diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/DETAILS | 5 | ||||
| -rw-r--r-- | doc/Makefile.am | 4 | ||||
| -rw-r--r-- | doc/debugging.texi | 8 | ||||
| -rw-r--r-- | doc/dirmngr.texi | 10 | ||||
| -rw-r--r-- | doc/gpg-agent.texi | 31 | ||||
| -rw-r--r-- | doc/gpg.texi | 27 | ||||
| -rw-r--r-- | doc/gpgsm.texi | 30 | ||||
| -rw-r--r-- | doc/help.txt | 8 | ||||
| -rw-r--r-- | doc/scdaemon.texi | 32 | ||||
| -rw-r--r-- | doc/wks.texi | 6 |
10 files changed, 62 insertions, 99 deletions
diff --git a/doc/DETAILS b/doc/DETAILS index 0610108f4..315f56e31 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -177,8 +177,9 @@ described here. Signature class as per RFC-4880. This is a 2 digit hexnumber followed by either the letter 'x' for an exportable signature or the letter 'l' for a local-only signature. The class byte of an - revocation key is also given here, 'x' and 'l' is used the same - way. This field if not used for X.509. + revocation key is also given here, by a 2 digit hexnumber and + optionally followed by the letter 's' for the "sensitive" + flag. This field is not used for X.509. "rev" and "rvs" may be followed by a comma and a 2 digit hexnumber with the revocation reason. diff --git a/doc/Makefile.am b/doc/Makefile.am index 0c44217d0..541c2fc20 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -46,6 +46,7 @@ profiles = EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem \ gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png gnupg-logo-tr.png \ gnupg-module-overview.png gnupg-module-overview.pdf \ + gnupg-module-overview.eps gnupg-card-architecture.eps \ gnupg-card-architecture.png gnupg-card-architecture.pdf \ FAQ gnupg7.texi mkdefsinc.c defsincdate \ opt-homedir.texi see-also-note.texi specify-user-id.texi \ @@ -53,6 +54,7 @@ EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem \ trust-values.texi BUILT_SOURCES = gnupg-module-overview.png gnupg-module-overview.pdf \ + gnupg-module-overview.eps gnupg-card-architecture.eps \ gnupg-card-architecture.png gnupg-card-architecture.pdf \ defsincdate defs.inc @@ -110,8 +112,6 @@ watchgnupg_SOURCE = gnupg.texi CLEANFILES = yat2m mkdefsinc defs.inc DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \ - gnupg-card-architecture.eps \ - gnupg-module-overview.eps \ $(myman_pages) gnupg.7 yat2m: yat2m.c diff --git a/doc/debugging.texi b/doc/debugging.texi index 42a1a159e..6639e184b 100644 --- a/doc/debugging.texi +++ b/doc/debugging.texi @@ -38,10 +38,8 @@ and solving problems. A keybox is a file format used to store public keys along with meta information and indices. The commonly used one is the file -@file{pubring.kbx} in the @file{.gnupg} directory. It contains all -X.509 certificates as well as OpenPGP keys@footnote{Well, OpenPGP keys -are not implemented, @command{gpg} still used the keyring file -@file{pubring.gpg}.}. +@file{pubring.kbx} in the @file{.gnupg} directory. It contains all +X.509 certificates as well as OpenPGP keys. @noindent When called the standard way, e.g.: @@ -287,5 +285,3 @@ use of a smartcard: @caption{GnuPG card architecture} @center @image{gnupg-card-architecture, 150mm,, GnuPG card architecture} @end float - - diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index eb49ad96c..eb9a92160 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -198,11 +198,11 @@ however carefully selected to best aid in debugging. @item --debug @var{flags} @opindex debug -Set debugging flags. This option is only useful for debugging and its -behavior may change with a new release. All flags are or-ed and may -be given in C syntax (e.g. 0x0042) or as a comma separated list of -flag names. To get a list of all supported flags the single word -"help" can be used. +Set debug flags. All flags are or-ed and @var{flags} may be given in +C syntax (e.g. 0x0042) or as a comma separated list of flag names. To +get a list of all supported flags the single word "help" can be used. +This option is only useful for debugging and the behavior may change +at any time without notice. @item --debug-all @opindex debug-all diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index d518c246b..9d0dcea6c 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -256,30 +256,11 @@ however carefully selected to best aid in debugging. @item --debug @var{flags} @opindex debug -This option is only useful for debugging and the behavior may change at -any time without notice. FLAGS are bit encoded and may be given in -usual C-Syntax. The currently defined bits are: - -@table @code -@item 0 (1) -X.509 or OpenPGP protocol related data -@item 1 (2) -values of big number integers -@item 2 (4) -low level crypto operations -@item 5 (32) -memory allocation -@item 6 (64) -caching -@item 7 (128) -show memory statistics -@item 9 (512) -write hashed data to files named @code{dbgmd-000*} -@item 10 (1024) -trace Assuan protocol -@item 12 (4096) -bypass all certificate validation -@end table +Set debug flags. All flags are or-ed and @var{flags} may be given +in C syntax (e.g. 0x0042) or as a comma separated list of flag names. +To get a list of all supported flags the single word "help" can be +used. This option is only useful for debugging and the behavior may +change at any time without notice. @item --debug-all @opindex debug-all @@ -1491,7 +1472,7 @@ Incremented with any change of any of the other counters. @item KEY Incremented for added or removed private keys. @item CARD -Incremented for changes of the card readers stati. +Incremented for each change of the card reader's status. @end table @node Agent GETINFO diff --git a/doc/gpg.texi b/doc/gpg.texi index 80c7f48f5..fe9e0bfbe 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -198,7 +198,7 @@ Make a detached signature. @opindex encrypt Encrypt data to one or more public keys. This command may be combined with @option{--sign} (to sign and encrypt a message), -@option{--symmetric} (to encrypt a message that can decrypted using a +@option{--symmetric} (to encrypt a message that can be decrypted using a secret key or a passphrase), or @option{--sign} and @option{--symmetric} together (for a signed message that can be decrypted using a secret key or a passphrase). @option{--recipient} @@ -683,6 +683,15 @@ supplied passphrase is used for the new key and the agent does not ask for it. To create a key without any protection @code{--passphrase ''} may be used. +To create an OpenPGP key from the keys available on the currently +inserted smartcard, the special string ``card'' can be used for +@var{algo}. If the card features an encryption and a signing key, gpg +will figure them out and creates an OpenPGP key consisting of the +usual primary key and one subkey. This works only with certain +smartcards. Note that the interactive @option{--full-gen-key} command +allows to do the same but with greater flexibility in the selection of +the smartcard keys. + Note that it is possible to create a primary key and a subkey using non-default algorithms by using ``default'' and changing the default parameters using the option @option{--default-new-key-algo}. @@ -1091,7 +1100,7 @@ Directly sign a key from the passphrase without any further user interaction. The @var{fpr} must be the verified primary fingerprint of a key in the local keyring. If no @var{names} are given, all useful user ids are signed; with given [@var{names}] only useful user -ids matching one of theses names are signed. By default, or if a name +ids matching one of these names are signed. By default, or if a name is prefixed with a '*', a case insensitive substring match is used. If a name is prefixed with a '=' a case sensitive exact match is done. @@ -2885,10 +2894,11 @@ however carefully selected to best aid in debugging. @item --debug @var{flags} @opindex debug -Set debugging flags. All flags are or-ed and @var{flags} may be given +Set debug flags. All flags are or-ed and @var{flags} may be given in C syntax (e.g. 0x0042) or as a comma separated list of flag names. To get a list of all supported flags the single word "help" can be -used. +used. This option is only useful for debugging and the behavior may +change at any time without notice. @item --debug-all @opindex debug-all @@ -3516,6 +3526,13 @@ file and returns with failure if the configuration file would prevent @command{@gpgname} from startup. Thus it may be used to run a syntax check on the configuration file. +@c @item --use-only-openpgp-card +@c @opindex use-only-openpgp-card +@c Only access OpenPGP card's and no other cards. This is a hidden +@c option which could be used in case an old use case required the +@c OpenPGP card while several cards are avaiable. This option might be +@c removed if it turns out that nobody requires it. + @end table @c ******************************* @@ -3655,7 +3672,7 @@ files; They all live in the current home directory (@pxref{option certificates. The file name corresponds to the OpenPGP fingerprint of the respective key. It is suggested to backup those certificates and if the primary private key is not stored on the disk to move them to - an external storage device. Anyone who can access theses files is + an external storage device. Anyone who can access these files is able to revoke the corresponding key. You may want to print them out. You should backup all files in this directory and take care to keep this backup closed away. diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 75ccdc3ba..ecc43cd3c 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -224,7 +224,7 @@ mainly for debugging. @item --keydb-clear-some-cert-flags @opindex keydb-clear-some-cert-flags This is a debugging aid to reset certain flags in the key database -which are used to cache certain certificate stati. It is especially +which are used to cache certain certificate statuses. It is especially useful if a bad CRL or a weird running OCSP responder did accidentally revoke certificate. There is no security issue with this command because @command{gpgsm} always make sure that the validity of a certificate is @@ -688,29 +688,11 @@ however carefully selected to best aid in debugging. @item --debug @var{flags} @opindex debug -This option is only useful for debugging and the behaviour may change -at any time without notice; using @code{--debug-levels} is the -preferred method to select the debug verbosity. FLAGS are bit encoded -and may be given in usual C-Syntax. The currently defined bits are: - -@table @code -@item 0 (1) -X.509 or OpenPGP protocol related data -@item 1 (2) -values of big number integers -@item 2 (4) -low level crypto operations -@item 5 (32) -memory allocation -@item 6 (64) -caching -@item 7 (128) -show memory statistics -@item 9 (512) -write hashed data to files named @code{dbgmd-000*} -@item 10 (1024) -trace Assuan protocol -@end table +Set debug flags. All flags are or-ed and @var{flags} may be given +in C syntax (e.g. 0x0042) or as a comma separated list of flag names. +To get a list of all supported flags the single word "help" can be +used. This option is only useful for debugging and the behavior may +change at any time without notice. Note, that all flags set using this option may get overridden by @code{--debug-level}. diff --git a/doc/help.txt b/doc/help.txt index 38f25cd3e..4d748c4e7 100644 --- a/doc/help.txt +++ b/doc/help.txt @@ -133,6 +133,14 @@ encryption. This algorithm should only be used in certain domains. Please consult your security expert first. . +.gpg.keygen.cardkey +Select which key from the card shall be used. + +The listing shows the selection index, the keygrip (a string of hex +digits), the card specific key reference, the algorithm used for this +key, and in parentheses the usage of the key (cert, sign, auth, encr). +If known the standard usage for a key is marked with an asterisk. +. .gpg.keygen.flags Toggle the capabilities of the key. diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index 21c3fd826..c1ca443b9 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -160,33 +160,11 @@ helpers to debug problems. @item --debug @var{flags} @opindex debug -This option is only useful for debugging and the behavior may change at -any time without notice. FLAGS are bit encoded and may be given in -usual C-Syntax. The currently defined bits are: - -@table @code -@item 0 (1) -command I/O -@item 1 (2) -values of big number integers -@item 2 (4) -low level crypto operations -@item 5 (32) -memory allocation -@item 6 (64) -caching -@item 7 (128) -show memory statistics -@item 9 (512) -write hashed data to files named @code{dbgmd-000*} -@item 10 (1024) -trace Assuan protocol. -See also option @option{--debug-assuan-log-cats}. -@item 11 (2048) -trace APDU I/O to the card. This may reveal sensitive data. -@item 12 (4096) -trace some card reader related function calls. -@end table +Set debug flags. All flags are or-ed and @var{flags} may be given +in C syntax (e.g. 0x0042) or as a comma separated list of flag names. +To get a list of all supported flags the single word "help" can be +used. This option is only useful for debugging and the behavior may +change at any time without notice. @item --debug-all @opindex debug-all diff --git a/doc/wks.texi b/doc/wks.texi index 9f1fff2a8..d6f442dfc 100644 --- a/doc/wks.texi +++ b/doc/wks.texi @@ -260,7 +260,7 @@ Display a brief help page and exit. @end ifset @mansect description -The @command{gpg-wks-server} is a server site implementation of the +The @command{gpg-wks-server} is a server side implementation of the Web Key Service. It receives requests for publication, sends confirmation requests, receives confirmations, and published the key. It also has features to ease the setup and maintenance of a Web Key @@ -268,7 +268,7 @@ Directory. When used with the command @option{--receive} a single Web Key Service mail is processed. Commonly this command is used with the option -@option{--send} to directly send the crerated mails back. See below +@option{--send} to directly send the created mails back. See below for an installation example. The command @option{--cron} is used for regular cleanup tasks. For @@ -400,7 +400,7 @@ be the same address for all configured domains, for example: $ echo key-submission@@example.net >submission-address @end example -The protocol requires that the key to be published is send with an +The protocol requires that the key to be published is sent with an encrypted mail to the service. Thus you need to create a key for the submission address: |