GNUPG-1-9-BRANCH gnupg/doc (ChangeLog gnupg.texi gpg-agent.texi
gpgsm.texi)
cvs user wk
cvs at cvs.gnupg.org
Wed Apr 20 20:30:01 CEST 2005
Date: Wednesday, April 20, 2005 @ 20:46:51
Author: wk
Path: /cvs/gnupg/gnupg/doc
Tag: GNUPG-1-9-BRANCH
Modified: ChangeLog gnupg.texi gpg-agent.texi gpgsm.texi
(Agent Configuration): New section.
----------------+
ChangeLog | 6 ++-
gnupg.texi | 2 -
gpg-agent.texi | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
gpgsm.texi | 2 -
4 files changed, 101 insertions(+), 5 deletions(-)
Index: gnupg/doc/ChangeLog
diff -u gnupg/doc/ChangeLog:1.39.2.26 gnupg/doc/ChangeLog:1.39.2.27
--- gnupg/doc/ChangeLog:1.39.2.26 Thu Feb 24 18:36:11 2005
+++ gnupg/doc/ChangeLog Wed Apr 20 20:46:51 2005
@@ -1,3 +1,7 @@
+2005-04-20 Werner Koch <wk at g10code.com>
+
+ * gpg-agent.texi (Agent Configuration): New section.
+
2005-02-24 Werner Koch <wk at g10code.com>
* tools.texi (gpg-connect-agent): New.
@@ -171,7 +175,7 @@
* Makefile.am, gpgsm.texi: New.
- Copyright 2002 Free Software Foundation, Inc.
+ Copyright 2002, 2004, 2005 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
Index: gnupg/doc/gnupg.texi
diff -u gnupg/doc/gnupg.texi:1.1.2.9 gnupg/doc/gnupg.texi:1.1.2.10
--- gnupg/doc/gnupg.texi:1.1.2.9 Thu Jan 13 19:00:46 2005
+++ gnupg/doc/gnupg.texi Wed Apr 20 20:46:51 2005
@@ -22,7 +22,7 @@
Boston, MA 02111-1307 USA
@end iftex
-Copyright @copyright{} 2002, 2004 Free Software Foundation, Inc.
+Copyright @copyright{} 2002, 2004, 2005 Free Software Foundation, Inc.
@quotation
Permission is granted to copy, distribute and/or modify this document
Index: gnupg/doc/gpg-agent.texi
diff -u gnupg/doc/gpg-agent.texi:1.1.2.16 gnupg/doc/gpg-agent.texi:1.1.2.17
--- gnupg/doc/gpg-agent.texi:1.1.2.16 Thu Feb 24 18:36:11 2005
+++ gnupg/doc/gpg-agent.texi Wed Apr 20 20:46:51 2005
@@ -11,7 +11,7 @@
@c man begin DESCRIPTION
@command{gpg-agent} is a daemon to manage secret (private) keys
-independelty from any protocol. It is used as a backend for
+independently from any protocol. It is used as a backend for
@command{gpg} and @command{gpgsm} as well as for a couple of other
utilities.
@@ -71,6 +71,7 @@
@menu
* Agent Commands:: List of all commands.
* Agent Options:: List of all options.
+* Agent Configuration:: Configuration files.
* Agent Signals:: Use of some signals.
* Agent Examples:: Some usage examples.
* Agent Protocol:: The protocol the agent uses.
@@ -123,6 +124,7 @@
@table @gnupgtabopt
+ at anchor{option --options}
@item --options @var{file}
@opindex options
Reads configuration from @var{file} instead of from the default
@@ -130,6 +132,7 @@
@file{gpg-agent.conf} and expected in the @file{.gnupg} directory directly
below the home directory of the user.
+ at anchor{option --homedir}
@item --homedir @var{dir}
@opindex homedir
Set the name of the home directory to @var{dir}. If his option is not
@@ -255,10 +258,11 @@
Don't allow multiple connections. This option is in general not very
useful.
+ at anchor{option --allow-mark-trusted}
@item --allow-mark-trusted
@opindex allow-mark-trusted
Allow clients to mark keys as trusted, i.e. put them into the
- at code{trustlist.txt} file. This is by default not allowed to make it
+ at file{trustlist.txt} file. This is by default not allowed to make it
harder for users to inadvertly accept Root-CA keys.
@item --ignore-cache-for-signing
@@ -289,6 +293,12 @@
installation dependend and can be shown with the @code{--version}
command.
+ at item --disable-scdaemon
+ at opindex disable-scdaemon
+Do not make use of the scdaemon tool. This option has the effect of
+disabling the ability to do smartcard operations. Note, that enabling
+this option at runtime does not kill an already forked scdaemon.
+
@item --use-standard-socket
@itemx --no-use-standard-socket
@opindex use-standard-socket
@@ -326,6 +336,7 @@
window system's @code{DISPLAY} variable. This is useful to lock the
pinentry to pop up at the @sc{tty} or display you started the agent.
+ at anchor{option --enable-ssh-support}
@item --enable-ssh-support
@opindex enable-ssh-support
@@ -359,6 +370,87 @@
All the long options may also be given in the configuration file after
stripping off the two leading dashes.
+
+ at c man begin FILES
+
+ at node Agent Configuration
+ at section Configuration
+
+There are a few configuration files needed for the operation of the
+agent. By default they may all be found in the current home directory
+(@pxref{option --homedir}).
+
+ at table @file
+
+ at item gpg-agent.conf
+ at cindex gpg-agent.conf
+ This is the standard configuration file read by @command{gpg-agent} on
+ startup. It may contain any valid long option; the leading
+ two dashes may not be entered and the option may not be abbreviated.
+ This file is also read after a @code{SIGHUP} however only a few
+ options will actually have an effect. This default name may be
+ changed on the command line (@pxref{option --options}).
+
+ at item trustlist.txt
+ This is the list of trusted keys. Comment lines, indicated by a leading
+ hash mark, as well as empty lines are ignored. To mark a key as trusted
+ you need to enter its fingerprint followed by a space and a capital
+ letter @code{S}. Colons may optionally be used to separate the bytes of
+ a fingerprint; this allows to cut and paste the fingeperint from a key
+ listing output.
+
+ Here is an example where two keys are marked as ultimately trusted:
+
+ @example
+ # CN=Wurzel ZS 3,O=Intevation GmbH,C=DE
+ A6935DD34EF3087973C706FC311AA2CCF733765B S
+
+ # CN=PCA-1-Verwaltung-02/O=PKI-1-Verwaltung/C=DE
+ DC:BD:69:25:48:BD:BB:7E:31:6E:BB:80:D3:00:80:35:D4:F8:A6:CD S
+ @end example
+
+ Before entering a key into this file, you need to ensure its
+ authenticity. How to do this depends on your organisation; your
+ administrator might have already entered those keys which are deemed
+ trustworthy enough into this file. Places where to look for the
+ fingerprint of a root certificate are letters received from the CA or
+ the website of the CA (after making 100% sure that this is indeed the
+ website of that CA). You may want to consider allowing interactive
+ updates of this file by using the @xref{option --allow-mark-trusted}.
+ This is however not as secure as maintaining this file manually. It is
+ even advisable to change the permissions to read-only so that this file
+ can't be changed inadvertently.
+
+ @item sshcontrol
+
+ This file is used when support for the secure shell agent protocol has
+ been enabled (@pxref{option --enable-ssh-support}). Only keys present in
+ this file are used in the SSH protocol. The @command{ssh-add} tool y be
+ used to add new entries to this file; you may also add them manually.
+ Comment lines, indicated by a leading hash mark, as well as empty lines
+ are ignored. An entry starts with optional white spaces, followed by
+ the keygrip of the key given as 40 hex digits, optionally followed by
+ the caching TTL in seconds and another optional field for arbitrary
+ flags. A @code{!} may be prepended to the keygrip to disable this
+ entry.
+
+ The follwoing example lists exactly one key. Note that keys available
+ through a OpenPGP smartcard in the active smartcard reader are implictly
+ added to this list; i.e. there is no need to list them.
+
+ @example
+ # Key added on 2005-02-25 15:08:29
+ 5A6592BF45DC73BD876874A28FD4639282E29B52 0
+ @end example
+ at end table
+
+Note that on larger installations, it is useful to put predefined
+files into the directory @file{/etc/skel/.gnupg/} so that newly created
+users start up with a working configuration. For existing users the
+a small helper script is provied to create these files (@pxref{addgnupghome}).
+
+
+
@c
@c Agent Signals
@c
Index: gnupg/doc/gpgsm.texi
diff -u gnupg/doc/gpgsm.texi:1.1.2.21 gnupg/doc/gpgsm.texi:1.1.2.22
--- gnupg/doc/gpgsm.texi:1.1.2.21 Tue Feb 22 19:08:28 2005
+++ gnupg/doc/gpgsm.texi Wed Apr 20 20:46:51 2005
@@ -12,7 +12,7 @@
@command{gpgsm} is a tool similar to @command{gpg} to provide digital
encryption and signing servicesd on X.509 certificates and the CMS
-protocoll. It is mainly used as a backend for S/MIME mail processing.
+protocol. It is mainly used as a backend for S/MIME mail processing.
@command{gpgsm} includes a full features certificate management and
complies with all rules defined for the German Sphinx project.
More information about the Gnupg-commits
mailing list