aboutsummaryrefslogtreecommitdiffstats
path: root/doc/gpg.texi (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpg: drop import-clean from default keyserver import optionsDaniel Kahn Gillmor2019-07-201-1/+1
| | | | | | | | | | | | | | | | | * g10/gpg.c (main): drop IMPORT_CLEAN from the default opt.keyserver_options.import_options * doc/gpg.texi: reflect this change in the documentation Given that SELF_SIGS_ONLY is already set, it's not clear what additional benefit IMPORT_CLEAN provides. Furthermore, IMPORT_CLEAN means that receiving an OpenPGP certificate from a keyserver will potentially delete data that is otherwise held in the local keyring, which is surprising to users who expect retrieval from the keyservers to be purely additive. GnuPG-Bug-Id: 4628 Signed-off-by: Daniel Kahn Gillmor <[email protected]> Gbp-Pq: Name gpg-drop-import-clean-from-default-keyserver-import-optio.patch
* gpg: With --auto-key-retrieve prefer WKD over keyservers.Werner Koch2019-07-051-4/+20
| | | | | | | | | | | | | | | * g10/mainproc.c (check_sig_and_print): Print a hint on how to make use of the preferred keyserver. Remove keyserver lookup just by the keyid. Try a WKD lookup before a keyserver lookup. -- The use of the the keyid for lookups does not make much sense anymore since for quite some time we do have the fingerprint as part of the signature. GnuPG-bug-id: 4595 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 96bf8f477805bae58cfb77af8ceba418ff8aaad9)
* gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.Werner Koch2019-07-041-0/+5
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c (main): Change default. -- Due to the DoS attack on the keyeservers we do not anymore default to import key signatures. That makes the keyserver unsuable for getting keys for the WoT but it still allows to retriev keys - even if that takes long to download the large keyblocks. To revert to the old behavior add keyserver-optiions no-self-sigs-only,no-import-clean to gpg.conf. GnuPG-bug-id: 4607 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 23c978640812d123eaffd4108744bdfcf48f7c93)
* gpg: New command --locate-external-key.Werner Koch2019-07-041-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (aLocateExtKeys): New. (opts): Add --locate-external-keys. (main): Implement that. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL. (get_best_pubkey_byname): Add arg 'mode' and pass on to get_pubkey_byname. Change callers. * g10/keylist.c (public_key_list): Add arg 'no_local'. (locate_one): Ditto. Pass on to get_best_pubkey_byname. -- This new command is a shortcut for --auto-key-locate nodefault,clear,wkd,... --locate-key and uses the default or configured AKL list but does so without local. See also GnuPG-bug-id: 4599 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d00c8024e58822e0623b3fad99248ce68a8b7725)
* Mention --sender in documentationPeter Lebbing2019-07-031-5/+5
|
* gpg: New import and keyserver option "self-sigs-only"Werner Koch2019-07-011-0/+8
| | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_SELF_SIGS_ONLY): New. * g10/import.c (parse_import_options): Add option "self-sigs-only". (read_block): Handle that option. -- This option is intended to help against importing keys with many bogus key-signatures. It has obvious drawbacks and is not a bullet-proof solution because a self-signature can also be faked and would be detected only later. GnuPG-bug-id: 4591 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0)
* gpg: Allow deletion of subkeys with --delete-[secret-]key.Werner Koch2019-05-271-2/+8
| | | | | | | | | | * common/userids.c (classify_user_id): Do not set the EXACT flag in the default case. * g10/export.c (exact_subkey_match_p): Make static, * g10/delkey.c (do_delete_key): Implement subkey only deleting. -- GnuPG-bug-id: 4457
* gpg: Fix using --decrypt along with --use-embedded-filename.Werner Koch2019-05-171-1/+2
| | | | | | | | | | | | | | | | | * g10/options.h (opt): Add flags.dummy_outfile. * g10/decrypt.c (decrypt_message): Set this global flag instead of the fucntion local flag. * g10/plaintext.c (get_output_file): Ignore opt.output if that was used as a dummy option aslong with --use-embedded-filename. -- The problem here was that an explicit specified --decrypt, as meanwhile suggested, did not work with that dangerous --use-embedded-filename. In contrast it worked when gpg decrypted as a side-effect of parsing the data. GnuPG-bug-id: 4500 Signed-off-by: Werner Koch <[email protected]>
* gpg: Improve the photo image viewer selection.Werner Koch2019-05-171-9/+14
| | | | | | | | | | | | | | | | | | | | | | | | | * g10/exec.c (w32_system): Add "!ShellExecute" special. * g10/photoid.c (get_default_photo_command): Use the new ShellExecute under Windows and fallbac to 'display' and 'xdg-open' in the Unix case. (show_photos): Flush stdout so that the output is shown before the image pops up. -- For Unix this basically syncs the code with what we have in gpg 1.4. Note that xdg-open may not be used when running as root which we support here. For Windows we now use ShellExecute as this seems to be preferred over "cmd /c start"; however this does not solve the actual problem we had in the bug report. To solve that problem we resort to a wait parameter which defaults to 400ms. This works on my Windows-10 virtualized test box. If we can figure out which simple viewers are commonly installed on Windows we should enhance this patch to test for them. GnuPG-bug-id: 4334 Signed-off-by: Werner Koch <[email protected]>
* doc: Do not mention gpg's deprecated --keyserver option.Werner Koch2019-05-151-19/+15
| | | | | -- GnuPG-bug-id: 4466
* doc: Minor edit for a gpg option.Werner Koch2019-05-141-2/+2
| | | | | -- GnuPG-bug-id: 4507
* doc: Clarify option --no-keyring.Werner Koch2019-03-251-1/+2
| | | | | | | -- GnuPG-bug-id: 4424 Signed-off-by: Werner Koch <[email protected]>
* doc: fix formatting errorDaniel Kahn Gillmor2019-03-221-1/+2
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* doc: Mark keyserver-options timeout and http-proxy as obsolete.Werner Koch2019-01-221-25/+5
| | | | | | -- (cherry picked from commit 6c000d4b78b836686e5a2789cc88a41e465e4400)
* gpg: New list-option "show-only-fpr-mbox".Werner Koch2018-12-051-0/+4
| | | | | | | | | | | | | | | | * g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox". * g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New. * g10/keylist.c (list_keyblock_simple): New. (list_keyblock): Call it. (list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX mode. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 0e8bf204791ebfd0c9a8e4b49fbadf998ec62e49) * g10/keylist.c (list_keyblock_simple): Remove optional arg from mailbox_from_userid
* doc: Clarify use of clear and nodefault in the AKL.Werner Koch2018-11-211-1/+3
| | | | | | -- (cherry picked from commit e5c3a6999a374813134a9e68744444c25c3017f6)
* gpg: Don't take the a TOFU trust model from the trustdb,Werner Koch2018-11-051-1/+2
| | | | | | | | | | | | | | | | | * g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model. (create_version_record): Don't init as TOFU. (tdbio_db_matches_options): Don't indicate a change in case TOFU is stored in an old trustdb file. -- This change allows to switch between a tofu and pgp or tofu+pgp trust model without an auto rebuild of the trustdb. This also requires that the tofu trust model is requested on the command line. If TOFU will ever be the default we need to tweak the model detection via TM_AUTO by also looking into the TOFU data base, GnuPG-bug-id: 4134 (cherry picked from commit 150a33df41944d764621f037038683f3d605aa3f)
* doc: Minor additions to the gpg man pageWerner Koch2018-08-291-4/+10
| | | | | | | | | | -- Includes a fix for GnuPG-bug-id: 3906 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 420dc2b49ad816bdd27b40db45d900551c71476f)
* doc: Show how to list envvars send to gpg-agent.Werner Koch2018-08-291-0/+9
| | | | | | | | -- GnuPG-bug: 3353 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 53bbac0865719076f7ad7bb57e13f656bd6edf39)
* gpg: New option --known-notation.Werner Koch2018-08-291-0/+7
| | | | | | | | | | | | | | | * g10/gpg.c (oKnownNotation): New const. (opts): Add option --known-notation. (main): Set option. * g10/parse-packet.c (known_notations_list): New local var. (register_known_notation): New. (can_handle_critical_notation): Rewrite to handle the new feature. Also print the name of unknown notations in verbose mode. -- GnuPG-bug-id: 4060 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 3da835713fb6220112d988e1953f3d84beabbf6a)
* gpg: Add new usage option for drop-subkey filters.Daniel Kahn Gillmor2018-06-121-0/+5
| | | | | | | | | | | | | | | * g10/import.c (impex_filter_getval): Add new "usage" property for drop-subkey filter. -- For example, this permits extraction of only encryption-capable subkeys like so: gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR GnuPG-Bug-id: 4019 Signed-off-by: Daniel Kahn Gillmor <[email protected]> (cherry picked from commit 2ddfb5bef920919443309ece9fa2930282bbce85)
* gpg: Set some list options with --show-keysWerner Koch2018-06-111-3/+5
| | | | | | | | | | | | | * g10/gpg.c (main): Set some list options. -- The new command --show-keys is commonly used to check the content of a file with keys. In this case it can be expected that all included subkeys and uids are of interested, even when they are already expired or have been revoked. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d2bc66f241a66cc95140cbb3a07555f6301290ed)
* doc: Typo fixesWerner Koch2018-06-061-2/+2
| | | | | | | | -- Reported-by: Claus Assmann <[email protected]> Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 70f26e4263364f4b521c7856c38ba7ee59e38445)
* gpg: New command --show-keys.Werner Koch2018-06-061-1/+10
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c (aShowKeys): New const. (opts): New command --show-keys. (main): Implement command. * g10/import.c (import_keys_internal): Don't print stats in show-only mode. (import_one): Be silent in show-only mode. -- Using --import --import-options show-only to look at a key is too cumbersome. Provide this shortcut and also remove some diagnostic cruft in this case. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 257661d6ae0ca376df758c38fabab2316d10e3a9)
* gpg: Remove MDC optionsWerner Koch2018-05-311-12/+11
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc and --no-disable-mdc into NOPs. * g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used. * g10/cipher.c (write_header): Include extra hint and make translatable. * g10/options.h (struct opt): Remove fields force_mdc and disable_mdc. -- The MDC is now always used except with --rfc2440 which will lead to a a big fat warning. This is a stripped down version of commit 253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709 which could not directly be applied due to the AEAD mechanisms there. Signed-off-by: Werner Koch <[email protected]>
* gpg: Hard fail on a missing MDC even for legacy algorithms.Werner Koch2018-05-311-4/+5
| | | | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Require an MDC or AEAD * tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to allow testing with the current files. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d1431901f0143cdc7af8d1a23387e0c6b5bb613f) Resolved Conflicts: g10/mainproc.c - Remove AEAD stuff.
* gpg: Turn --no-mdc-warn into a NOP.Werner Koch2018-05-311-4/+0
| | | | | | | | | | | | | | | | * g10/gpg.c (oNoMDCWarn): Remove. (opts): Make --no-mdc-warn a NOP. (main): Don't set var. * g10/options.h (struct opt): Remove 'no_mdc_var'. * g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false. * g10/mainproc.c (proc_encrypted): Ditto. -- Users should not be allowed to suppress the warning that they are shooting into their foot. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 96350c5d5afcbc7f66c535e38b9fcc7355622855)
* doc: Update description of displayed trust values.Ineiev2018-05-071-31/+10
| | | | | | | | | | | | | | * doc/trust-values.texi: New file. * doc/Makefile.am (EXTRA_DIST): Add trust-values.texi. * doc/gnupg.texi (Trust Values): New chapter. * doc/gpg.texi (OpenPGP Key Management): Update the description of how trust values are displayed, replace table with a reference to Trust Values. * doc/gpg.texi (GPG Examples): Add @mansect trust values. -- Signed-off-by: Ineiev <[email protected]>
* doc: Update NEWS and add an example to gpg.texi.Werner Koch2018-04-231-1/+7
| | | | --
* gpg: New option --no-symkey-cache.Werner Koch2018-04-111-1/+10
| | | | | | | | | | * g10/gpg.c (oNoSymkeyCache): New. (opts): Add that option. (main): Set var. * g10/options.h (struct opt): New field no_symkey_cache. * g10/passphrase.c (passphrase_to_dek): Implement that feature. Signed-off-by: Werner Koch <[email protected]>
* doc: Typo fix in gpg.texiWerner Koch2018-04-091-1/+1
| | | | | | -- Reported-by: Cody Brownstein
* doc: Add an example for --default-new-key-algoWerner Koch2018-04-091-4/+9
| | | | --
* doc: Document --key-edit:change-usageWerner Koch2018-04-091-0/+9
| | | | | | | | * g10/keyedit.c (menu_changeusage): Make strings translatable. -- GnuPG-bug-id: 3816 Signed-off-by: Werner Koch <[email protected]>
* gpg,sm: New option --request-origin.Werner Koch2018-03-231-0/+9
| | | | | | | | | | | | | | | * g10/gpg.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * g10/options.h (struct opt): Add field request_origin. * g10/call-agent.c (start_agent): Send option to the agent. * sm/gpgsm.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * sm/gpgsm.h (struct opt): Add field request_origin. * sm/call-agent.c (start_agent): Send option to the agent. Signed-off-by: Werner Koch <[email protected]>
* gpg: Implement --dry-run for --passwd.Werner Koch2018-03-221-1/+3
| | | | | | * g10/keyedit.c (change_passphrase): Take care of --dry-run. Signed-off-by: Werner Koch <[email protected]>
* doc: man page grammarBen McGinnes2018-03-071-2/+2
| | | | | | -- Fixed two grammatical errors: their vs. there and oneself vs. one (one's self would still be too stilted).
* doc: Add extra hint on unattended use of gpg.Werner Koch2018-02-211-0/+13
| | | | --
* doc: Note --quick-gen-key as an alias for --quick-generate-keyWerner Koch2018-01-251-0/+2
| | | | --
* doc: Note pinentry-mode for passphrase optsAndre Heinecke2018-01-091-6/+11
| | | | | | | * doc/gpg.texi (--passphrase, --passphrase-file, --passphrase-fd): Note that pinentry-mode needs to be loopback. Signed-off-by: Andre Heinecke <[email protected]>
* doc: clarify that --encrypt refers to public key encryptionDaniel Kahn Gillmor2017-11-301-5/+7
| | | | | | | | | | | -- A simple read of gpg(1) is ambiguous about whether --encrypt could be for either symmetric or pubkey encryption. Closer inference suggests that --encrypt is about pubkey encryption only. Make that clearer on a first read. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Print sec/sbb with --import-option import-show or show-only.Werner Koch2017-10-191-1/+2
| | | | | | | | | | | | | * g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct. -- Note that this will likely add the suffix '#' top "sec" because the secret key has not yet (or will not be) imported. If the secret key already exists locally another suffix might be printed. The upshot is that the suffix has no usefulness. GnuPG-bug-id: 3431 Signed-off-by: Werner Koch <[email protected]>
* doc: Make --check-sigs more prominent.Werner Koch2017-09-271-39/+42
| | | | | | | | | | | -- It seems people are using --list-sigs instead of --check-sigs and do not realize that the signatures are not checked at all. We better highlight the use of --check-sigs to avoid this UI problem. Suggested-by: Andrew Gallagher Signed-off-by: Werner Koch <[email protected]>
* gpg: default to --no-auto-key-retrieve.Daniel Kahn Gillmor2017-08-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the default keyserver options. * doc/gpg.texi: document this change. -- This is a partial reversion of 7e1fe791d188b078398bf83c9af992cb1bd2a4b3. Werner and i discussed it earlier today, and came to the conclusion that: * the risk of metadata leakage represented by a default --auto-key-retrieve, both in e-mail (as a "web bug") and in other contexts where GnuPG is used to verified signatures, is quite high. * the advantages of --auto-key-retrieve (in terms of signature verification) can sometimes be achieved in other ways, such as when a signed message includes a copy of its own key. * when those other ways are not useful, a graphical, user-facing application can still offer the user the opportunity to choose to fetch the key; or it can apply its own policy about when to set --auto-key-retrieve, without needing to affect the defaults. Note that --auto-key-retrieve is specifically about signature verification. Decisions about how and whether to look up a key during message encryption are governed by --auto-key-locate. This change does not touch the --auto-key-locate default of "local,wkd". The user deliberately asking gpg to encrypt to an e-mail address is a different scenario than having an incoming e-mail trigger a potentially unique network request. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Add option '--disable-dirmngr'.Justus Winter2017-08-081-0/+3
| | | | | | | | | | | | | | * doc/gpg.texi: Document new option. * g10/call-dirmngr.c (create_context): Fail if option is given. * g10/gpg.c (cmd_and_opt_values): New value. (opts): New option. (gpgconf_list): Add new option. (main): Handle new option. * g10/options.h (struct opt): New field 'disable_dirmngr'. * tools/gpgconf-comp.c (gc_options_gpg): New option. GnuPG-bug-id: 3334 Signed-off-by: Justus Winter <[email protected]>
* Fix spelling.Daniel Kahn Gillmor2017-08-071-1/+1
| | | | | | * doc/gpg.texi: s/occured/occurred/ Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve.Werner Koch2017-08-041-9/+13
| | | | | | | | | | | | * g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default keyserver options. Set the default for --auto-key-locate to "local,wkd". Reset that default iff --auto-key-locate has been given in the option file or in the commandline. * g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg. -- GnuPG-bug-id: 3324 Signed-off-by: Werner Koch <[email protected]>
* gpg: New import option show-only.Werner Koch2017-08-041-1/+3
| | | | | | | | | | | | | * g10/options.h (IMPORT_DRY_RUN): New. * g10/import.c (parse_import_options): Add "show-only". (import_one): use that as alternative to opt.dry_run. -- This is just a convenience thing for --import-options import-show --dry-run Signed-off-by: Werner Koch <[email protected]>
* doc: Use @var for meta variables in gpg.texiWerner Koch2017-07-241-177/+179
| | | | | | | | -- This results in more standrard man pages. Signed-off-by: Werner Koch <[email protected]>
* gpg: Extend --key-origin to take an optional URL arg.Werner Koch2017-07-241-3/+5
| | | | | | | | | | | | | | | | * g10/getkey.c (parse_key_origin): Parse appended URL. * g10/options.h (struct opt): Add field 'key_origin_url'. * g10/gpg.c (main) <aImport>: Pass that option to import_keys. * g10/import.c (apply_meta_data): Extend for file and url. * g10/keyserver.c (keyserver_fetch): Pass the url to import_keys_es_stream. -- Example: gpg --key-origin url,myscheme://bla --import FILE Signed-off-by: Werner Koch <[email protected]>
* doc: Revert the bug reporting address to bugs.gnupg.orgWerner Koch2017-07-241-1/+1
| | | | | | | | | | | | | | -- dev.gnupg org is the development platform but the canonical bug address is and has always been bugs.gnupg.org. We should keep on using this address for the case that we switch the tracker again or split it off the development system. That is also the reason why we should keep on communicating a plain bug number without the 'T' prefix. Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-12 06:37:50 +0000