes print
-     some informations which are prefixed with information about
-     the checked item:
+  Q: How do interpret some of the informational outputs?
+  A: While checking the validity of a key, GnuPG sometimes prints
+     some information which is prefixed with information about
+     the checked item.
 	"key 12345678.3456"
      This is about the key with key ID 12345678 and the internal
      number 3456, which is the record number of the so called
      directory record in the trustdb.
 	"uid 12345678.3456/ACDE"
-     This is about the user ID for the same key; to identify the
+     This is about the user ID for the same key.  To identify the
      user ID the last two bytes of a ripe-md-160 over the user ID
      ring is printed.
 	"sig 12345678.3456/ACDE/9A8B7C6D"
@@ -302,15 +299,14 @@
 
   Q: How do I sign a patch file?
   A: Use "gpg --clearsign --not-dash-escaped ...".
-     The problem with --clearsign is
-     that all lines starting with a dash are quoted with "- "; obviously
-     diff produces many of lines starting with a dash and these are
-     then quoted and that is not good for patch ;-).  In order to use
-     a patch file without removing the cleartext signature, the special
-     option --not-dash-escaped may be used to suppress generation of
-     these escape sequences.  You should not mail such a patch because
-     spaces and line endings are also subject to the signature and a mailer
-     may not preserve these.  If you want to mail a file you can simply sign
-     it using your MUA.
+     The problem with --clearsign is that all lines starting with a dash are
+     quoted with "- "; obviously diff produces many of lines starting with a
+     dash and these are then quoted and that is not good for patch ;-).  To
+     use a patch file without removing the cleartext signature, the special
+     option --not-dash-escaped may be used to suppress generation of these
+     escape sequences.  You should not mail such a patch because spaces and
+     line endings are also subject to the signature and a mailer may not
+     preserve these.  If you want to mail a file you can simply sign it
+     using your MUA.
 
 
diff --git a/doc/gpg.1pod b/doc/gpg.1pod
index 21cc126bf..f7e5a4ce8 100644
--- a/doc/gpg.1pod
+++ b/doc/gpg.1pod
@@ -67,7 +67,7 @@ B<-k> [I<username>] [I<keyring>]
     Kludge to be somewhat compatible with PGP.
     Without arguments, all public keyrings are listed.
     With one argument, only I<keyring> is listed.
-    Special combinations are also allowed, but it may
+    Special combinations are also allowed, but they may
     give strange results when combined with more options.
     B<-kv>    Same as B<-k>
     B<-kvv>   List the signatures with every key.
@@ -130,7 +130,7 @@ B<--edit-key> I<name>
        Remove a subkey.
     B<expire>
        Change the key expiration time.	If a key is
-       select, the time of this key will be changed.
+       selected, the time of this key will be changed.
        With no selection the key expiration of the
        primary key is changed.
     B<passwd>
@@ -154,10 +154,10 @@ B<--edit-key> I<name>
        key rings.
     The listing shows you the key with its secondary
     keys and all user ids. Selected keys or user ids
-    indicated by an asterisk. The trust value is
-    displayed with the primary key: The first one is the
-    assigned owner trust and the second the calculated
-    trust value; letters are used for the values:
+    are indicated by an asterisk. The trust value is
+    displayed with the primary key: the first is the
+    assigned owner trust and the second is the calculated
+    trust value.  Letters are used for the values:
       B<->  No ownertrust assigned / not yet calculated.
       B<e>  Trust calculation has failed.
       B<q>  Not enough information for calculation.
@@ -201,11 +201,11 @@ B<--export-secret-keys> [I<names>]
 
 B<--import>, B<--fast-import>
     Import/merge keys.	The fast version does not build
-    the trustdb; this can be deon at anytime with the
+    the trustdb; this can be done at any time with the
     command B<--update-trustdb>.
 
 B<--export-ownertrust>
-    List the assigned ownertrust values in ascii format
+    List the assigned ownertrust values in ASCII format
     for backup purposes [B<gpgm> only].
 
 B<--import-ownertrust> [I<filename>]
@@ -215,9 +215,9 @@ B<--import-ownertrust> [I<filename>]
 
 =head1 OPTIONS
 
-Long options can be put in an options file (default F<~/.gnupg/options>);
-do not write the 2 dashes, but simply the name of the option and any
-arguments if required.	Lines with a hash as the first non-white-space
+Long options can be put in an options file (default F<~/.gnupg/options>).
+Do not write the 2 dashes, but simply the name of the option and any
+required arguments.	Lines with a hash as the first non-white-space
 character are ignored. Commands may be put in this file too, but that
 does not make sense.
 
@@ -250,7 +250,7 @@ B<--trusted-key>  I<keyid>
 
     You may also use this option to skip the verification
     of your own secret keys which is normally done every
-    time GnuPG starts up:  Use for I<keyid> the one of
+    time GnuPG starts up by using the I<keyid> of
     your key.
 
 B<-r>  I<name>, B<--recipient>	I<name>
@@ -268,7 +268,7 @@ B<-q>, B<--quiet>
 B<-z> I<n>
     Set compress level to I<n>. A value of 0 for I<n>
     disables compression. Default is to use the default
-    compression level of zlib (which is 6).
+    compression level of zlib (normally 6).
 
 B<-t>, B<--textmode>
     Use canonical text mode.  If B<-t> (but not
@@ -276,17 +276,17 @@ B<-t>, B<--textmode>
     and signing, this enables clearsigned messages.
     This kludge is needed for PGP compatibility;
     normally you would use B<--sign> or B<--clearsign>
-    to selected the type os signatures.
+    to selected the type of the signature.
 
 B<-n>, B<--dry-run>
     Don't make any changes (not yet implemented).
 
 B<--batch>
-    Batch mode; never ask, do not allow interactive
+    Use batch mode.  Never ask, do not allow interactive
     commands.
 
 B<--no-batch>
-    Disable batch mode; this may be used if B<batch>
+    Disable batch mode.  This may be used if B<batch>
     is used in the options file.
 
 B<--yes>
@@ -297,7 +297,7 @@ B<--no>
 
 B<--keyserver> I<name>
     Use I<name> to lookup keys which are not yet in
-    your keyring; this is only done while verifying
+    your keyring.  This is only done while verifying
     messages with signatures.  The option is also
     required for the command B<--send-keys> to
     specify the keyserver to where the keys should
@@ -374,11 +374,11 @@ B<--set-filename> I<string>
 
 B<--completes-needed> I<n>
     Number of completely trusted users to introduce a new
-    key signator (defaults to 1).
+    key signer (defaults to 1).
 
 B<--marginals-needed> I<n>
     Number of marginally trusted users to introduce a new
-    key signator (defaults to 3)
+    key signer (defaults to 3)
 
 B<--max-cert-depth> I<n>
     Maximum depth of a certification chain (default is 5).
@@ -409,7 +409,7 @@ B<--s2k-digest-algo> I<name>
     encryption if B<--digest-algo> is not given.
 
 B<--s2k-mode> I<number>
-    Selects how passphrases are mangled: A number of I<0>
+    Selects how passphrases are mangled. A number of I<0>
     uses the plain passphrase (which is not recommended),
     a I<1> (default) adds a salt to the passphrase and
     I<3> iterates the whole process a couple of times.
@@ -418,12 +418,12 @@ B<--s2k-mode> I<number>
 
 B<--compress-algo> I<number>
     Use compress algorithm I<number>. Default is I<2> which is
-    RFC1950 compression; you may use I<1> to use the old zlib
-    version which is used by PGP.
-    The default algorithm may give better
-    results because the window size is not limited to 8K.
-    If this is not used the OpenPGP behavior is used; i.e.
-    the compression algorithm is selected from the preferences.
+    RFC1950 compression. You may use I<1> to use the old zlib
+    version which is used by PGP. The default algorithm may
+    give better results because the window size is not limited
+    to 8K. If this is not used the OpenPGP behavior is used,
+    i.e. the compression algorithm is selected from the
+    preferences.
 
 B<--digest-algo> I<name>
     Use I<name> as message digest algorithm. Running the
@@ -438,21 +438,20 @@ B<--throw-keyid>
     process because all available secret keys are tried.
 
 B<--not-dash-escaped>
-    This option changes the behavior of cleartext signature
+    This option changes the behavior of cleartext signatures
     so that they can be used for patch files. You should not
     send such an armored file via email because all spaces
     and line endings are hashed too.  You can not use this
-    option for data which has 5 dashes somewhere at the
-    beginning of a line - patch files don't have this.
-    A special armor header line tells GnuPG about this
-    cleartext signature framework.
+    option for data which has 5 dashes at the beginning of a
+    line, patch files don't have this. A special armor header
+    line tells GnuPG about this cleartext signature option.
 
 B<--escape-from-lines>
     Because some mailers change lines starting with "From "
     to ">From " it is good to handle such lines in a special
-    way when creating cleartext signatures; all other PGP
-    versions do it this way too.  Because this would violate
-    rfc2440, this option is not enabled per default.
+    way when creating cleartext signatures. All other PGP
+    versions do it this way too. This option is not enabled
+    by default because it would violate rfc2440.
 
 B<--passphrase-fd> I<n>
     Read the passphrase from file descriptor I<n>. If you use
@@ -464,10 +463,10 @@ B<--rfc1991>
     Try to be more RFC1991 (PGP 2.x) compliant.
 
 B<--force-v3-sigs>
-    OpenPGP states that a implementation should generate
-    v4 signatures but PGP 5.x does only recognize such
-    signatures on key material.  This options forces
-    v3 signatures for signatures on data.
+    OpenPGP states that an implementation should generate
+    v4 signatures but PGP 5.x recognizes v4 signatures only
+    on key material.  This options forces v3 signatures for
+    signatures on data.
 
 B<--lock-once>
     Lock the file the first time a lock is requested
@@ -510,7 +509,7 @@ B<-h>, B<--help>
 =head1 RETURN VALUE
 
 The Program returns 0 if everything was fine, 1 if at least
-a signature was bad and other errorcode for fatal errors.
+a signature was bad, and other error codes for fatal errors.
 
 =head1 EXAMPLES
 
@@ -552,15 +551,15 @@ Use a B<good> password for your user account and a B<good> passphrase
 to protect your secret key.  This passphrase is the weakest part of the
 whole system.  Programs to do dictionary attacks on your secret keyring
 are very easy to write and so you should protect your B<~/.gnupg/>
-directory very good.
+directory very well.
 
 Keep in mind that, if this program is used over a network (telnet), it
 is B<very> easy to spy out your passphrase!
 
 =head1 BUGS
 
-On many systems this program should be installed as setuid(root); this
-is necessary to lock some pages of memory. If you get no warning message
-about insecure memory your OS kernel supports locking without being root;
-setuid is dropped as soon as this memory is allocated.
+On many systems this program should be installed as setuid(root). This
+is necessary to lock memory pages. If you get no warning message about
+insecure memory your OS kernel supports locking without being root.
+The program drops root privileges as soon as locked memory is allocated.