diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/gpg-agent.texi | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 3997d2046..6b39d73cd 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -585,16 +585,20 @@ local gpg-agent and use its private keys. This enables decrypting or signing data on a remote machine without exposing the private keys to the remote machine. -@anchor{option --enable-extended-key-format} @item --enable-extended-key-format +@itemx --disable-extended-key-format @opindex enable-extended-key-format -This option creates keys in the extended private key format. Changing -the passphrase of a key will also convert the key to that new format. -Using this option makes the private keys unreadable for gpg-agent -versions before 2.1.12. The advantage of the extended private key -format is that it is text based and can carry additional meta data. -Note that this option also changes the key protection format to use -OCB mode. +@opindex disable-extended-key-format +Since version 2.2.22 keys are created in the extended private key +format by default. Changing the passphrase of a key will also convert +the key to that new format. This key format is supported since GnuPG +version 2.1.12 and thus there should be no need to disable it. +Anyway, the disable option still allows to revert to the old behavior +for new keys; be aware that keys are never migrated back to the old +format. If the enable option has been used the disable option won't +have an effect. The advantage of the extended private key format is +that it is text based and can carry additional meta data. In extended +key format the OCB mode is used for key protection. @anchor{option --enable-ssh-support} @item --enable-ssh-support |