[svn] GnuPG - r3918 - trunk/doc

svn author dshaw cvs at cvs.gnupg.org
Thu Oct 27 21:18:06 CEST 2005 

Author: dshaw
Date: 2005-10-27 21:18:05 +0200 (Thu, 27 Oct 2005)
New Revision: 3918

Modified:
   trunk/doc/ChangeLog
   trunk/doc/DETAILS
   trunk/doc/gpg.sgml
Log:
* gpg.sgml: Document backsign, --require-backsigs, and
--no-require-backsigs.

* DETAILS: Clarify Key-Usage.


Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog	2005-10-27 16:23:59 UTC (rev 3917)
+++ trunk/doc/ChangeLog	2005-10-27 19:18:05 UTC (rev 3918)
@@ -1,3 +1,10 @@
+2005-10-27  David Shaw  <dshaw at jabberwocky.com>
+
+	* gpg.sgml: Document backsign, --require-backsigs, and
+	--no-require-backsigs.
+
+	* DETAILS: Clarify Key-Usage.
+
 2005-10-07  Werner Koch  <wk at g10code.com>
 
 	* gpgv.sgml: Small spelling corrections by Mike Dowling.

Modified: trunk/doc/DETAILS
===================================================================
--- trunk/doc/DETAILS	2005-10-27 16:23:59 UTC (rev 3917)
+++ trunk/doc/DETAILS	2005-10-27 19:18:05 UTC (rev 3918)
@@ -587,7 +587,7 @@
         PIN change really worked.
 
     BACKUP_KEY_CREATED fingerprint fname
-        A backup key named FNAME has been created for the key wityh
+        A backup key named FNAME has been created for the key with
         KEYID.
 
 
@@ -750,8 +750,13 @@
 	Length of the key in bits.  Default is 1024.
      Key-Usage: <usage-list>
         Space or comma delimited list of key usage, allowed values are
-        "encrypt" and "sign".  This is used to generate the key flags.
-        Please make sure that the algorithm is capable of this usage.
+        "encrypt", "sign", and "auth".  This is used to generate the
+        key flags.  Please make sure that the algorithm is capable of
+        this usage.  Note that OpenPGP requires that all primary keys
+        are capable of certification, so no matter what usage is given
+        here, the "cert" flag will be on.  If no Key-Usage is
+        specified, all the allowed usages for that particular
+        algorithm are used.
      Subkey-Type: <algo-number>|<algo-string>
 	This generates a secondary key.  Currently only one subkey
 	can be handled.

Modified: trunk/doc/gpg.sgml
===================================================================
--- trunk/doc/gpg.sgml	2005-10-27 16:23:59 UTC (rev 3917)
+++ trunk/doc/gpg.sgml	2005-10-27 19:18:05 UTC (rev 3918)
@@ -565,6 +565,14 @@
 If invoked with no arguments, both `sigs' and `uids' are cleaned.
 </para></listitem></varlistentry>
 
+<varlistentry>
+<term>backsign</term>
+<listitem></para>
+Add back signatures to signing subkeys that may not currently have
+back signatures.  Back signatures protect against a subtle attack
+against signing subkeys.  See --require-backsigs.
+</para></listitem></varlistentry>
+
     <varlistentry>
     <term>save</term>
     <listitem><para>
@@ -2713,6 +2721,17 @@
 </para></listitem></varlistentry>
 
 <varlistentry>
+<term>--require-backsigs</term>
+<term>--no-require-backsigs</term>
+<listitem><para>
+When verifying a signature made from a subkey, ensure that the "back
+signature" on the subkey is present and valid.  This protects against
+a subtle attack against subkeys that can sign.  Currently defaults to
+--no-require-backsigs, but will be changed to --require-backsigs in
+the future.
+</para></listitem></varlistentry>
+
+<varlistentry>
 <term>--ask-sig-expire</term>
 <term>--no-ask-sig-expire</term>
 <listitem><para>

More information about the Gnupg-commits mailing list