diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/ChangeLog | 22 | ||||
| -rw-r--r-- | doc/gpg.texi | 221 |
2 files changed, 124 insertions, 119 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog index 131c26dff..141bee025 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,7 @@ +2009-09-02 Werner Koch <[email protected]> + + * gpgv.texi, gpg.texi: Update from GnuPG-2. + 2009-08-18 Werner Koch <[email protected]> * Makefile.am (sources_from_trunk): New. @@ -40,7 +44,7 @@ * gpg.texi: Updated from gnupg-2. * gpl.texi: Replace by GPLv3 version. - + * Makefile.am: Use standard suffix rules. 2006-12-04 Werner Koch <[email protected]> @@ -212,7 +216,7 @@ Corp. * gpg.ru.sgml: Updated from upstream. Added a closing PARA. - + * gpg.sgml: Add bkuptocard command for --edit-key. 2005-02-05 David Shaw <[email protected]> @@ -792,7 +796,7 @@ 2002-06-03 Timo Schulz <[email protected]> * DETAILS: Add ATTRIBUTE. - + 2002-05-31 David Shaw <[email protected]> * gpg.sgml: Add "edit/addrevoker". Document --desig-revoke. Note @@ -831,7 +835,7 @@ 2002-04-30 Timo Schulz <[email protected]> * gpg.sgml: Add an entry for --encrypt-files and --decrypt-files. - + 2002-04-29 David Shaw <[email protected]> * gpg.sgml: Fix minor error in --pgp6 documentation: it does not @@ -870,7 +874,7 @@ SIGEXPIRED (deprecated), and VALIDSIG (added expiration date). Add "Preferences" command to unattended key generation instructions. Also fixed a few typos. - + * samplekeys.asc: new (added to EXTRA_DIST in Makefile.am as well) 2002-01-31 Marcus Brinkmann <[email protected]> @@ -882,7 +886,7 @@ * gpg.sgml: auto-key-retrieve is a keyserver-option (noted by Roger Sondermann). - + 2002-03-27 David Shaw <[email protected]> * gpg.sgml: --pgp2 also means --disable-mdc, --no-ask-sig-expire, @@ -912,7 +916,7 @@ 2002-01-26 Timo Schulz <[email protected]> * gnupg-w32.reg: New. Registry file for W32 in registry format. - + 2002-01-26 Werner Koch <[email protected]> * gpg.sgml: A few words about --gpg-agent-info and GPG_AGENT_INFO. @@ -921,7 +925,7 @@ * README.W32: Modify the filename because now the .exe extension is automatically added to the binary. - + 2002-01-14 Werner Koch <[email protected]> * gpg.sgml: Talk about PGP 5 and higher. @@ -1147,7 +1151,7 @@ Wed Feb 10 17:15:39 CET 1999 Werner Koch <[email protected]> * DETAILS: Ditto. - Copyright 1998, 1999, 2000, 2001 Free Software Foundation, Inc. + Copyright 1998, 1999, 2000, 2001, 2009 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/doc/gpg.texi b/doc/gpg.texi index 84aa799a9..212ab95bc 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -589,6 +589,16 @@ line. @c ******** Begin Edit-key Options ********** @table @asis +@item uid @code{n} +@opindex keyedit:uid +Toggle selection of user ID or photographic user ID with index @code{n}. +Use 0 to deselect all. + +@item key @code{n} +@opindex keyedit:key +Toggle selection of subkey with index @code{n}. +Use 0 to deselect all. + @item sign @opindex keyedit:sign Make a signature on key of user @code{name} If the key is not yet @@ -625,106 +635,47 @@ create a signature of any type desired. @table @asis +@item delsig +@opindex keyedit:delsig +Delete a signature. Note that it is not possible to retract a signature, +once it has been send to the public (i.e. to a keyserver). In that case +you better use @code{revsig}. + @item revsig @opindex keyedit:revsig Revoke a signature. For every signature which has been generated by one of the secret keys, GnuPG asks whether a revocation certificate should be generated. -@item trust -@opindex keyedit:trust -Change the owner trust value. This updates the -trust-db immediately and no save is required. - -@item disable -@itemx enable -@opindex keyedit:disable -@opindex keyedit:enable -Disable or enable an entire key. A disabled key can not normally be -used for encryption. +@item check +@opindex keyedit:check +Check the signatures on all selected user IDs. @item adduid @opindex keyedit:adduid -Create an alternate user id. +Create an additional user ID. @item addphoto @opindex keyedit:addphoto -Create a photographic user id. This will prompt for a JPEG file that +Create a photographic user ID. This will prompt for a JPEG file that will be embedded into the user ID. Note that a very large JPEG will make for a very large key. Also note that some programs will display your JPEG unchanged (GnuPG), and some programs will scale it to fit in a dialog box (PGP). +@item showphoto +@opindex keyedit:showphoto +Display the selected photographic user ID. + @item deluid @opindex keyedit:deluid -Delete a user id. Note that it is not possible to retract a user id, -once it has been send to the public (i.e. to a keyserver). In that case -you better use @code{revuid}. - -@item delsig -@opindex keyedit:delsig -Delete a signature. Note that it is not possible to retract a signature, -once it has been send to the public (i.e. to a keyserver). In that case -you better use @code{revsig}. +Delete a user ID or photographic user ID. Note that it is not +possible to retract a user id, once it has been send to the public +(i.e. to a keyserver). In that case you better use @code{revuid}. @item revuid @opindex keyedit:revuid -Revoke a user id. - -@item addkey -@opindex keyedit:addkey -Add a subkey to this key. - -@item addcardkey -@opindex keyedit:addcardkey -Generate a key on a card and add it to this key. - -@item keytocard -@opindex keyedit:keytocard -Transfer the selected secret key (or the primary key if no key has been -selected) to a smartcard. The secret key in the keyring will be replaced -by a stub if the key could be stored successfully on the card and you -use the save command later. Only certain key types may be transferred to -the card. A sub menu allows you to select on what card to store the -key. Note that it is not possible to get that key back from the card - -if the card gets broken your secret key will be lost unless you have a -backup somewhere. - -@item bkuptocard @code{file} -@opindex keyedit:bkuptocard -Restore the given file to a card. This command may be used to restore a -backup key (as generated during card initialization) to a new card. In -almost all cases this will be the encryption key. You should use this -command only with the corresponding public key and make sure that the -file given as argument is indeed the backup to restore. You should then -select 2 to restore as encryption key. You will first be asked to enter -the passphrase of the backup key and then for the Admin PIN of the card. - -@item delkey -@opindex keyedit:delkey -Remove a subkey (secondart key). Note that it is not possible to retract -a subkey, once it has been send to the public (i.e. to a keyserver). In -that case you better use @code{revkey}. - -@item addrevoker -@opindex keyedit:addrevoker -Add a designated revoker. This takes one optional argument: -"sensitive". If a designated revoker is marked as sensitive, it will not -be exported by default (see export-options). - -@item revkey -@opindex keyedit:revkey -Revoke a subkey. - -@item expire -@opindex keyedit:expire -Change the key expiration time. If a subkey is selected, the -expiration time of this subkey will be changed. With no selection, -the key expiration of the primary key is changed. - -@item passwd -@opindex keyedit:passwd -Change the passphrase of the secret key. +Revoke a user ID or photographic user ID. @item primary @opindex keyedit:primary @@ -735,24 +686,21 @@ as primary makes it primary over other photo user IDs, and setting a regular user ID as primary makes it primary over other regular user IDs. -@item uid @code{n} -@opindex keyedit:uid -Toggle selection of user id with index @code{n}. -Use 0 to deselect all. - -@item key @code{n} -@opindex keyedit:key -Toggle selection of subkey with index @code{n}. -Use 0 to deselect all. - -@item check -@opindex keyedit:check -Check all selected user ids. +@item keyserver +@opindex keyedit:keyserver +Set a preferred keyserver for the specified user ID(s). This allows +other users to know where you prefer they get your key from. See +@option{--keyserver-options honor-keyserver-url} for more on how this +works. Setting a value of "none" removes an existing preferred +keyserver. -@item showphoto -@opindex keyedit:showphoto -Display the selected photographic user -id. +@item notation +@opindex keyedit:notation +Set a name=value notation for the specified user ID(s). See +@option{--cert-notation} for more on how this works. Setting a value of +"none" removes all notations, setting a notation prefixed with a minus +sign (-) removes that notation, and setting a notation name (without the +=value) prefixed with a minus sign removes all notations with that name. @item pref @opindex keyedit:pref @@ -790,21 +738,72 @@ message. It will, however, only choose an algorithm that is present on the preference list of every recipient key. See also the INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS section below. -@item keyserver -@opindex keyedit:keyserver -Set a preferred keyserver for the specified user ID(s). This allows -other users to know where you prefer they get your key from. See -@option{--keyserver-options honor-keyserver-url} for more on how this -works. Setting a value of "none" removes an existing preferred -keyserver. +@item addkey +@opindex keyedit:addkey +Add a subkey to this key. -@item notation -@opindex keyedit:notation -Set a name=value notation for the specified user ID(s). See -@option{--cert-notation} for more on how this works. Setting a value of -"none" removes all notations, setting a notation prefixed with a minus -sign (-) removes that notation, and setting a notation name (without the -=value) prefixed with a minus sign removes all notations with that name. +@item addcardkey +@opindex keyedit:addcardkey +Generate a subkey on a card and add it to this key. + +@item keytocard +@opindex keyedit:keytocard +Transfer the selected secret subkey (or the primary key if no subkey +has been selected) to a smartcard. The secret key in the keyring will +be replaced by a stub if the key could be stored successfully on the +card and you use the save command later. Only certain key types may be +transferred to the card. A sub menu allows you to select on what card +to store the key. Note that it is not possible to get that key back +from the card - if the card gets broken your secret key will be lost +unless you have a backup somewhere. + +@item bkuptocard @code{file} +@opindex keyedit:bkuptocard +Restore the given file to a card. This command may be used to restore a +backup key (as generated during card initialization) to a new card. In +almost all cases this will be the encryption key. You should use this +command only with the corresponding public key and make sure that the +file given as argument is indeed the backup to restore. You should then +select 2 to restore as encryption key. You will first be asked to enter +the passphrase of the backup key and then for the Admin PIN of the card. + +@item delkey +@opindex keyedit:delkey +Remove a subkey (secondart key). Note that it is not possible to retract +a subkey, once it has been send to the public (i.e. to a keyserver). In +that case you better use @code{revkey}. + +@item revkey +@opindex keyedit:revkey +Revoke a subkey. + +@item expire +@opindex keyedit:expire +Change the key or subkey expiration time. If a subkey is selected, the +expiration time of this subkey will be changed. With no selection, the +key expiration of the primary key is changed. + +@item trust +@opindex keyedit:trust +Change the owner trust value for the key. This updates the trust-db +immediately and no save is required. + +@item disable +@itemx enable +@opindex keyedit:disable +@opindex keyedit:enable +Disable or enable an entire key. A disabled key can not normally be +used for encryption. + +@item addrevoker +@opindex keyedit:addrevoker +Add a designated revoker to the key. This takes one optional argument: +"sensitive". If a designated revoker is marked as sensitive, it will +not be exported by default (see export-options). + +@item passwd +@opindex keyedit:passwd +Change the passphrase of the secret key. @item toggle @opindex keyedit:toggle @@ -829,7 +828,9 @@ each user ID except for the most recent self-signature. Add cross-certification signatures to signing subkeys that may not currently have them. Cross-certification signatures protect against a subtle attack against signing subkeys. See -@option{--require-cross-certification}. +@option{--require-cross-certification}. All new keys generated have +this signature by default, so this option is only useful to bring +older keys up to date. @item save @opindex keyedit:save |