aboutsummaryrefslogtreecommitdiffstats
path: root/doc (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Change backlog from 5 to 64 and provide option --listen-backlog.Werner Koch2017-12-123-0/+13
| | | | | | | | | | | | | | * agent/gpg-agent.c (oListenBacklog): New const. (opts): New option --listen-backlog. (listen_backlog): New var. (main): Parse new options. (create_server_socket): Use var instead of 5. * dirmngr/dirmngr.c: Likewise. * scd/scdaemon.c: Likewise. -- GnuPG-bug-id: 3473 Signed-off-by: Werner Koch <[email protected]>
* doc: Typo fixWerner Koch2017-12-111-1/+1
| | | | --
* doc: Fix DijkstraWerner Koch2017-12-081-0/+1
| | | | | | | -- Edsger Wybe Dijkstra (1930 --2002) - Dutch computer scientist
* doc: clarify that --encrypt refers to public key encryptionDaniel Kahn Gillmor2017-11-301-5/+7
| | | | | | | | | | | -- A simple read of gpg(1) is ambiguous about whether --encrypt could be for either symmetric or pubkey encryption. Closer inference suggests that --encrypt is about pubkey encryption only. Make that clearer on a first read. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* agent: New option --auto-expand-secmem.Werner Koch2017-11-241-0/+11
| | | | | | | | | | | | * agent/gpg-agent.c (oAutoExpandSecmem): New enum value. (opts): New option --auto-expand-secmem. (main): Implement that option. -- Note that this option has an effect only if Libgcrypt >= 1.8.2 is used. GnuPG-bug-id: 3530
* build: BSD make support for yat2m.NIIBE Yutaka2017-11-201-2/+10
| | | | | | | | | | | | * configure.ac (YAT2M): Only define when found. * doc/Makefile.am: Portability fix. -- This is not intended to apply to master, but 2.2 branch only. When new libgpg-error is required, installation of yat2m can be assumed. Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Add man page for gpgtarWerner Koch2017-11-152-38/+102
| | | | | | | | | -- This also removes the documentation for gpg-zip which is not distributed anymore. Signed-off-by: Werner Koch <[email protected]>
* doc: fix NEWSIG documentationWill Thompson2017-11-151-3/+2
| | | | | | | | | -- 08c82b1 introduced one optional argument for this status message. Due to an apparent editing error, the sentence fragment "arguments are currently defined." was left in the documentation. Signed-off-by: Will Thompson <[email protected]>
* doc: expand documentation of PROGRESS messageWill Thompson2017-11-151-4/+7
| | | | | | | | -- This answers two questions that I was only able to answer by examining each site where PROGRESS messages are emitted, and fixes a typo. Signed-off-by: Will Thompson <[email protected]>
* dirmngr: Reduce default LDAP timeout to 15 seconds.Werner Koch2017-11-071-1/+1
| | | | | | | | | * dirmngr/dirmngr.c (DEFAULT_LDAP_TIMEOUT): Change to 15. * dirmngr/dirmngr_ldap.c (DEFAULT_LDAP_TIMEOUT): Ditto. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ab7ac827041b5cd97bbca7a75b0930072dd6611f) GnuPG-bug-id: 3487
* agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".Werner Koch2017-11-061-8/+18
| | | | | | | | | | * agent/command.c (cmd_getinfo): New sub-commands. * agent/protect.c (get_standard_s2k_count): Factor some code out to ... (get_calibrated_s2k_count): new. (get_standard_s2k_time): New. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 52d41c8b0f4af6278d18d8935399ddad16a26856)
* agent: New option --s2k-count.Werner Koch2017-11-061-0/+14
| | | | | | | | | | | | | | | * agent/agent.h (opt): New field 's2k_count'. * agent/gpg-agent.c (oS2KCount): New enum value. (opts): New option --s2k-count. (parse_rereadable_options): Set opt.s2k_count. -- This option is useful to speed up the starting of gpg-agent and in cases where the auto-calibration runs into problems due to a broken time measurement facility. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit f7212f1d11aad5d910d2c77b2e5c6ab31a0e786e)
* doc: Fix "SEE ALSO" section of gpgv.Werner Koch2017-10-201-1/+1
| | | | --
* gpg: Print sec/sbb with --import-option import-show or show-only.Werner Koch2017-10-191-1/+2
| | | | | | | | | | | | | * g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct. -- Note that this will likely add the suffix '#' top "sec" because the secret key has not yet (or will not be) imported. If the secret key already exists locally another suffix might be printed. The upshot is that the suffix has no usefulness. GnuPG-bug-id: 3431 Signed-off-by: Werner Koch <[email protected]>
* doc: Make --check-sigs more prominent.Werner Koch2017-09-271-39/+42
| | | | | | | | | | | -- It seems people are using --list-sigs instead of --check-sigs and do not realize that the signatures are not checked at all. We better highlight the use of --check-sigs to avoid this UI problem. Suggested-by: Andrew Gallagher Signed-off-by: Werner Koch <[email protected]>
* wks: Create a new user id if provider wants mailbox-only.Werner Koch2017-09-181-1/+3
| | | | | | | | * tools/gpg-wks-client.c (get_key): Add arg 'exact'. (add_user_id): New. (command_send): Create new user id. Signed-off-by: Werner Koch <[email protected]>
* Release 2.2.0gnupg-2.2.0Werner Koch2017-08-281-13/+36
|
* gpg: default to --no-auto-key-retrieve.Daniel Kahn Gillmor2017-08-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the default keyserver options. * doc/gpg.texi: document this change. -- This is a partial reversion of 7e1fe791d188b078398bf83c9af992cb1bd2a4b3. Werner and i discussed it earlier today, and came to the conclusion that: * the risk of metadata leakage represented by a default --auto-key-retrieve, both in e-mail (as a "web bug") and in other contexts where GnuPG is used to verified signatures, is quite high. * the advantages of --auto-key-retrieve (in terms of signature verification) can sometimes be achieved in other ways, such as when a signed message includes a copy of its own key. * when those other ways are not useful, a graphical, user-facing application can still offer the user the opportunity to choose to fetch the key; or it can apply its own policy about when to set --auto-key-retrieve, without needing to affect the defaults. Note that --auto-key-retrieve is specifically about signature verification. Decisions about how and whether to look up a key during message encryption are governed by --auto-key-locate. This change does not touch the --auto-key-locate default of "local,wkd". The user deliberately asking gpg to encrypt to an e-mail address is a different scenario than having an incoming e-mail trigger a potentially unique network request. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* sm: Always print the keygrip in colon mode.Werner Koch2017-08-081-4/+6
| | | | | | | * sm/keylist.c (list_cert_colon): Always print the keygrip as described in the manual. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add option '--disable-dirmngr'.Justus Winter2017-08-081-0/+3
| | | | | | | | | | | | | | * doc/gpg.texi: Document new option. * g10/call-dirmngr.c (create_context): Fail if option is given. * g10/gpg.c (cmd_and_opt_values): New value. (opts): New option. (gpgconf_list): Add new option. (main): Handle new option. * g10/options.h (struct opt): New field 'disable_dirmngr'. * tools/gpgconf-comp.c (gc_options_gpg): New option. GnuPG-bug-id: 3334 Signed-off-by: Justus Winter <[email protected]>
* systemd-user: Drop redundant After=*.socket.Daniel Kahn Gillmor2017-08-072-2/+0
| | | | | | | | | | | | | | * doc/examples/systemd-user/*.service: Drop redundant After=*.socket directive. -- systemd.socket(5) says: Socket units will have a Before= dependency on the service which they trigger added implicitly. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* systemd-user: Drop RefuseManualStart=true.Daniel Kahn Gillmor2017-08-072-4/+0
| | | | | | | | | | | | * doc/examples/systemd-user/*.service: drop RefuseManualStart=true -- These user services can be safely started manually as long as at least their primary sockets are available. They'll just start with nothing to do, which should be fine. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* Fix spelling.Daniel Kahn Gillmor2017-08-071-1/+1
| | | | | | * doc/gpg.texi: s/occured/occurred/ Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve.Werner Koch2017-08-041-9/+13
| | | | | | | | | | | | * g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default keyserver options. Set the default for --auto-key-locate to "local,wkd". Reset that default iff --auto-key-locate has been given in the option file or in the commandline. * g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg. -- GnuPG-bug-id: 3324 Signed-off-by: Werner Koch <[email protected]>
* agent: Make --no-grab the default.Werner Koch2017-08-041-3/+7
| | | | | | | | | | | * agent/gpg-agent.c (oGrab): New const. (opts): New option --grab. Remove description for --no-grab. (parse_rereadable_options): Make --no-grab the default. (finalize_rereadable_options): Allow --grab to override --no-grab. (main) <gpgconflist>: Add "grab". * tools/gpgconf-comp.c (gc_options_gpg_agent): Add "grab". Signed-off-by: Werner Koch <[email protected]>
* gpg: New import option show-only.Werner Koch2017-08-041-1/+3
| | | | | | | | | | | | | * g10/options.h (IMPORT_DRY_RUN): New. * g10/import.c (parse_import_options): Add "show-only". (import_one): use that as alternative to opt.dry_run. -- This is just a convenience thing for --import-options import-show --dry-run Signed-off-by: Werner Koch <[email protected]>
* doc: Add man pages form gpg-wks-server and gpg-wks-client.Werner Koch2017-07-263-4/+346
| | | | | | | | | * doc/wks.texi: New. * doc/gnupg.texi: Include wks.texi. * doc/Makefile.am (gnupg_TEXINFOS): Add wks.texi. (myman_pages): Add new man pages. Signed-off-by: Werner Koch <[email protected]>
* doc: Update vsnfd profile exampleAndre Heinecke2017-07-261-1/+1
| | | | | | | * doc/examples/vsnfd.prf: Use rsa3072 -- This brings it in line with the requested default for vsnfd.
* dirmngr: Auto-enable Tor on startup or reload.Werner Koch2017-07-261-3/+9
| | | | | | | | * dirmngr/dirmngr.c (dirmngr_use_tor): Test for Tor availibility. -- GnuPG-bug-id: 2935 Signed-off-by: Werner Koch <[email protected]>
* doc: Use @var for meta variables in gpg.texiWerner Koch2017-07-241-177/+179
| | | | | | | | -- This results in more standrard man pages. Signed-off-by: Werner Koch <[email protected]>
* gpg: Extend --key-origin to take an optional URL arg.Werner Koch2017-07-241-3/+5
| | | | | | | | | | | | | | | | * g10/getkey.c (parse_key_origin): Parse appended URL. * g10/options.h (struct opt): Add field 'key_origin_url'. * g10/gpg.c (main) <aImport>: Pass that option to import_keys. * g10/import.c (apply_meta_data): Extend for file and url. * g10/keyserver.c (keyserver_fetch): Pass the url to import_keys_es_stream. -- Example: gpg --key-origin url,myscheme://bla --import FILE Signed-off-by: Werner Koch <[email protected]>
* doc: Revert the bug reporting address to bugs.gnupg.orgWerner Koch2017-07-243-3/+3
| | | | | | | | | | | | | | -- dev.gnupg org is the development platform but the canonical bug address is and has always been bugs.gnupg.org. We should keep on using this address for the case that we switch the tracker again or split it off the development system. That is also the reason why we should keep on communicating a plain bug number without the 'T' prefix. Signed-off-by: Werner Koch <[email protected]>
* gpg: Extend --quick-set-expire to allow subkey expiration setting.Werner Koch2017-07-211-3/+9
| | | | | | | | | * g10/keyedit.c (keyedit_quick_set_expire): Add new arg subkeyfprs. (menu_expire): Rename arg force_mainkey to unattended and allow unattended changing of subkey expiration. * g10/gpg.c (main): Extend --quick-set-expire. Signed-off-by: Werner Koch <[email protected]>
* doc: Clarify wording of export-attributes.Marcus Brinkmann2017-07-201-3/+4
| | | | | | | * doc/gpg.texi: Clarify wording of export-attributes. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 2228
* gpg: New option --with-key-origin.Werner Koch2017-07-202-2/+8
| | | | | | | | | | | | * g10/getkey.c (parse_key_origin): Factor list out as ... (key_origin_list): new struct. (key_origin_string): New. * g10/gpg.c (oWithKeyOrigin): New const. (opts): New option --with-key-origin. (main): Implement option. * g10/options.h (struct opt): New flag with_key_origin. * g10/keylist.c (list_keyblock_print): Print key origin info. (list_keyblock_colon): Ditto.
* doc: Comment fixes and one trailing comma fix.Werner Koch2017-07-201-2/+2
| | | | --
* gpg: New option --key-origin.Werner Koch2017-07-132-5/+13
| | | | | | | | | | | | | | | * g10/keydb.h (KEYORG_): Rename to KEYORG_. * g10/packet.h (PKT_user_id): Rename field keysrc to keyorg. Adjust users. (PKT_public_key): Ditto. (PKT_ring_trust): Ditto. * g10/options.h (struct opt): Add field key_origin. * g10/getkey.c (parse_key_origin): New. * g10/gpg.c (oKeyOrigin): New. (opts): Add "keys-origin". (main): Set option. Signed-off-by: Werner Koch <[email protected]>
* doc: Document gnupg version requirement for gpg-preset-passphrase.Marcus Brinkmann2017-07-131-0/+2
| | | | | Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 2331
* doc: Improve TOFU documentation.Neal H. Walfield2017-07-061-4/+8
| | | | | | | * doc/gpg.texi: Improve TOFU documentation. Signed-off-by: Neal H. Walfield <[email protected]> Suggested-by: Teemu Likonen <[email protected]>
* doc: Fix typo.Justus Winter2017-07-061-1/+1
| | | | | -- Signed-off-by: Justus Winter <[email protected]>
* doc: minor clarificationDaniel Shahaf2017-07-051-1/+1
| | | | | --- Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* doc: Update yat2m to take care of SOURCE_DATE_EPOCH.Werner Koch2017-07-051-1/+13
| | | | | | * doc/yat2m.c (main): Set a default for OPT_DATE. Signed-off-by: Werner Koch <[email protected]>
* doc: Prefer an installed version of yat2mWerner Koch2017-07-051-2/+2
| | | | | | * configure.ac (YAT2M): Check for tool. * doc/Makefile.am (yat2m-stamp): Use installed tool if possible. --
* doc: Document obsolete option in gpgsm. Closes T2231.Marcus Brinkmann2017-07-011-4/+1
| | | | | | | * doc/gpgsm.texi: Mark --prefer-system-dirmngr as obsolete. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 2231
* gpg,gpgsm: Emit status code ENCRYPTION_COMPLIANCE_MODE.Werner Koch2017-06-231-0/+6
| | | | | | | | | | | | * common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New. * g10/encrypt.c (encrypt_crypt): Emit new status code. * sm/encrypt.c (gpgsm_encrypt): Ditto. -- This status code allows to report whether an encryption operation was compliant to de-vs. Signed-off-by: Werner Koch <[email protected]>
* gpg: Check and fix keys on import.Justus Winter2017-06-141-0/+4
| | | | | | | | | | | * doc/gpg.texi: Document the new import option. * g10/gpg.c (main): Make the new option default to yes. * g10/import.c (parse_import_options): Parse the new option. (import_one): Act on the new option. * g10/options.h (IMPORT_REPAIR_KEYS): New macro. GnuPG-bug-id: 2236 Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Implement HTTP connect timeouts of 15 or 2 seconds.Werner Koch2017-06-081-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.c (oConnectTimeout, oConnectQuickTimeout): New enums. (opts): New options --connect-timeout and --connect-quick-timeout. (DEFAULT_CONNECT_TIMEOUT): New. (DEFAULT_CONNECT_QUICK_TIMEOUT): New. (parse_rereadable_options): Handle new options. (post_option_parsing): New. Use instead of direct calls to set_debug() and set_tor_mode (). (main): Setup default timeouts. (dirmngr_init_default_ctrl): Set standard connect timeout. * dirmngr/dirmngr.h (opt): New fields connect_timeout and connect_quick_timeout. (server_control_s): New field timeout. * dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass timeout to http_raw_connect. * dirmngr/ks-engine-hkp.c (send_request): Call http_session_set_timeout. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/server.c (cmd_wkd_get, cmd_ks_search, cmd_ks_get) (cmd_ks_fetch): Implement --quick option. -- The standard connect timeouts are way to long so we add a timeout to the connect calls. Also implement the --quick option which is already used by gpg for non-important requests (e.g. looking up a key for verification). Signed-off-by: Werner Koch <[email protected]>
* gpg: Report compliance with CO_DE_VS.Justus Winter2017-06-011-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain parameters. (gnupg_cipher_is_compliant): New function. (gnupg_digest_is_compliant): Likewise. * common/compliance.h (gnupg_cipher_is_compliant): New prototype. (gnupg_digest_is_compliant): Likewise. * common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status. (STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise. * doc/DETAILS: Document the new status lines. * g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS and report that using the new status line. (check_sig_and_print): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- When decrypting data and verifying signatures, report whether the operations are in compliance with the criteria for data classified as VS-NfD. This information will be picked up by the frontend and presented to the user. GnuPG-bug-id: 3059 Signed-off-by: Justus Winter <[email protected]>
* doc: Improve documentation.Justus Winter2017-05-311-1/+1
| | | | | | | * doc/gpgsm.texi: Mention that '--with-key-data' implies '--with-colons'. Signed-off-by: Justus Winter <[email protected]>
* agent: Make digest algorithms for ssh fingerprints configurable.Justus Winter2017-05-241-0/+7
| | | | | | | | | | | | | | | | | | | | | * agent/agent.h (opt): New field 'ssh_fingerprint_digest'. * agent/command-ssh.c (data_sign, ssh_identity_register): Honor the option for strings used to communicate with the user. * agent/findkey.c (agent_modify_description): Likewise. * agent/gpg-agent.c (cmd_and_opt_values): New value. (opts): New option '--ssh-fingerprint-digest'. (parse_rereadable_options): Set the default to MD5 for now. (main): Handle the new option. * doc/gpg-agent.texi: Document the new option. -- OpenSSH has transitioned from using MD5 to compute key fingerprints to SHA256. This patch makes the digest used when communicating key fingerprints to the user (e.g. in pinentry dialogs) configurable. For now this patch conservatively defaults to MD5. GnuPG-bug-id: 2106 Signed-off-by: Justus Winter <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-17 09:45:09 +0000