1 files changed, 145 insertions, 0 deletions

diff --git a/doc/DETAILS b/doc/DETAILS
index 7c1e11edf..ecb3d009a 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -134,6 +134,11 @@ more arguments in future versions.
     SHM_GET_BOOL
     SHM_GET_HIDDEN
 
+    GET_BOOL
+    GET_LINE
+    GET_HIDDEN
+    GOT_IT
+
     NEED_PASSPHRASE <long keyid>  <keytype>  <keylength>
 	Issued whenever a passphrase is needed.
 	keytype is the numerical value of the public key algorithm
@@ -181,6 +186,36 @@ more arguments in future versions.
 	<n_uids> <n_subk> <n_sigs> <n_revoc> <sec_read> <sec_imported> <sec_dups>
 	Final statistics on import process (this is one long line)
 
+    FILE_START <what> <filename>
+	Start processing a file <filename>.  <what> indicates the performed
+	operation:
+	    1 - verify
+
+    FILE_DONE
+	Marks the end of a file processing which has been started
+	by FILE_START.
+
+    BEGIN_DECRYPTION
+    END_DECRYPTION
+	Mark the start and end of the actual decryption process.  These
+	are also emmited when in --list-only mode.
+
+    BEGIN_ENCRYPTION
+    END_ENCRYPTION
+	Mark the start and end of the actual encryption process.
+
+    DELETE_PROBLEM reason_code
+	Deleting a key failed.	Reason codes are:
+	    1 - No such key
+	    2 - Must delete secret key first
+
+    PROGRESS what char cur total
+	Used by the primegen and Public key functions to indicate progress.
+	"char" is the character displayed with no --status-fd enabled, with
+	the linefeed replaced by an 'X'.  "cur" is the current amount
+	done and "total" is amount to be done; a "total" of 0 indicates that
+	the toatal amount is not known. 100/100 may be used to detect the
+	end of operation.
 
 
 Key generation
@@ -214,6 +249,107 @@ Key generation
     Crypto '97 proceedings p. 260.
 
 
+Unattended key generation
+=========================
+There is an experimental feature which allows for unattended
+generation of keys controlled by a parameter file.
+This feature is not very well tested and does only make sense for some
+very special applications.  Please don't complain if we decide to chnage
+the behaviour of this command.
+
+To use this feature, you use --gen-key together with --batch and feed the
+parameters either form stdin or from a file given on the commandline.
+The format of this file is as follows:
+  o Text only, line length is limited to about 1000 chars.
+  o You must use UTF-8 encoding to specifiy non-ascii characters.
+  o Empty lines are ignored
+  o Leading and trailing spaces are ignored
+  o A hash sign as the first non white space character indicates a comment line
+  o Control statements are indicated by a leading percent sign, the
+    arguments are separated by white space from the keyword.
+  o Parameters are specified by a keyword, followed by a colon.  Arguments
+    are speparated by white space.
+  o The first parameter must be "Key-Type", control statements
+    may be placed anywhere.
+  o Key generation takes place when either the end of the parameter file
+    is reached, the next "Key-Type" parameter is encountered or at the
+    controlstatement "%commit"
+  o Control staements:
+    %echo <text>
+	Print <text>
+    %dry-run
+	Suppress actual key generation (useful for syntax checking)
+    %commit
+	Perform the key generation.  An implicit commit is done
+	at the next "Key-Type" parameter.
+    %pubring <filename>
+    %secring <filename>
+	Do not write the key to the default or commandline given
+	keyring but to <filename>.  This must be given before the first
+	commit to take place, duplicate specification of the same filename
+	is ignored, the last filename before a commit is used.
+	The filename is used until a new filename is used (at commit points)
+	and all keys are written to that file.	If a new filename is given,
+	this file is created (and overwrites an existing one).
+	Both control statements must be given.
+   o The order of the parameters does not matter except for "Key-Type"
+     which must be the first parameter.  The paramtyers are only for the
+     generated keyblock and paramters from previous key generations are not
+     used. Some syntactically checks may be performed.
+     The currently defined parameters are:
+     Key-Type: <algo-number>|<algo-string>
+	Starts a new parameter block by giving the type of the
+	primary key. The algorithm must be capable of signing.
+	This is a required parameter.
+     Key-Length: <length-in-bits>
+	Length of the key in bits.  Default is 1024
+     Subkey-Type: <algo-number>|<algo-string>
+	This generates a secondary key.  Currently only one subkey
+	can be handled.
+     Subkey-Length: <length-in-bits>
+	Length of the subkey in bits.  Default is 1024.
+     Passphrase: <string>
+	If you want to specify a passphrase for the secret key,
+	enter it here.	Default is not to use any passphrase.
+     Name-Real: <string>
+     Name-Comment: <string>
+     Name-Email: <string>
+	The 3 parts of a key. Remember to use UTF-8 here.
+	If you don't give any of them, no user ID is created.
+     Expire-Date: <iso-date>|(<number>[d|w|m|y])
+	Set the expiration date for the key (and the subkey).  It
+	may either be entered in ISO date format (2000-08-15) or as
+	number of days, weeks, month or years. Without a letter days
+	are assumed.
+
+Here is an example:
+$ cat >foo <<EOF
+     %echo Generating a standard key
+     Key-Type: DSA
+     Key-Length: 1024
+     Subkey-Type: ELG-E
+     Subkey-Length: 1024
+     Name-Real: Joe Tester
+     Name-Comment: with stupid passphrase
+     Name-Email: [email protected]
+     Expire-Date: 0
+     Passphrase: abc
+     %pubring foo.pub
+     %secring foo.sec
+     # Do a commit here, so that we can later print "done" :-)
+     %commit
+     %echo done
+EOF
+$ gpg --batch --gen-key -a foo
+ [...]
+$ gpg --no-default-keyring --secret-keyring foo.sec \
+				  --keyring foo.pub --list-secret-keys
+/home/wk/work/gnupg-stable/scratch/foo.sec
+------------------------------------------
+sec  1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <[email protected]>
+ssb  1024g/8F70E2C0 2000-03-09
+
+
 
 Layout of the TrustDB
 =====================
@@ -477,6 +613,15 @@ There is one enhancement used with the old style packet headers:
 +  that this is the last packet.
 
 
+GNU extensions to the S2K algorithm
+===================================
+S2K mode 101 is used to identify these extensions.
+After the hash algorithm the 3 bytes "GNU" are used to make
+clear that these are extensions for GNU, the next bytes gives the
+GNU protection mode - 1000.  Defined modes are:
+  1001 - do not store the secret part at all
+
+
 Usage of gdbm files for keyrings
 ================================
     The key to store the keyblock is it's fingerprint, other records