diff options
Diffstat (limited to 'doc/gpg-agent.texi')
| -rw-r--r-- | doc/gpg-agent.texi | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index c9a89b91a..54ffb2a73 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -467,17 +467,22 @@ agent. By default they may all be found in the current home directory DC:BD:69:25:48:BD:BB:7E:31:6E:BB:80:D3:00:80:35:D4:F8:A6:CD S @end example - Before entering a key into this file, you need to ensure its - authenticity. How to do this depends on your organisation; your - administrator might have already entered those keys which are deemed - trustworthy enough into this file. Places where to look for the - fingerprint of a root certificate are letters received from the CA or - the website of the CA (after making 100% sure that this is indeed the - website of that CA). You may want to consider allowing interactive - updates of this file by using the @xref{option --allow-mark-trusted}. - This is however not as secure as maintaining this file manually. It is - even advisable to change the permissions to read-only so that this file - can't be changed inadvertently. +Before entering a key into this file, you need to ensure its +authenticity. How to do this depends on your organisation; your +administrator might have already entered those keys which are deemed +trustworthy enough into this file. Places where to look for the +fingerprint of a root certificate are letters received from the CA or +the website of the CA (after making 100% sure that this is indeed the +website of that CA). You may want to consider allowing interactive +updates of this file by using the @xref{option --allow-mark-trusted}. +This is however not as secure as maintaining this file manually. It is +even advisable to change the permissions to read-only so that this file +can't be changed inadvertently. + +As a special feature a line @code{include-default} will include a global +list of trusted certificates (e.g. @file{/etc/gnupg/trustlist.txt}). +This global list is also used if the local list ios not available. + @item sshcontrol |