aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/DETAILS4
-rw-r--r--doc/HACKING10
-rw-r--r--doc/Makefile.am16
-rw-r--r--doc/examples/README2
-rw-r--r--doc/examples/qualified.txt (renamed from doc/qualified.txt)12
-rw-r--r--doc/gpgsm.texi14
-rw-r--r--doc/howto-create-a-server-cert.texi14
-rw-r--r--doc/wks.texi4
8 files changed, 31 insertions, 45 deletions
diff --git a/doc/DETAILS b/doc/DETAILS
index e54e8a0f7..3c089b278 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -222,12 +222,14 @@ described here.
*** Field 18 - Compliance flags
- Space separated list of asserted compliance modes for this key.
+ Space separated list of asserted compliance modes and
+ screening result for this key.
Valid values are:
- 8 :: The key is compliant with RFC4880bis
- 23 :: The key is compliant with compliance mode "de-vs".
+ - 6001 :: Screening hit on the ROCA vulnerability.
*** Field 19 - Last update
diff --git a/doc/HACKING b/doc/HACKING
index bd1685678..17c58269b 100644
--- a/doc/HACKING
+++ b/doc/HACKING
@@ -33,9 +33,9 @@ not be copied to the ChangeLog, separate it by a line consisting of
two dashes at the begin of a line.
The one-line summary usually starts with a keyword to identify the
-mainly affected subsystem. If more than one keyword is required the
-are delimited by a comma (e.g. =scd,w32:=). Commonly found keywords
-are
+mainly affected subsystem (that is not the directory). If more than
+one keyword is required they are delimited by a comma
+(e.g. =scd,w32:=). Commonly found keywords are
- agent :: The gpg-agent component
- build :: Changes to the build system
@@ -207,10 +207,6 @@ Note that such a comment will be removed if the git commit option
- The predefined macro =__func__=:
: log_debug ("%s: Problem with foo\n", __func__);
- - Variable declaration inside a for():
- : for (int i = 0; i < 5; ++)
- : bar (i);
-
Although we usually make use of the =u16=, =u32=, and =u64= types,
it is also possible to include =<stdint.h>= and use =int16_t=,
=int32_t=, =int64_t=, =uint16_t=, =uint32_t=, and =uint64_t=. But do
diff --git a/doc/Makefile.am b/doc/Makefile.am
index aba84ba3c..21e3e4578 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -22,7 +22,7 @@ AM_CPPFLAGS =
include $(top_srcdir)/am/cmacros.am
examples = examples/README examples/scd-event examples/trustlist.txt \
- examples/vsnfd.prf examples/debug.prf \
+ examples/vsnfd.prf examples/debug.prf examples/qualified.txt \
examples/systemd-user/README \
examples/systemd-user/dirmngr.service \
examples/systemd-user/dirmngr.socket \
@@ -43,7 +43,7 @@ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
profiles =
-EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem qualified.txt \
+EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem \
gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png gnupg-logo-tr.png \
gnupg-module-overview.png gnupg-module-overview.pdf \
gnupg-card-architecture.png gnupg-card-architecture.pdf \
@@ -112,16 +112,8 @@ DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
gnupg-module-overview.eps \
$(myman_pages) gnupg.7
-if HAVE_YAT2M
-YAT2M_CMD = $(YAT2M)
-YAT2M_DEP = $(YAT2M)
-else
-YAT2M_CMD = ./yat2m
-YAT2M_DEP = yat2m
-
yat2m: yat2m.c
$(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c
-endif
mkdefsinc: mkdefsinc.c Makefile ../config.h
$(CC_FOR_BUILD) -I. -I.. -I$(srcdir) $(AM_CPPFLAGS) \
@@ -154,12 +146,12 @@ yat2m-stamp: $(myman_sources) defs.inc
@touch yat2m-stamp.tmp
incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \
for file in $(myman_sources) ; do \
- $(YAT2M_CMD) $(YAT2M_OPTIONS) --store \
+ $(YAT2M) $(YAT2M_OPTIONS) --store \
--date "`cat $$incd 2>/dev/null`" \
`test -f '$$file' || echo '$(srcdir)/'`$$file ; done
@mv -f yat2m-stamp.tmp $@
-yat2m-stamp: $(YAT2M_DEP)
+yat2m-stamp: $(YAT2M)
$(myman_pages) gnupg.7 : yat2m-stamp defs.inc
@if test -f $@; then :; else \
diff --git a/doc/examples/README b/doc/examples/README
index 77ee80741..4d6a5be87 100644
--- a/doc/examples/README
+++ b/doc/examples/README
@@ -9,3 +9,5 @@ trustlist.txt A list of trustworthy root certificates
gpgconf.conf A sample configuration file for gpgconf.
systemd-user Sample files for a Linux-only init system.
+
+qualified.txt Sample file for qualified.txt.
diff --git a/doc/qualified.txt b/doc/examples/qualified.txt
index c0e4da582..eba11f244 100644
--- a/doc/qualified.txt
+++ b/doc/examples/qualified.txt
@@ -29,7 +29,7 @@
#
# Germany
#
-# The information for Germany is available
+# The information for Germany is available
# at http://www.bundesnetzagentur.de
#*******************************************
@@ -74,7 +74,7 @@ DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B de
#Serial number: 02
# Issuer: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
# Telekommunikation und Post/C=DE
-# Subject: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
+# Subject: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
# Telekommunikation und Post/C=DE
# validity: 2004-11-25 14:59:11 through 2007-12-31 14:56:59
# key type: 1024 bit RSA
@@ -118,7 +118,7 @@ A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D de
# key usage: certSign
# policies: 1.3.36.8.1.1:N:
# chain length: unlimited
-# [checked: 2008-06-25]
+# [checked: 2008-06-25]
44:7E:D4:E3:9A:D7:92:E2:07:FA:53:1A:2E:F5:B8:02:5B:47:57:B0 de
# ID: 0x46A2CC8A
@@ -130,7 +130,7 @@ A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D de
# key usage: certSign
# policies: 1.3.36.8.1.1:N:
# chain length: unlimited
-# [checked: 2008-06-25]
+# [checked: 2008-06-25]
AC:A7:BE:45:1F:A6:BF:09:F2:D1:3F:08:7B:BC:EB:7F:46:A2:CC:8A de
@@ -215,7 +215,7 @@ E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:37:23:96:B1:4A:2E:5C de
# key type: 2048 bit RSA
# key usage: certSign crlSign
# chain length: 1
-#[checked: 2007-12-13 via received ZIP file with qualified signature from
+#[checked: 2007-12-13 via received ZIP file with qualified signature from
# /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag
# /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg]
C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA de
@@ -230,7 +230,7 @@ C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA de
# key type: 2048 bit RSA
# key usage: certSign crlSign
# chain length: 1
-#[checked: 2007-12-13 via received ZIP file with qualified signature from
+#[checked: 2007-12-13 via received ZIP file with qualified signature from
# /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag
# /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg"]
D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B de
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index 5d79ce54e..b187a54d5 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -843,15 +843,9 @@ purposes.
Note that even if a certificate is listed in this file, this does not
mean that the certificate is trusted; in general the certificates listed
-in this file need to be listed also in @file{trustlist.txt}.
-
-This is a global file an installed in the data directory
-(e.g. @file{@value{DATADIR}/qualified.txt}). GnuPG installs a suitable
-file with root certificates as used in Germany. As new Root-CA
-certificates may be issued over time, these entries may need to be
-updated; new distributions of this software should come with an updated
-list but it is still the responsibility of the Administrator to check
-that this list is correct.
+in this file need to be listed also in @file{trustlist.txt}. This is a global
+file an installed in the sysconf directory (e.g.
+@file{@value{SYSCONFDIR}/qualified.txt}).
Every time @command{gpgsm} uses a certificate for signing or verification
this file will be consulted to check whether the certificate under
@@ -1073,7 +1067,7 @@ key. The algorithm must be capable of signing. This is a required
parameter. The only supported value for @var{algo} is @samp{rsa}.
@item Key-Length: @var{nbits}
-The requested length of a generated key in bits. Defaults to 2048.
+The requested length of a generated key in bits. Defaults to 3072.
@item Key-Grip: @var{hexstring}
This is optional and used to generate a CSR or certificate for an
diff --git a/doc/howto-create-a-server-cert.texi b/doc/howto-create-a-server-cert.texi
index 55f1a91a4..30e28bdd0 100644
--- a/doc/howto-create-a-server-cert.texi
+++ b/doc/howto-create-a-server-cert.texi
@@ -31,14 +31,14 @@ Let's continue:
@cartouche
@example
- What keysize do you want? (2048)
- Requested keysize is 2048 bits
+ What keysize do you want? (3072)
+ Requested keysize is 3072 bits
@end example
@end cartouche
-Hitting enter chooses the default RSA key size of 2048 bits. Smaller
-keys are too weak on the modern Internet. If you choose a larger
-(stronger) key, your server will need to do more work.
+Hitting enter chooses the default RSA key size of 3072 bits. Keys
+smaller than 2048 bits are too weak on the modern Internet. If you
+choose a larger (stronger) key, your server will need to do more work.
@cartouche
@example
@@ -124,7 +124,7 @@ request:
@example
These parameters are used:
Key-Type: RSA
- Key-Length: 2048
+ Key-Length: 3072
Key-Usage: sign, encrypt
Name-DN: CN=example.com
Name-DNS: example.com
@@ -224,7 +224,7 @@ To see the content of your certificate, you may now enter:
aka: (dns-name example.com)
aka: (dns-name www.example.com)
validity: 2015-07-01 16:20:51 through 2016-07-01 16:20:51
- key type: 2048 bit RSA
+ key type: 3072 bit RSA
key usage: digitalSignature keyEncipherment
ext key usage: clientAuth (suggested), serverAuth (suggested), [...]
fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:D8:19:E9:65:B9:4F:BD:B1:98:CC:57
diff --git a/doc/wks.texi b/doc/wks.texi
index 029dbf0c0..55dfee6d5 100644
--- a/doc/wks.texi
+++ b/doc/wks.texi
@@ -303,11 +303,11 @@ the submission address:
The output of the last command looks similar to this:
@example
- sec rsa2048 2016-08-30 [SC]
+ sec rsa3072 2016-08-30 [SC]
C0FCF8642D830C53246211400346653590B3795B
uid [ultimate] key-submission@@example.net
bxzcxpxk8h87z1k7bzk86xn5aj47intu@@example.net
- ssb rsa2048 2016-08-30 [E]
+ ssb rsa3072 2016-08-30 [E]
@end example
Take the hash of the string "key-submission", which is
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-27 12:48:39 +0000