diff options
| author | Werner Koch <[email protected]> | 2020-02-10 16:11:53 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2020-02-10 16:11:53 +0000 |
| commit | 113a8288b85725f7726bb2952431deea745997d8 (patch) | |
| tree | e750227f58646c8adad965feccbd7494f11f2b75 | |
| parent | build: Always use EXTERN_UNLESS_MAIN_MODULE pattern. (diff) | |
| download | gnupg-113a8288b85725f7726bb2952431deea745997d8.tar.gz gnupg-113a8288b85725f7726bb2952431deea745997d8.zip | |
doc: Improve the warning section of the gpg man page.
* doc/gpg.texi: Update return valeu and warning sections.
Signed-off-by: Werner Koch <[email protected]>
| -rw-r--r-- | doc/gpg.texi | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index 29ac8f4e9..ad6e46f1f 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3933,20 +3933,26 @@ or "Alpha" but not the string "test". @mansect return value @chapheading RETURN VALUE -The program returns 0 if everything was fine, 1 if at least -a signature was bad, and other error codes for fatal errors. +The program returns 0 if there are no severe errors, 1 if at least a +signature was bad, and other error codes for fatal errors. + +Note that signature verification requires exact knowledge of what has +been signed and by whom it has beensigned. Using only the return code +is thus not an appropriate way to verify a signature by a script. +Either make proper use or the status codes or use the @command{gpgv} +tool which has been designed to make signature verification easy for +scripts. @mansect warnings @chapheading WARNINGS -Use a *good* password for your user account and a *good* passphrase -to protect your secret key. This passphrase is the weakest part of the -whole system. Programs to do dictionary attacks on your secret keyring -are very easy to write and so you should protect your "~/.gnupg/" -directory very well. - -Keep in mind that, if this program is used over a network (telnet), it -is *very* easy to spy out your passphrase! +Use a good password for your user account and make sure that all +security issues are always fixed on your machine. Also employ +diligent physical protection to your machine. Consider to use a good +passphrase as a last resort protection to your secret key in the case +your machine gets stolen. It is important that your secret key is +never leaked. Using an easy to carry around token or smartcard with +the secret key is often a advisable. If you are going to verify detached signatures, make sure that the program knows about it; either give both filenames on the command line |