diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/gpg-agent.texi | 21 | ||||
| -rw-r--r-- | doc/gpg-card.texi | 34 | ||||
| -rw-r--r-- | doc/gpg.texi | 24 | ||||
| -rw-r--r-- | doc/tools.texi | 13 |
4 files changed, 76 insertions, 16 deletions
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 08dd7f49f..6e78558aa 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -623,19 +623,30 @@ are touched. @anchor{option --enable-ssh-support} @item --enable-ssh-support +@itemx --enable-win32-openssh-support @itemx --enable-putty-support @opindex enable-ssh-support +@opindex enable-win32-openssh-support @opindex enable-putty-support -The OpenSSH Agent protocol is always enabled, but @command{gpg-agent} -will only set the @code{SSH_AUTH_SOCK} variable if this flag is given. +On Unix platforms the OpenSSH Agent protocol is always enabled, but +@command{gpg-agent} will only set the @code{SSH_AUTH_SOCK} variable if +the option @option{enable-ssh-support} is given. Some Linux +distributions use the presence of this option to decide whether the +old ssh-agent shall be started. + +On Windows support for the native ssh implementation must be enabled +using the the option @option{enable-win32-openssh-support}. For using +gpg-agent as a replacement for PuTTY's Pageant, the option +@option{enable-putty-support} must be enabled. In this mode of operation, the agent does not only implement the gpg-agent protocol, but also the agent protocol used by OpenSSH -(through a separate socket). Consequently, it should be possible to use -the gpg-agent as a drop-in replacement for the well known ssh-agent. +(through a separate socket or via Named Pipes) or the protocol used by +PuTTY. Consequently, this allows to use the gpg-agent as a drop-in +replacement for the ssh-agent. -SSH Keys, which are to be used through the agent, need to be added to +SSH keys, which are to be used through the agent, need to be added to the gpg-agent initially through the ssh-add utility. When a key is added, ssh-add will ask for the password of the provided key file and send the unprotected key material to the agent; this causes the diff --git a/doc/gpg-card.texi b/doc/gpg-card.texi index 33cdbd96d..8787793f8 100644 --- a/doc/gpg-card.texi +++ b/doc/gpg-card.texi @@ -316,6 +316,40 @@ Write a private key object identified by @var{keygrip} to the card under the id @var{keyref}. Option @option{--force} allows overwriting an existing key. +@item CHECKKEYS [--ondisk] [--delete-clear-copy] [--delete-protected-copy] +@opindex checkkeys +Print a list of keys noticed on all inserted cards. With +@option{--ondisk} only smartcard keys with a copy on disk are listed. +With @option{--delete-clear-copy} copies of smartcard keys stored on +disk without any protection will be deleted. With +@option{--delete-protected-copy} password protected copies of +smartcard keys stored on disk will be deleted. + +This command creates missing shadow keys. The delete options print +the status of the keys before they are deleted. + +The format of the output is: +@table @var +@item Serial number +A hex-string with the serial number of the card. +@item Type +This gives the type of the card's application. For example "OpenPGP" +or "PIV". +@item Keygrip +A hex-string identifying a key. +@item Keyref +The application slot where the key is stored on the card. For example +"OpenPGP.1" +@item Status +The status of the key. The most common value is "shadowed" for a key +where only the public key along with the card's serial number is +stored on the disk. The value "clear" indicates that a copy of the +card's key is stored unprotected on disk. The value "protected" +indicated that a copy of the car's key is stored on disk but is +protected by a password. The value "error" may also be shown if there +was a problem reading information from the card. +@end table + @item YUBIKEY @var{cmd} @var{args} @opindex yubikey Various commands pertaining to Yubikey tokens with @var{cmd} being: diff --git a/doc/gpg.texi b/doc/gpg.texi index 17de880ea..7e6420a49 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -638,12 +638,11 @@ The @option{--dearmor} command can also be used to dearmor PEM armors. @item --unwrap @opindex unwrap -This command is similar to @option{--decrypt} with the difference that the -output is not the usual plaintext but the original message with the -encryption layer removed. Thus the output will be an OpenPGP data -structure which often means a signed OpenPGP message. Note that this -option may or may not remove a compression layer which is often found -beneath the encryption layer. +This option modifies the command @option{--decrypt} to output the +original message with the encryption layer removed. Thus the output +will be an OpenPGP data structure which often means a signed OpenPGP +message. Note that this option may or may not remove a compression +layer which is often found beneath the encryption layer. @item --tofu-policy @{auto|good|unknown|bad|ask@} @var{keys} @opindex tofu-policy @@ -2580,6 +2579,10 @@ opposite meaning. The options are: import-clean it suppresses the final clean step after merging the imported key into the existing key. + @item ignore-attributes + Ignore all attribute user IDs (photo IDs) and their signatures while + importing a key. + @item repair-keys After import, fix various problems with the keys. For example, this reorders signatures, and strips duplicate @@ -4637,10 +4640,11 @@ in the @option{--edit-key} menu. @item Revoker: @var{algo}:@var{fpr} [sensitive] Add a designated revoker to the generated key. Algo is the public key -algorithm of the designated revoker (i.e., RSA=1, DSA=17, etc.) -@var{fpr} is the fingerprint of the designated revoker. The optional -@samp{sensitive} flag marks the designated revoker as sensitive -information. Only v4 keys may be designated revokers. +algorithm of the designated revoker (i.e. RSA=1, DSA=17, etc.) +@var{fpr} is the fingerprint of the designated revoker. @var{fpr} may +not contain spaces or colons. The optional @samp{sensitive} flag +marks the designated revoker as sensitive information. Only v4 and v5 +keys may be designated revokers. @item Keyserver: @var{string} This is an optional parameter that specifies the preferred keyserver diff --git a/doc/tools.texi b/doc/tools.texi index 07a50820b..2f60a46dd 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -387,12 +387,23 @@ daemons. Note that as of now reload and kill have the same effect for Create a directory for sockets below /run/user or /var/run/user. This is command is only required if a non default home directory is used and the /run based sockets shall be used. For the default home -directory GnUPG creates a directory on the fly. +directory GnuPG creates a directory on the fly. @item --remove-socketdir @opindex remove-socketdir Remove a directory created with command @option{--create-socketdir}. +@item --unlock @var{name} +@itemx --lock @var{name} +Remove a stale lock file hold for @file{file}. The file is +expected in the current GnuPG home directory. This command is usually +not required because GnuPG is able to detect and remove stale lock +files. Before using the command make sure that the file protected by +the lock file is actually not in use. The lock command may be used to +lock an accidently removed lock file. Note that the commands have no +effect on Windows because the mere existence of a lock file does not +mean that the lock is active. + @end table |