See ChangeLog: Wed Jun 16 20:16:21 CEST 1999 Werner Koch

1 files changed, 0 insertions, 631 deletions

diff --git a/doc/gpg.1pod b/doc/gpg.1pod
deleted file mode 100644
index dc9a2e73e..000000000
--- a/doc/gpg.1pod
+++ /dev/null
@@ -1,631 +0,0 @@
-=head1 NAME
-
-gpg - GNU Privacy Guard
-
-=head1 SYNOPSIS
-
-B<gpg> [--homedir name] [--options file] [options] command [args]
-
-=head1 DESCRIPTION
-
-B<gpg> is the main program for the GnuPG system.
-
-=head1 COMMANDS
-
-B<gpg> recognizes these commands:
-
-B<-s>, B<--sign>
-    Make a signature. This option may be combined
-    with B<--encrypt>.
-
-B<--clearsign>
-    Make a clear text signature.
-
-B<-b>, B<--detach-sign>
-    Make a detached signature.
-
-B<-e>, B<--encrypt>
-    Encrypt data. This option may be combined with B<--sign>.
-
-B<-c>, B<--symmetric>
-    Encrypt with symmetric cipher only
-    This command asks for a passphrase.
-
-B<--store>
-    Store only (make a simple RFC1991 packet).
-
-B<--decrypt> [I<file>]
-    Decrypt file (or stdin if no file is specified) and
-    write it to stdout (or the file specified with
-    B<--output>). If the decrypted file is signed, the
-    signature is also verified. This command differs
-    from the default operation, as it never writes to the
-    filename which is included in the file and it
-    rejects files which don't begin with an encrypted
-    message.
-
-B<--verify> [[I<sigfile>] {I<signed-files>}]
-    Assume that I<sigfile> is a signature and verify it
-    without generating any output.  With no arguments,
-    the signature packet is read from stdin (it may be a
-    detached signature when not used in batch mode). If
-    only a sigfile is given, it may be a complete
-    signature or a detached signature, in which case
-    the signed stuff is expected in a file without the
-    I<.sig> or I<.asc> extension (if such a file does
-    not exist it is expected at stdin - use B<-> as
-    filename to force a read from stdin). With more than
-    1 argument, the first should be a detached signature
-    and the remaining files are the signed stuff.
-
-B<-k> [I<username>] [I<keyring>]
-    Kludge to be somewhat compatible with PGP.
-    Without arguments, all public keyrings are listed.
-    With one argument, only I<keyring> is listed.
-    Special combinations are also allowed, but they may
-    give strange results when combined with more options.
-    B<-kv>    Same as B<-k>
-    B<-kvv>   List the signatures with every key.
-    B<-kvvv>  Additionally check all signatures.
-    B<-kvc>   List fingerprints
-    B<-kvvc>  List fingerprints and signatures
-
-    B<This command may be removed in the future!>
-
-B<--list-keys>	[I<names>]
-B<--list-public-keys>  [I<names>]
-    List all keys from the public keyrings, or just the
-    ones given on the command line.
-
-B<--list-secret-keys> [I<names>]
-    List all keys from the secret keyrings, or just the
-    ones given on the command line.
-
-B<--list-sigs>	[I<names>]
-    Same as B<--list-keys>, but the signatures are listed
-    too.
-
-B<--check-sigs> [I<names>]
-    Same as B<--list-sigs>, but the signatures are verified.
-
-B<--fingerprint> [I<names>]
-    List all keys with their fingerprints. This is the
-    same output as B<list-keys> but with the additional output
-    of a line with the fingerprint. May also be combined
-    with B<--list-sigs> or B<--check-sigs>.
-    If this command is given twice, the fingerprints of all
-    secondary keys are listed too.
-
-B<--list-packets>
-    List only the sequence of packets. This is mainly
-    useful for debugging.
-
-B<--gen-key>
-    Generate a new key pair. This command can only be
-    used interactive.
-
-
-B<--edit-key> I<name>
-    Present a menu which enables you to do all key
-    related tasks:
-    B<sign>
-      Make a signature on key of user I<name>.
-      If the key is not yet signed by the default
-      user (or the users given with B<-u>), the
-      program displays the information of the key
-      again, together with its fingerprint and
-      asks whether it should be signed. This
-      question is repeated for all users specified
-      with B<-u>.
-    B<lsign>
-      Same as B<sign> but the signature is marked as
-      non-exportbale and will therefore never be used
-      by others.  This may be used to make keys valid
-      only in the local environment.
-    B<revsig>
-      Revoke a signature.  GnuPG asks for every
-      every signature which has been done by one of
-      teh secret keys, whether a revocation
-      certificate should be generated.
-    B<trust>
-      Change the owner trust value. This updates the
-      trust-db immediately and no save is required.
-    B<adduid>
-      Create an alternate user id.
-    B<deluid>
-      Delete an user id.
-    B<addkey>
-       Add a subkey to this key.
-    B<delkey>
-       Remove a subkey.
-    B<revkey>
-       Revoke a subkey.
-    B<expire>
-       Change the key expiration time.	If a key is
-       selected, the time of this key will be changed.
-       With no selection the key expiration of the
-       primary key is changed.
-    B<passwd>
-       Change the passphrase of the secret key.
-    B<uid> I<n>
-       Toggle selection of user id with index I<n>.
-       Use 0 to deselect all.
-    B<key> I<n>
-       Toggle selection of subkey with index I<n>.
-       Use 0 to deselect all.
-    B<check>
-       Check all selected user ids.
-    B<pref>
-       List preferences.
-    B<toggle>
-       Toggle between public and secret key listing.
-    B<save>
-       Save all changes to the key rings and quit.
-    B<quit>
-       Quit the program without updating the
-       key rings.
-    The listing shows you the key with its secondary
-    keys and all user ids. Selected keys or user ids
-    are indicated by an asterisk. The trust value is
-    displayed with the primary key: the first is the
-    assigned owner trust and the second is the calculated
-    trust value.  Letters are used for the values:
-      B<->  No ownertrust assigned / not yet calculated.
-      B<e>  Trust calculation has failed.
-      B<q>  Not enough information for calculation.
-      B<n>  Never trust this key.
-      B<m>  Marginally trusted.
-      B<f>  Fully trusted.
-      B<u>  Ultimately trusted
-
-
-B<--delete-key>
-    Remove key from the public keyring
-
-B<--delete-secret-key>
-    Remove key from the secret and public keyring
-
-B<--gen-revoke>
-    Generate a revocation certificate.
-
-B<--export> [I<names>]
-    Either export all keys from all keyrings (default
-    keyrings and those registered via option B<--keyring>),
-    or if at least one name is given, those of the given
-    name. The new keyring is written to F<stdout> or to
-    the file given with option "output".  Use together
-    with B<-a> to mail those keys.
-
-B<--send-keys> [I<names>]
-    Same as B<--export> but sends the keys to a keyserver.
-    Option B<--keyserver> must be used to give the name
-    of this keyserver. Don't send your complete keyring
-    to a keyserver - select only those keys which are new
-    or changed by you.
-
-B<--export-all> [I<names>]
-    Same as B<--export> but does also export keys which
-    are not compatible to OpenPGP.
-
-B<--export-secret-keys> [I<names>]
-    Same as B<--export>, but does export the secret keys.
-    This is normally not very useful.
-
-B<--import>, B<--fast-import>
-    Import/merge keys.	The fast version does not build
-    the trustdb; this can be done at any time with the
-    command B<--update-trustdb>.
-
-B<--recv-keys> I<key_IDs>
-    Import the keys with the given key IDs from a HKP
-    keyserver. Option B<--keyserver> must be used to
-    give the name of this keyserver.
-
-B<--export-ownertrust>
-    List the assigned ownertrust values in ASCII format
-    for backup purposes
-
-B<--import-ownertrust> [I<filename>]
-    Update the trustdb with the ownertrust values stored
-    in I<filename> (or stdin if not given); existing
-    values will be overwritten.
-
-=head1 OPTIONS
-
-Long options can be put in an options file (default F<~/.gnupg/options>).
-Do not write the 2 dashes, but simply the name of the option and any
-required arguments.	Lines with a hash as the first non-white-space
-character are ignored. Commands may be put in this file too, but that
-does not make sense.
-
-B<gpg> recognizes these options:
-
-
-B<-a>, B<--armor>
-    Create ASCII armored output.
-
-B<-o> I<file>, B<--output> I<file>
-    Write output to I<file>.
-
-B<-u> I<name>, B<--local-user> I<name>
-    Use I<name> as the user-id to sign.
-    This option is silently ignored for the list commands,
-    so that it can be used in an options file.
-
-B<--default-key>  I<name>
-    Use I<name> as default user-id for signatures.  If this
-    is not used the default user-id is the first user-id
-    from the secret keyring.
-
-B<-r>  I<name>, B<--recipient>	I<name>
-    Encrypt for user id I<name>.  If this option is not
-    specified, GnuPG asks for the user id.
-
-B<--encrypt-to>  I<name>
-    Same as B<--recipient> but this one is intended for
-    in the options file and may be used together with
-    an own user-id as an "encrypt-to-self".  These keys
-    are only used when there are other recipients given
-    either by use of --recipient or by the asked user id.
-    No trust checking is performed for these user ids.
-
-B<--no-encrypt-to>
-    Disable the use of all B<--encrypt-to> keys.
-
-B<-v>, B<--verbose>
-    Give more information during processing. If used
-    twice, the input data is listed in detail.
-
-B<-q>, B<--quiet>
-    Be somewhat more quiet in some cases.
-
-B<-z> I<n>
-    Set compress level to I<n>. A value of 0 for I<n>
-    disables compression. Default is to use the default
-    compression level of zlib (normally 6).
-
-B<-t>, B<--textmode>
-    Use canonical text mode.  If B<-t> (but not
-    B<--textmode>) is used together with armoring
-    and signing, this enables clearsigned messages.
-    This kludge is needed for PGP compatibility;
-    normally you would use B<--sign> or B<--clearsign>
-    to selected the type of the signature.
-
-B<-n>, B<--dry-run>
-    Don't make any changes (not yet implemented).
-
-B<-i>, B<--interactive>
-    Prompt before overwriting any files.
-
-B<--batch>
-    Use batch mode.  Never ask, do not allow interactive
-    commands.
-
-B<--no-batch>
-    Disable batch mode.  This may be used if B<batch>
-    is used in the options file.
-
-B<--yes>
-    Assume "yes" on most questions.
-
-B<--no>
-    Assume "no" on most questions.
-
-B<--keyserver> I<name>
-    Use I<name> to lookup keys which are not yet in
-    your keyring.  This is only done while verifying
-    messages with signatures.  The option is also
-    required for the command B<--send-keys> to
-    specify the keyserver to where the keys should
-    be send.  All keyservers synchronize with each
-    other - so there is no need to send keys to more
-    than one server.  Using the command
-    "host -l pgp.net | grep wwwkeys" gives you a
-    list of keyservers.  Because there is load
-    balancing using round-robin-dns you may notice
-    that you get different key servers.
-
-B<--keyring> I<file>
-    Add I<file> to the list of keyrings.
-    If I<file> begins with a tilde and a slash, these
-    are replaced by the HOME directory. If the filename
-    does not contain a slash, it is assumed to be in the
-    home-directory (F<~/.gnupg> if B<--homedir>) is not used.
-    The filename may be prefixed with a scheme:
-      "gnupg-ring:" is the default one.
-      "gnupg-gdbm:" may be used for a GDBM ring.
-    It might make sense to use it together with
-    B<--no-default-keyring>.
-
-B<--secret-keyring> I<file>
-    Same as B<--keyring> but for the secret keyrings.
-
-B<--homedir> I<dir>
-    Set the name of the home directory to I<dir>. If this
-    option is not used it defaults to F<~/.gnupg>. It does
-    not make sense to use this in a options file. This
-    also overrides the environment variable C<GNUPGHOME>.
-
-B<--charset> I<name>
-    Set the name of the native character set.  This is used
-    to convert some strings to proper UTF-8 encoding.
-    Valid values for I<name> are:
-      B<iso-8859-1>  This is the default Latin 1 set.
-      B<iso-8859-2>  The Latin 2 set.
-      B<koi8-r>      The usual Russian set (rfc1489).
-
-B<--options> I<file>
-    Read options from I<file> and do not try to read
-    them from the default options file in the homedir
-    (see B<--homedir>). This option is ignored when used
-    in an options file.
-
-B<--no-options>
-    Shortcut for B<--options> I</dev/null>.  This option is
-    detected before an attempt to open an option file.
-
-B<--load-extension> I<modulename>
-    Load an extension module. If I<modulename> does not
-    contain a slash it is searched in B</usr/local/lib/gnupg>
-    See the manual for more information about extensions.
-
-B<--debug> I<flags>
-    Set debugging flags. All flags are or-ed and I<flags> may
-    be given in C syntax (e.g. 0x0042).
-
-B<--debug-all>
-    Set all useful debugging flags.
-
-B<--status-fd> I<n>
-    Write special status strings to the file descriptor I<n>.
-
-B<--logger-fd> I<n>
-    Write log output to file descriptor I<n> and not to stderr.
-
-B<--no-comment>
-    Do not write comment packets.  This option affects only
-    the generation of secret keys.  Output of option packets
-    is disabled since version 0.4.2.
-
-B<--comment> I<string>
-    Use I<string> as comment string in clear text signatures.
-
-B<--default-comment>
-    Force to write the standard comment string in clear 
-    text  signatures.  Use this to overwrite B<--comment> 
-    from a config file.
-
-B<--no-version>
-    Omit the version string in clear text signatures.
-
-B<--emit-version>
-    Force to write the version string in clear text 
-    signatures.  Use this to overwrite a previous 
-    B<--no-version> from a config file.
-
-B<--notation-data>, B<-N> I<name>=<value>
-    Put the name value pair into the signature as notation data.
-    I<name> Must consists only of alphanumeric characters, digits
-    or the underscore; the first character muts not be a digit.
-    B<value> May be any printable string; it will encoded in UTF8,
-    so sou should have check that your B<--charset> is set right.
-    If you prefix I<name> with an exclamation mark, the notation
-    data will be flagged as critical. (rfc2440:5.2.3.15).
-
-B<--set-policy-url> I<string>
-    Use I<string> as Policy URL for signatures (rfc2440:5.2.3.19).
-    If you prefix it with an exclamation mark, the policy URL
-    packet will be flagged as critical.
-
-B<--set-filename> I<string>
-    Use I<string> as the name of file which is stored in
-    messages.
-
-B<--completes-needed> I<n>
-    Number of completely trusted users to introduce a new
-    key signer (defaults to 1).
-
-B<--marginals-needed> I<n>
-    Number of marginally trusted users to introduce a new
-    key signer (defaults to 3)
-
-B<--max-cert-depth> I<n>
-    Maximum depth of a certification chain (default is 5).
-
-B<--cipher-algo> I<name>
-    Use I<name> as cipher algorithm. Running the program
-    with the command B<--version> yields a list of supported
-    algorithms. If this is not used the cipher algorithm is
-    selected from the preferences stored with the key.
-
-B<--digest-algo> I<name>
-    Use I<name> as message digest algorithm. Running the
-    program with the command B<--version> yields a list of
-    supported algorithms.  Please note that using this
-    option may violate the OpenPGP requirement, that a
-    160 bit hash is to be used for DSA.
-
-B<--s2k-cipher-algo> I<name>
-    Use I<name> as the cipher algorithm used to protect secret
-    keys.  The default cipher is BLOWFISH.  This cipher is
-    also used for conventional encryption if B<--cipher-algo>
-    is not given.
-
-B<--s2k-digest-algo> I<name>
-    Use I<name> as the digest algorithm used to mangle the
-    passphrases.  The default algorithm is RIPE-MD-160.
-    This digest algorithm is also used for conventional
-    encryption if B<--digest-algo> is not given.
-
-B<--s2k-mode> I<number>
-    Selects how passphrases are mangled. A number of I<0>
-    uses the plain passphrase (which is not recommended),
-    a I<1> (default) adds a salt to the passphrase and
-    I<3> iterates the whole process a couple of times.
-    Unless -B<--rfc1991> is used, this mode is also used
-    for conventional encryption.
-
-B<--compress-algo> I<number>
-    Use compress algorithm I<number>. Default is I<2> which is
-    RFC1950 compression. You may use I<1> to use the old zlib
-    version which is used by PGP. The default algorithm may
-    give better results because the window size is not limited
-    to 8K. If this is not used the OpenPGP behavior is used,
-    i.e. the compression algorithm is selected from the
-    preferences.
-
-B<--throw-keyid>
-    Do not put the keyid into encrypted packets.  This option
-    hides the receiver of the message and is a countermeasure
-    against traffic analysis.  It may slow down the decryption
-    process because all available secret keys are tried.
-
-B<--not-dash-escaped>
-    This option changes the behavior of cleartext signatures
-    so that they can be used for patch files. You should not
-    send such an armored file via email because all spaces
-    and line endings are hashed too.  You can not use this
-    option for data which has 5 dashes at the beginning of a
-    line, patch files don't have this. A special armor header
-    line tells GnuPG about this cleartext signature option.
-
-B<--escape-from-lines>
-    Because some mailers change lines starting with "From "
-    to ">From " it is good to handle such lines in a special
-    way when creating cleartext signatures. All other PGP
-    versions do it this way too. This option is not enabled
-    by default because it would violate rfc2440.
-
-B<--passphrase-fd> I<n>
-    Read the passphrase from file descriptor I<n>. If you use
-    0 for I<n>, the passphrase will be read from stdin.  This
-    can only be used if only one passphrase is supplied.
-    B<Don't use this option if you can avoid it>
-
-B<--rfc1991>
-    Try to be more RFC1991 (PGP 2.x) compliant.
-
-B<--openpgp>
-    Reset all packet, cipher and digest options to OpenPGP 
-    behavior. Use this option to reset all previous 
-    options like B<--rfc1991>, B<--force-v3-sigs>, B<--s2k-*>,
-    B<--cipher-algo>, B<--digest-algo> and B<--compress-algo> to 
-    OpenPGP compliant values.
-
-B<--force-v3-sigs>
-    OpenPGP states that an implementation should generate
-    v4 signatures but PGP 5.x recognizes v4 signatures only
-    on key material.  This options forces v3 signatures for
-    signatures on data.
-
-B<--force-mdc>
-    Force the use of encryption with appended manipulation
-    code.  This is always used with the newer cipher (those
-    with a blocksize greater than 64 bit).
-
-B<--lock-once>
-    Lock the file the first time a lock is requested
-    and do not release the lock until the process
-    terminates.
-
-B<--lock-multiple>
-    Release the locks every time a lock is no longer
-    needed. Use this to overwrite a previous B<--lock-once>
-    from a config file.
-
-B<--no-verbose>
-    Reset verbose level to 0.
-
-B<--no-greeting>
-    Suppress the initial copyright message but do not
-    enter batch mode.
-
-B<--no-armor>
-    Assume the input data is not in ASCII armored format.
-
-B<--no-default-keyring>
-    Do not add the default keyrings to the list of
-    keyrings.
-
-B<--skip-verify>
-    Skip the signature verification step.  This may be
-    used to make the encryption faster if the signature
-    verification is not needed.
-
-B<--version>
-    Print version information along with a list
-    of supported algorithms.
-
-B<--with-colons>
-    Print key listings delimited by colons.
-
-B<--with-key-data>
-    Print key listings delimited by colons and print the public key data.
-
-B<--warranty>
-    Print warranty information.
-
-B<-h>, B<--help>
-    Print usage information.
-
-
-=head1 RETURN VALUE
-
-The Program returns 0 if everything was fine, 1 if at least
-a signature was bad, and other error codes for fatal errors.
-
-=head1 EXAMPLES
-
-  -se -r Bob [file]	     sign and encrypt for user Bob
-  -sat [file]		     make a clear text signature
-  -sb  [file]		     make a detached signature
-  -k   [userid] 	     show keys
-  -kc  [userid] 	     show fingerprint
-
-=head1 ENVIRONMENT
-
-C<HOME>       Used to locate the default home directory.
-C<GNUPGHOME>  If set directory used instead of F<~/.gnupg>.
-
-=head1 FILES
-
-F<~/.gnupg/secring.gpg>      The secret keyring
-F<~/.gnupg/secring.gpg.lock> and the lock file
-
-F<~/.gnupg/pubring.gpg>      The public keyring
-F<~/.gnupg/pubring.gpg.lock> and the lock file
-
-F<~/.gnupg/trustdb.gpg>      The trust database
-F<~/.gnupg/trustdb.gpg.lock> and the lock file
-
-F<~/.gnupg/options>	    May contain options
-F</usr[/local]/share/gnupg/options.skel> Skeleton file
-
-F</usr[/local]/lib/gnupg/>  Default location for extensions
-
-=head1 SEE ALSO
-
-gpg(1)
-
-
-=head1 WARNINGS
-
-Use a B<good> password for your user account and a B<good> passphrase
-to protect your secret key.  This passphrase is the weakest part of the
-whole system.  Programs to do dictionary attacks on your secret keyring
-are very easy to write and so you should protect your B<~/.gnupg/>
-directory very well.
-
-Keep in mind that, if this program is used over a network (telnet), it
-is B<very> easy to spy out your passphrase!
-
-=head1 BUGS
-
-On many systems this program should be installed as setuid(root). This
-is necessary to lock memory pages. Locking memory pages prevents the
-operating system from writing memory pages to disk. If you get no
-warning message about insecure memory your operating system supports
-locking without being root. The program drops root privileges as soon
-as locked memory is allocated.
-