diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/DETAILS | 12 | ||||
| -rw-r--r-- | doc/gpg.texi | 56 | ||||
| -rw-r--r-- | doc/scdaemon.texi | 3 | ||||
| -rw-r--r-- | doc/wks.texi | 8 |
4 files changed, 76 insertions, 3 deletions
diff --git a/doc/DETAILS b/doc/DETAILS index 70dabe0f8..a3fe802a2 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -1504,6 +1504,14 @@ CREATE TABLE signatures ( - One octet with the length of the following serial number. - The serial number. Regardless of what the length octet indicates no more than 16 octets are stored. + - 3 :: The internal representation of a private key: For v4 keys we + first write 4 octets big endian length of the following + s-expression with the protected or unprotected private key; + for v5 keys this is not necessarily because that length + header is always there. The actual data are N octets of + s-expression. Any protection (including the real S2K) is + part of that data. Note that the public key aparemters are + repeated in th s-expression. Note that gpg stores the GNU S2K Extension Number internally as an S2K Specifier with an offset of 1000. @@ -1694,6 +1702,10 @@ Description of some debug flags: - RFC-6337 :: ECC in OpenPGP - RFC-7292 :: PKCS #12: Personal Information Exchange Syntax v1.1 - RFC-8351 :: The PKCS #8 EncryptedPrivateKeyInfo Media Type + - RFC-8550 :: S/MIME Version 4.0 Certificate Handling + - RFC-8551 :: S/MIME Version 4.0 Message Specification + - RFC-2634 :: Enhanced Security Services for S/MIME + - RFC-5035 :: Enhanced Security Services (ESS) Update - draft-koch-openpgp-2015-rfc4880bis :: Updates to RFC-4880 diff --git a/doc/gpg.texi b/doc/gpg.texi index 25065f8e4..1a3cb9e25 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1338,6 +1338,13 @@ Assume "yes" on most questions. Should not be used in an option file. Assume "no" on most questions. Should not be used in an option file. +@item --list-filter @{select=@var{expr}@} +@opindex list-filter +A list filter can be used to output only certain keys during key +listsin command. For the availbale property names, see the description +of @option{--import-filter}. + + @item --list-options @var{parameters} @opindex list-options This is a space or comma delimited string that gives options used when @@ -2550,11 +2557,21 @@ The available filter types are: Self-signatures are not considered. Currently only implemented for --import-filter. + @item select + This filter is only implemented by @option{--list-filter}. All + property names may be used. + @end table For the syntax of the expression see the chapter "FILTER EXPRESSIONS". The property names for the expressions depend on the actual filter -type and are indicated in the following table. +type and are indicated in the following table. Note that all property +names may also be used by @option{--list-filter}. + +Property names may be prefix with a scope delimited by a slash. Valid +scopes are "pub" for public and secret primary keys, "sub" for public +and secret subkeys, "uid" for for user-ID packets, and "sig" for +signature packets. Invalid scopes are currently ignored. The available properties are: @@ -2567,10 +2584,18 @@ The available properties are: The addr-spec part of a user id with mailbox or the empty string. (keep-uid) + @item algostr + A string with the key algorithm description. For example "rsa3072" + or "ed25519". + @item key_algo A number with the public key algorithm of a key or subkey packet. (drop-subkey) + @item key_size + A number with the effective key size of a key or subkey packet. + (drop-subkey) + @item key_created @itemx key_created_d The first is the timestamp a public key or subkey packet was @@ -2593,7 +2618,7 @@ The available properties are: been revoked. @item disabled - Boolean indicating whether a primary key is disabled. (not used) + Boolean indicating whether a primary key is disabled. @item secret Boolean indicating whether a key or subkey is a secret one. @@ -2616,6 +2641,18 @@ The available properties are: @item sig_digest_algo A number with the digest algorithm of a signature packet. (drop-sig) + @item origin + A string with the key origin or a question mark. For example the + string ``wkd'' is used if a key originated from a Web Key Directory + lookup. + + @item lastupd + The timestamp the key was last updated from a keyserver or the Web + Key Directory. + + @item url + A string with the the URL associated wit the last key lookup. + @end table @item --export-options @var{parameters} @@ -2673,12 +2710,27 @@ opposite meaning. The options are: running the @option{--edit-key} command "minimize" before export except that the local copy of the key is not modified. Defaults to no. + @item export-revocs + Export only standalone revocation certificates of the key. This + option does not export revocations of 3rd party certificate + revocations. + @item export-dane Instead of outputting the key material output OpenPGP DANE records suitable to put into DNS zone files. An ORIGIN line is printed before each record to allow diverting the records to the corresponding zone file. + @item mode1003 + Enable the use of a new secret key export format. This format + avoids the re-encryption as required with the current OpenPGP format + and also improves the security of the secret key if it has been + protected with a passphrase. Note that an unprotected key is + exported as-is and thus not secure; the general rule to convey + secret keys in an OpenPGP encrypted file still applies with this + mode. Versions of GnuPG before 2.4.0 are not able to import such a + secret file. + @end table @item --with-colons diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index b7d83aa89..a1d1cbc08 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -433,7 +433,8 @@ name may be changed on the command line (@pxref{option --options}). @cindex scd-event If this file is present and executable, it will be called on every card reader's status change. An example of this script is provided with the -distribution +source code distribution. This option is deprecated in favor of the +@command{DEVINFO --watch}. @item reader_@var{n}.status This file is created by @command{scdaemon} to let other applications now diff --git a/doc/wks.texi b/doc/wks.texi index 73934fb54..a7805a34a 100644 --- a/doc/wks.texi +++ b/doc/wks.texi @@ -213,6 +213,14 @@ operation. The format of @var{file} is one mail address (just the addrspec, e.g. "postel@@isi.edu") per line. Empty lines and lines starting with a '#' are ignored. +@item --add-revocs +@opindex add-revocs +If enabled append revocation certificates for the same addrspec as +used in the WKD to the key. Modern gpg version are able to import and +apply them for existing keys. Note that when used with the +@option{--mirror} command the revocation are searched in the local +keyring and not in an LDAP directory. + @item --verbose @opindex verbose Enable extra informational output. |