aboutsummaryrefslogtreecommitdiffstats
path: root/doc/gpgsm.texi (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpgsm: New option --input-size-hint.Werner Koch2023-06-151-0/+10
| | | | | | | | | | | | | | | | | | * sm/gpgsm.c (oInputSizeHint): New. (opts): Add "--input-size-hint". (main): Set option. * sm/server.c (option_handler): Add option "input-size-hint". * sm/gpgsm.h (struct server_control_s): Add field input_size_hint. * sm/encrypt.c (gpgsm_encrypt): Set the toatl file size. * sm/decrypt.c (gpgsm_decrypt): Ditto. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- This option allows to set a value for the progress output line. Note that as of now there is no other way to set the file size. GnuPG-bug-id: 6534
* doc: Replace remaining "gpg2" by "gpg".Werner Koch2023-06-011-1/+1
| | | | --
* gpgsm: New option --no-pretty-dnWerner Koch2023-03-161-0/+9
| | | | | | | | * sm/gpgsm.c (oNoPrettyDN): New. (opts): Add --no-pretty-dn. (main): Implement. * sm/gpgsm.h (opt): Add no_pretty_dn. * sm/certdump.c (gpgsm_es_print_name): Act upon.
* gpg,gpgsm: New option --log-timeWerner Koch2023-03-081-0/+4
| | | | | | | | | | | * g10/gpg.c (oLogTime): New. (opts): Add "log-time". (opt_log_time): New var. (main): Implement. * sm/gpgsm.c (oLogTime): New. (opts): Add "log-time". (opt_log_time): New var. (main): Implement.
* gpgsm: Strip trailing zeroes from detached signatures.Werner Koch2023-03-081-2/+4
| | | | | | | | | | | | | | | | * common/ksba-io-support.c: Include tlv.h (struct reader_cb_parm_s): Add new fields. (starts_with_sequence): New. (simple_reader_cb): Handle stripping. * common/ksba-io-support.h (GNUPG_KSBA_IO_STRIP): New. (gnupg_ksba_create_reader): Handle the new flag. * sm/verify.c (gpgsm_verify): Use the new flag for detached signatures. -- Note that this works only if --assume-binary is given. The use case for the feature is PDF signature checking where the PDF specs require that the detached signature is padded with zeroes.
* gpgsm: New option --compatibility-flags.Werner Koch2022-06-131-0/+8
| | | | | | | | | | * sm/gpgsm.c (oCompatibilityFlags): New option. (compatibility_flags): new. (main): Parse and print them in verbose mode. * sm/gpgsm.h (opt): Add field compat_glags.: (COMPAT_ALLOW_KA_TO_ENCR): New. * sm/keylist.c (print_capabilities): Take care of the new flag. * sm/certlist.c (cert_usage_p): Ditto.
* gpgsm: New option --require-complianceWerner Koch2022-03-081-0/+11
| | | | | | | | | | | | * sm/gpgsm.c (oRequireCompliance): New. (opts): Add --require-compliance. (main): Set option. * sm/gpgsm.h (opt): Add field require_compliance. (gpgsm_errors_seen): Declare. * sm/verify.c (gpgsm_verify): Emit error if non de-vs compliant. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/decrypt.c (gpgsm_decrypt): Ditto. --
* sm: New option --ignore-cert-with-oid.Werner Koch2022-02-031-0/+10
| | | | | | | * sm/gpgsm.c (oIgnoreCertWithOID): New. (opts): Add option. (main): Store its value. * sm/call-agent.c (learn_cb): Test against that list.
* gpgsm: Retire the new --ldapserver.Werner Koch2022-01-271-9/+7
| | | | | | | | | | | * sm/gpgsm.c (oKeyServer_deprecated): New. (opts): Assign "ldapserver" to the new option and mark it as obsolete. -- We want to use "ldapserver" in dirmngr but need to keep using "keyserver" in gpgsm for existant versions of Kleopatra etc. GnuPG-bug-id: 5801
* gpg,gpgsm: Add option --min-rsa-length.Werner Koch2021-11-181-0/+10
| | | | | | | | | | | | | | | * common/compliance.c (min_compliant_rsa_length): New. (gnupg_pk_is_compliant): Take in account. (gnupg_pk_is_allowed): Ditto. (gnupg_set_compliance_extra_info): New. * g10/gpg.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * g10/options.h (opt): Add field min_rsa_length. * sm/gpgsm.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * sm/gpgsm.h (opt): Add field min_rsa_length.
* sm: New option --ldapserver as an alias for --keyserver.Werner Koch2021-06-161-28/+9
| | | | | | | | | | | | | * sm/gpgsm.c (opts): Add option --ldapserver and make --keyserver an alias. -- We should use "keyserver" for OpenPGP and thus it is better to allow for "ldapserver" here - it is the same convention as now used in dirmngr. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d6df1bf84969bf5f5781e33bc1c2f6cb2aee0093)
* sm: New command --show-certsWerner Koch2021-04-201-0/+11
| | | | | | | | | | | | | | | * sm/keylist.c (do_show_certs): New. (gpgsm_show_certs): New. * sm/gpgsm.c (aShowCerts): New. (opts): Add --show-certs. (main): Call gpgsm_show_certs. -- I have been using libksba test programs for countless times to look at certificates and I always wanted to add such a feature to gpgsm. This is simply much more convenient. Signed-off-by: Werner Koch <[email protected]>
* gpg,gpgsm: Move use-keyboxd to the new conf file common.confWerner Koch2021-04-191-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/comopt.c, common/comopt.h: New. * common/Makefile.am: Add them. * g10/gpg.c: Include comopt.h. (main): Also parse common.conf. * sm/gpgsm.c: Include comopt.h. (main): Set a flag for the --no-logfile option. Parse common.conf. * tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add pseudo option "use_keyboxd". (known_pseudo_options_gpg): Add pseudo option "use_keyboxd". (known_options_gpgsm): Remove "use-keyboxd". * tests/openpgp/defs.scm (create-gpghome): Create common.conf. * doc/examples/common.conf: New. -- Note that --use-keybox still works but prints a warning. We will eventually remove this option becuase it was marked as an experimental feature anyway. It would be too confusing if gpg and gpgsm use different key storages. Further, other components (e.g. dirmngr or gpg-wks-client) which call gpg or gpgsm need to be aware that the keyboxd is used and pass that option on the command line. Now that common.conf is always read (even if --no-options is used) those tools will work instantly.
* doc: Fix typosGavin L. Rebeiro2020-11-231-3/+3
| | | | | | | -- GnuPG-bug-id: 5071 Also fixed one in keyformat.txt [wk].
* doc: Some documentation updates.Werner Koch2020-09-211-1/+1
| | | | | | -- Also fixed some typos and documented soon to be used OIDs
* gpgsm: New option --chuid.Werner Koch2020-08-061-0/+11
| | | | | | | | | | * sm/gpgsm.c (oChUid, opts): New option --chuid. (main): Implement option. -- This option will at least be useful for Scute. Signed-off-by: Werner Koch <[email protected]>
* sm: Create ECC certificates with AKI and SKI by default.Werner Koch2020-05-191-2/+18
| | | | | | | | * sm/certreqgen.c (create_request): Create AKI and SKI by default. -- GnuPG-bug-id: 4098 Signed-off-by: Werner Koch <[email protected]>
* sm: Always allow authorityInfoAccess lookup if CRLs are also enabled.Werner Koch2020-04-161-3/+8
| | | | | | | | | * sm/certchain.c (find_up): Disable external lookups in offline mode. Always allow AKI lookup if CRLs are also enabled. -- GnuPG-bug-id: 4898 Signed-off-by: Werner Koch <[email protected]>
* sm: Consider certificates w/o CRL DP as valid.Werner Koch2020-03-271-0/+8
| | | | | | | | | | | | | | | | | | | * sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP. * common/audit.c (proc_type_verify): Print "n/a" if a cert has no distribution point. * sm/gpgsm.h (opt): Add field enable_issuer_based_crl_check. * sm/gpgsm.c (oEnableIssuerBasedCRLCheck): New. (opts): Add option --enable-issuer-based-crl-check. (main): Set option. -- If the issuer does not provide a DP and the user wants such an issuer, we expect that a certificate does not need revocation checks. The new option --enable-issuer-based-crl-check can be used to revert to the old behaviour which requires that a suitable LDAP server has been configured to lookup a CRL by issuer. Signed-off-by: Werner Koch <[email protected]>
* gpgsm: Allow sepcification of ldaps servers.Werner Koch2019-11-091-2/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps. * sm/gpgsm.c (parse_keyserver_line): Parse flags. * sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr. * dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps. * dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags. * dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls. * dirmngr/dirmngr_ldap.c: New option --tls. (fetch_ldap): Make use of that option. -- There was no way to specify an LDAPS server in dirmngr_ldapserver.socnf or with gpgsm's --keyserver option. This patch fixes this. Eventually we should allow to replace host and port by a partial URI in the same way ldap_initialize does it. For backward compatibility we do not yet do that. Although the dirmngr code accepts an URL (eg. taken from a certificate), I can't see how the scheme was ever used. Thus the patch also detects an ldaps scheme and uses this. That part has not been tested, though. Signed-off-by: Werner Koch <[email protected]>
* doc: Document gpgsm's --keyserver option.Werner Koch2019-11-071-0/+16
| | | | | | | | -- Also fix a few related entries. Signed-off-by: Werner Koch <[email protected]>
* doc: Update description of --debugWerner Koch2019-09-051-23/+5
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* doc: fix minor spelling and tense errorsDaniel Kahn Gillmor2019-08-201-1/+1
| | | | | | * doc/{gpg,gpgsm,wks}.texi: minor orthographic cleanup. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* fix up 6562de7475b21cd03c7b1a83a591fa563c589f5bDaniel Kahn Gillmor2019-06-141-1/+1
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* doc/gpgsm: explain what "policy-file" refers to.Daniel Kahn Gillmor2019-06-111-1/+2
| | | | | | | | | | A new user who sees "policy-file" and searches naively through the documentation to find it again won't be able to tell what this refers to, since "policies.txt" doesn't otherwise match the search string "policy". This gives them a fighting chance at finding the documentation. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* Merge branch 'STABLE-BRANCH-2-2' into masterWerner Koch2018-03-271-0/+9
|\
| * gpg,sm: New option --request-origin.Werner Koch2018-03-231-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * g10/options.h (struct opt): Add field request_origin. * g10/call-agent.c (start_agent): Send option to the agent. * sm/gpgsm.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * sm/gpgsm.h (struct opt): Add field request_origin. * sm/call-agent.c (start_agent): Send option to the agent. Signed-off-by: Werner Koch <[email protected]>
* | Merge branch 'STABLE-BRANCH-2-2' into wk-masterWerner Koch2018-03-061-1/+1
|\|
| * doc: Fix recently introduced typo in gpgsm.texi.Werner Koch2018-02-221-1/+1
| | | | | | | | --
* | Merge branch 'STABLE-BRANCH-2-2'Werner Koch2018-02-221-3/+3
|\|
| * doc: Clarify -export-secret-key-p12Werner Koch2018-02-221-3/+3
| | | | | | | | | | | | | | -- GnuPG-bug-id: 3788 Signed-off-by: Werner Koch <[email protected]>
* | sm: Move qualified.txt from datadir into sysconfdirAlon Bar-Lev2017-09-111-9/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * doc/Makefile.am: Move qualified.txt into examples. * doc/qualified.txt: Move into examples, remove trailing spaces. * doc/examples/README: Document qualified.txt. * doc/gpgsm.texi: Move qualified.txt from datadir into sysconfdir. * sm/qualified.c (read_list): Move qualified.txt from datadir into sysconfdir. -- The qualified.txt is maintained by Administrator it is a configuration file. In the past it was a hybrid, provided by package and controlled by the Administrator, however, it is no longer maintained by package. Signed-off-by: Alon Bar-Lev <[email protected]>
* | gpgsm: default to 3072-bit keys.Daniel Kahn Gillmor2017-09-081-1/+1
|/ | | | | | | | | | | | | | | | | | * doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update default to 3072 bits. * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to 3072 bits. * sm/certreqgen.c (proc_parameters): update default to 3072 bits. * sm/gpgsm.c (main): print correct default_pubkey_algo. -- 3072-bit RSA is widely considered to be 128-bit-equivalent security. This is a sensible default in 2017. Signed-off-by: Daniel Kahn Gillmor <[email protected]> Gbp-Pq: Topic update-defaults Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch
* doc: Document obsolete option in gpgsm. Closes T2231.Marcus Brinkmann2017-07-011-4/+1
| | | | | | | * doc/gpgsm.texi: Mark --prefer-system-dirmngr as obsolete. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 2231
* doc: Improve documentation.Justus Winter2017-05-311-1/+1
| | | | | | | * doc/gpgsm.texi: Mention that '--with-key-data' implies '--with-colons'. Signed-off-by: Justus Winter <[email protected]>
* Spelling fixes in docs and comments.NIIBE Yutaka2017-04-281-2/+2
| | | | | | | | | | -- In addition, fix trailing spaces in tests/inittests. GnuPG-bug-id: 3121 Reported-by: ka7 (klemens) Signed-off-by: NIIBE Yutaka <[email protected]>
* Clean up word replication.Yuri Chornoivan2017-02-211-1/+1
| | | | | | | | | -- This fixes extra word repetitions (like "the the" or "is is") in the code and docs. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* doc: Add aliases of all changed options.Justus Winter2016-12-151-0/+4
| | | | | | | | | * doc/gpg.texi: Add the old version of every option that was updated with the last change set. * doc/gpgsm.texi: Likewise. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <[email protected]>
* g10,sm: Spell out --passwd.Justus Winter2016-12-131-2/+2
| | | | | | | | | | * g10/gpg.c (opts): Spell out option. * sm/gpgsm.c (opts): Likewise. * doc/gpg.texi: Update accordingly. * doc/gpgsm.texi: Likewise. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <[email protected]>
* g10,sm: Spell out --gen-key.Justus Winter2016-12-131-3/+3
| | | | | | | | | * g10/gpg.c (opts): Spell out option. * sm/gpgsm.c (opts): Likewise. * doc/gpg.texi: Update accordingly. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <[email protected]>
* doc: Fix a xref usage.NIIBE Yutaka2016-09-201-1/+1
|
* doc: Do not end section names with "."Ineiev2016-09-201-5/+5
|
* doc: Fix fix "Not(e) that you can(not) abbreviate".Werner Koch2016-09-201-1/+1
| | | | | | | | | | | -- The commands --help, --version, --dump-options are special in that they can't be abbreciated on the command line. This is to avoid problems with regular options with the same prefix. Fixes-commit: 0a27d8a57c4c990fcada4278a1ce2e6fc9043e9 Signed-off-by: Werner Koch <[email protected]>
* doc: Fix full stops.Ineiev2016-09-201-2/+2
| | | | | | * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi, doc/instguide.texi, doc/scdaemon.texi, doc/specify-user-id.texi, doc/tools.texi: Fix.
* doc: Improve markup.Ineiev2016-09-201-14/+14
| | | | | | * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi, doc/howto-create-a-server-cert.texi, doc/scdaemon.texi, doc/specify-user-id.texi, doc/tools.texi: Fix.
* doc: Replace rfc0123 with RFC-0123.Ineiev2016-09-201-1/+1
| | | | * doc/gpg.texi, doc/gpgsm.texi, doc/specify-user-id.texi: Fix.
* doc: Fix mistakes.Ineiev2016-09-201-2/+2
| | | | | | * doc/dirmngr.texi, doc/gpg.texi, doc/gpgsm.texi, doc/howto-create-a-server-cert.texi, doc/scdaemon.texi, doc/tools.texi: Fix.
* doc: Use the right reference commands.Ineiev2016-09-201-4/+4
| | | | | * doc/debugging.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi, doc/tools.texi: Fix.
* doc: Fix "Not(e) that you can(not) abbreviate".Ineiev2016-09-201-1/+1
| | | | | * doc/dirmngr.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi, doc/scdaemon.texi, doc/tools.texi: Fix.
* doc: Fix typos.Ineiev2016-09-201-10/+10
| | | | | | | * doc/debugging.texi, doc/dirmngr.texi, doc/glossary.texi * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi * doc/instguide.texi, doc/opt-homedir.texi, doc/scdaemon.texi * doc/specify-user-id.texi, doc/tools.texi: Fix.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-23 12:33:34 +0000