From 1848ef6950aacf507d1ba3cf2d3e08aa46f036f5 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Fri, 31 May 2002 22:34:16 +0000 Subject: * gpg.sgml: Add "edit/addrevoker". Document --desig-revoke. Note that -z and --compress are the same option. Note that --digest-algo can no longer violate OpenPGP with a non-160 bit hash with DSA. Document --cert-digest-algo with suitable warnings not to use it. Note the default s2k-cipher-algo is now CAST5. Note that --force-v3-sigs overrides --ask-sig-expire. Revise --expert documentation, as it is now definitely legal to have more than one photo ID on a key. --preference-list is now --default-preference-list with the new meaning. Document --personal-preference-list. * DETAILS: Document "Revoker" for batch key generation. --- doc/ChangeLog | 15 ++++++++++ doc/DETAILS | 7 +++++ doc/gpg.sgml | 95 ++++++++++++++++++++++++++++++++++++++--------------------- 3 files changed, 83 insertions(+), 34 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 006d6ed6c..c9959dd85 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,18 @@ +2002-05-31 David Shaw + + * gpg.sgml: Add "edit/addrevoker". Document --desig-revoke. Note + that -z and --compress are the same option. Note that + --digest-algo can no longer violate OpenPGP with a non-160 bit + hash with DSA. Document --cert-digest-algo with suitable warnings + not to use it. Note the default s2k-cipher-algo is now CAST5. + Note that --force-v3-sigs overrides --ask-sig-expire. Revise + --expert documentation, as it is now definitely legal to have more + than one photo ID on a key. --preference-list is now + --default-preference-list with the new meaning. Document + --personal-preference-list. + + * DETAILS: Document "Revoker" for batch key generation. + 2002-05-22 Werner Koch * gpg.sgml: sgml syntax fix. diff --git a/doc/DETAILS b/doc/DETAILS index 2cc6762bc..86db6152e 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -463,6 +463,13 @@ The format of this file is as follows: Set the cipher, hash, and compression preference values for this key. This expects the same type of string as "setpref" in the --edit menu. + Revoker: : [sensitive] + Add a designated revoker to the generated key. Algo is the + public key algorithm of the designated revoker (i.e. RSA=1, + DSA=17, etc.) Fpr is the fingerprint of the designated + revoker. The optional "sensitive" flag marks the designated + revoker as sensitive information. Only v4 keys may be + designated revokers. Here is an example: $ cat >foo < delkey Remove a subkey. + + addrevoker + +Add a designated revoker. revkey @@ -494,6 +498,13 @@ Generate a revocation certificate for the complete key. To revoke a subkey or a signature, use the --edit command. + +--desig-revoke + +Generate a designated revocation certificate for a key. This allows a +user (with the permission of the keyholder) to revoke someone elses +key. + --export &OptParmNames; @@ -788,7 +799,7 @@ Try to be as quiet as possible. --z &ParmN; +-z &ParmN;, --compress &ParmN; Set compression level to &ParmN;. A value of 0 for &ParmN; disables compression. Default is to use the default @@ -1336,25 +1347,32 @@ selected from the preferences stored with the key. - --digest-algo &ParmName; -Use &ParmName; as message digest algorithm. Running the -program with the command --version yields a list of -supported algorithms. Please note that using this -option may violate the OpenPGP requirement, that a -160 bit hash is to be used for DSA. +Use &ParmName; as the message digest algorithm. Running the program +with the command --version yields a list of supported algorithms. + + + + +--cert-digest-algo &ParmName; + +Use &ParmName; as the message digest algorithm used when signing a +key. Running the program with the command --version yields a list of +supported algorithms. Be aware that if you choose an algorithm that +GnuPG supports but other OpenPGP implementations do not, then some +users will not be able to use the key signatures you make, or quite +possibly your entire key. --s2k-cipher-algo &ParmName; -Use &ParmName; as the cipher algorithm used to protect secret -keys. The default cipher is BLOWFISH. This cipher is -also used for conventional encryption if --cipher-algo -is not given. +Use &ParmName; as the cipher algorithm used to protect secret keys. +The default cipher is CAST5. This cipher is also used for +conventional encryption if --cipher-algo is not given. @@ -1591,23 +1609,22 @@ Resets the --pgp7 option. --openpgp -Reset all packet, cipher and digest options to OpenPGP -behavior. Use this option to reset all previous -options like --rfc1991, --force-v3-sigs, --s2k-*, ---cipher-algo, --digest-algo and --compress-algo to -OpenPGP compliant values. All PGP workarounds are also -disabled. +Reset all packet, cipher and digest options to OpenPGP behavior. Use +this option to reset all previous options like --rfc1991, +--force-v3-sigs, --s2k-*, --cipher-algo, --digest-algo and +--compress-algo to OpenPGP compliant values. All PGP workarounds are +also disabled. --force-v3-sigs -OpenPGP states that an implementation should generate -v4 signatures but PGP versions 5 and higher do only recognizes -v4 signatures -on key material. This option forces v3 signatures for -signatures on data. +OpenPGP states that an implementation should generate v4 signatures +but PGP versions 5 and higher only recognize v4 signatures on key +material. This option forces v3 signatures for signatures on data. +Note that this option overrides --ask-sig-expire, as v3 signatures +cannot have expiration dates. @@ -1633,9 +1650,9 @@ Reset the --force-v4-certs option. --force-mdc -Force the use of encryption with appended manipulation -code. This is always used with the newer ciphers (those -with a blocksize greater than 64 bit). +Force the use of encryption with appended manipulation code. This is +always used with the newer ciphers (those with a blocksize greater +than 64 bit). @@ -1899,11 +1916,11 @@ Resets the --ask-cert-expire option. --expert -Allow the user to do certain nonsenical or "silly" things like signing -an expired or revoked key, or certain potentially incompatible things -like adding more than one photo ID to a single key. In general, this -option is for experts only. If you don't really understand what it is -doing, leave this off. +Allow the user to do certain nonsensical or "silly" things like +signing an expired or revoked key, or certain potentially incompatible +things like generating deprecated key types. In general, this option +is for experts only. If you don't fully understand the implications +of what it allows you to do, leave this off. @@ -1955,11 +1972,21 @@ read/write only. Use this option only if you really know what you are doing. ---preference-list &ParmString +--personal-preference-list &ParmString + +Set the list of personal preferences to &ParmString;, this list should +be a string similar to the one printed by the command "pref" in the +edit menu. This allows the user to factor in their own preferred +algorithms when algorithms are chosen via recipient key preferences. + + + +--default-preference-list &ParmString -Set the list of preferences to &ParmString;, this list should be -a string similar to the one printed by the command "pref" in the edit -menu. +Set the list of default preferences to &ParmString;, this list should +be a string similar to the one printed by the command "pref" in the +edit menu. This affects both key generation and "updpref" in the edit +menu. -- cgit v1.2.3