diff options
Diffstat (limited to 'doc/gpg-agent.texi')
| -rw-r--r-- | doc/gpg-agent.texi | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index bcce03329..d518c246b 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -585,16 +585,19 @@ local gpg-agent and use its private keys. This enables decrypting or signing data on a remote machine without exposing the private keys to the remote machine. -@anchor{option --enable-extended-key-format} @item --enable-extended-key-format +@itemx --disable-extended-key-format @opindex enable-extended-key-format -This option creates keys in the extended private key format. Changing -the passphrase of a key will also convert the key to that new format. -Using this option makes the private keys unreadable for gpg-agent -versions before 2.1.12. The advantage of the extended private key -format is that it is text based and can carry additional meta data. -Note that this option also changes the key protection format to use -OCB mode. +@opindex disable-extended-key-format +Since version 2.3 keys are created in the extended private key format. +Changing the passphrase of a key will also convert the key to that new +format. This new key format is supported since GnuPG version 2.1.12 +and thus there should be no need to disable it. The disable option +allows to revert to the old behavior for new keys; be aware that keys +are never migrated back to the old format. However if the enable +option has been used the disable option won't have an effect. The +advantage of the extended private key format is that it is text based +and can carry additional meta data. @anchor{option --enable-ssh-support} @item --enable-ssh-support @@ -669,12 +672,19 @@ For an heavy loaded gpg-agent with many concurrent connection this option avoids sign or decrypt errors due to out of secure memory error returns. +@item --s2k-calibration @var{milliseconds} +@opindex s2k-calibration +Change the default calibration time to @var{milliseconds}. The given +value is capped at 60 seconds; a value of 0 resets to the compiled-in +default. This option is re-read on a SIGHUP (or @code{gpgconf +--reload gpg-agent}) and the S2K count is then re-calibrated. + @item --s2k-count @var{n} @opindex s2k-count Specify the iteration count used to protect the passphrase. This option can be used to override the auto-calibration done by default. -The auto-calibration computes a count which requires 100ms to mangle -a given passphrase. +The auto-calibration computes a count which requires by default 100ms +to mangle a given passphrase. See also @option{--s2k-calibration}. To view the actually used iteration count and the milliseconds required for an S2K operation use: |