aboutsummaryrefslogtreecommitdiffstats
path: root/doc/gpg.texi (follow)
Commit message (Collapse)AuthorAgeFilesLines
* doc: Fix typosGavin L. Rebeiro2020-11-231-2/+2
| | | | | | | | | -- GnuPG-bug-id: 5071 Also fixed one in keyformat.txt [wk]. (cherry picked from commit 572bcacc287d24d0a2cc56442f9fb6a9ac49e12d)
* gpg: New command --quick-revoke-sigWerner Koch2020-10-281-0/+11
| | | | | | | | | | | | | | | * g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig. (opts): Add --quick-revoke-sig. (main): Implement. * g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and adjust all callers. (keyedit_quick_revsig): new. * g10/revoke.c (get_default_sig_revocation_reason): New. * g10/keylist.c (cmp_signodes): New. -- GnuPG-bug-id: 5093 Backported-from-master: 243f9176e799b2328f2e5bed93099bfc474fdc5a
* doc: Add a remark about keyservers.Werner Koch2020-08-271-0/+5
| | | | --
* doc: Describe the relation between pubring.gpg and pubring.kbxWerner Koch2020-08-201-6/+34
| | | | | -- GnuPG-bug-id: 4958
* gpg: Fix regression for non-default --passphrase-repeat option.Werner Koch2020-08-201-1/+4
| | | | | | | | * agent/command.c (cmd_get_passphrase): Take care of --repeat with --newsymkey. -- GnuPG-bug-id: 4997
* gpg: Update --trusted-key to accept fingerprint as well as long key id.Daniel Kahn Gillmor2020-03-181-2/+2
| | | | | | | | | | | | | | | | | | | | * g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well as long key ID. * doc/gpg.texi: document that --trusted-key can accept a fingerprint. -- GnuPG-bug-id: 4855 Signed-off-by: Daniel Kahn Gillmor <[email protected]> Fixed uses or return and kept the old string to avoid breaking translations. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 810ea2cc684480c6aadceb2a10dd00f3fa67f2fb) Remove the test for FPRLEN which we do not have in 2.2 Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --auto-key-importWerner Koch2020-03-141-4/+22
| | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (opts): New options --auto-key-import, --no-auto-key-import, and --no-include-key-block. (gpgconf_list): Add them. * g10/options.h (opt): Add field flags.auto_key_import. * g10/mainproc.c (check_sig_and_print): Use flag to enable that feature. * tools/gpgconf-comp.c: Give the new options a Basic config level. -- Note that the --no variants of the options are intended for easy disabling at the command line. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <[email protected]> Backported from master. Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --include-key-block.Werner Koch2020-03-141-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New. * g10/gpg.c (oIncludeKeyBlock): New. (opts): New option --include-key-block. (main): Implement. * g10/options.h (opt): New flag include_key_block. * g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK. (parse_one_sig_subpkt): Ditto. (can_handle_critical): Ditto. * g10/sign.c (mk_sig_subpkt_key_block): New. (write_signature_packets): Call it for data signatures. -- This patch adds support for a to be proposed OpenPGP ferature: Introduce the Key Block subpacket to align OpenPGP with CMS. This new subpacket may be used similar to the CertificateSet of CMS (RFC-5652) and thus allows to start encrypted communication after having received a signed message. In practice a stripped down version of the key should be including having only the key material and the self-signatures which are really useful and shall be used by the recipient to reply encrypted. #### Key Block (1 octet with value 0, N octets of key data) This subpacket MAY be used to convey key data along with a signature of class 0x00, 0x01, or 0x02. It MUST contain the key used to create the signature; either as the primary key or as a subkey. The key SHOULD contain a primary or subkey capable of encryption and the entire key must be a valid OpenPGP key including at least one User ID packet and the corresponding self-signatures. Implementations MUST ignore this subpacket if the first octet does not have a value of zero or if the key data does not represent a valid transferable public key. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <[email protected]> Backported from master. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add property "fpr" for use by --export-filter.Werner Koch2020-03-141-0/+4
| | | | | | | | | | | | | | | | * g10/export.c (push_export_filters): New. (pop_export_filters): New. (export_pubkey_buffer): Add args prefix and prefixlen. Adjust callers. * g10/import.c (impex_filter_getval): Add property "fpr". * g10/main.h (struct impex_filter_parm_s): Add field hexfpr. -- The push and pop feature will help us to use the export filter internally in gpg. Same for the export_pubkey_buffer change. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <[email protected]>
* doc: Improve the warning section of the gpg man page.Werner Koch2020-02-101-11/+17
| | | | | | | * doc/gpg.texi: Update return value and warning sections. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 113a8288b85725f7726bb2952431deea745997d8)
* doc: Clarify how to use --log-file in gpg.Werner Koch2019-11-181-1/+3
| | | | | | -- Note that in 2.3 --batch is not anymore required.
* gpg: Add option --allow-weak-key-signatures.Werner Koch2019-11-111-3/+12
| | | | | | | | | | | | | | * g10/gpg.c (oAllowWeakKeySignatures): New. (opts): Add --allow-weak-key-signatures. (main): Set it. * g10/options.h (struct opt): Add flags.allow_weak_key_signatures. * g10/misc.c (print_sha1_keysig_rejected_note): New. * g10/sig-check.c (check_signature_over_key_or_uid): Print note and act on new option. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e624c41dbafd33af82c1153188d14de72fcc7cd8)
* gpg: Fix a potential loss of key sigs during import with self-sigs-only.Werner Koch2019-11-071-6/+8
| | | | | | | | | | | | * g10/import.c (import_one_real): Don't do the final clean in the merge case. -- This fixes a regression introduced with self-sigs-only. GnuPG-bug-id: 4628 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 6701a38f8e4a35ba715ad37743b8505bfd089541)
* doc: Typo fix for gpg.texi in desc of --local-sigs.Werner Koch2019-10-171-1/+1
| | | | | | -- (Already fixed in master in January)
* gpg: Extend --quick-gen-key for creating keys from a card.Werner Koch2019-10-151-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and support the special algo "card". (parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP. Handle the "card" algo. Adjust callers. (parse_algo_usage_expire): Add arg R_KEYGRIP. (quickgen_set_para): Add arg KEYGRIP and put it into the parameter list. (quick_generate_keypair): Handle algo "card". (generate_keypair): Also handle the keygrips as returned by parse_key_parameter_string. (ask_algo): Support ed25519 from a card. -- Note that this allows to create a new OpenPGP key from an initialized OpenPGP card or from any other supported cards. It has been tested with the TCOS Netkey card. Right now a stub file for the cards might be needed; this can be achieved by running "gpgsm --learn" with the card plugged in. Example: gpg --quick-gen-key [email protected] card Signed-off-by: Werner Koch <[email protected]> Backported from master d3f5d8544fdb43082ff34b106122bbf0619a0ead which required to remove the extra key version args. GnuPG-bug-id: 4681 Signed-off-by: Werner Koch <[email protected]>
* doc: Fix c+p bug in the examples for --import-filter.Werner Koch2019-10-121-5/+5
| | | | | | | -- Reported-by: Steve McIntyre Signed-off-by: Werner Koch <[email protected]>
* doc: Fix grammar error.Werner Koch2019-08-301-1/+1
| | | | | -- GnuPG-bug-id: 4691
* gpg: With --auto-key-retrieve prefer WKD over keyservers.Werner Koch2019-07-051-4/+20
| | | | | | | | | | | | | | | * g10/mainproc.c (check_sig_and_print): Print a hint on how to make use of the preferred keyserver. Remove keyserver lookup just by the keyid. Try a WKD lookup before a keyserver lookup. -- The use of the the keyid for lookups does not make much sense anymore since for quite some time we do have the fingerprint as part of the signature. GnuPG-bug-id: 4595 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 96bf8f477805bae58cfb77af8ceba418ff8aaad9)
* gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.Werner Koch2019-07-041-0/+5
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c (main): Change default. -- Due to the DoS attack on the keyeservers we do not anymore default to import key signatures. That makes the keyserver unsuable for getting keys for the WoT but it still allows to retriev keys - even if that takes long to download the large keyblocks. To revert to the old behavior add keyserver-optiions no-self-sigs-only,no-import-clean to gpg.conf. GnuPG-bug-id: 4607 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 23c978640812d123eaffd4108744bdfcf48f7c93)
* gpg: New command --locate-external-key.Werner Koch2019-07-041-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (aLocateExtKeys): New. (opts): Add --locate-external-keys. (main): Implement that. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL. (get_best_pubkey_byname): Add arg 'mode' and pass on to get_pubkey_byname. Change callers. * g10/keylist.c (public_key_list): Add arg 'no_local'. (locate_one): Ditto. Pass on to get_best_pubkey_byname. -- This new command is a shortcut for --auto-key-locate nodefault,clear,wkd,... --locate-key and uses the default or configured AKL list but does so without local. See also GnuPG-bug-id: 4599 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d00c8024e58822e0623b3fad99248ce68a8b7725)
* Mention --sender in documentationPeter Lebbing2019-07-031-5/+5
|
* gpg: New import and keyserver option "self-sigs-only"Werner Koch2019-07-011-0/+8
| | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_SELF_SIGS_ONLY): New. * g10/import.c (parse_import_options): Add option "self-sigs-only". (read_block): Handle that option. -- This option is intended to help against importing keys with many bogus key-signatures. It has obvious drawbacks and is not a bullet-proof solution because a self-signature can also be faked and would be detected only later. GnuPG-bug-id: 4591 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0)
* gpg: Allow deletion of subkeys with --delete-[secret-]key.Werner Koch2019-05-271-2/+8
| | | | | | | | | | * common/userids.c (classify_user_id): Do not set the EXACT flag in the default case. * g10/export.c (exact_subkey_match_p): Make static, * g10/delkey.c (do_delete_key): Implement subkey only deleting. -- GnuPG-bug-id: 4457
* gpg: Fix using --decrypt along with --use-embedded-filename.Werner Koch2019-05-171-1/+2
| | | | | | | | | | | | | | | | | * g10/options.h (opt): Add flags.dummy_outfile. * g10/decrypt.c (decrypt_message): Set this global flag instead of the fucntion local flag. * g10/plaintext.c (get_output_file): Ignore opt.output if that was used as a dummy option aslong with --use-embedded-filename. -- The problem here was that an explicit specified --decrypt, as meanwhile suggested, did not work with that dangerous --use-embedded-filename. In contrast it worked when gpg decrypted as a side-effect of parsing the data. GnuPG-bug-id: 4500 Signed-off-by: Werner Koch <[email protected]>
* gpg: Improve the photo image viewer selection.Werner Koch2019-05-171-9/+14
| | | | | | | | | | | | | | | | | | | | | | | | | * g10/exec.c (w32_system): Add "!ShellExecute" special. * g10/photoid.c (get_default_photo_command): Use the new ShellExecute under Windows and fallbac to 'display' and 'xdg-open' in the Unix case. (show_photos): Flush stdout so that the output is shown before the image pops up. -- For Unix this basically syncs the code with what we have in gpg 1.4. Note that xdg-open may not be used when running as root which we support here. For Windows we now use ShellExecute as this seems to be preferred over "cmd /c start"; however this does not solve the actual problem we had in the bug report. To solve that problem we resort to a wait parameter which defaults to 400ms. This works on my Windows-10 virtualized test box. If we can figure out which simple viewers are commonly installed on Windows we should enhance this patch to test for them. GnuPG-bug-id: 4334 Signed-off-by: Werner Koch <[email protected]>
* doc: Do not mention gpg's deprecated --keyserver option.Werner Koch2019-05-151-19/+15
| | | | | -- GnuPG-bug-id: 4466
* doc: Minor edit for a gpg option.Werner Koch2019-05-141-2/+2
| | | | | -- GnuPG-bug-id: 4507
* doc: Clarify option --no-keyring.Werner Koch2019-03-251-1/+2
| | | | | | | -- GnuPG-bug-id: 4424 Signed-off-by: Werner Koch <[email protected]>
* doc: fix formatting errorDaniel Kahn Gillmor2019-03-221-1/+2
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* doc: Mark keyserver-options timeout and http-proxy as obsolete.Werner Koch2019-01-221-25/+5
| | | | | | -- (cherry picked from commit 6c000d4b78b836686e5a2789cc88a41e465e4400)
* gpg: New list-option "show-only-fpr-mbox".Werner Koch2018-12-051-0/+4
| | | | | | | | | | | | | | | | * g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox". * g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New. * g10/keylist.c (list_keyblock_simple): New. (list_keyblock): Call it. (list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX mode. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 0e8bf204791ebfd0c9a8e4b49fbadf998ec62e49) * g10/keylist.c (list_keyblock_simple): Remove optional arg from mailbox_from_userid
* doc: Clarify use of clear and nodefault in the AKL.Werner Koch2018-11-211-1/+3
| | | | | | -- (cherry picked from commit e5c3a6999a374813134a9e68744444c25c3017f6)
* gpg: Don't take the a TOFU trust model from the trustdb,Werner Koch2018-11-051-1/+2
| | | | | | | | | | | | | | | | | * g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model. (create_version_record): Don't init as TOFU. (tdbio_db_matches_options): Don't indicate a change in case TOFU is stored in an old trustdb file. -- This change allows to switch between a tofu and pgp or tofu+pgp trust model without an auto rebuild of the trustdb. This also requires that the tofu trust model is requested on the command line. If TOFU will ever be the default we need to tweak the model detection via TM_AUTO by also looking into the TOFU data base, GnuPG-bug-id: 4134 (cherry picked from commit 150a33df41944d764621f037038683f3d605aa3f)
* doc: Minor additions to the gpg man pageWerner Koch2018-08-291-4/+10
| | | | | | | | | | -- Includes a fix for GnuPG-bug-id: 3906 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 420dc2b49ad816bdd27b40db45d900551c71476f)
* doc: Show how to list envvars send to gpg-agent.Werner Koch2018-08-291-0/+9
| | | | | | | | -- GnuPG-bug: 3353 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 53bbac0865719076f7ad7bb57e13f656bd6edf39)
* gpg: New option --known-notation.Werner Koch2018-08-291-0/+7
| | | | | | | | | | | | | | | * g10/gpg.c (oKnownNotation): New const. (opts): Add option --known-notation. (main): Set option. * g10/parse-packet.c (known_notations_list): New local var. (register_known_notation): New. (can_handle_critical_notation): Rewrite to handle the new feature. Also print the name of unknown notations in verbose mode. -- GnuPG-bug-id: 4060 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 3da835713fb6220112d988e1953f3d84beabbf6a)
* gpg: Add new usage option for drop-subkey filters.Daniel Kahn Gillmor2018-06-121-0/+5
| | | | | | | | | | | | | | | * g10/import.c (impex_filter_getval): Add new "usage" property for drop-subkey filter. -- For example, this permits extraction of only encryption-capable subkeys like so: gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR GnuPG-Bug-id: 4019 Signed-off-by: Daniel Kahn Gillmor <[email protected]> (cherry picked from commit 2ddfb5bef920919443309ece9fa2930282bbce85)
* gpg: Set some list options with --show-keysWerner Koch2018-06-111-3/+5
| | | | | | | | | | | | | * g10/gpg.c (main): Set some list options. -- The new command --show-keys is commonly used to check the content of a file with keys. In this case it can be expected that all included subkeys and uids are of interested, even when they are already expired or have been revoked. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d2bc66f241a66cc95140cbb3a07555f6301290ed)
* doc: Typo fixesWerner Koch2018-06-061-2/+2
| | | | | | | | -- Reported-by: Claus Assmann <[email protected]> Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 70f26e4263364f4b521c7856c38ba7ee59e38445)
* gpg: New command --show-keys.Werner Koch2018-06-061-1/+10
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c (aShowKeys): New const. (opts): New command --show-keys. (main): Implement command. * g10/import.c (import_keys_internal): Don't print stats in show-only mode. (import_one): Be silent in show-only mode. -- Using --import --import-options show-only to look at a key is too cumbersome. Provide this shortcut and also remove some diagnostic cruft in this case. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 257661d6ae0ca376df758c38fabab2316d10e3a9)
* gpg: Remove MDC optionsWerner Koch2018-05-311-12/+11
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc and --no-disable-mdc into NOPs. * g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used. * g10/cipher.c (write_header): Include extra hint and make translatable. * g10/options.h (struct opt): Remove fields force_mdc and disable_mdc. -- The MDC is now always used except with --rfc2440 which will lead to a a big fat warning. This is a stripped down version of commit 253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709 which could not directly be applied due to the AEAD mechanisms there. Signed-off-by: Werner Koch <[email protected]>
* gpg: Hard fail on a missing MDC even for legacy algorithms.Werner Koch2018-05-311-4/+5
| | | | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Require an MDC or AEAD * tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to allow testing with the current files. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d1431901f0143cdc7af8d1a23387e0c6b5bb613f) Resolved Conflicts: g10/mainproc.c - Remove AEAD stuff.
* gpg: Turn --no-mdc-warn into a NOP.Werner Koch2018-05-311-4/+0
| | | | | | | | | | | | | | | | * g10/gpg.c (oNoMDCWarn): Remove. (opts): Make --no-mdc-warn a NOP. (main): Don't set var. * g10/options.h (struct opt): Remove 'no_mdc_var'. * g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false. * g10/mainproc.c (proc_encrypted): Ditto. -- Users should not be allowed to suppress the warning that they are shooting into their foot. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 96350c5d5afcbc7f66c535e38b9fcc7355622855)
* doc: Update description of displayed trust values.Ineiev2018-05-071-31/+10
| | | | | | | | | | | | | | * doc/trust-values.texi: New file. * doc/Makefile.am (EXTRA_DIST): Add trust-values.texi. * doc/gnupg.texi (Trust Values): New chapter. * doc/gpg.texi (OpenPGP Key Management): Update the description of how trust values are displayed, replace table with a reference to Trust Values. * doc/gpg.texi (GPG Examples): Add @mansect trust values. -- Signed-off-by: Ineiev <[email protected]>
* doc: Update NEWS and add an example to gpg.texi.Werner Koch2018-04-231-1/+7
| | | | --
* gpg: New option --no-symkey-cache.Werner Koch2018-04-111-1/+10
| | | | | | | | | | * g10/gpg.c (oNoSymkeyCache): New. (opts): Add that option. (main): Set var. * g10/options.h (struct opt): New field no_symkey_cache. * g10/passphrase.c (passphrase_to_dek): Implement that feature. Signed-off-by: Werner Koch <[email protected]>
* doc: Typo fix in gpg.texiWerner Koch2018-04-091-1/+1
| | | | | | -- Reported-by: Cody Brownstein
* doc: Add an example for --default-new-key-algoWerner Koch2018-04-091-4/+9
| | | | --
* doc: Document --key-edit:change-usageWerner Koch2018-04-091-0/+9
| | | | | | | | * g10/keyedit.c (menu_changeusage): Make strings translatable. -- GnuPG-bug-id: 3816 Signed-off-by: Werner Koch <[email protected]>
* gpg,sm: New option --request-origin.Werner Koch2018-03-231-0/+9
| | | | | | | | | | | | | | | * g10/gpg.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * g10/options.h (struct opt): Add field request_origin. * g10/call-agent.c (start_agent): Send option to the agent. * sm/gpgsm.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * sm/gpgsm.h (struct opt): Add field request_origin. * sm/call-agent.c (start_agent): Send option to the agent. Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-23 16:25:31 +0000