diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/DETAILS | 32 | ||||
| -rw-r--r-- | doc/gpg-agent.texi | 14 | ||||
| -rw-r--r-- | doc/gpg.texi | 13 | ||||
| -rw-r--r-- | doc/gpgsm.texi | 19 |
4 files changed, 56 insertions, 22 deletions
diff --git a/doc/DETAILS b/doc/DETAILS index e01b74ac1..4c1e9b67c 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -1183,6 +1183,17 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: send to the client instead of this status line. Such an inquiry may be used to sync with Pinentry +*** GPGTAR_EXTRACT <tot> <skp> <bad> <sus> <sym> <hrd> <oth> + This status line is emitted after gpgtar has extracted files. + + - tot :: Total number of files extracted and stored + - skp :: Total number of files skipped during extraction + - bad :: Number of files skipped due to a bad file name + - sus :: Number of files skipped due to a suspicious file name + - sym :: Number of symlinks not restored + - hrd :: Number of hard links not restored + - oth :: Number of files not extracted due to other reasons. + ** Obsolete status codes *** SIGEXPIRED Removed on 2011-02-04. This is deprecated in favor of KEYEXPIRED. @@ -1706,15 +1717,21 @@ Description of some debug flags: - RFC-5915 :: ECC Private Key Structure - RFC-5958 :: Asymmetric Key Packages - RFC-6337 :: ECC in OpenPGP + - RFC-7748 :: Elliptic Curves for Security (X25519 and X448) + - RFC-8410 :: Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 - RFC-7292 :: PKCS #12: Personal Information Exchange Syntax v1.1 - RFC-8351 :: The PKCS #8 EncryptedPrivateKeyInfo Media Type - RFC-8550 :: S/MIME Version 4.0 Certificate Handling - RFC-8551 :: S/MIME Version 4.0 Message Specification - RFC-2634 :: Enhanced Security Services for S/MIME - RFC-5035 :: Enhanced Security Services (ESS) Update + - RFC-7253 :: The OCB Authenticated-Encryption Algorithm - draft-koch-openpgp-2015-rfc4880bis :: Updates to RFC-4880 + - T6390 :: Notes on use of X25519 in GnuPG (https://dev.gnupg.org/T6390) + + ** v3 fingerprints For packet version 3 we calculate the keyids this way: - RSA :: Low 64 bits of n @@ -1724,17 +1741,10 @@ Description of some debug flags: ** gnupg.org notations - - [email protected] :: Additional decryption subkey. This notation - gives a list of keys an implementation SHOULD - also encrypt to. The data consists of an array - of eight-octet numbers holding the Key ID of an - encryption subkey. This notation is only valid - on an encryption subkey (i.e. with first octet - of the key flags 0x04 or 0x08). Subkeys not on - the same keyblock MUST NOT be considered. For - interoperability this notation SHOULD NOT be - marked as criticial. Due to its nature it MUST - NOT be marked as human readable. + - [email protected] :: Used by Kleopatra to implement the tag feature. + These tags are used to mark keys for easier + searching and grouping. + ** Simplified revocation certificates Revocation certificates consist only of the signature packet; diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 921522d53..1a03de010 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -615,15 +615,11 @@ remote machine. @itemx --disable-extended-key-format @opindex enable-extended-key-format @opindex disable-extended-key-format -Since version 2.3 keys are created in the extended private key format. -Changing the passphrase of a key will also convert the key to that new -format. This new key format is supported since GnuPG version 2.1.12 -and thus there should be no need to disable it. The disable option -allows to revert to the old behavior for new keys; be aware that keys -are never migrated back to the old format. However if the enable -option has been used the disable option won't have an effect. The -advantage of the extended private key format is that it is text based -and can carry additional meta data. +These options are obsolete and have no effect. The extended key format +is used for years now and has been supported since 2.1.12. Existing +keys in the old format are migrated to the new format as soon as they +are touched. + @anchor{option --enable-ssh-support} @item --enable-ssh-support diff --git a/doc/gpg.texi b/doc/gpg.texi index 45cd97241..a6ab4d57d 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1067,6 +1067,15 @@ signing. "sensitive". If a designated revoker is marked as sensitive, it will not be exported by default (see export-options). + @item addadsk + @opindex keyedit:addadsk + Add an Additional Decryption Subkey. The user is asked to enter the + fingerprint of another encryption subkey. Note that the exact + fingerprint of another key's encryption subkey needs to be entered. + This is because commonly the primary key has no encryption + capability. Use the option @option{--with-subkey-fingerprint} with + a list command to display the subkey fingerprints. + @item passwd @opindex keyedit:passwd Change the passphrase of the secret key. @@ -3190,6 +3199,10 @@ Write log output to file descriptor @var{n} and not to STDERR. Same as @option{--logger-fd}, except the logger data is written to file @var{file}. Use @file{socket://} to log to s socket. +@item --log-time +@opindex log-time +Prefix all log output with a timestamp even if no log file is used. + @item --attribute-fd @var{n} @opindex attribute-fd Write attribute subpackets to the file descriptor @var{n}. This is most diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index a328ea5f0..364345741 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -408,6 +408,10 @@ Do not print a warning when the so called "secure memory" cannot be used. When running in server mode, append all logging output to @var{file}. Use @file{socket://} to log to socket. +@item --log-time +@opindex log-time +Prefix all log output with a timestamp even if no log file is used. + @end table @@ -492,8 +496,10 @@ This usually means that Dirmngr is employed to search for the certificate. Note that this option makes a "web bug" like behavior possible. LDAP server operators can see which keys you request, so by sending you a message signed by a brand new key (which you naturally -will not have on your local keybox), the operator can tell both your IP -address and the time when you verified the signature. +will not have on your local keybox), the operator can tell both your +IP address and the time when you verified the signature. Note that if +CRL checking is not disabled issuer certificates are retrieved in any +case using the caIssuers authorityInfoAccess method. @anchor{gpgsm-option --validation-model} @@ -623,6 +629,15 @@ always listed in @option{--with-colons} mode. Include info about the presence of a secret key in public key listings done with @code{--with-colons}. +@item --no-pretty-dn +@opindex no-pretty-dn +By default gpgsm prints distinguished names (DNs) like the Issuer or +Subject in a more readable format (e.g. using a well defined order of +the parts). However, this format can't be used as input strings. +This option reverts printing to standard RFC-2253 format and thus +avoids the need to use --dump-cert or --with-colons to get the +``real'' name. + @end table @c ******************************************* |