diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/ChangeLog | 4 | ||||
| -rw-r--r-- | doc/DETAILS | 63 | ||||
| -rw-r--r-- | doc/announce-2.0.txt | 188 | ||||
| -rw-r--r-- | doc/gpgsm.texi | 14 |
4 files changed, 242 insertions, 27 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog index 48825d88b..afb28e1e0 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,7 @@ +2006-11-14 Werner Koch <[email protected]> + + * gpgsm.texi (GPGSM EXPORT): Document changes. + 2006-11-11 Werner Koch <[email protected]> * gnupg.texi (Top): Move gpg-agent part before gpg. diff --git a/doc/DETAILS b/doc/DETAILS index 00aca2330..cf497571f 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -199,48 +199,62 @@ more arguments in future versions. is useful to define a context for parsing ERROR status messages. No arguments are currently defined. - GOODSIG <long keyid> <username> + GOODSIG <long_keyid_or_fpr> <username> The signature with the keyid is good. For each signature only one of the three codes GOODSIG, BADSIG or ERRSIG will be emitted and they may be used as a marker for a new signature. The username is the primary one encoded in UTF-8 and %XX - escaped. + escaped. The fingerprint may be used instead of the long keyid + if it is available. This is the case with CMS and might + eventually also be available for OpenPGP. - EXPSIG <long keyid> <username> + EXPSIG <long_keyid_or_fpr> <username> The signature with the keyid is good, but the signature is expired. The username is the primary one encoded in UTF-8 and - %XX escaped. + %XX escaped. The fingerprint may be used instead of the long + keyid if it is available. This is the case with CMS and might + eventually also be available for OpenPGP. - EXPKEYSIG <long keyid> <username> - The signature with the keyid is good, but the signature was + EXPKEYSIG <long_keyid_or_fpr> <username> + The signature with the keyid is good, but the signature was made by an expired key. The username is the primary one - encoded in UTF-8 and %XX escaped. + encoded in UTF-8 and %XX escaped. The fingerprint may be used + instead of the long keyid if it is available. This is the + case with CMS and might eventually also be available for + OpenPGP. - REVKEYSIG <long keyid> <username> + REVKEYSIG <long_keyid_or_fpr> <username> The signature with the keyid is good, but the signature was - made by a revoked key. The username is the primary one - encoded in UTF-8 and %XX escaped. - - BADSIG <long keyid> <username> - The signature with the keyid has not been verified okay. - The username is the primary one encoded in UTF-8 and %XX - escaped. - - ERRSIG <long keyid> <pubkey_algo> <hash_algo> \ + made by a revoked key. The username is the primary one encoded + in UTF-8 and %XX escaped. The fingerprint may be used instead + of the long keyid if it is available. This is the case with + CMS and might eventually also be available for OpenPGP. + + BADSIG <long_keyid_or_fpr> <username> + The signature with the keyid has not been verified okay. The + username is the primary one encoded in UTF-8 and %XX + escaped. The fingerprint may be used instead of the long keyid + if it is available. This is the case with CMS and might + eventually also be available for OpenPGP. + + ERRSIG <long_keyid_or_fpr> <pubkey_algo> <hash_algo> \ <sig_class> <timestamp> <rc> It was not possible to check the signature. This may be - caused by a missing public key or an unsupported algorithm. - A RC of 4 indicates unknown algorithm, a 9 indicates a missing - public key. The other fields give more information about - this signature. sig_class is a 2 byte hex-value. + caused by a missing public key or an unsupported algorithm. A + RC of 4 indicates unknown algorithm, a 9 indicates a missing + public key. The other fields give more information about this + signature. sig_class is a 2 byte hex-value. The fingerprint + may be used instead of the long keyid if it is available. + This is the case with CMS and might eventually also be + available for OpenPGP. Note, that TIMESTAMP may either be a number with seconds since epoch or an ISO 8601 string which can be detected by the presence of the letter 'T' inside. VALIDSIG <fingerprint in hex> <sig_creation_date> <sig-timestamp> - <expire-timestamp> <sig-version> <reserved> <pubkey-algo> - <hash-algo> <sig-class> <primary-key-fpr> + <expire-timestamp> [ <sig-version> <reserved> <pubkey-algo> + <hash-algo> <sig-class> <primary-key-fpr> ] The signature with the keyid is good. This is the same as GOODSIG but has the fingerprint as the argument. Both status @@ -255,6 +269,9 @@ more arguments in future versions. useful to get back to the primary key without running gpg again for this purpose. + The optional parameters are used for OpenPGP and are not + available for CMS signatures. + Note, that *-TIMESTAMP may either be a number with seconds since epoch or an ISO 8601 string which can be detected by the presence of the letter 'T' inside. diff --git a/doc/announce-2.0.txt b/doc/announce-2.0.txt new file mode 100644 index 000000000..9a3dfc7fc --- /dev/null +++ b/doc/announce-2.0.txt @@ -0,0 +1,188 @@ +Hello! + +The GNU project is pleased to announce the availability of a new +stable GnuPG release: Version 2.0.0. + +The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication +and data storage. It can be used to encrypt data, create digital +signatures, help authenticating using Secure Shell and to provide a +framework for public key cryptography. It includes an advanced key +management facility and is compliant with the OpenPGP and S/MIME +standards. + +GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.5) in that +it splits up functionality into several modules. However, both +versions may be installed alongside without any conflict. In fact, +the gpg version from GnuPG-1 is able to make use of the gpg-agent as +included in GnuPG-2 and allows for seamless passphrase caching. The +advantage of GnuPG-1 is its smaller size and the lack of dependency on +other modules at run and build time. We will keep maintaining GnuPG-1 +versions because they are very useful for small systems and for server +based applications requiring only OpenPGP support. + +GnuPG is distributed under the terms of the GNU General Public License +(GPL). GnuPG-2 works best on GNU/Linux or *BSD systems. Other POSIX +compliant systems are also supported but have not yet been tested very +well. + + +What's New in GnuPG-2 +===================== + + * The *gpg-agent* is the central place to maintain private keys and + to cache passphrases. It is implemented as a daemon to be started + with a user session. + + * *gpgsm* is an implementation of the X.509 and CMS standards and + provides the cryptographic core to implement the S/MIME protocol. + The command line interface is very similar to the one of gpg. This + helps adding S/MIME to application currently providing OpenPGP + support. + + * *scdaemon* is a daemon run by gpg-agent to access different types + of smart cards using a unified interface. + + * *gpg-connect-agent* is a tool to help scripts directly accessing + services of gpg-agent and scdaemon. + + * *gpgconf* is a tool to maintain the configuration files of all + modules using a well defined API. + + * Support for Dirmngr, a separate package to maintain certificate + revocation lists, do OCSP requests and to run LDAP queries. + + * Support for the Secure Shell Agent protocol. In fact, gpg-agent + may be used as full replacement of the commonly used ssh-agent + daemon. + + * Smart card support for the Secure Shell. + + * Documentation is now done in Texinfo. Thus besides Info, HTML and + PDF versions may easily be generated. + + * Man pages for all tools. + + +Getting the Software +==================== + +Please follow the instructions found at http://www.gnupg.org/download/ +or read on: + +GnuPG 2.0.0 may be downloaded from one of the GnuPG mirror sites or +direct from ftp://ftp.gnupg.org/gcrypt/ . The list of mirrors can be +found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not +available at ftp.gnu.org. + +On the mirrors you should find the following files in the *gnupg* +directory: + + gnupg-2.0.0.tar.bz2 (3.8M) + gnupg-2.0.0.tar.bz2.sig + + GnuPG source compressed using BZIP2 and OpenPGP signature. + +Please try another mirror if exceptional your mirror is not yet up to +date. GnuPG-2 requires a couple of libraries to be installed; see the +README file or the output of the configure run for details. + + +Checking the Integrity +====================== + +In order to check that the version of GnuPG which you are going to +install is an original and unmodified one, you can do it in one of +the following ways: + + * If you already have a trusted version of GnuPG installed, you + can simply check the supplied signature. For example to check the + signature of the file gnupg-2.0.0.tar.bz2 you would use this command: + + gpg --verify gnupg-2.0.0.tar.bz2.sig + + This checks whether the signature file matches the source file. + You should see a message indicating that the signature is good and + made by that signing key. Make sure that you have the right key, + either by checking the fingerprint of that key with other sources + or by checking that the key has been signed by a trustworthy other + key. Note, that you can retrieve the signing key using the command + + finger wk ,at' g10code.com + + or using a key server like + + gpg --recv-key 1CE0C630 + + The distribution key 1CE0C630 is signed by the well known key + 5B0358A2. If you get an key expired message, you should retrieve a + fresh copy as the expiration date might have been prolonged. + + NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE + INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! + + * If you are not able to use an existing version of GnuPG, you have + to verify the SHA-1 checksum. Assuming you downloaded the file + gnupg-2.0.0.tar.bz2, you would run the sha1sum command like this: + + sha1sum gnupg-2.0.0.tar.bz2 + + and check that the output matches this: + +c335957368ea88bcb658922e7d3aae7e3ac6896d gnupg-2.0.0.tar.bz2 + + +Internationalization +==================== + +GnuPG comes with support for 27 languages. Due to a lot of new and +changed strings most translations are not entirely complete. However +the Turkish and German translators have been very fast in completing +their translations. The Russian one came in just a few hours too +late. Updates of the other translations are expected for the next +releases. + + +Documentation +============= + +We are currently working on an installation guide to explain in more +detail how to configure the new features. As of now the chapters on +gpg-agent and gpgsm include brief information on how to set up the +whole thing. Please watch the GnuPG website for updates of the +documentation. In the meantime you may search the GnuPG mailing list +archives or ask on the gnupg-users mailing lists for advise on how to +solve problems. Many of the new features are around for several years +and thus enough public knowledge is already available. + + +Support +======= + +Improving GnuPG is costly, but you can help! We are looking for +organizations that find GnuPG useful and wish to contribute back. You +can contribute by reporting bugs, improve the software, or by donating +money. + +Commercial support contracts for GnuPG are available, and they help +finance continued maintenance. g10 Code GmbH, a Duesseldorf based +company owned and headed by GnuPG's principal author, is currently +funding GnuPG development. We are always looking for interesting +development projects. + +A service directory is available at: + + http://www.gnupg.org/service.html + + +Thanks +====== + +We have to thank all the people who helped with this release, be it +testing, coding, translating, suggesting, auditing, administering the +servers, spreading the word or answering questions on the mailing +lists. + + +Happy Hacking, + + The GnuPG Team (David, Werner and all other contributors) diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 64a662879..49208d5d2 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -1072,16 +1072,22 @@ Note that options are valid for the entire session. To export certificate from the internal key database the command: @example - EXPORT @var{pattern} + EXPORT [--data [--armor] [--base64]] [--] @var{pattern} @end example is used. To allow multiple patterns (which are ORed) quoting is required: Spaces are to be translated into "+" or into "%20"; in turn this requires that the usual escape quoting rules are done. -The format of the output depends on what was set with the OUTPUT -command. When using @acronym{PEM} encoding a few informational lines -are prepended. +If the @option{--data} option has not been given, the format of the +output depends on what was set with the OUTPUT command. When using +@acronym{PEM} encoding a few informational lines are prepended. + +If the @option{--data} has been given, a target set via OUTPUT is +ignored and the data is returned inline using standard +@code{D}-lines. This avoids the need for an extra file descriptor. In +this case the options @option{--armor} and @option{--base64} may be used +in the same way as with the OUTPUT command. @node GPGSM IMPORT |