From 78a6d0ce88ae14d8324fbab3aee3286b17e49259 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 6 Nov 2017 13:57:30 +0100 Subject: agent: New option --s2k-count. * agent/agent.h (opt): New field 's2k_count'. * agent/gpg-agent.c (oS2KCount): New enum value. (opts): New option --s2k-count. (parse_rereadable_options): Set opt.s2k_count. -- This option is useful to speed up the starting of gpg-agent and in cases where the auto-calibration runs into problems due to a broken time measurement facility. Signed-off-by: Werner Koch (cherry picked from commit f7212f1d11aad5d910d2c77b2e5c6ab31a0e786e) --- doc/gpg-agent.texi | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'doc/gpg-agent.texi') diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index d7a562af1..6579622d8 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -648,6 +648,19 @@ Select the digest algorithm used to compute ssh fingerprints that are communicated to the user, e.g. in pinentry dialogs. OpenSSH has transitioned from using MD5 to the more secure SHA256. +@item --s2k-count @var{n} +@opindex s2k-count +Specify the iteration count used to protect the passphrase. This +option can be used to override the auto-calibration done by default. +This auto-calibration computes a count which requires 100ms to mangle +a given passphrase. To view the auto-calibrated count do not use this +option (or use 0 for @var{n}) and run this command: + +@example +gpg-connect-agent 'GETINFO s2k_count' /bye +@end example + + @end table All the long options may also be given in the configuration file after @@ -813,6 +826,7 @@ again. Only certain options are honored: @code{quiet}, @code{pinentry-invisible-char}, @code{default-cache-ttl}, @code{max-cache-ttl}, @code{ignore-cache-for-signing}, +@code{s2k-count}, @code{no-allow-external-cache}, @code{allow-emacs-pinentry}, @code{no-allow-mark-trusted}, @code{disable-scdaemon}, and @code{disable-check-own-socket}. @code{scdaemon-program} is also -- cgit v1.2.3