diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/HACKING | 2 | ||||
| -rw-r--r-- | doc/Makefile.am | 2 | ||||
| -rw-r--r-- | doc/OpenPGP | 129 | ||||
| -rw-r--r-- | doc/gpg.1pod | 24 |
4 files changed, 145 insertions, 12 deletions
diff --git a/doc/HACKING b/doc/HACKING index 27faa87c5..0f9801470 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -3,6 +3,8 @@ (Some notes on GNUPG internals.) +===> Under construction <======= + Memory allocation ----------------- diff --git a/doc/Makefile.am b/doc/Makefile.am index 9c83575b0..f1a859a38 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,6 +1,6 @@ ## Process this file with automake to create Makefile.in -EXTRA_DIST = DETAILS rfcs gpg.1pod gpg.1 FAQ HACKING +EXTRA_DIST = DETAILS rfcs gpg.1pod gpg.1 FAQ HACKING OpenPGP man_MANS = gpg.1 diff --git a/doc/OpenPGP b/doc/OpenPGP new file mode 100644 index 000000000..188f0498f --- /dev/null +++ b/doc/OpenPGP @@ -0,0 +1,129 @@ + GNUPG and OpenPGP + ================= + + The current OpenPGP draft expires 1999-02. + + OpenPGP is an Internet-Draft. Internet-Drafts are working + documents of the Internet Engineering Task Force (IETF), its areas, + and its working groups. Note that other groups may also distribute + working documents as Internet-Drafts. + + Internet-Drafts are draft documents valid for a maximum of six + months and may be updated, replaced, or obsoleted by other documents + at any time. It is inappropriate to use Internet-Drafts as + reference material or to cite them other than as "work in progress." + + To view the entire list of current Internet-Drafts, please check the + "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow + Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern + Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific + Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). + + + Compatibility Notes + =================== + GNUPG (>0.4) is in compliance with OpenPGP despite these exeptions: + + * (5.1) The critical bit in signature subpackets is currently + ignored. This will be fixed soon. + + * (5.3) GNUPG has an option to use simple S2K for "Symmetric-Key + Encrypted Session-Key Packets"; however a warning message is + issued if this option is active. + + * (5.5.2) states that an implementaion MUST NOT create a v3 key + with an algorithm other than RSA. GNUPG has an option to + create an ElGamal key in a v3 packet; the properties of such + a key are as good as a v4 key. RFC1991 does not specifiy how + to create fingerprints for algorithms other than RSA and so it + is okay to choose a special format for ElGamal. + + * (9.1) states that RSA SHOULD be implemented. This is not done + (except with an extension, usable outside the U.S.) due to + patent problems. + + * (9.2) states that IDEA SHOULD be implemented. This is not done + due to patent problems. + + * (12.1) states that an implementaion MUST NOT use a symmetric + algorithm which is not in the preference list. GNUPG has an + option to override this. + + * A special format of partial packet length exists for v3 packets + which can be considered to be in compliance with RFC1991; this + format is only created if a special option is active. + + All MAY features are implemented with this exception: + + * multi-part armored messages are not supported. + MIME should be used instead. + + + + + Some Notes on OpenPGP / PGP Compatibility: + ========================================== + + * PGP 5.x does not accept V4 signatures for anything other than + key material. + + * PGP 5.x does not recognize the "five-octet" lengths in + new-format headers or in signature subpacket lengths. + + * PGP 5.0 rejects an encrypted session key if the keylength + differs from the S2K symmetric algorithm. This is a bug in its + validation function. + + * PGP 5.0 does not handle multiple one-pass signature headers and + trailers. Signing one will compress the one-pass signed literal + and prefix a V3 signature instead of doing a nested one-pass + signature. + + * When exporting a private key, PGP 2.x generates the header + "BEGIN PGP SECRET KEY BLOCK" instead of "BEGIN PGP PRIVATE KEY + BLOCK". All previous versions ignore the implied data type, and + look directly at the packet data type. + + * In a clear-signed signature, PGP 5.0 will figure out the correct + hash algorithm if there is no "Hash:" header, but it will reject + a mismatch between the header and the actual algorithm used. The + "standard" (i.e. Zimmermann/Finney/et al.) version of PGP 2.x + rejects the "Hash:" header and assumes MD5. There are a number + of enhanced variants of PGP 2.6.x that have been modified for + SHA-1 signatures. + + * PGP 5.0 can read an RSA key in V4 format, but can only recognize + it with a V3 keyid, and can properly use only a V3 format RSA + key. + + * Neither PGP 5.x nor PGP 6.0 recognize Elgamal Encrypt and Sign + keys. They only handle Elgamal Encrypt-only keys. + + + Parts of this document are taken from: + ====================================== + + OpenPGP Message Format + draft-ietf-openpgp-formats-07.txt + + + Copyright 1998 by The Internet Society. All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph + are included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + diff --git a/doc/gpg.1pod b/doc/gpg.1pod index 40c930b45..5a2172205 100644 --- a/doc/gpg.1pod +++ b/doc/gpg.1pod @@ -75,7 +75,7 @@ B<-k> [I<username>] [I<keyring>] B<-kvc> List fingerprints B<-kvvc> List fingerprints and signatures -B<--list-keys> [I<names>] +B<--list-keys> [I<names>] List all keys from the public keyrings, or just the ones given on the command line. @@ -83,7 +83,7 @@ B<--list-secret-keys> [I<names>] List all keys from the secret keyrings, or just the ones given on the command line. -B<--list-sigs> [I<names>] +B<--list-sigs> [I<names>] Same as B<--list-keys>, but the signatures are listed too. @@ -201,7 +201,7 @@ B<--import-ownertrust> [I<filename>] Long options can be put in an options file (default F<~/.gnupg/options>); do not write the 2 dashes, but simply the name of the option and any -arguments if required. Lines with a hash as the first non-white-space +arguments if required. Lines with a hash as the first non-white-space character are ignored. Commands may be put in this file too, but that does not make sense. @@ -322,7 +322,9 @@ B<--cipher-algo> I<name> B<--digest-algo> I<name> Use I<name> as message digest algorithm. Running the program with the option B<--verbose> yields a list of - supported algorithms. + supported algorithms. Please note that using this + option may violate the OpenPGP requirement, that a + 160 bit hash is to be used for DSA. B<--s2k-cipher-algo> I<name> Use I<name> as the cipher algorithm used to protect secret @@ -411,11 +413,11 @@ a signature was bad and other errorcode for fatal errors. =head1 EXAMPLES - -se -r Bob [file] sign and encrypt for user Bob - -sat [file] make a clear text signature - -sb [file] make a detached signature - -k [userid] show keys - -kc [userid] show fingerprint + -se -r Bob [file] sign and encrypt for user Bob + -sat [file] make a clear text signature + -sb [file] make a detached signature + -k [userid] show keys + -kc [userid] show fingerprint =head1 ENVIRONMENT @@ -430,13 +432,13 @@ F<~/.gnupg/pubring.gpg> The public keyring F<~/.gnupg/trustdb.gpg> The trust database -F<~/.gnupg/options> May contain options +F<~/.gnupg/options> May contain options F</usr[/local]/lib/gnupg/> Default location for extensions =head1 SEE ALSO -gpg(1) gpgm(1) +gpg(1) gpgm(1) =head1 WARNINGS |