diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/DETAILS | 50 | ||||
| -rw-r--r-- | doc/HACKING | 20 | ||||
| -rw-r--r-- | doc/gpg.texi | 16 | ||||
| -rw-r--r-- | doc/gpgv.texi | 5 |
4 files changed, 85 insertions, 6 deletions
diff --git a/doc/DETAILS b/doc/DETAILS index 0504c80bb..246c4227d 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -1666,6 +1666,7 @@ Status codes are: 1.3.6.1.4.1.11591.2 GnuPG 1.3.6.1.4.1.11591.2.1 notation 1.3.6.1.4.1.11591.2.1.1 pkaAddress + 1.3.6.1.4.1.11591.2.1.2 manuNotation (as IA5String) 1.3.6.1.4.1.11591.2.2 X.509 extensions 1.3.6.1.4.1.11591.2.2.1 standaloneCertificate 1.3.6.1.4.1.11591.2.2.2 wellKnownPrivateKey @@ -1774,7 +1775,6 @@ Description of some debug flags: - T6390 :: Notes on use of X25519 in GnuPG (https://dev.gnupg.org/T6390) - ** v3 fingerprints For packet version 3 we calculate the keyids this way: - RSA :: Low 64 bits of n @@ -1782,12 +1782,56 @@ Description of some debug flags: calculate a RMD160 hash value from it. This is used as the fingerprint and the low 64 bits are the keyid. -** gnupg.org notations +** Used notations + + - manu :: LibrePGP/rfc4880bis defined standard notation used by + GnuPG and other implementaions to convey additional + information about the implementation used to create + a key or signature. This is a list of comma delimited + values with these defined fields: + + | field | name | defined values | + |-------+------------------+------------------------| + | 1 | software product | see: prod-id | + | 2 | software version | e.g. "2.2", "2.5+1.12" | + | 3 | architecture | see: arch-id | + | 4 | operating system | see: os-id | + | 5 | compliance class | e.g. "23", "2023" | + + | prod-id | name | + |---------+-------------| + | 1 | PGP | + | 2 | GnuPG | + | 3 | Greenshield | + | 4 | RNP | + + | arch-id | cpu | + |---------+-------| + | 1 | i686 | + | 2 | amd64 | + | 3 | arm64 | + | 4 | riscv | + + | os-id | os | + |-------+---------| + | 1 | Windows | + | 2 | Linux | + | 3 | BSD | + + If a value for a field is not known, the empty string + may be used. The values are also used for the X.509/CMS + extension 1.3.6.1.4.1.11591.2.1.2. The compliance class + values are 23 for "de-vs" and 2023 for non-approved "de-vs". + + This notation shall be human readable. It is defined in + away to minimize its size but to be easily viewable by + standard software. - [email protected] :: Used by Kleopatra to implement the tag feature. These tags are used to mark keys for easier searching and grouping. - + - [email protected] :: Used by GnuPG to mark the compliance of + encryption subkeys. ** Simplified revocation certificates Revocation certificates consist only of the signature packet; diff --git a/doc/HACKING b/doc/HACKING index cb7e400fc..8cf49f4bd 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -443,3 +443,23 @@ plaintext packets and so on. The file g10/encode.c might be a good starting point to see how it is used - actually this is the other way: constructing messages using pushed filters but it may be easier to understand. + +** Notes on how to create test data + +On 2016-02-28 we created a lot of AEAD test data using a command +similar to this: + +--8<---------------cut here---------------start------------->8--- +for algo in eax ocb; do + for csize in 6 7 12 13 14 30; do + for len in 0 $(seq 0 200) $(seq 8100 8200) $(seq 16350 16400) \ + $(seq 20000 20100); do + awk </dev/null -v i=$len 'BEGIN{while(i){i--;printf"~"}}' \ + | gpg --no-options -v --rfc4880bis --batch --passphrase "abc" \ + --s2k-count 1025 --s2k-digest-algo sha256 -z0 \ + --force-aead --aead-algo $algo --cipher aes -a \ + --chunk-size $csize -c >symenc-aead-eax-c$csize-$len.asc + done + done +done +--8<---------------cut here---------------end--------------->8--- diff --git a/doc/gpg.texi b/doc/gpg.texi index 63e87e528..91bc73e8c 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1420,11 +1420,15 @@ give the opposite meaning. The options are: @item show-notations @itemx show-std-notations @itemx show-user-notations + @itemx show-hidden-notations @opindex list-options:show-notations @opindex list-options:show-std-notations @opindex list-options:show-user-notations + @opindex list-options:show-hidden-notations Show all, IETF standard, or user-defined signature notations in the - @option{--check-signatures} listings. Defaults to no. + @option{--check-sigs} listings. Hidden notations are those which + are automatically inserted by an implementation and not worthy to + mention. Defaults to no. @item show-x509-notations @opindex list-options:show-x509-notations @@ -1513,11 +1517,15 @@ the opposite meaning. The options are: @item show-notations @itemx show-std-notations @itemx show-user-notations + @itemx show-hidden-notations @opindex verify-options:show-notations @opindex verify-options:show-std-notations @opindex verify-options:show-user-notations + @opindex verify-options:show-hidden-notations Show all, IETF standard, or user-defined signature notations in the - signature being verified. Defaults to IETF standard. + signature being verified. Hidden notations are those which are + automatically inserted by an implementation and not worthy to + mention. Defaults to IETF standard. @item show-keyserver-urls @opindex verify-options:show-keyserver-urls @@ -3374,7 +3382,9 @@ given once only the name of the program and the major number is emitted, given twice the minor is also emitted, given thrice the micro is added, and given four times an operating system identification is also emitted. @option{--no-emit-version} (default) disables the version -line. +line. Note that unless the @option{--compatibility-flags} have +a "no-manu" flag set, the GnuPG and Libgcrypt major and minor version +(e.g. "2.6+1.11") is included in signature packets and keys. @item --sig-notation @{@var{name}=@var{value}@} @itemx --cert-notation @{@var{name}=@var{value}@} diff --git a/doc/gpgv.texi b/doc/gpgv.texi index 159c8dddb..005ff422f 100644 --- a/doc/gpgv.texi +++ b/doc/gpgv.texi @@ -122,6 +122,11 @@ refer to the file descriptor n and not to a file with that name. @opindex assert-pubkey-algo This option works in the same way as described for @command{gpg}. +@item --print-notation @var{name} +@itemx -N @var{name} +If the signature verifies print the notation @var{name} to stdout if +it exists. + @end table @mansect return value |