aboutsummaryrefslogtreecommitdiffstats
path: root/doc (follow)
Commit message (Collapse)AuthorAgeFilesLines
* doc: Remove documentation for future option --faked-system-time.Marcus Brinkmann2017-08-041-7/+0
| | | | | | | doc/gpg.texi: Remove documentation for --faked-system-time. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 3329
* doc: Fix typo.Marcus Brinkmann2017-07-031-1/+1
| | | | | Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 3243
* spelling: Correct achived to achieved.Daniel Kahn Gillmor2016-11-021-1/+1
| | | | | -- Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Avoid publishing the GnuPG version by defaultDaniel Kahn Gillmor2016-08-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (main): initialize opt.emit_version to 0 * doc/gpg.texi: document different default for --emit-version -- The version of GnuPG in use is not particularly helpful. It is not cryptographically verifiable, and it doesn't distinguish between significant version differences like 2.0.x and 2.1.x. Additionally, it leaks metadata that can be used to distinguish users from one another, and can potentially be used to target specific attacks if there are known behaviors that differ between major versions. It's probably better to take the more parsimonious approach to metadata production by default. (backport of master commit c9387e41db7520d176edd3d6613b85875bdeb32c) Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* Clean up "allow to"Daniel Kahn Gillmor2016-08-041-3/+3
| | | | | | | | | | | | | | | * README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace "allow to" with clearer text In standard English, the normal construction is "${XXX} allows ${YYY} to" -- that is, the subject (${XXX}) of the sentence is allowing the object (${YYY}) to do something. When the object is missing, the phrasing sounds awkward, even if the object is implied by context. There's almost always a better construction that isn't as awkward. These changes should make the language a bit clearer. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* doc: Remove non-implemented option --skip-hidden-recipients.Werner Koch2016-06-081-12/+0
| | | | | | | | | | | -- GnuPG-bug-id: 1394 Note that --try-secret-key was already removed with commit 2889a70c102271a1b6ff529bafb6748c4e773014 Signed-off-by: Werner Koch <[email protected]>
* doc: Explain that gpg-preset-passphrase can't be used.Werner Koch2016-04-221-1/+3
| | | | --
* Release 1.4.20gnupg-1.4.20Werner Koch2015-12-191-1/+1
|
* gpg: Add option --weak-digest to gpg and gpgv.Daniel Kahn Gillmor2015-12-192-3/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/options.h: Add weak_digests linked list to opts. * g10/main.h: Declare weakhash linked list struct and additional_weak_digest() function to insert newly-declared weak digests into opts. * g10/misc.c: (additional_weak_digest): New function. (print_digest_algo_note): Check for deprecated digests. * g10/sig-check.c: (do_check): Reject all weak digests. * g10/gpg.c: Add --weak-digest option to gpg. * doc/gpg.texi: Document gpg --weak-digest option. * g10/gpgv.c: Add --weak-digest option to gpgv. * doc/gpgv.texi: Document gpgv --weak-digest option. -- gpg and gpgv treat signatures made over MD5 as unreliable, unless the user supplies --allow-weak-digests to gpg. Signatures over any other digest are considered acceptable. Despite SHA-1 being a mandatory-to-implement digest algorithm in RFC 4880, the collision-resistance of SHA-1 is weaker than anyone would like it to be. Some operators of high-value targets that depend on OpenPGP signatures may wish to require their signers to use a stronger digest algorithm than SHA1, even if the OpenPGP ecosystem at large cannot deprecate SHA1 entirely today. This changeset adds a new "--weak-digest DIGEST" option for both gpg and gpgv, which makes it straightforward for anyone to treat any signature or certification made over the specified digest as unreliable. This option can be supplied multiple times if the operator wishes to deprecate multiple digest algorithms, and will be ignored completely if the operator supplies --allow-weak-digests (as before). MD5 is always considered weak, regardless of any further --weak-digest options supplied. Signed-off-by: Daniel Kahn Gillmor <[email protected]> (this is a rough cherry-pick of applying the following commits to STABLE-BRANCH-1-4: 76afaed65e3b0ddfa4923cb577ada43217dd4b18 b98939812abf6c643c752ce7c325f98039a1a9e2 91015d021b3dcbe21ad0e580a4f34c523abf9e72 )
* gpg: Reject signatures made with MD5.Werner Koch2015-12-191-1/+8
| | | | | | | | | | | | | | * g10/gpg.c: Add option --allow-weak-digest-algos. (main): Set option also in PGP2 mode. * g10/options.h (struct opt): Add flags.allow_weak_digest_algos. * g10/sig-check.c (do_check): Reject MD5 signatures. * tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos. -- (cherry picked from commit f90cfe6b66269de0154d810c5cee1fe9a5af475c) Resolved conflicts: g10/gpg.c - adjust. tests/openpgp/defs.inc - no changes
* gpg: Change default cipher for --symmetric from CAST5 to AES-128.Werner Koch2015-12-171-1/+1
| | | | | | | | | | | * g10/main.h (DEFAULT_CIPHER_ALGO): Change to AES or CAST5 or 3DES depending on configure options. * g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO. -- (cherry picked from commit 57df1121c18b004dd763b35eabf7b51fc9e8ec38) Signed-off-by: Werner Koch <[email protected]>
* Obsolete option --no-sig-create-check.Werner Koch2015-09-011-6/+1
| | | | | | | | | * cipher/rsa.c (rsa_sign): Verify after sign. * g10/gpg.c (opts): Make --no-sig-create-check a NOP. * g10/options.h (opt): Remove field "no_sig_create_check". * g10/sign.c (do_sign): Do check only for DSA. Signed-off-by: Werner Koch <[email protected]>
* doc: Fix name of keep-ownertrust.Werner Koch2015-02-261-1/+1
| | | | | | -- Reported-by: Guilhem Moulin <[email protected]>
* doc: Add warning note about not acting as an oracle to --batch.Werner Koch2015-02-231-6/+17
| | | | --
* doc: Change remaining http links to gnupg.org to httpsWerner Koch2015-02-231-1/+1
| | | | | | | | -- GnuPG-bug-id: 1830 [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Allow predefined names as answer to the keygen.algo prompt.Werner Koch2015-02-231-0/+30
| | | | | | | | | | | * g10/keygen.c (ask_algo): Add list of strings. -- Signed-off-by: Werner Koch <[email protected]> (backported from commit b1d5ed6ac842469afcb84868d0f6641dc286a6c7) [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* doc: Formatting fixes.Werner Koch2015-01-131-9/+16
| | | | | | | | | | | * doc/gpl.texi: Fix enumerate and re-indent examples. -- Cherry-pick a part of ff6115227a1ced14e2fb3d160a12181b9dfbc502. Reported-by: Ian Abbott Signed-off-by: Werner Koch <[email protected]>
* doc: Fix memory leak in yat2m.Werner Koch2015-01-131-0/+1
| | | | | | | * doc/yat2m.c (write_th): Free NAME. -- Reported-by: Joshua Rogers <[email protected]>
* doc: Do not install gnupg.7Werner Koch2014-11-241-1/+4
| | | | | -- GnuPG-bug-id: 1770
* gpg: Make the use of "--verify FILE" for detached sigs harder.Werner Koch2014-11-141-10/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/openfile.c (open_sigfile): Factor some code out to ... (get_matching_datafile): new function. * g10/plaintext.c (hash_datafiles): Do not try to find matching file in batch mode. * g10/mainproc.c (check_sig_and_print): Print a warning if a possibly matching data file is not used by a standard signatures. -- Allowing to use the abbreviated form for detached signatures is a long standing bug which has only been noticed by the public with the release of 2.1.0. :-( What we do is to remove the ability to check detached signature in --batch using the one file abbreviated mode. This should exhibit problems in scripts which use this insecure practice. We also print a warning if a matching data file exists but was not considered because the detached signature was actually a standard signature: gpgv: Good signature from "Werner Koch (dist sig)" gpgv: WARNING: not a detached signature; \ file 'gnupg-2.1.0.tar.bz2' was NOT verified! We can only print a warning because it is possible that a standard signature is indeed to be verified but by coincidence a file with a matching name is stored alongside the standard signature. Reported-by: Simon Nicolussi (to gnupg-users on Nov 7) Signed-off-by: Werner Koch <[email protected]> (backported from commit 69384568f66a48eff3968bb1714aa13925580e9f) Updated doc/gpg.texi.
* gpg: Add import option "keep-ownertrust".Werner Koch2014-11-121-0/+9
| | | | | | | | | | | | | | * g10/options.h (IMPORT_KEEP_OWNERTTRUST): New. * g10/import.c (parse_import_options): Add "keep-ownertrust". (import_one): Act upon new option. -- This option is in particular useful to convert from a pubring.gpg to the new pubring.kbx in GnuPG 2.1 or vice versa: gpg1 --export | gpg2 --import-options keep-ownertrust --import (cherry-picked from commit da95d0d37841b34e2f3d7047f14ab4d98a7c0c56)
* doc: Minor fixWerner Koch2014-10-031-1/+1
| | | | | | -- Thanks to dkg for the reminder.
* gpg: Add build and runtime support for larger RSA keysDaniel Kahn Gillmor2014-10-031-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | * configure.ac: Added --enable-large-secmem option. * g10/options.h: Add opt.flags.large_rsa. * g10/gpg.c: Contingent on configure option: adjust secmem size, add gpg --enable-large-rsa, bound to opt.flags.large_rsa. * g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa * doc/gpg.texi: Document --enable-large-rsa. -- Some older implementations built and used RSA keys up to 16Kib, but the larger secret keys now fail when used by more recent GnuPG, due to secure memory limitations. Building with ./configure --enable-large-secmem will make gpg capable of working with those secret keys, as well as permitting the use of a new gpg option --enable-large-rsa, which let gpg generate RSA keys up to 8Kib when used with --batch --gen-key. Debian-bug-id: 739424 Minor edits by wk. GnuPG-bug-id: 1732
* doc: Cleanup gpg.texi.Werner Koch2014-09-292-326/+14
| | | | | | -- We don't need the gpgone and gpgtwoone macros anymore.
* doc: Final update from master (gnupg 2.1)Werner Koch2014-09-293-44/+218
| | | | | | | | | | | | * doc/Makefile.am (sources_from_trunk): Remove. (update-source): Make it a dummy. * doc/gpg.texi: Update. * doc/yat2m.c: Update. -- Maintaining 3 versions in of the gpg manual in one file is getting more complicated with 2.1. Thus we stop this now and keep the manual for 1.4 separate.
* doc: Update from master.Werner Koch2014-06-232-103/+330
|
* w32: Fix typo in README.W32.Werner Koch2014-06-231-2/+3
| | | | | -- GnuPG-bug-id: 1488
* gpg: Use more specific reason codes for INV_RECP.Werner Koch2014-06-231-1/+3
| | | | | | | | | | * g10/pkclist.c (build_pk_list): Use more specific reasons codes for INV_RECP. -- GnuPG-bug-id: 1650 Note that this patch is a bit more limited than the one in 2.1.
* doc: Remove outdated Russian man page.Werner Koch2014-06-232-3083/+3
| | | | | | | | | | | | | * configure.ac (DOCBOOK_TO_MAN): Remove. * doc/gpg.ru.sgml: Remove. * doc/Makefile.am: Remove all gpg.ru related code. -- The man page is outdated and we do not use docbook for a long time now. If someone wants to revive such a man page, it would be best to translate the respective parts of the GnuPG manual in git master. GnuPG-bug-id: 1652
* gpg: Change armor Version header to emit only the major version.Werner Koch2013-11-271-2/+6
| | | | | | | | | | | | | | | | | | * g10/options.h (opt): Rename field no_version to emit_version. * g10/gpg.c (main): Init opt.emit_vesion to 1. Change --emit-version to bump up opt.emit_version. * g10/armor.c (armor_filter): Implement different --emit-version values. -- GnuPG-bug-id: 1572 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e951782e937ce290be0d89d83e84b3daea997587) Resolved conflicts: NEWS g10/armor.c g10/gpg.c
* doc: Update from master.Werner Koch2013-10-043-25/+74
|
* Update manuals from masterWerner Koch2012-12-203-25/+24
| | | | | | | * doc/Makefile.am (update-source): Copy from Git master. (update-source-from-gnupg-2): Remove. * doc/gpg.texi: Fix minor typos and grammar bugs. * doc/yat2m.c: Change diagnostics to updated coding standards.
* Fix mksamplekeys awk to not leave out the whitespace altogetherDavid Shaw2012-11-302-3/+9
|
* Refresh sample keysDavid Shaw2012-11-302-452/+444
| | | | | | | * mksamplekeys: Tweak awk script to not add trailing whitespace to blank lines (makes git pre-commit hook unhappy). * samplekeys.asc: Refresh.
* Support the not anymore patented IDEA cipher algorithm.Werner Koch2012-11-081-18/+16
| | | | | | | | | | | | | | | | | | | | | | | | * cipher/idea.c: New. Take from Libgcrypt master and adjust for direct use in GnuPG. * cipher/idea-stub.c: Remove. * cipher/Makefile.am: Add idea.c and remove idea-stub.c rules. * configure.ac: Remove idea-stub code. * g10/gpg.c (check_permissions): Remove code path for ITEM==2. (main): Make --load-extension a dummy option. * g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2 compatibility mode. * g10/misc.c (idea_cipher_warn): Remove. Also remove all callers. * g10/seckey-cert.c (do_check): Remove emitting of STATUS_RSA_OR_IDEA. * g10/status.c (get_status_string): Remove STATUS_RSA_OR_IDEA. * g10/status.h (STATUS_RSA_OR_IDEA): Remove. -- To keep the number of actually used algorithms low, we support IDEA only in a basically read-only way (unless --pgp2 is used during key generation). It does not make sense to suggest the use of this old 64 bit blocksize algorithm. However, there is old data available where it might be helpful to have IDEA available.
* Update sample keys.Werner Koch2012-01-302-417/+844
| | | | --
* Update documentation.Werner Koch2012-01-303-707/+1163
| | | | | * doc/gpg.texi, doc/specify-user-id.texi, doc/yat2m.c: Update from current GnuPG master (commit bdde44a).
* Fix typos in comments.Werner Koch2012-01-241-3/+2
| | | | | -- Fixes provided by Gilles Espinasse.
* Automate W32 installer building.Werner Koch2012-01-161-12/+21
| | | | | | | | | | * doc/README.W32: Document new installer build procedure. * scripts/autogen.sh: Pass all args to the installer (regression fix). * scripts/conf-w32/README: Remove from repo. * scripts/conf-w32/bzip2-1.diff: Remove from repo. * scripts/mk-w32-dist: Rewrite. * scripts/w32installer.nsi [WITH_PATCHES]: Use constant patch file name.
* Refresh sample keysDavid Shaw2012-01-101-432/+411
|
* Generate the ChangeLog from commit logs.Werner Koch2011-12-021-33/+33
| | | | | | | | | | | | * scripts/gitlog-to-changelog: New script. Taken from gnulib. * scripts/git-log-fix: New file. * scripts/git-log-footer: New file. * scripts/git-hooks/commit-msg: New script. * autogen.sh: Install commit-msg hook for git. * doc/HACKING: Describe the ChangeLog policy. * Makefile.am (EXTRA_DIST): Add new files. (gen-ChangeLog): New. (dist-hook): Run gen-ChangeLog.
* Rename all ChangeLog files to ChangeLog-2011.Werner Koch2011-12-024-12/+29
| | | | * ChangeLog: New file.
* Update gpg-zip.1 (bug#1317)Werner Koch2011-02-232-74/+110
|
* Prepare for 1.4.11Werner Koch2010-10-181-29/+124
|
* Remove FAQ stuffWerner Koch2010-10-054-1367/+22
|
* Preparing a release candidateWerner Koch2010-09-231-1/+1
|
* Fix bug 1231.Werner Koch2010-06-011-1/+2
| | | | | Minor doc improvement.
* Fix bug reporting address.Werner Koch2010-02-112-3/+9
|
* Fix bug#1183Werner Koch2010-01-292-1/+5
|
* Preparing 1.4.10.Werner Koch2009-09-022-119/+124
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 06:49:54 +0000