2 files changed, 60 insertions, 6 deletions

diff --git a/doc/DETAILS b/doc/DETAILS
index 0504c80bb..246c4227d 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -1666,6 +1666,7 @@ Status codes are:
   1.3.6.1.4.1.11591.2          GnuPG
   1.3.6.1.4.1.11591.2.1          notation
   1.3.6.1.4.1.11591.2.1.1          pkaAddress
+  1.3.6.1.4.1.11591.2.1.2          manuNotation (as IA5String)
   1.3.6.1.4.1.11591.2.2          X.509 extensions
   1.3.6.1.4.1.11591.2.2.1          standaloneCertificate
   1.3.6.1.4.1.11591.2.2.2          wellKnownPrivateKey
@@ -1774,7 +1775,6 @@ Description of some debug flags:
 
   - T6390 :: Notes on use of X25519 in GnuPG (https://dev.gnupg.org/T6390)
 
-
 ** v3 fingerprints
    For packet version 3 we calculate the keyids this way:
     - RSA :: Low 64 bits of n
@@ -1782,12 +1782,56 @@ Description of some debug flags:
                  calculate a RMD160 hash value from it. This is used
                  as the fingerprint and the low 64 bits are the keyid.
 
-** gnupg.org notations
+** Used notations
+
+  - manu :: LibrePGP/rfc4880bis defined standard notation used by
+            GnuPG and other implementaions to convey additional
+            information about the implementation used to create
+            a key or signature.  This is a list of comma delimited
+            values with these defined fields:
+
+            | field | name             | defined values         |
+            |-------+------------------+------------------------|
+            |     1 | software product | see: prod-id           |
+            |     2 | software version | e.g. "2.2", "2.5+1.12" |
+            |     3 | architecture     | see: arch-id           |
+            |     4 | operating system | see: os-id             |
+            |     5 | compliance class | e.g. "23", "2023"      |
+
+            | prod-id | name        |
+            |---------+-------------|
+            |       1 | PGP         |
+            |       2 | GnuPG       |
+            |       3 | Greenshield |
+            |       4 | RNP         |
+
+            | arch-id | cpu   |
+            |---------+-------|
+            |       1 | i686  |
+            |       2 | amd64 |
+            |       3 | arm64 |
+            |       4 | riscv |
+
+            | os-id | os      |
+            |-------+---------|
+            |     1 | Windows |
+            |     2 | Linux   |
+            |     3 | BSD     |
+
+            If a value for a field is not known, the empty string
+            may be used.  The values are also used for the X.509/CMS
+            extension 1.3.6.1.4.1.11591.2.1.2.  The compliance class
+            values are 23 for "de-vs" and 2023 for non-approved "de-vs".
+
+            This notation shall be human readable.  It is defined in
+            away to minimize its size but to be easily viewable by
+            standard software.
 
   - [email protected] :: Used by Kleopatra to implement the tag feature.
                      These tags are used to mark keys for easier
                      searching and grouping.
-
+  - [email protected] :: Used by GnuPG to mark the compliance of
+                     encryption subkeys.
 
 ** Simplified revocation certificates
   Revocation certificates consist only of the signature packet;
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 63e87e528..91bc73e8c 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1420,11 +1420,15 @@ give the opposite meaning.  The options are:
   @item show-notations
   @itemx show-std-notations
   @itemx show-user-notations
+  @itemx show-hidden-notations
   @opindex list-options:show-notations
   @opindex list-options:show-std-notations
   @opindex list-options:show-user-notations
+  @opindex list-options:show-hidden-notations
   Show all, IETF standard, or user-defined signature notations in the
-  @option{--check-signatures} listings. Defaults to no.
+  @option{--check-sigs} listings.  Hidden notations are those which
+  are automatically inserted by an implementation and not worthy to
+  mention. Defaults to no.
 
   @item show-x509-notations
   @opindex list-options:show-x509-notations
@@ -1513,11 +1517,15 @@ the opposite meaning. The options are:
   @item show-notations
   @itemx show-std-notations
   @itemx show-user-notations
+  @itemx show-hidden-notations
   @opindex verify-options:show-notations
   @opindex verify-options:show-std-notations
   @opindex verify-options:show-user-notations
+  @opindex verify-options:show-hidden-notations
   Show all, IETF standard, or user-defined signature notations in the
-  signature being verified. Defaults to IETF standard.
+  signature being verified.  Hidden notations are those which are
+  automatically inserted by an implementation and not worthy to
+  mention.  Defaults to IETF standard.
 
   @item show-keyserver-urls
   @opindex verify-options:show-keyserver-urls
@@ -3374,7 +3382,9 @@ given once only the name of the program and the major number is
 emitted, given twice the minor is also emitted, given thrice
 the micro is added, and given four times an operating system identification
 is also emitted.  @option{--no-emit-version} (default) disables the version
-line.
+line.  Note that unless the @option{--compatibility-flags} have
+a "no-manu" flag set, the GnuPG and Libgcrypt major and minor version
+(e.g. "2.6+1.11") is included in signature packets and keys.
 
 @item --sig-notation @{@var{name}=@var{value}@}
 @itemx --cert-notation @{@var{name}=@var{value}@}