aboutsummaryrefslogtreecommitdiffstats
path: root/doc/gpg.sgml
diff options
context:
space:
mode:
Diffstat (limited to 'doc/gpg.sgml')
-rw-r--r--doc/gpg.sgml2461
1 files changed, 0 insertions, 2461 deletions
diff --git a/doc/gpg.sgml b/doc/gpg.sgml
deleted file mode 100644
index 83a286172..000000000
--- a/doc/gpg.sgml
+++ /dev/null
@@ -1,2461 +0,0 @@
-<!-- gpg.sgml - the man page for GnuPG
- Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
-
- This file is part of GnuPG.
-
- GnuPG is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- GnuPG is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
--->
-<!-- This file should be processed by docbook-to-man to
- create a manual page. This program has currently the bug
- not to remove leading white space. So this source file does
- not look very pretty
-
- FIXME: generated a file with entity (e.g. pathnames) from the
- configure scripts and include it here
--->
-
-
-<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN" [
-<!entity ParmDir "<parameter>directory</parameter>">
-<!entity ParmFile "<parameter>file</parameter>">
-<!entity OptParmFile "<optional>&ParmFile;</optional>">
-<!entity ParmFiles "<parameter>files</parameter>">
-<!entity OptParmFiles "<optional>&ParmFiles;</optional>">
-<!entity ParmNames "<parameter>names</parameter>">
-<!entity OptParmNames "<optional>&ParmNames;</optional>">
-<!entity ParmName "<parameter>name</parameter>">
-<!entity OptParmName "<optional>&ParmName;</optional>">
-<!entity ParmKeyIDs "<parameter>key IDs</parameter>">
-<!entity ParmN "<parameter>n</parameter>">
-<!entity ParmFlags "<parameter>flags</parameter>">
-<!entity ParmString "<parameter>string</parameter>">
-<!entity ParmValue "<parameter>value</parameter>">
-<!entity ParmNameValue "<parameter>name=value</parameter>">
-<!entity ParmNameValues "<parameter>name=value1 <optional>value2 value3 ...</optional></parameter>">
-]>
-
-<refentry id="gpg">
-<refmeta>
- <refentrytitle>gpg</refentrytitle>
- <manvolnum>1</manvolnum>
- <refmiscinfo class="gnu">GNU Tools</refmiscinfo>
-</refmeta>
-<refnamediv>
- <refname/gpg/
- <refpurpose>encryption and signing tool</>
-</refnamediv>
-<refsynopsisdiv>
- <synopsis>
-<command>gpg</>
- <optional>--homedir <parameter/name/</optional>
- <optional>--options <parameter/file/</optional>
- <optional><parameter/options/</optional>
- <parameter>command</>
- <optional><parameter/args/</optional>
- </synopsis>
-</refsynopsisdiv>
-
-<refsect1>
- <title>DESCRIPTION</title>
- <para>
-<command/gpg/ is the main program for the GnuPG system.
- </para>
- <para>
-This man page only lists the commands and options available.
-For more verbose documentation get the GNU Privacy Handbook (GPH) or
-one of the other documents at http://www.gnupg.org/docs.html .
-</para>
-<para>
-Please remember that option parsing stops as soon as a non option is
-encountered, you can explicitly stop option parsing by using the
-special option "--".
-</para>
-</refsect1>
-
-<refsect1>
-<title>COMMANDS</title>
-<para>
-<command/gpg/ recognizes these commands:
-</para>
-
-<variablelist>
-
-<varlistentry>
-<term>-s, --sign</term>
-<listitem><para>
-Make a signature. This command may be combined
-with --encrypt.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--clearsign</term>
-<listitem><para>
-Make a clear text signature.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>-b, --detach-sign</term>
-<listitem><para>
-Make a detached signature.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>-e, --encrypt</term>
-<listitem><para>
-Encrypt data. This option may be combined with --sign.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>-c, --symmetric</term>
-<listitem><para>
-Encrypt with symmetric cipher only.
-This command asks for a passphrase.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--store</term>
-<listitem><para>
-Store only (make a simple RFC1991 packet).
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--decrypt &OptParmFile;</term>
-<listitem><para>
-Decrypt &ParmFile; (or stdin if no file is specified) and
-write it to stdout (or the file specified with
---output). If the decrypted file is signed, the
-signature is also verified. This command differs
-from the default operation, as it never writes to the
-filename which is included in the file and it
-rejects files which don't begin with an encrypted
-message.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--verify <optional><optional><parameter/sigfile/</optional>
- <optional><parameter/signed-files/</optional></optional></term>
-<listitem><para>
-Assume that <parameter/sigfile/ is a signature and verify it
-without generating any output. With no arguments,
-the signature packet is read from stdin. If
-only a sigfile is given, it may be a complete
-signature or a detached signature, in which case
-the signed stuff is expected in a file without the
-".sig" or ".asc" extension.
-With more than
-1 argument, the first should be a detached signature
-and the remaining files are the signed stuff. To read the signed
-stuff from stdin, use <literal>-</literal> as the second filename.
-For security reasons a detached signature cannot read the signed
-material from stdin without denoting it in the above way.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--verify-files <optional><parameter/files/</optional></term>
-<listitem><para>
-This is a special version of the --verify command which does not work with
-detached signatures. The command expects the files to be verified either
-on the command line or reads the filenames from stdin; each name must be on
-separate line. The command is intended for quick checking of many files.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--encrypt-files <optional><parameter/files/</optional></term>
-<listitem><para>
-This is a special version of the --encrypt command. The command expects
-the files to be encrypted either on the command line or reads the filenames
-from stdin; each name must be on separate line. The command is intended
-for a quick encryption of multiple files.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--decrypt-files <optional><parameter/files/</optional></term>
-<listitem><para>
-The same as --encrypt-files with the difference that files will be
-decrypted. The syntax or the filenames is the same.
-</para></listitem></varlistentry>
-
-<!--
-B<-k> [I<username>] [I<keyring>]
- Kludge to be somewhat compatible with PGP.
- Without arguments, all public keyrings are listed.
- With one argument, only I<keyring> is listed.
- Special combinations are also allowed, but they may
- give strange results when combined with more options.
- B<-kv> Same as B<-k>
- B<-kvv> List the signatures with every key.
- B<-kvvv> Additionally check all signatures.
- B<-kvc> List fingerprints
- B<-kvvc> List fingerprints and signatures
-
- B<This command may be removed in the future!>
--->
-
-<varlistentry>
-<term>--list-keys &OptParmNames;</term>
-<term>--list-public-keys &OptParmNames;</term>
-<listitem><para>
-List all keys from the public keyrings, or just the
-ones given on the command line.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--list-secret-keys &OptParmNames;</term>
-<listitem><para>
-List all keys from the secret keyrings, or just the ones given on the
-command line. A '#' after the letters 'sec' means that the secret key
-is not usable (for example, if it was created via
---export-secret-subkeys).
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--list-sigs &OptParmNames;</term>
-<listitem><para>
-Same as --list-keys, but the signatures are listed too.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--check-sigs &OptParmNames;</term>
-<listitem><para>
-Same as --list-sigs, but the signatures are verified.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--fingerprint &OptParmNames;</term>
-<listitem><para>
-List all keys with their fingerprints. This is the
-same output as --list-keys but with the additional output
-of a line with the fingerprint. May also be combined
-with --list-sigs or --check-sigs.
-If this command is given twice, the fingerprints of all
-secondary keys are listed too.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--list-packets</term>
-<listitem><para>
-List only the sequence of packets. This is mainly
-useful for debugging.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--gen-key</term>
-<listitem><para>
-Generate a new key pair. This command is normally only used
-interactively.
-</para>
-<para>
-There is an experimental feature which allows you to create keys
-in batch mode. See the file <filename>doc/DETAILS</filename>
-in the source distribution on how to use this.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--edit-key &ParmName;</term>
-<listitem><para>
-Present a menu which enables you to do all key
-related tasks:</para>
- <variablelist>
-
- <varlistentry>
- <term>sign</term>
- <listitem><para>
-Make a signature on key of user &ParmName;
-If the key is not yet signed by the default
-user (or the users given with -u), the
-program displays the information of the key
-again, together with its fingerprint and
-asks whether it should be signed. This
-question is repeated for all users specified
-with -u.</para></listitem></varlistentry>
- <varlistentry>
- <term>lsign</term>
- <listitem><para>
-Same as --sign but the signature is marked as
-non-exportable and will therefore never be used
-by others. This may be used to make keys valid
-only in the local environment.</para></listitem></varlistentry>
- <varlistentry>
- <term>nrsign</term>
- <listitem><para>
-Same as --sign but the signature is marked as non-revocable and can
-therefore never be revoked.</para></listitem></varlistentry>
- <varlistentry>
- <term>nrlsign</term>
- <listitem><para>
-Combines the functionality of nrsign and lsign to make a signature
-that is both non-revocable and
-non-exportable.</para></listitem></varlistentry>
- <varlistentry>
- <term>revsig</term>
- <listitem><para>
-Revoke a signature. For every signature which has been generated by
-one of the secret keys, GnuPG asks whether a revocation certificate
-should be generated.
-</para></listitem></varlistentry>
- <varlistentry>
- <term>trust</term>
- <listitem><para>
-Change the owner trust value. This updates the
-trust-db immediately and no save is required.</para></listitem></varlistentry>
- <varlistentry>
- <term>disable</term>
- <term>enable</term>
- <listitem><para>
-Disable or enable an entire key. A disabled key can normally not be used
-for encryption.</para></listitem></varlistentry>
- <varlistentry>
- <term>adduid</term>
- <listitem><para>
-Create an alternate user id.</para></listitem></varlistentry>
- <varlistentry>
- <term>addphoto</term>
- <listitem><para>
-Create a photographic user id.</para></listitem></varlistentry>
- <varlistentry>
- <term>deluid</term>
- <listitem><para>
-Delete a user id.</para></listitem></varlistentry>
- <varlistentry>
- <term>addkey</term>
- <listitem><para>
-Add a subkey to this key.</para></listitem></varlistentry>
- <varlistentry>
- <term>delkey</term>
- <listitem><para>
-Remove a subkey.</para></listitem></varlistentry>
- <varlistentry>
- <term>addrevoker</term>
- <listitem><para>
-Add a designated revoker. This takes one optional argument:
-"sensitive". If a designated revoker is marked as sensitive, it will
-not be exported by default (see
-export-options).</para></listitem></varlistentry>
- <varlistentry>
- <term>revkey</term>
- <listitem><para>
-Revoke a subkey.</para></listitem></varlistentry>
- <varlistentry>
- <term>expire</term>
- <listitem><para>
-Change the key expiration time. If a subkey is selected, the
-expiration time of this subkey will be changed. With no selection,
-the key expiration of the primary key is changed.
-</para></listitem></varlistentry>
- <varlistentry>
- <term>passwd</term>
- <listitem><para>
-Change the passphrase of the secret key.</para></listitem></varlistentry>
- <varlistentry>
- <term>primary</term>
- <listitem><para>
-Flag the current user id as the primary one, removes the primary user
-id flag from all other user ids and sets the timestamp of all affected
-self-signatures one second ahead. Note that setting a photo user ID
-as primary makes it primary over other photo user IDs, and setting a
-regular user ID as primary makes it primary over other regular user
-IDs.
-</para></listitem></varlistentry>
- <varlistentry>
- <term>uid &ParmN;</term>
- <listitem><para>
-Toggle selection of user id with index &ParmN;.
-Use 0 to deselect all.</para></listitem></varlistentry>
- <varlistentry>
- <term>key &ParmN;</term>
- <listitem><para>
-Toggle selection of subkey with index &ParmN;.
-Use 0 to deselect all.</para></listitem></varlistentry>
- <varlistentry>
- <term>check</term>
- <listitem><para>
-Check all selected user ids.</para></listitem></varlistentry>
- <varlistentry>
- <term>showphoto</term>
- <listitem><para>
-Display the selected photographic user
-id.</para></listitem></varlistentry>
- <varlistentry>
- <term>pref</term>
- <listitem><para>
-List preferences from the selected user ID. This shows the actual
-preferences, without including any implied preferences.
-</para></listitem></varlistentry>
- <varlistentry>
- <term>showpref</term>
- <listitem><para>
-More verbose preferences listing for the selected user ID. This shows
-the preferences in effect by including the implied preferences of
-3DES (cipher), SHA-1 (digest), and Uncompressed (compression) if they
-are not already included in the preference list.
-</para></listitem></varlistentry>
- <varlistentry>
- <term>setpref &ParmString;</term>
- <listitem><para>
-Set the list of user ID preferences to &ParmString;, this should be a
-string similar to the one printed by "pref". Using an empty string
-will set the default preference string, using "none" will set the
-preferences to nil. Use "gpg -v --version" to get a list of available
-algorithms. This command just initializes an internal list and does
-not change anything unless another command (such as "updpref") which
-changes the self-signatures is used.
-</para></listitem></varlistentry>
- <varlistentry>
- <term>updpref</term>
- <listitem><para>
-Change the preferences of all user IDs (or just of the selected ones
-to the current list of preferences. The timestamp of all affected
-self-signatures will be advanced by one second. Note that while you
-can change the preferences on an attribute user ID (aka "photo ID"),
-GnuPG does not select keys via attribute user IDs so these preferences
-will not be used by GnuPG.
-</para></listitem></varlistentry>
- <varlistentry>
- <term>toggle</term>
- <listitem><para>
-Toggle between public and secret key listing.</para></listitem></varlistentry>
- <varlistentry>
- <term>save</term>
- <listitem><para>
-Save all changes to the key rings and quit.</para></listitem></varlistentry>
- <varlistentry>
- <term>quit</term>
- <listitem><para>
-Quit the program without updating the
-key rings.</para></listitem></varlistentry>
- </variablelist>
- <para>
-The listing shows you the key with its secondary
-keys and all user ids. Selected keys or user ids
-are indicated by an asterisk. The trust value is
-displayed with the primary key: the first is the
-assigned owner trust and the second is the calculated
-trust value. Letters are used for the values:</para>
- <variablelist>
- <varlistentry><term>-</term><listitem><para>No ownertrust assigned / not yet calculated.</para></listitem></varlistentry>
- <varlistentry><term>e</term><listitem><para>Trust
-calculation has failed; probably due to an expired key.</para></listitem></varlistentry>
- <varlistentry><term>q</term><listitem><para>Not enough information for calculation.</para></listitem></varlistentry>
- <varlistentry><term>n</term><listitem><para>Never trust this key.</para></listitem></varlistentry>
- <varlistentry><term>m</term><listitem><para>Marginally trusted.</para></listitem></varlistentry>
- <varlistentry><term>f</term><listitem><para>Fully trusted.</para></listitem></varlistentry>
- <varlistentry><term>u</term><listitem><para>Ultimately trusted.</para></listitem></varlistentry>
- </variablelist>
-</listitem></varlistentry>
-
-<varlistentry>
-<term>--sign-key &ParmName;</term>
-<listitem><para>
-Signs a public key with your secret key. This is a shortcut version of
-the subcommand "sign" from --edit.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--lsign-key &ParmName;</term>
-<listitem><para>
-Signs a public key with your secret key but marks it as
-non-exportable. This is a shortcut version of the subcommand "lsign"
-from --edit.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--nrsign-key &ParmName;</term>
-<listitem><para>
-Signs a public key with your secret key but marks it as non-revocable.
-This is a shortcut version of the subcommand "nrsign" from --edit.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--delete-key &ParmName;</term>
-<listitem><para>
-Remove key from the public keyring. In batch mode either --yes is
-required or the key must be specified by fingerprint. This is a
-safeguard against accidental deletion of multiple keys.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--delete-secret-key &ParmName;</term>
-<listitem><para>
-Remove key from the secret and public keyring. In batch mode the key
-must be specified by fingerprint.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--delete-secret-and-public-key &ParmName;</term>
-<listitem><para>
-Same as --delete-key, but if a secret key exists, it will be removed
-first. In batch mode the key must be specified by fingerprint.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--gen-revoke</term>
-<listitem><para>
-Generate a revocation certificate for the complete key. To revoke
-a subkey or a signature, use the --edit command.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--desig-revoke</term>
-<listitem><para>
-Generate a designated revocation certificate for a key. This allows a
-user (with the permission of the keyholder) to revoke someone elses
-key.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--export &OptParmNames;</term>
-<listitem><para>
-Either export all keys from all keyrings (default
-keyrings and those registered via option --keyring),
-or if at least one name is given, those of the given
-name. The new keyring is written to stdout or to
-the file given with option "output". Use together
-with --armor to mail those keys.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--send-keys &OptParmNames;</term>
-<listitem><para>
-Same as --export but sends the keys to a keyserver.
-Option --keyserver must be used to give the name
-of this keyserver. Don't send your complete keyring
-to a keyserver - select only those keys which are new
-or changed by you.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--export-all &OptParmNames;</term>
-<listitem><para>
-Same as --export, but also exports keys which
-are not compatible with OpenPGP.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--export-secret-keys &OptParmNames;</term>
-<term>--export-secret-subkeys &OptParmNames;</term>
-<listitem><para>
-Same as --export, but exports the secret keys instead.
-This is normally not very useful and a security risk.
-The second form of the command has the special property to
-render the secret part of the primary key useless; this is
-a GNU extension to OpenPGP and other implementations can
-not be expected to successfully import such a key.
-
-See the option --simple-sk-checksum if you want to import such an
-exported key with an older OpenPGP implementation.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--import &OptParmFiles;</term>
-<term>--fast-import &OptParmFiles;</term>
-<listitem><para>
-Import/merge keys. This adds the given keys to the
-keyring. The fast version is currently just a synonym.
-</para>
-<para>
-There are a few other options which control how this command works.
-Most notable here is the --merge-only option which does not insert new keys
-but does only the merging of new signatures, user-IDs and subkeys.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--recv-keys &ParmKeyIDs;</term>
-<listitem><para>
-Import the keys with the given key IDs from a keyserver. Option
---keyserver must be used to give the name of this keyserver.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--search-keys &OptParmNames;</term>
-<listitem><para>
-Search the keyserver for the given names. Multiple names given here
-will be joined together to create the search string for the keyserver.
-Option --keyserver must be used to give the name of this keyserver.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--update-trustdb</term>
-<listitem><para>
-Do trust DB maintenance. This command goes over all keys and builds
-the Web-of-Trust. This is an interactive command because it may has to
-ask for the "ownertrust" values of keys. The user has to give an
-estimation in how far she trusts the owner of the displayed key to
-correctly certify (sign) other keys. It does only ask for that value
-if it has not yet been assigned to a key. Using the edit menu, that
-value can be changed at any time later.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--check-trustdb</term>
-<listitem><para>
-Do trust DB maintenance without user interaction. Form time to time
-the trust database must be updated so that expired keys and resulting
-changes in the Web-of-Trust can be tracked. GnuPG tries to figure
-when this is required and then does it implicitly; this command can be
-used to force such a check. The processing is identically to that of
---update-trustdb but it skips keys with a not yet defined "ownertrust".
-</para>
-<para>
-For use with cron jobs, this command can be used together with --batch
-in which case the check is only done when it is due. To force a run
-even in batch mode add the option --yes.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--export-ownertrust &OptParmFile;</term>
-<listitem><para>
-Store the ownertrust values into
-&ParmFile; (or stdin if not given). This is useful for backup
-purposes as these values are the only ones which can't be re-created
-from a corrupted trust DB.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--import-ownertrust &OptParmFiles;</term>
-<listitem><para>
-Update the trustdb with the ownertrust values stored
-in &ParmFiles; (or stdin if not given); existing
-values will be overwritten.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--rebuild-keydb-caches</term>
-<listitem><para>
-When updating from version 1.0.6 to 1.0.7 this command should be used
-to create signature caches in the keyring. It might be handy in other
-situations too.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--print-md <parameter>algo</parameter> &OptParmFiles;</term>
-<term>--print-mds &OptParmFiles;</term>
-<listitem><para>
-Print message digest of algorithm ALGO for all given files or stdin.
-With the second form (or a deprecated "*" as algo) digests for all
-available algorithms are printed.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--gen-random <parameter>0|1|2</parameter>
- <optional><parameter>count</parameter></optional></term>
-<listitem><para>
-Emit COUNT random bytes of the given quality level. If count is not given
-or zero, an endless sequence of random bytes will be emitted.
-PLEASE, don't use this command unless you know what you are doing; it may
-remove precious entropy from the system!
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--gen-prime <parameter>mode</parameter>
- <parameter>bits</parameter>
- <optional><parameter>qbits</parameter></optional></term>
-<listitem><para>
-Use the source, Luke :-). The output format is still subject to change.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--version</term>
-<listitem><para>
-Print version information along with a list
-of supported algorithms.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--warranty</term>
-<listitem><para>
-Print warranty information.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>-h, --help</term>
-<listitem><para>
-Print usage information. This is a really long list even though it doesn't list
-all options.
-</para></listitem></varlistentry>
-
-
-
-</variablelist>
-</refsect1>
-
-<refsect1>
-<title>OPTIONS</title>
-<para>
-Long options can be put in an options file (default
-"~/.gnupg/gpg.conf"). Short option names will not work - for example,
-"armor" is a valid option for the options file, while "a" is not. Do
-not write the 2 dashes, but simply the name of the option and any
-required arguments. Lines with a hash ('#') as the first
-non-white-space character are ignored. Commands may be put in this
-file too, but that does not make sense.
-</para>
-<para>
-<command/gpg/ recognizes these options:
-</para>
-
-<variablelist>
-
-
-<varlistentry>
-<term>-a, --armor</term>
-<listitem><para>
-Create ASCII armored output.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>-o, --output &ParmFile;</term>
-<listitem><para>
-Write output to &ParmFile;.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>-u, --local-user &ParmName;</term>
-<listitem><para>
-Use &ParmName as the user ID to sign.
-This option is silently ignored for the list commands,
-so that it can be used in an options file.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--default-key &ParmName;</term>
-<listitem><para>
-Use &ParmName; as default user ID for signatures. If this
-is not used the default user ID is the first user ID
-found in the secret keyring.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>-r, --recipient &ParmName;</term>
-<term></term>
-<listitem><para>
-Encrypt for user id &ParmName;. If this option is not
-specified, GnuPG asks for the user-id unless --default-recipient is given
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--default-recipient &ParmName;</term>
-<listitem><para>
-Use &ParmName; as default recipient if option --recipient is not used and
-don't ask if this is a valid one. &ParmName; must be non-empty.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--default-recipient-self</term>
-<listitem><para>
-Use the default key as default recipient if option --recipient is not used and
-don't ask if this is a valid one. The default key is the first one from the
-secret keyring or the one set with --default-key.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--no-default-recipient</term>
-<listitem><para>
-Reset --default-recipient and --default-recipient-self.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--encrypt-to &ParmName;</term>
-<listitem><para>
-Same as --recipient but this one is intended for use
-in the options file and may be used with
-your own user-id as an "encrypt-to-self". These keys
-are only used when there are other recipients given
-either by use of --recipient or by the asked user id.
-No trust checking is performed for these user ids and
-even disabled keys can be used.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--no-encrypt-to</term>
-<listitem><para>
-Disable the use of all --encrypt-to keys.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>-v, --verbose</term>
-<listitem><para>
-Give more information during processing. If used
-twice, the input data is listed in detail.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>-q, --quiet</term>
-<listitem><para>
-Try to be as quiet as possible.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>-z &ParmN;, --compress &ParmN;</term>
-<listitem><para>
-Set compression level to &ParmN;. A value of 0 for &ParmN;
-disables compression. Default is to use the default
-compression level of zlib (normally 6).
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>-t, --textmode</term>
-<listitem><para>
-Use canonical text mode. If -t (but not
---textmode) is used together with armoring
-and signing, this enables clearsigned messages.
-This kludge is needed for PGP compatibility;
-normally you would use --sign or --clearsign
-to selected the type of the signature.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>-n, --dry-run</term>
-<listitem><para>
-Don't make any changes (this is not completely implemented).
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>-i, --interactive</term>
-<listitem><para>
-Prompt before overwriting any files.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--batch</term>
-<listitem><para>
-Use batch mode. Never ask, do not allow interactive
-commands.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-tty</term>
-<listitem><para>
-Make sure that the TTY (terminal) is never used for any output.
-This option is needed in some cases because GnuPG sometimes prints
-warnings to the TTY if --batch is used.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--no-batch</term>
-<listitem><para>
-Disable batch mode. This may be of use if --batch
-is enabled from an options file.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--yes</term>
-<listitem><para>
-Assume "yes" on most questions.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--no</term>
-<listitem><para>
- Assume "no" on most questions.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--default-cert-check-level &ParmN;</term>
-<listitem><para>
-The default to use for the check level when signing a key.
-</para><para>
-0 means you make no particular claim as to how carefully you verified
-the key.
-</para><para>
-1 means you believe the key is owned by the person who claims to own
-it but you could not, or did not verify the key at all. This is
-useful for a "persona" verification, where you sign the key of a
-pseudonymous user.
-</para><para>
-2 means you did casual verification of the key. For example, this
-could mean that you verified that the key fingerprint and checked the
-user ID on the key against a photo ID.
-</para><para>
-3 means you did extensive verification of the key. For example, this
-could mean that you verified the key fingerprint with the owner of the
-key in person, and that you checked, by means of a hard to forge
-document with a photo ID (such as a passport) that the name of the key
-owner matches the name in the user ID on the key, and finally that you
-verified (by exchange of email) that the email address on the key
-belongs to the key owner.
-</para><para>
-Note that the examples given above for levels 2 and 3 are just that:
-examples. In the end, it is up to you to decide just what "casual"
-and "extensive" mean to you.
-</para><para>
-This option defaults to 0.
-</para></listitem></varlistentry>
-
-
-
-<varlistentry>
-<term>--trusted-key <parameter>long key ID</parameter></term>
-<listitem><para>
-Assume that the specified key (which must be given
-as a full 8 byte key ID) is as trustworthy as one of
-your own secret keys. This option is useful if you
-don't want to keep your secret keys (or one of them)
-online but still want to be able to check the validity of a given
-recipient's or signator's key.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--always-trust</term>
-<listitem><para>
-Skip key validation and assume that used keys are always fully trusted.
-You won't use this unless you have installed some external validation
-scheme. This option also suppresses the "[uncertain]" tag printed
-with signature checks when there is no evidence that the user ID
-is bound to the key.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--keyserver &ParmName;</term>
-<listitem><para>
-Use &ParmName as your keyserver. This is the server that --recv-keys,
---send-keys, and --search-keys will communicate with to receive keys
-from, send keys to, and search for keys on. The format of the
-&ParmName is a URI: `scheme:[//]keyservername[:port]' The scheme is
-the type of keyserver: "hkp" for the Horowitz (or compatible)
-keyservers, "ldap" for the NAI LDAP keyserver, or "mailto" for the
-Horowitz email keyserver. Note that your particular installation of
-GnuPG may have other keyserver types available as well. Keyserver
-schemes are case-insensitive.
-</para><para>
-Most keyservers synchronize with each other, so there is generally no
-need to send keys to more than one server. Using the command "host -l
-pgp.net | grep wwwkeys" gives you a list of HKP keyservers. When
-using one of the wwwkeys servers, due to load balancing using
-round-robin DNS you may notice that you get a different key server
-each time.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--keyserver-options <parameter>parameters</parameter></term>
-<listitem><para>
-This is a space or comma delimited string that gives options for the
-keyserver. Options can be prepended with a `no-' to give the opposite
-meaning. Valid import-options or export-options may be used here as
-well to apply to importing (--recv-key) or exporting (--send-key) a
-key from a keyserver. While not all options are available for all
-keyserver types, some common options are:
-<variablelist>
-
-<varlistentry>
-<term>include-revoked</term>
-<listitem><para>
-When searching for a key, include keys that are marked on the
-keyserver as revoked. Note that this option is always set when using
-the NAI HKP keyserver, as this keyserver does not differentiate
-between revoked and unrevoked keys. When using the LDAP keyserver,
-this applies to both searching (--search-keys) and receiving
-(--recv-keys).
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>include-disabled</term>
-<listitem><para>
-When receiving or searching for a key, include keys that are marked on
-the keyserver as disabled. Note that this option is not used with HKP
-keyservers, as they do not support disabling keys.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>include-subkeys</term>
-<listitem><para>
-When receiving a key, include subkeys in the search. Note that this
-option is not used with HKP keyservers, as they do not support
-retrieving keys by subkey id.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>use-temp-files</term>
-<listitem><para>
-On most Unix-like platforms, GnuPG communicates with the keyserver
-helper program via pipes, which is the most efficient method. This
-option forces GnuPG to use temporary files to communicate. On some
-platforms (such as Win32 and RISC OS), this option is always enabled.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>keep-temp-files</term>
-<listitem><para>
-If using `use-temp-files', do not delete the temp files after using
-them. This option is useful to learn the keyserver communication
-protocol by reading the temporary files.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>verbose</term>
-<listitem><para>
-Tell the keyserver helper program to be more verbose. This option can
-be repeated multiple times to increase the verbosity level.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>honor-http-proxy</term>
-<listitem><para>
-For keyserver schemes that use HTTP (such as HKP), try to access the
-keyserver over the proxy set with the environment variable
-"http_proxy".
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>auto-key-retrieve</term>
-<listitem><para>
-This option enables the automatic retrieving of keys from a keyserver
-when verifying signatures made by keys that are not on the local
-keyring.
-</para></listitem></varlistentry>
-
-</variablelist>
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--import-options <parameter>parameters</parameter></term>
-<listitem><para>
-This is a space or comma delimited string that gives options for
-importing keys. Options can be prepended with a `no-' to give the
-opposite meaning. The options are:
-<variablelist>
-
-<varlistentry>
-<term>allow-local-sigs</term>
-<listitem><para>
-Allow importing key signatures marked as "local". This is not
-generally useful unless a shared keyring scheme is being used.
-Defaults to no.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>repair-hkp-subkey-bug</term>
-<listitem><para>
-During import, attempt to repair the HKP keyserver mangling multiple
-subkeys bug. Note that this cannot completely repair the damaged key
-as some crucial data is removed by the keyserver, but it does at least
-give you back one subkey. Defaults to no for regular --import and to
-yes for keyserver --recv-keys.
-</para></listitem></varlistentry>
-
-</variablelist>
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--export-options <parameter>parameters</parameter></term>
-<listitem><para>
-This is a space or comma delimited string that gives options for
-exporting keys. Options can be prepended with a `no-' to give the
-opposite meaning. The options are:
-<variablelist>
-
-<varlistentry>
-<term>include-non-rfc</term>
-<listitem><para>
-Include non-RFC compliant keys in the export. Defaults to yes.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>include-local-sigs</term>
-<listitem><para>
-Allow exporting key signatures marked as "local". This is not
-generally useful unless a shared keyring scheme is being used.
-Defaults to no.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>include-attributes</term>
-<listitem><para>
-Include attribute user IDs (photo IDs) while exporting. This is
-useful to export keys if they are going to be used by an OpenPGP
-program that does not accept attribute user IDs. Defaults to yes.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>include-sensitive-revkeys</term>
-<listitem><para>
-Include designated revoker information that was marked as
-"sensitive". Defaults to no.
-</para></listitem></varlistentry>
-
-</variablelist>
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--show-photos</term>
-<listitem><para>
-Causes --list-keys, --list-sigs, --list-public-keys,
---list-secret-keys, and verifying a signature to also display the
-photo ID attached to the key, if any.
-See also --photo-viewer.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-show-photos</term>
-<listitem><para>
-Resets the --show-photos flag.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--photo-viewer &ParmString;</term>
-<listitem><para>
-This is the command line that should be run to view a photo ID. "%i"
-will be expanded to a filename containing the photo. "%I" does the
-same, except the file will not be deleted once the viewer exits.
-Other flags are "%k" for the key ID, "%K" for the long key ID, "%f"
-for the key fingerprint, "%t" for the extension of the image type
-(e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"),
-and "%%" for an actual percent sign. If neither %i or %I are present,
-then the photo will be supplied to the viewer on standard input.
-</para><para>
-The default viewer is "xloadimage -fork -quiet -title 'KeyID 0x%k'
-stdin"
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--exec-path &ParmString;</term>
-<listitem><para>
-Sets a list of directories to search for photo viewers and keyserver
-helpers. If not provided, keyserver helpers use the compiled-in
-default directory, and photo viewers use the $PATH environment
-variable.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--show-keyring</term>
-<listitem><para>
-Causes --list-keys, --list-public-keys, and --list-secret-keys to
-display the name of the keyring a given key resides on. This is only
-useful when you're listing a specific key or set of keys. It has no
-effect when listing all keys.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--keyring &ParmFile;</term>
-<listitem><para>
-Add &ParmFile to the list of keyrings.
-If &ParmFile begins with a tilde and a slash, these
-are replaced by the HOME directory. If the filename
-does not contain a slash, it is assumed to be in the
-home-directory ("~/.gnupg" if --homedir is not used).
-The filename may be prefixed with a scheme:</para>
-<para>"gnupg-ring:" is the default one.</para>
-<para>It might make sense to use it together with --no-default-keyring.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--secret-keyring &ParmFile;</term>
-<listitem><para>
-Same as --keyring but for the secret keyrings.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--homedir &ParmDir;</term>
-<listitem><para>
-Set the name of the home directory to &ParmDir; If this
-option is not used it defaults to "~/.gnupg". It does
-not make sense to use this in a options file. This
-also overrides the environment variable "GNUPGHOME".
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--charset &ParmName;</term>
-<listitem><para>
-Set the name of the native character set. This is used
-to convert some strings to proper UTF-8 encoding. If this option is not used, the default character set is determined
-from the current locale. A verbosity level of 3 shows the used one.
-Valid values for &ParmName; are:</para>
-<variablelist>
-<varlistentry>
-<term>iso-8859-1</term><listitem><para>This is the Latin 1 set.</para></listitem>
-</varlistentry>
-<varlistentry>
-<term>iso-8859-2</term><listitem><para>The Latin 2 set.</para></listitem>
-</varlistentry>
-<varlistentry>
-<term>iso-8859-15</term><listitem><para>This is currently an alias for
-the Latin 1 set.</para></listitem>
-</varlistentry>
-<varlistentry>
-<term>koi8-r</term><listitem><para>The usual Russian set (rfc1489).</para></listitem>
-</varlistentry>
-<varlistentry>
-<term>utf-8</term><listitem><para>Bypass all translations and assume
-that the OS uses native UTF-8 encoding.</para></listitem>
-</varlistentry>
-</variablelist>
-</listitem></varlistentry>
-
-
-<varlistentry>
-<term>--utf8-strings</term>
-<term>--no-utf8-strings</term>
-<listitem><para>
-Assume that the arguments are already given as UTF8 strings. The default
-(--no-utf8-strings)
-is to assume that arguments are encoded in the character set as specified
-by --charset. These options affect all following arguments. Both options may
-be used multiple times.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--options &ParmFile;</term>
-<listitem><para>
-Read options from &ParmFile; and do not try to read
-them from the default options file in the homedir
-(see --homedir). This option is ignored if used
-in an options file.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--no-options</term>
-<listitem><para>
-Shortcut for "--options /dev/null". This option is
-detected before an attempt to open an option file.
-Using this option will also prevent the creation of a
-"~./gnupg" homedir.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--load-extension &ParmName;</term>
-<listitem><para>
-Load an extension module. If &ParmName; does not contain a slash it is
-searched for in the directory configured when GnuPG was built
-(generally "/usr/local/lib/gnupg"). Extensions are not generally
-useful anymore, and the use of this option is deprecated.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--debug &ParmFlags;</term>
-<listitem><para>
-Set debugging flags. All flags are or-ed and &ParmFlags; may
-be given in C syntax (e.g. 0x0042).
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--debug-all</term>
-<listitem><para>
- Set all useful debugging flags.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--status-fd &ParmN;</term>
-<listitem><para>
-Write special status strings to the file descriptor &ParmN;.
-See the file DETAILS in the documentation for a listing of them.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--logger-fd &ParmN;</term>
-<listitem><para>
-Write log output to file descriptor &ParmN; and not to stderr.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--attribute-fd &ParmN;</term>
-<listitem><para>
-Write attribute subpackets to the file descriptor &ParmN;. This is
-most useful for use with --status-fd, since the status messages are
-needed to separate out the various subpackets from the stream
-delivered to the file descriptor.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--sk-comments</term>
-<listitem><para>
-Include secret key comment packets when exporting secret keys. This
-is a GnuPG extension to the OpenPGP standard, and is off by default.
-Please note that this has nothing to do with the comments in clear
-text signatures or armor headers.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-sk-comments</term>
-<listitem><para>
-Resets the --sk-comments option.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-comment</term>
-<listitem><para>
-See --sk-comments. This option is deprecated and may be removed soon.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--comment &ParmString;</term>
-<listitem><para>
-Use &ParmString; as comment string in clear text signatures.
-The default is not do write a comment string.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--default-comment</term>
-<listitem><para>
-Force to write the standard comment string in clear
-text signatures. Use this to overwrite a --comment
-from a config file. This option is now obsolete because there is no
-default comment string anymore.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--no-version</term>
-<listitem><para>
-Omit the version string in clear text signatures.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--emit-version</term>
-<listitem><para>
-Force to write the version string in clear text
-signatures. Use this to overwrite a previous
---no-version from a config file.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>-N, --notation-data &ParmNameValue;</term>
-<listitem><para>
-Put the name value pair into the signature as notation data.
-&ParmName; must consist only of alphanumeric characters, digits
-or the underscore; the first character must not be a digit.
-&ParmValue; may be any printable string; it will be encoded in UTF8,
-so you should check that your --charset is set correctly.
-If you prefix &ParmName; with an exclamation mark, the notation
-data will be flagged as critical (rfc2440:5.2.3.15).
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--show-notation</term>
-<listitem><para>
-Show key signature notations in the --list-sigs or --check-sigs
-listings.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-show-notation</term>
-<listitem><para>
-Do not show key signature notations in the --list-sigs or --check-sigs
-listings.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--set-policy-url &ParmString;</term>
-<listitem><para>
-Use &ParmString; as Policy URL for signatures (rfc2440:5.2.3.19).
-If you prefix it with an exclamation mark, the policy URL
-packet will be flagged as critical.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--show-policy-url</term>
-<listitem><para>
-Show any policy URLs set in the --list-sigs or --check-sigs listings.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-show-policy-url</term>
-<listitem><para>
-Do not show any policy URLs set in the --list-sigs or --check-sigs
-listings.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--set-filename &ParmString;</term>
-<listitem><para>
-Use &ParmString; as the name of file which is stored in
-messages.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--for-your-eyes-only</term>
-<listitem><para>
-Set the `for your eyes only' flag in the message. This causes GnuPG
-to refuse to save the file unless the --output option is given, and
-PGP to use the "secure viewer" with a Tempest-resistant font to
-display the message. This option overrides --set-filename.
-</para></listitem></varlistentry
-
-<varlistentry>
-<term>--no-for-your-eyes-only</term>
-<listitem><para>
-Resets the --for-your-eyes-only flag.
-</para></listitem></varlistentry
-
-<varlistentry>
-<term>--use-embedded-filename</term>
-<listitem><para>
-Try to create a file with a name as embedded in the data.
-This can be a dangerous option as it allows to overwrite files.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--completes-needed &ParmN;</term>
-<listitem><para>
-Number of completely trusted users to introduce a new
-key signer (defaults to 1).
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--marginals-needed &ParmN;</term>
-<listitem><para>
-Number of marginally trusted users to introduce a new
-key signer (defaults to 3)
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--max-cert-depth &ParmN;</term>
-<listitem><para>
-Maximum depth of a certification chain (default is 5).
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--cipher-algo &ParmName;</term>
-<listitem><para>
-Use &ParmName; as cipher algorithm. Running the program
-with the command --version yields a list of supported
-algorithms. If this is not used the cipher algorithm is
-selected from the preferences stored with the key.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--digest-algo &ParmName;</term>
-<listitem><para>
-Use &ParmName; as the message digest algorithm. Running the program
-with the command --version yields a list of supported algorithms.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--cert-digest-algo &ParmName;</term>
-<listitem><para>
-Use &ParmName; as the message digest algorithm used when signing a
-key. Running the program with the command --version yields a list of
-supported algorithms. Be aware that if you choose an algorithm that
-GnuPG supports but other OpenPGP implementations do not, then some
-users will not be able to use the key signatures you make, or quite
-possibly your entire key.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--s2k-cipher-algo &ParmName;</term>
-<listitem><para>
-Use &ParmName; as the cipher algorithm used to protect secret keys.
-The default cipher is CAST5. This cipher is also used for
-conventional encryption if --cipher-algo is not given.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--s2k-digest-algo &ParmName;</term>
-<listitem><para>
-Use &ParmName; as the digest algorithm used to mangle the
-passphrases. The default algorithm is RIPE-MD-160.
-This digest algorithm is also used for conventional
-encryption if --digest-algo is not given.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--s2k-mode &ParmN;</term>
-<listitem><para>
-Selects how passphrases are mangled. If &ParmN; is 0
-a plain passphrase (which is not recommended) will be used,
-a 1 (default) adds a salt to the passphrase and
-a 3 iterates the whole process a couple of times.
-Unless --rfc1991 is used, this mode is also used
-for conventional encryption.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--simple-sk-checksum</term>
-<listitem><para>
-Secret keys are integrity protected by using a SHA-1 checksum. This
-method will be part of an enhanced OpenPGP specification but GnuPG
-already uses it as a countermeasure against certain attacks. Old
-applications don't understand this new format, so this option may be
-used to switch back to the old behaviour. Using this this option
-bears a security risk. Note that using this option only takes effect
-when the secret key is encrypted - the simplest way to make this
-happen is to change the passphrase on the key (even changing it to the
-same value is acceptable).
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--compress-algo &ParmN;</term>
-<listitem><para>
-Use compression algorithm &ParmN;. Default is 2 which is RFC1950
-compression. You may use 1 to use the old zlib version (RFC1951) which
-is used by PGP. 0 disables compression. The default algorithm may give
-better results because the window size is not limited to 8K. If this
-is not used the OpenPGP behavior is used, i.e. the compression
-algorithm is selected from the preferences; note, that this can't be
-done if you do not encrypt the data.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--disable-cipher-algo &ParmName;</term>
-<listitem><para>
-Never allow the use of &ParmName; as cipher algorithm.
-The given name will not be checked so that a later loaded algorithm
-will still get disabled.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--disable-pubkey-algo &ParmName;</term>
-<listitem><para>
-Never allow the use of &ParmName; as public key algorithm.
-The given name will not be checked so that a later loaded algorithm
-will still get disabled.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-sig-cache</term>
-<listitem><para>
-Do not cache the verification status of key signatures.
-Caching gives a much better performance in key listings. However, if
-you suspect that your public keyring is not save against write
-modifications, you can use this option to disable the caching. It
-probably does not make sense to disable it because all kind of damage
-can be done if someone else has write access to your public keyring.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-sig-create-check</term>
-<listitem><para>
-GnuPG normally verifies each signature right after creation to protect
-against bugs and hardware malfunctions which could leak out bits from
-the secret key. This extra verification needs some time (about 115%
-for DSA keys), and so this option can be used to disable it.
-However, due to the fact that the signature creation needs manual
-interaction, this performance penalty does not matter in most settings.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--auto-check-trustdb</term>
-<listitem><para>
-If GnuPG feels that its information about the Web-of-Trust has to be
-updated, it automatically runs the --check-trustdb command
-internally. This may be a time consuming process.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-auto-check-trustdb</term>
-<listitem><para>
-Resets the --auto-check-trustdb option.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--throw-keyid</term>
-<listitem><para>
-Do not put the keyid into encrypted packets. This option
-hides the receiver of the message and is a countermeasure
-against traffic analysis. It may slow down the decryption
-process because all available secret keys are tried.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--not-dash-escaped</term>
-<listitem><para>
-This option changes the behavior of cleartext signatures
-so that they can be used for patch files. You should not
-send such an armored file via email because all spaces
-and line endings are hashed too. You can not use this
-option for data which has 5 dashes at the beginning of a
-line, patch files don't have this. A special armor header
-line tells GnuPG about this cleartext signature option.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--escape-from-lines</term>
-<listitem><para>
-Because some mailers change lines starting with "From "
-to "&#60;From " it is good to handle such lines in a special
-way when creating cleartext signatures. All other PGP
-versions do it this way too. This option is not enabled
-by default because it would violate rfc2440.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--passphrase-fd &ParmN;</term>
-<listitem><para>
-Read the passphrase from file descriptor &ParmN;. If you use
-0 for &ParmN;, the passphrase will be read from stdin. This
-can only be used if only one passphrase is supplied.
-<!--fixme: make this print strong-->
-Don't use this option if you can avoid it.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--command-fd &ParmN;</term>
-<listitem><para>
-This is a replacement for the deprecated shared-memory IPC mode.
-If this option is enabled, user input on questions is not expected
-from the TTY but from the given file descriptor. It should be used
-together with --status-fd. See the file doc/DETAILS in the source
-distribution for details on how to use it.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--use-agent</term>
-<listitem><para>
-Try to use the GnuPG-Agent. Please note that this agent is still under
-development. With this option, GnuPG first tries to connect to the
-agent before it asks for a passphrase.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--gpg-agent-info</term>
-<listitem><para>
-Override the value of the environment variable
-<literal>GPG_AGENT_INFO</>. This is only used when --use-agent has been given
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--rfc1991</term>
-<listitem><para>
-Try to be more RFC1991 (PGP 2.x) compliant.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--pgp2</term>
-<listitem><para>
-Set up all options to be as PGP 2.x compliant as possible, and warn if
-an action is taken (e.g. encrypting to a non-RSA key) that will create
-a message that PGP 2.x will not be able to handle. Note that `PGP
-2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x
-available, but the MIT release is a good common baseline.
-</para><para>
-This option implies `--rfc1991 --no-openpgp --disable-mdc
---no-force-v4-certs --no-comment --escape-from-lines --force-v3-sigs
---no-ask-sig-expire --no-ask-cert-expire --cipher-algo IDEA
---digest-algo MD5 --compress-algo 1'. It also disables --textmode
-when encrypting.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-pgp2</term>
-<listitem><para>
-Resets the --pgp2 option.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--pgp6</term>
-<listitem><para>
-Set up all options to be as PGP 6 compliant as possible. This
-restricts you to the ciphers IDEA (if the IDEA plugin is installed),
-3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160, and the
-compression algorithms none and ZIP. This also disables making
-signatures with signing subkeys as PGP 6 does not understand
-signatures made by signing subkeys.
-</para><para>
-This option implies `--disable-mdc --no-comment --escape-from-lines
---force-v3-sigs --no-ask-sig-expire --compress-algo 1'
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-pgp6</term>
-<listitem><para>
-Resets the --pgp6 option.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--pgp7</term>
-<listitem><para>
-Set up all options to be as PGP 7 compliant as possible. This is
-identical to --pgp6 except that MDCs are not disabled, and the list of
-allowable ciphers is expanded to add AES128, AES192, AES256, and
-TWOFISH.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-pgp7</term>
-<listitem><para>
-Resets the --pgp7 option.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--openpgp</term>
-<listitem><para>
-Reset all packet, cipher and digest options to OpenPGP behavior. Use
-this option to reset all previous options like --rfc1991,
---force-v3-sigs, --s2k-*, --cipher-algo, --digest-algo and
---compress-algo to OpenPGP compliant values. All PGP workarounds are
-also disabled.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--force-v3-sigs</term>
-<listitem><para>
-OpenPGP states that an implementation should generate v4 signatures
-but PGP versions 5 and higher only recognize v4 signatures on key
-material. This option forces v3 signatures for signatures on data.
-Note that this option overrides --ask-sig-expire, as v3 signatures
-cannot have expiration dates.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-force-v3-sigs</term>
-<listitem><para>
-Reset the --force-v3-sigs option.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--force-v4-certs</term>
-<listitem><para>
-Always use v4 key signatures even on v3 keys. This option also
-changes the default hash algorithm for v3 RSA keys from MD5 to SHA-1.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-force-v4-certs</term>
-<listitem><para>
-Reset the --force-v4-certs option.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--force-mdc</term>
-<listitem><para>
-Force the use of encryption with appended manipulation code. This is
-always used with the newer ciphers (those with a blocksize greater
-than 64 bit).
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--allow-non-selfsigned-uid</term>
-<listitem><para>
-Allow the import and use of keys with user IDs which are not
-self-signed. This is not recommended, as a non self-signed user ID is
-trivial to forge.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-allow-non-selfsigned-uid</term>
-<listitem><para>
-Reset the --allow-non-selfsigned-uid option.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--allow-freeform-uid</term>
-<listitem><para>
-Disable all checks on the form of the user ID while generating a new
-one. This option should only be used in very special environments as
-it does not ensure the de-facto standard format of user IDs.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--ignore-time-conflict</term>
-<listitem><para>
-GnuPG normally checks that the timestamps associated with keys and
-signatures have plausible values. However, sometimes a signature seems to
-be older than the key due to clock problems. This option makes these
-checks just a warning.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--ignore-valid-from</term>
-<listitem><para>
-GnuPG normally does not select and use subkeys created in the future. This
-option allows the use of such keys and thus exhibits the pre-1.0.7
-behaviour. You should not use this option unless you there is some
-clock problem.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--ignore-crc-error</term>
-<listitem><para>
-The ASCII armor used by OpenPGP is protected by a CRC checksum against
-transmission errors. Sometimes it happens that the CRC gets mangled
-somewhere on the transmission channel but the actual content (which is
-protected by the OpenPGP protocol anyway) is still okay. This option
-will let gpg ignore CRC errors.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--ignore-mdc-error</term>
-<listitem><para>
-This option changes a MDC integrity protection failure into a warning.
-This can be useful if a message is partially corrupt, but it is
-necessary to get as much data as possible out of the corrupt message.
-However, be aware that a MDC protection failure may also mean that the
-message was tampered with intentionally by an attacker.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--lock-once</term>
-<listitem><para>
-Lock the databases the first time a lock is requested
-and do not release the lock until the process
-terminates.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--lock-multiple</term>
-<listitem><para>
-Release the locks every time a lock is no longer
-needed. Use this to override a previous --lock-once
-from a config file.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--lock-never</term>
-<listitem><para>
-Disable locking entirely. This option should be used only in very
-special environments, where it can be assured that only one process
-is accessing those files. A bootable floppy with a stand-alone
-encryption system will probably use this. Improper usage of this
-option may lead to data and key corruption.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-random-seed-file</term>
-<listitem><para>
-GnuPG uses a file to store its internal random pool over invocations.
-This makes random generation faster; however sometimes write operations
-are not desired. This option can be used to achieve that with the cost of
-slower random generation.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--no-verbose</term>
-<listitem><para>
-Reset verbose level to 0.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--no-greeting</term>
-<listitem><para>
-Suppress the initial copyright message but do not
-enter batch mode.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-secmem-warning</term>
-<listitem><para>
-Suppress the warning about "using insecure memory".
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-permission-warning</term>
-<listitem><para>
-Suppress the warning about unsafe file permissions.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-mdc-warning</term>
-<listitem><para>
-Suppress the warning about missing MDC integrity protection.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--no-armor</term>
-<listitem><para>
-Assume the input data is not in ASCII armored format.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--no-default-keyring</term>
-<listitem><para>
-Do not add the default keyrings to the list of
-keyrings.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--skip-verify</term>
-<listitem><para>
-Skip the signature verification step. This may be
-used to make the decryption faster if the signature
-verification is not needed.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--with-colons</term>
-<listitem><para>
-Print key listings delimited by colons. Note, that the output will be
-encoded in UTF-8 regardless of any --charset setting.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
-<term>--with-key-data</term>
-<listitem><para>
-Print key listings delimited by colons (like --with-colons) and print the public key data.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--with-fingerprint</term>
-<listitem><para>
-Same as the command --fingerprint but changes only the format of the output
-and may be used together with another command.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--fast-list-mode</term>
-<listitem><para>
-Changes the output of the list commands to work faster; this is achieved
-by leaving some parts empty. Some applications don't need the user ID and
-the trust information given in the listings. By using this options they
-can get a faster listing. The exact behaviour of this option may change
-in future versions.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--fixed-list-mode</term>
-<listitem><para>
-Do not merge user ID and primary key in --with-colon listing mode and
-print all timestamps as seconds since 1970-01-01.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--list-only</term>
-<listitem><para>
-Changes the behaviour of some commands. This is like --dry-run but
-different in some cases. The semantic of this command may be extended in
-the future. Currently it only skips the actual decryption pass and
-therefore enables a fast listing of the encryption keys.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-literal</term>
-<listitem><para>
-This is not for normal use. Use the source to see for what it might be useful.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--set-filesize</term>
-<listitem><para>
-This is not for normal use. Use the source to see for what it might be useful.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--emulate-md-encode-bug</term>
-<listitem><para>
-GnuPG versions prior to 1.0.2 had a bug in the way a signature was encoded.
-This options enables a workaround by checking faulty signatures again with
-the encoding used in old versions. This may only happen for ElGamal signatures
-which are not widely used.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--show-session-key</term>
-<listitem><para>
-Display the session key used for one message. See --override-session-key
-for the counterpart of this option.
-</para>
-<para>
-We think that Key-Escrow is a Bad Thing; however the user should
-have the freedom to decide whether to go to prison or to reveal the content of
-one specific message without compromising all messages ever encrypted for one
-secret key. DON'T USE IT UNLESS YOU ARE REALLY FORCED TO DO SO.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--override-session-key &ParmString; </term>
-<listitem><para>
-Don't use the public key but the session key &ParmString;. The format of this
-string is the same as the one printed by --show-session-key. This option
-is normally not used but comes handy in case someone forces you to reveal the
-content of an encrypted message; using this option you can do this without
-handing out the secret key.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--ask-sig-expire</term>
-<listitem><para>
-When making a data signature, prompt for an expiration time. If this
-option is not specified, the expiration time is "never".
-</para></listitem></varlistentry
-
-<varlistentry>
-<term>--no-ask-sig-expire</term>
-<listitem><para>
-Resets the --ask-sig-expire option.
-</para></listitem></varlistentry
-
-<varlistentry>
-<term>--ask-cert-expire</term>
-<listitem><para>
-When making a key signature, prompt for an expiration time. If this
-option is not specified, the expiration time is "never".
-</para></listitem></varlistentry
-
-<varlistentry>
-<term>--no-ask-cert-expire</term>
-<listitem><para>
-Resets the --ask-cert-expire option.
-</para></listitem></varlistentry
-
-<varlistentry>
-<term>--expert</term>
-<listitem><para>
-Allow the user to do certain nonsensical or "silly" things like
-signing an expired or revoked key, or certain potentially incompatible
-things like generating deprecated key types. This also disables
-certain warning messages about potentially incompatible actions. As
-the name implies, this option is for experts only. If you don't fully
-understand the implications of what it allows you to do, leave this
-off.
-</para></listitem></varlistentry
-
-<varlistentry>
-<term>--no-expert</term>
-<listitem><para>
-Resets the --expert option.
-</para></listitem></varlistentry
-
-<varlistentry>
-<term>--merge-only</term>
-<listitem><para>
-Don't insert new keys into the keyrings while doing an import.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--allow-secret-key-import</term>
-<listitem><para>
-This is an obsolete option and is not used anywhere.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--try-all-secrets</term>
-<listitem><para>
-Don't look at the key ID as stored in the message but try all secret keys in
-turn to find the right decryption key. This option forces the behaviour as
-used by anonymous recipients (created by using --throw-keyid) and might come
-handy in case where an encrypted message contains a bogus key ID.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--enable-special-filenames</term>
-<listitem><para>
-This options enables a mode in which filenames of the form
-<filename>-&#38;n</>, where n is a non-negative decimal number,
-refer to the file descriptor n and not to a file with that name.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--no-expensive-trust-checks</term>
-<listitem><para>
-Experimental use only.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--group &ParmNameValues;</term>
-<listitem><para>
-Sets up a named group, which is similar to aliases in email programs.
-Any time the group name is a receipient (-r or --recipient), it will
-be expanded to the values specified.
-
-The values are &ParmKeyIDs; or fingerprints, but any key description
-is accepted. Note that a value with spaces in it will be treated as
-two different values. Note also there is only one level of expansion
-- you cannot make an group that points to another group.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--preserve-permissions</term>
-<listitem><para>
-Don't change the permissions of a secret keyring back to user
-read/write only. Use this option only if you really know what you are doing.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--personal-cipher-preferences &ParmString;</term>
-<listitem><para>
-Set the list of personal cipher preferences to &ParmString;, this list
-should be a string similar to the one printed by the command "pref" in
-the edit menu. This allows the user to factor in their own preferred
-algorithms when algorithms are chosen via recipient key preferences.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--personal-digest-preferences &ParmString;</term>
-<listitem><para>
-Set the list of personal digest preferences to &ParmString;, this list
-should be a string similar to the one printed by the command "pref" in
-the edit menu. This allows the user to factor in their own preferred
-algorithms when algorithms are chosen via recipient key preferences.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--personal-compress-preferences &ParmString;</term>
-<listitem><para>
-Set the list of personal compression preferences to &ParmString;, this
-list should be a string similar to the one printed by the command
-"pref" in the edit menu. This allows the user to factor in their own
-preferred algorithms when algorithms are chosen via recipient key
-preferences.
-</para></listitem></varlistentry>
-
-<varlistentry>
-<term>--default-preference-list &ParmString;</term>
-<listitem><para>
-Set the list of default preferences to &ParmString;, this list should
-be a string similar to the one printed by the command "pref" in the
-edit menu. This affects both key generation and "updpref" in the edit
-menu.
-</para></listitem></varlistentry>
-
-
-</variablelist>
-</refsect1>
-
-
-<refsect1>
- <title>How to specify a user ID</title>
- <para>
-There are different ways on how to specify a user ID to GnuPG;
-here are some examples:
- </para>
-
- <variablelist>
-<varlistentry>
-<term></term>
-<listitem><para></para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>234567C4</term>
-<term>0F34E556E</term>
-<term>01347A56A</term>
-<term>0xAB123456</term>
-<listitem><para>
-Here the key ID is given in the usual short form.
-</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>234AABBCC34567C4</term>
-<term>0F323456784E56EAB</term>
-<term>01AB3FED1347A5612</term>
-<term>0x234AABBCC34567C4</term>
-<listitem><para>
-Here the key ID is given in the long form as used by OpenPGP
-(you can get the long key ID using the option --with-colons).
-</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>1234343434343434C434343434343434</term>
-<term>123434343434343C3434343434343734349A3434</term>
-<term>0E12343434343434343434EAB3484343434343434</term>
-<term>0xE12343434343434343434EAB3484343434343434</term>
-<listitem><para>
-The best way to specify a key ID is by using the fingerprint of
-the key. This avoids any ambiguities in case that there are duplicated
-key IDs (which are really rare for the long key IDs).
-</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>=Heinrich Heine &#60;[email protected]&#62;</term>
-<listitem><para>
-Using an exact to match string. The equal sign indicates this.
-</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>&#60;[email protected]&#62;</term>
-<listitem><para>
-Using the email address part which must match exactly. The left angle bracket
-indicates this email address mode.
-</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>+Heinrich Heine duesseldorf</term>
-<listitem><para>
-All words must match exactly (not case sensitive) but can appear in
-any order in the user ID. Words are any sequences of letters,
-digits, the underscore and all characters with bit 7 set.
-</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>Heine</term>
-<term>*Heine</term>
-<listitem><para>
-By case insensitive substring matching. This is the default mode but
-applications may want to explicitly indicate this by putting the asterisk
-in front.
-</para></listitem>
-</varlistentry>
-
- </variablelist>
-
- <para>
-Note that you can append an exclamation mark to key IDs or
-fingerprints. This flag tells GnuPG to use exactly the given primary
-or secondary key and not to try to figure out which secondary or
-primary key to use.
- </para>
-
-</refsect1>
-
-
-<refsect1>
- <title>RETURN VALUE</title>
- <para>
-The program returns 0 if everything was fine, 1 if at least
-a signature was bad, and other error codes for fatal errors.
- </para>
-</refsect1>
-
-<refsect1>
- <title>EXAMPLES</title>
- <variablelist>
-
-<varlistentry>
-<term>gpg -se -r <parameter/Bob/ &ParmFile;</term>
-<listitem><para>sign and encrypt for user Bob</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>gpg --clearsign &ParmFile;</term>
-<listitem><para>make a clear text signature</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>gpg -sb &ParmFile;</term>
-<listitem><para>make a detached signature</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>gpg --list-keys <parameter/user_ID/</term>
-<listitem><para>show keys</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>gpg --fingerprint <parameter/user_ID/</term>
-<listitem><para>show fingerprint</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>gpg --verify <parameter/pgpfile/</term>
-<term>gpg --verify <parameter/sigfile/ &OptParmFiles;</term>
-<listitem><para>
-Verify the signature of the file but do not output the data. The second form
-is used for detached signatures, where <parameter/sigfile/ is the detached
-signature (either ASCII armored of binary) and &OptParmFiles are the signed
-data; if this is not given the name of the file holding the signed data is
-constructed by cutting off the extension (".asc" or ".sig") of
-<parameter/sigfile/ or by asking the user for the filename.
-</para></listitem></varlistentry>
-
- </variablelist>
-</refsect1>
-
-
-<refsect1>
- <title>ENVIRONMENT</title>
-
- <variablelist>
-<varlistentry>
-<term>HOME</term>
-<listitem><para>Used to locate the default home directory.</para></listitem>
-</varlistentry>
-<varlistentry>
-<term>GNUPGHOME</term>
-<listitem><para>If set directory used instead of "~/.gnupg".</para></listitem>
-</varlistentry>
-<varlistentry>
-<term>GPG_AGENT_INFO</term>
-<listitem><para>Used to locate the gpg-agent; only honored when
---use-agent is set. The value consists of 3 colon delimited fields:
-The first is the path to the Unix Domain Socket, the second the PID of
-the gpg-agent and the protocol version which should be set to 1. When
-starting the gpg-agent as described in its documentation, this
-variable is set to the correct value. The option --gpg-agent-info can
-be used to override it.</para></listitem>
-</varlistentry>
-<varlistentry>
-<term>http_proxy</term>
-<listitem><para>Only honored when the keyserver-option
-honor-http-proxy is set.</para></listitem>
-</varlistentry>
- </variablelist>
-
-</refsect1>
-
-<refsect1>
- <title>FILES</title>
- <variablelist>
-
-<varlistentry>
-<term>~/.gnupg/secring.gpg</term>
-<listitem><para>The secret keyring</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>~/.gnupg/secring.gpg.lock</term>
-<listitem><para>and the lock file</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>~/.gnupg/pubring.gpg</term>
-<listitem><para>The public keyring</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>~/.gnupg/pubring.gpg.lock</term>
-<listitem><para>and the lock file</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>~/.gnupg/trustdb.gpg</term>
-<listitem><para>The trust database</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>~/.gnupg/trustdb.gpg.lock</term>
-<listitem><para>and the lock file</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>~/.gnupg/random_seed</term>
-<listitem><para>used to preserve the internal random pool</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>~/.gnupg/gpg.conf</term>
-<listitem><para>Default configuration file</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>~/.gnupg/options</term>
-<listitem><para>Old style configuration file; only used when gpg.conf
-is not found</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>/usr[/local]/share/gnupg/options.skel</term>
-<listitem><para>Skeleton options file</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>/usr[/local]/lib/gnupg/</term>
-<listitem><para>Default location for extensions</para></listitem>
-</varlistentry>
-
- </variablelist>
-</refsect1>
-
-<!-- SEE ALSO not yet needed-->
-
-<refsect1>
- <title>WARNINGS</title>
- <para>
-Use a *good* password for your user account and a *good* passphrase
-to protect your secret key. This passphrase is the weakest part of the
-whole system. Programs to do dictionary attacks on your secret keyring
-are very easy to write and so you should protect your "~/.gnupg/"
-directory very well.
-</para>
-<para>
-Keep in mind that, if this program is used over a network (telnet), it
-is *very* easy to spy out your passphrase!
-</para>
-<para>
-If you are going to verify detached signatures, make sure that the
-program knows about it; either be giving both filenames on the
-command line or using <literal>-</literal> to specify stdin.
-</para>
-</refsect1>
-
-
-<refsect1>
- <title>BUGS</title>
- <para>
-On many systems this program should be installed as setuid(root). This
-is necessary to lock memory pages. Locking memory pages prevents the
-operating system from writing memory pages to disk. If you get no
-warning message about insecure memory your operating system supports
-locking without being root. The program drops root privileges as soon
-as locked memory is allocated.
-</para>
-</refsect1>
-
-</refentry>
-
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 08:04:41 +0000