diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/examples/vsnfd.prf | 1 | ||||
| -rw-r--r-- | doc/gpg.texi | 13 | ||||
| -rw-r--r-- | doc/gpgsm.texi | 6 | ||||
| -rw-r--r-- | doc/wks.texi | 26 |
4 files changed, 31 insertions, 15 deletions
diff --git a/doc/examples/vsnfd.prf b/doc/examples/vsnfd.prf index e8732de00..1dc21e0a7 100644 --- a/doc/examples/vsnfd.prf +++ b/doc/examples/vsnfd.prf @@ -6,6 +6,7 @@ default-new-key-algo rsa3072/cert,sign+rsa3072/encr [gpgsm] enable-crl-checks +compliance de-vs [gpg-agent] enable-extended-key-format diff --git a/doc/gpg.texi b/doc/gpg.texi index 3a2c0ff7f..8fea489f0 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3829,6 +3829,19 @@ If you are going to verify detached signatures, make sure that the program knows about it; either give both filenames on the command line or use @samp{-} to specify STDIN. +For scripted or other unattended use of @command{gpg} make sure to use +the machine-parseable interface and not the default interface which is +intended for direct use by humans. The machine-parseable interface +provides a stable and well documented API independent of the locale or +future changes of @command{gpg}. To enable this interface use the +options @option{--with-colons} and @option{--status-fd}. For certain +operations the option @option{--command-fd} may come handy too. See +this man page and the file @file{DETAILS} for the specification of the +interface. Note that the GnuPG ``info'' pages as well as the PDF +version of the GnuPG manual features a chapter on unattended use of +GnuPG. As an alternative the library @command{GPGME} can be used as a +high-level abstraction on top of that interface. + @mansect interoperability @chapheading INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index b187a54d5..37a535366 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -257,10 +257,10 @@ fingerprints or keygrips. @item --export-secret-key-p12 @var{key-id} @opindex export-secret-key-p12 Export the private key and the certificate identified by @var{key-id} in -a PKCS#12 format. When used with the @code{--armor} option a few +using the PKCS#12 format. When used with the @code{--armor} option a few informational lines are prepended to the output. Note, that the PKCS#12 -format is not very secure and this command is only provided if there is -no other way to exchange the private key. (@xref{option --p12-charset}.) +format is not very secure and proper transport security should be used +to convey the exported key. (@xref{option --p12-charset}.) @item --export-secret-key-p8 @var{key-id} @itemx --export-secret-key-raw @var{key-id} diff --git a/doc/wks.texi b/doc/wks.texi index 131a4c2c2..4508ae2a1 100644 --- a/doc/wks.texi +++ b/doc/wks.texi @@ -181,6 +181,7 @@ Display a brief help page and exit. .RI [ options ] .B \-\-install-key .I file +.I user-id .br .B gpg-wks-server .RI [ options ] @@ -221,14 +222,19 @@ the process returns failure; to suppress the diagnostic, use option @option{-q}. More than one user-id can be given; see also option @option{with-file}. +The command @option{--install-key} manually installs a key into the +WKD. The arguments are a file with the keyblock and the user-id to +install. If the first argument resembles a fingerprint the key is +taken from the current keyring; to force the use of a file, prefix the +first argument with "./". + The command @option{--remove-key} uninstalls a key from the WKD. The -process return success in this case; to also print a diagnostic, use -option @option{-v}. If the key is not installed a diagnostics is +process returns success in this case; to also print a diagnostic, use +option @option{-v}. If the key is not installed a diagnostic is printed and the process returns failure; to suppress the diagnostic, use option @option{-q}. -The commands @option{--install-key} and @option{--revoke-key} are not -yet functional. +The command @option{--revoke-key} is not yet functional. @mansect options @@ -326,7 +332,7 @@ the submission address: @example $ gpg --batch --passphrase '' --quick-gen-key key-submission@@example.net - $ gpg --with-wkd-hash -K key-submission@@example.net + $ gpg -K key-submission@@example.net @end example The output of the last command looks similar to this: @@ -339,17 +345,13 @@ The output of the last command looks similar to this: ssb rsa3072 2016-08-30 [E] @end example -Take the hash of the string "key-submission", which is -"bxzcxpxk8h87z1k7bzk86xn5aj47intu" and manually publish that key: +Take the fingerprint from that output and manually publish the key: @example - $ gpg --export-options export-minimal --export \ - > -o /var/lib/gnupg/wks/example.net/hu/bxzcxpxk8h87z1k7bzk86xn5aj47intu \ - > key-submission@@example.new + $ gpg-wks-server --install-key C0FCF8642D830C53246211400346653590B3795B \ + > key-submission@@example.net @end example -Make sure that the created file is world readable. - Finally that submission address needs to be redirected to a script running @command{gpg-wks-server}. The @command{procmail} command can be used for this: Redirect the submission address to the user "webkey" |