GNUPG-1-9-BRANCH gnupg/doc (ChangeLog gnupg.texi gpg-agent.texi gpgsm.texi)

cvs user wk cvs at
Wed Apr 20 20:30:01 CEST 2005

    Date: Wednesday, April 20, 2005 @ 20:46:51
  Author: wk
    Path: /cvs/gnupg/gnupg/doc
     Tag: GNUPG-1-9-BRANCH

Modified: ChangeLog gnupg.texi gpg-agent.texi gpgsm.texi

(Agent Configuration): New section.

 ChangeLog      |    6 ++-
 gnupg.texi     |    2 -
 gpg-agent.texi |   96 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
 gpgsm.texi     |    2 -
 4 files changed, 101 insertions(+), 5 deletions(-)

Index: gnupg/doc/ChangeLog
diff -u gnupg/doc/ChangeLog: gnupg/doc/ChangeLog:
--- gnupg/doc/ChangeLog:	Thu Feb 24 18:36:11 2005
+++ gnupg/doc/ChangeLog	Wed Apr 20 20:46:51 2005
@@ -1,3 +1,7 @@
+2005-04-20  Werner Koch  <wk at>
+	* gpg-agent.texi (Agent Configuration): New section.
 2005-02-24  Werner Koch  <wk at>
 	* tools.texi (gpg-connect-agent): New.
@@ -171,7 +175,7 @@
 	*, gpgsm.texi: New.
- Copyright 2002 Free Software Foundation, Inc.
+ Copyright 2002, 2004, 2005 Free Software Foundation, Inc.
  This file is free software; as a special exception the author gives
  unlimited permission to copy and/or distribute it, with or without
Index: gnupg/doc/gnupg.texi
diff -u gnupg/doc/gnupg.texi: gnupg/doc/gnupg.texi:
--- gnupg/doc/gnupg.texi:	Thu Jan 13 19:00:46 2005
+++ gnupg/doc/gnupg.texi	Wed Apr 20 20:46:51 2005
@@ -22,7 +22,7 @@
 Boston, MA 02111-1307 USA
 @end iftex
-Copyright @copyright{} 2002, 2004 Free Software Foundation, Inc.
+Copyright @copyright{} 2002, 2004, 2005 Free Software Foundation, Inc.
 Permission is granted to copy, distribute and/or modify this document
Index: gnupg/doc/gpg-agent.texi
diff -u gnupg/doc/gpg-agent.texi: gnupg/doc/gpg-agent.texi:
--- gnupg/doc/gpg-agent.texi:	Thu Feb 24 18:36:11 2005
+++ gnupg/doc/gpg-agent.texi	Wed Apr 20 20:46:51 2005
@@ -11,7 +11,7 @@
 @c man begin DESCRIPTION
 @command{gpg-agent} is a daemon to manage secret (private) keys
-independelty from any protocol.  It is used as a backend for
+independently from any protocol.  It is used as a backend for
 @command{gpg} and @command{gpgsm} as well as for a couple of other
@@ -71,6 +71,7 @@
 * Agent Commands::      List of all commands.
 * Agent Options::       List of all options.
+* Agent Configuration:: Configuration files.
 * Agent Signals::       Use of some signals.
 * Agent Examples::      Some usage examples.
 * Agent Protocol::      The protocol the agent uses.
@@ -123,6 +124,7 @@
 @table @gnupgtabopt
+ at anchor{option --options}
 @item --options @var{file}
 @opindex options
 Reads configuration from @var{file} instead of from the default
@@ -130,6 +132,7 @@
 @file{gpg-agent.conf} and expected in the @file{.gnupg} directory directly
 below the home directory of the user.
+ at anchor{option --homedir}
 @item --homedir @var{dir}
 @opindex homedir
 Set the name of the home directory to @var{dir}. If his option is not
@@ -255,10 +258,11 @@
 Don't allow multiple connections.  This option is in general not very
+ at anchor{option --allow-mark-trusted}
 @item --allow-mark-trusted
 @opindex allow-mark-trusted
 Allow clients to mark keys as trusted, i.e. put them into the
- at code{trustlist.txt} file.  This is by default not allowed to make it
+ at file{trustlist.txt} file.  This is by default not allowed to make it
 harder for users to inadvertly accept Root-CA keys.
 @item --ignore-cache-for-signing
@@ -289,6 +293,12 @@
 installation dependend and can be shown with the @code{--version}
+ at item --disable-scdaemon
+ at opindex disable-scdaemon
+Do not make use of the scdaemon tool.  This option has the effect of
+disabling the ability to do smartcard operations.  Note, that enabling
+this option at runtime does not kill an already forked scdaemon.
 @item --use-standard-socket
 @itemx --no-use-standard-socket
 @opindex use-standard-socket
@@ -326,6 +336,7 @@
 window system's @code{DISPLAY} variable.  This is useful to lock the
 pinentry to pop up at the @sc{tty} or display you started the agent.
+ at anchor{option --enable-ssh-support}
 @item --enable-ssh-support
 @opindex enable-ssh-support
@@ -359,6 +370,87 @@
 All the long options may also be given in the configuration file after
 stripping off the two leading dashes.
+ at c man begin FILES
+ at node Agent Configuration
+ at section Configuration
+There are a few configuration files needed for the operation of the
+agent. By default they may all be found in the current home directory
+(@pxref{option --homedir}).
+ at table @file
+ at item gpg-agent.conf
+ at cindex gpg-agent.conf
+  This is the standard configuration file read by @command{gpg-agent} on
+  startup.  It may contain any valid long option; the leading
+  two dashes may not be entered and the option may not be abbreviated.
+  This file is also read after a @code{SIGHUP} however only a few
+  options will actually have an effect.  This default name may be
+  changed on the command line (@pxref{option --options}).
+ at item trustlist.txt
+  This is the list of trusted keys.  Comment lines, indicated by a leading
+  hash mark, as well as empty lines are ignored.  To mark a key as trusted
+  you need to enter its fingerprint followed by a space and a capital
+  letter @code{S}.  Colons may optionally be used to separate the bytes of
+  a fingerprint; this allows to cut and paste the fingeperint from a key
+  listing output.
+  Here is an example where two keys are marked as ultimately trusted:
+  @example
+  # CN=Wurzel ZS 3,O=Intevation GmbH,C=DE
+  A6935DD34EF3087973C706FC311AA2CCF733765B S
+  # CN=PCA-1-Verwaltung-02/O=PKI-1-Verwaltung/C=DE
+  DC:BD:69:25:48:BD:BB:7E:31:6E:BB:80:D3:00:80:35:D4:F8:A6:CD S 
+  @end example
+  Before entering a key into this file, you need to ensure its
+  authenticity.  How to do this depends on your organisation; your
+  administrator might have already entered those keys which are deemed
+  trustworthy enough into this file.  Places where to look for the
+  fingerprint of a root certificate are letters received from the CA or
+  the website of the CA (after making 100% sure that this is indeed the
+  website of that CA).  You may want to consider allowing interactive
+  updates of this file by using the @xref{option --allow-mark-trusted}.
+  This is however not as secure as maintaining this file manually.  It is
+  even advisable to change the permissions to read-only so that this file
+  can't be changed inadvertently.
+  @item sshcontrol
+  This file is used when support for the secure shell agent protocol has
+  been enabled (@pxref{option --enable-ssh-support}). Only keys present in
+  this file are used in the SSH protocol.  The @command{ssh-add} tool y be
+  used to add new entries to this file; you may also add them manually.
+  Comment lines, indicated by a leading hash mark, as well as empty lines
+  are ignored.  An entry starts with optional white spaces, followed by
+  the keygrip of the key given as 40 hex digits, optionally followed by
+  the caching TTL in seconds and another optional field for arbitrary
+  flags.  A @code{!} may be prepended to the keygrip to disable this
+  entry.
+  The follwoing example lists exactly one key.  Note that keys available
+  through a OpenPGP smartcard in the active smartcard reader are implictly
+  added to this list; i.e. there is no need to list them.
+  @example
+  # Key added on 2005-02-25 15:08:29
+  5A6592BF45DC73BD876874A28FD4639282E29B52 0
+  @end example
+ at end table
+Note that on larger installations, it is useful to put predefined
+files into the directory @file{/etc/skel/.gnupg/} so that newly created
+users start up with a working configuration.  For existing users the
+a small helper script is provied to create these files (@pxref{addgnupghome}).
 @c Agent Signals
Index: gnupg/doc/gpgsm.texi
diff -u gnupg/doc/gpgsm.texi: gnupg/doc/gpgsm.texi:
--- gnupg/doc/gpgsm.texi:	Tue Feb 22 19:08:28 2005
+++ gnupg/doc/gpgsm.texi	Wed Apr 20 20:46:51 2005
@@ -12,7 +12,7 @@
 @command{gpgsm} is a tool similar to @command{gpg} to provide digital
 encryption and signing servicesd on X.509 certificates and the CMS
-protocoll.  It is mainly used as a backend for S/MIME mail processing.
+protocol.  It is mainly used as a backend for S/MIME mail processing.
 @command{gpgsm} includes a full features certificate management and
 complies with all rules defined for the German Sphinx project.

More information about the Gnupg-commits mailing list