diff options
| author | David Shaw <[email protected]> | 2005-10-27 19:18:05 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2005-10-27 19:18:05 +0000 |
| commit | 74ee007922f52426646163bf88d820d182302b7c (patch) | |
| tree | 86a54503bc425674f8c362a3a4f294a83b0b696c | |
| parent | * keyedit.c (menu_addrevoker), getkey.c (finish_lookup): Fix problem with (diff) | |
| download | gnupg-74ee007922f52426646163bf88d820d182302b7c.tar.gz gnupg-74ee007922f52426646163bf88d820d182302b7c.zip | |
* gpg.sgml: Document backsign, --require-backsigs, and
--no-require-backsigs.
* DETAILS: Clarify Key-Usage.
Diffstat (limited to '')
| -rw-r--r-- | doc/ChangeLog | 7 | ||||
| -rw-r--r-- | doc/DETAILS | 11 | ||||
| -rw-r--r-- | doc/gpg.sgml | 19 |
3 files changed, 34 insertions, 3 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog index e4677e843..d3febbf25 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,10 @@ +2005-10-27 David Shaw <[email protected]> + + * gpg.sgml: Document backsign, --require-backsigs, and + --no-require-backsigs. + + * DETAILS: Clarify Key-Usage. + 2005-10-07 Werner Koch <[email protected]> * gpgv.sgml: Small spelling corrections by Mike Dowling. diff --git a/doc/DETAILS b/doc/DETAILS index df1803919..918026109 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -587,7 +587,7 @@ more arguments in future versions. PIN change really worked. BACKUP_KEY_CREATED fingerprint fname - A backup key named FNAME has been created for the key wityh + A backup key named FNAME has been created for the key with KEYID. @@ -750,8 +750,13 @@ The format of this file is as follows: Length of the key in bits. Default is 1024. Key-Usage: <usage-list> Space or comma delimited list of key usage, allowed values are - "encrypt" and "sign". This is used to generate the key flags. - Please make sure that the algorithm is capable of this usage. + "encrypt", "sign", and "auth". This is used to generate the + key flags. Please make sure that the algorithm is capable of + this usage. Note that OpenPGP requires that all primary keys + are capable of certification, so no matter what usage is given + here, the "cert" flag will be on. If no Key-Usage is + specified, all the allowed usages for that particular + algorithm are used. Subkey-Type: <algo-number>|<algo-string> This generates a secondary key. Currently only one subkey can be handled. diff --git a/doc/gpg.sgml b/doc/gpg.sgml index ee8a3040f..39b44274f 100644 --- a/doc/gpg.sgml +++ b/doc/gpg.sgml @@ -565,6 +565,14 @@ that is no longer usable (e.g. revoked, or expired). If invoked with no arguments, both `sigs' and `uids' are cleaned. </para></listitem></varlistentry> +<varlistentry> +<term>backsign</term> +<listitem></para> +Add back signatures to signing subkeys that may not currently have +back signatures. Back signatures protect against a subtle attack +against signing subkeys. See --require-backsigs. +</para></listitem></varlistentry> + <varlistentry> <term>save</term> <listitem><para> @@ -2713,6 +2721,17 @@ handing out the secret key. </para></listitem></varlistentry> <varlistentry> +<term>--require-backsigs</term> +<term>--no-require-backsigs</term> +<listitem><para> +When verifying a signature made from a subkey, ensure that the "back +signature" on the subkey is present and valid. This protects against +a subtle attack against subkeys that can sign. Currently defaults to +--no-require-backsigs, but will be changed to --require-backsigs in +the future. +</para></listitem></varlistentry> + +<varlistentry> <term>--ask-sig-expire</term> <term>--no-ask-sig-expire</term> <listitem><para> |