[git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-10-g2889a70
by Werner Koch
cvs at cvs.gnupg.org
Mon Sep 29 11:30:14 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via 2889a70c102271a1b6ff529bafb6748c4e773014 (commit)
via 3209f270d236fae588edaab3d48fe707eb25641c (commit)
via ad30b2a4ae06a51f747bbd8a3c0985333295f8c6 (commit)
from cd53cdbc3774fb193bdebcdc5d7019ddebc16dbc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2889a70c102271a1b6ff529bafb6748c4e773014
Author: Werner Koch <wk at gnupg.org>
Date: Mon Sep 29 11:28:55 2014 +0200
doc: Cleanup gpg.texi.
--
We don't need the gpgone and gpgtwoone macros anymore.
diff --git a/doc/Makefile.am b/doc/Makefile.am
index a31f257..9fd9f6b 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -46,7 +46,7 @@ DISTCLEANFILES = yat2m yat2m-stamp.tmp yat2m-stamp $(myman_pages)
AM_MAKEINFOFLAGS = -I $(srcdir) --css-include=$(srcdir)/texi.css -D gpgone
YAT2M_OPTIONS = -I $(srcdir) -D gpgone \
- --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard"
+ --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard 1.4"
yat2m: Makefile yat2m.c
$(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c
diff --git a/doc/gpg.texi b/doc/gpg.texi
index ea6851c..ded69ce 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3,11 +3,6 @@
@c This is part of the GnuPG manual.
@c For copying conditions, see the file gnupg.texi.
- at c Note that we use this texinfo file for all versions of GnuPG: 1.4.x,
- at c 2.0 and 2.1. The macro "gpgone" controls parts which are only valid
- at c for GnuPG 1.4, the macro "gpgtwoone" controls parts which are only
- at c valid for GnupG 2.1 and later.
-
@node Invoking GPG
@chapter Invoking GPG
@cindex GPG command options
@@ -16,19 +11,11 @@
@c Begin algorithm defaults
- at ifclear gpgtwoone
@set DEFSYMENCALGO CAST5
- at end ifclear
-
- at ifset gpgtwoone
- at set DEFSYMENCALGO AES128
- at end ifset
@c End algorithm defaults
- at c Begin GnuPG 1.x specific stuff
- at ifset gpgone
@macro gpgname
gpg
@end macro
@@ -49,63 +36,20 @@ gpg
.I command
.RI [ args ]
@end ifset
- at end ifset
- at c End GnuPG 1.x specific stuff
-
- at c Begin GnuPG 2 specific stuff
- at ifclear gpgone
- at macro gpgname
-gpg2
- at end macro
- at manpage gpg2.1
- at ifset manverb
-.B gpg2
-\- OpenPGP encryption and signing tool
- at end ifset
-
- at mansect synopsis
- at ifset manverb
-.B gpg2
-.RB [ \-\-homedir
-.IR dir ]
-.RB [ \-\-options
-.IR file ]
-.RI [ options ]
-.I command
-.RI [ args ]
- at end ifset
- at end ifclear
- at c Begin GnuPG 2 specific stuff
@mansect description
- at command{@gpgname} is the OpenPGP part of the GNU Privacy Guard (GnuPG). It
-is a tool to provide digital encryption and signing services using the
-OpenPGP standard. @command{@gpgname} features complete key management and
-all bells and whistles you can expect from a decent OpenPGP
-implementation.
+ at command{@gpgname} is the OpenPGP only version of the GNU Privacy
+Guard (GnuPG). It is a tool to provide digital encryption and signing
+services using the OpenPGP standard. @command{@gpgname} features
+complete key management and all bells and whistles you can expect from
+a decent OpenPGP implementation.
- at ifset gpgone
This is the standalone version of @command{gpg}. For desktop use you
-should consider using @command{gpg2} @footnote{On some platforms gpg2 is
-installed under the name @command{gpg}}.
- at end ifset
-
- at ifclear gpgone
-In contrast to the standalone version @command{gpg}, which is more
-suited for server and embedded platforms, this version is commonly
-installed under the name @command{gpg2} and more targeted to the desktop
-as it requires several other modules to be installed. The standalone
-version will be kept maintained and it is possible to install both
-versions on the same system. If you need to use different configuration
-files, you should make use of something like @file{gpg.conf-2} instead
-of just @file{gpg.conf}.
- at end ifclear
+should consider using @command{gpg2} from the GnuPG-2 package
+ at footnote{On some platforms gpg2 is installed under the name
+ at command{gpg}}.
@manpause
- at ifclear gpgone
-Documentation for the old standard @command{gpg} is available as a man
-page and at @inforef{Top,GnuPG 1,gpg}.
- at end ifclear
@xref{Option Index}, for an index to @command{@gpgname}'s commands and options.
@mancont
@@ -300,12 +244,11 @@ Identical to @option{--multifile --decrypt}.
@opindex list-keys
List all keys from the public keyrings, or just the keys given on the
command line.
- at ifset gpgone
+
@option{-k} is slightly different from @option{--list-keys} in that it
allows only for one argument and takes the second argument as the
keyring to search. This is for command line compatibility with PGP 2
and has been removed in @command{gpg2}.
- at end ifset
Avoid using the output of this command in scripts or other programs as
it is likely to change as GnuPG changes. See @option{--with-colons} for a
@@ -323,10 +266,6 @@ secret key is not usable (for example, if it was created via
@item --list-sigs
@opindex list-sigs
Same as @option{--list-keys}, but the signatures are listed too.
- at ifclear gpgone
-This command has the same effect as
-using @option{--list-keys} with @option{--with-sig-list}.
- at end ifclear
For each signature listed, there are several flags in between the "sig"
tag and keyid. These flags give additional information about each
@@ -346,10 +285,6 @@ command "tsign").
Same as @option{--list-sigs}, but the signatures are verified. Note
that for performance reasons the revocation status of a signing key is
not shown.
- at ifclear gpgone
-This command has the same effect as
-using @option{--list-keys} with @option{--with-sig-check}.
- at end ifclear
The status of the verification is indicated by a flag directly following
the "sig" tag (and thus before the flags described above for
@@ -358,16 +293,6 @@ successfully verified, a "-" denotes a bad signature and a "%" is used
if an error occurred while checking the signature (e.g. a non supported
algorithm).
- at ifclear gpgone
- at item --locate-keys
- at opindex locate-keys
-Locate the keys given as arguments. This command basically uses the
-same algorithm as used when locating keys for encryption or signing and
-may thus be used to see what keys @command{@gpgname} might use. In
-particular external methods as defined by @option{--auto-key-locate} may
-be used to locate a key. Only public keys are listed.
- at end ifclear
-
@item --fingerprint
@opindex fingerprint
@@ -453,15 +378,8 @@ an additional signing subkey on a dedicated machine and then using
this command to export the key without the primary key to the main
machine.
- at ifset gpgtwoone
-GnuPG may ask you to enter the passphrase for the key. This is
-required because the internal protection method of the secret key is
-different from the one specified by the OpenPGP protocol.
- at end ifset
- at ifclear gpgtwoone
See the option @option{--simple-sk-checksum} if you want to import an
exported secret key into ancient OpenPGP implementations.
- at end ifclear
@item --import
@itemx --fast-import
@@ -605,33 +523,11 @@ This section explains the main commands for key management
@table @gnupgtabopt
- at ifset gpgtwoone
- at item --quick-gen-key @code{user-id}
- at opindex quick-gen-key
-This is simple command to generate a standard key with one user id.
-In contrast to @option{--gen-key} the key is generated directly
-without the need to answer a bunch of prompts. Unless the option
- at option{--yes} is given, the key creation will be canceled if the
-given user id already exists in the key ring.
-
-If invoked directly on the console without any special options an
-answer to a ``Continue?'' style confirmation prompt is required. In
-case the user id already exists in the key ring a second prompt to
-force the creation of the key will show up.
- at end ifset
-
@item --gen-key
@opindex gen-key
Generate a new key pair using teh current default parameters. This is
the standard command to create a new key.
- at ifset gpgtwoone
- at item --full-gen-key
- at opindex gen-key
-Generate a new key pair with dialogs for all options. This is an
-extended version of @option{--gen-key}.
-
- at end ifset
There is also a feature which allows you to create keys in batch
mode. See the the manual section ``Unattended key generation'' on how
to use this.
@@ -957,34 +853,6 @@ Signs a public key with your secret key but marks it as
non-exportable. This is a shortcut version of the subcommand "lsign"
from @option{--edit-key}.
- at ifset gpgtwoone
- at item --quick-sign-key @code{fpr} [@code{names}]
- at itemx --quick-lsign-key @code{name}
- at opindex quick-sign-key
- at opindex quick-lsign-key
-Directly sign a key from the passphrase without any further user
-interaction. The @code{fpr} must be the verified primary fingerprint
-of a key in the local keyring. If no @code{names} are given, all
-useful user ids are signed; with given [@code{names}] only useful user
-ids matching one of theses names are signed. The command
- at option{--quick-lsign-key} marks the signatures as non-exportable. If
-such a non-exportable signature already exists the
- at option{--quick-sign-key} turns it into a exportable signature.
-
-This command uses reasonable defaults and thus does not provide the
-full flexibility of the "sign" subcommand from @option{--edit-key}.
-Its intended use is to help unattended key signing by utilizing a list
-of verified fingerprints.
- at end ifset
-
- at ifclear gpgone
- at item --passwd @var{user_id}
- at opindex passwd
-Change the passphrase of the secret key belonging to the certificate
-specified as @var{user_id}. This is a shortcut for the sub-command
- at code{passwd} of the edit key menu.
- at end ifclear
-
@end table
@@ -1286,13 +1154,7 @@ use the specified keyring alone, use @option{--keyring} along with
@item --secret-keyring @code{file}
@opindex secret-keyring
- at ifset gpgtwoone
-This is an obsolete option and ignored. All secret keys are stored in
-the @file{private-keys-v1.d} directory below the GnuPG home directory.
- at end ifset
- at ifclear gpgtwoone
Same as @option{--keyring} but for the secret keyrings.
- at end ifclear
@item --primary-keyring @code{file}
@opindex primary-keyring
@@ -1308,31 +1170,24 @@ the filename does not contain a slash, it is assumed to be in the GnuPG
home directory (@file{~/.gnupg} if @option{--homedir} or $GNUPGHOME is
not used).
- at ifset gpgone
@anchor{option --homedir}
- at end ifset
@include opt-homedir.texi
- at ifset gpgone
@item --pcsc-driver @code{file}
@opindex pcsc-driver
Use @code{file} to access the smartcard reader. The current default is
`libpcsclite.so.1' for GLIBC based systems,
`/System/Library/Frameworks/PCSC.framework/PCSC' for MAC OS X,
`winscard.dll' for Windows and `libpcsclite.so' for other systems.
- at end ifset
- at ifset gpgone
@item --disable-ccid
@opindex disable-ccid
Disable the integrated support for CCID compliant readers. This
allows to fall back to one of the other drivers even if the internal
CCID driver can handle the reader. Note, that CCID support is only
available if libusb was available at build time.
- at end ifset
- at ifset gpgone
@item --reader-port @code{number_or_string}
@opindex reader-port
This option may be used to specify the port of the card terminal. A
@@ -1341,7 +1196,6 @@ devices. The default is 32768 (first USB device). PC/SC or CCID
readers might need a string here; run the program in verbose mode to get
a list of available readers. The default is then the first reader
found.
- at end ifset
@item --display-charset @code{name}
@opindex display-charset
@@ -1683,11 +1537,9 @@ are available for all keyserver types, some common options are:
"http_proxy" environment variable, if any.
- at ifclear gpgtwoone
@item max-cert-size
When retrieving a key via DNS CERT, only accept keys up to this size.
Defaults to 16384 bytes.
- at end ifclear
@item debug
Turn on debug output in the keyserver helper program. Note that the
@@ -1696,28 +1548,16 @@ are available for all keyserver types, some common options are:
program uses internally (libcurl, openldap, etc).
@item check-cert
- at ifset gpgtwoone
- This option has no more function since GnuPG 2.1. Use the
- @code{dirmngr} configuration options instead.
- at end ifset
- at ifclear gpgtwoone
Enable certificate checking if the keyserver presents one (for hkps or
ldaps). Defaults to on.
- at end ifclear
@item ca-cert-file
- at ifset gpgtwoone
- This option has no more function since GnuPG 2.1. Use the
- @code{dirmngr} configuration options instead.
- at end ifset
- at ifclear gpgtwoone
Provide a certificate store to override the system default. Only
necessary if check-cert is enabled, and the keyserver is using a
certificate that is not present in a system default certificate list.
Note that depending on the SSL library that the keyserver helper is
built with, this may actually be a directory or a file.
- at end ifclear
@end table
@@ -1735,7 +1575,6 @@ key signer (defaults to 3)
@opindex max-cert-depth
Maximum depth of a certification chain (default is 5).
- at ifclear gpgtwoone
@item --simple-sk-checksum
@opindex simple-sk-checksum
Secret keys are integrity protected by using a SHA-1 checksum. This
@@ -1747,7 +1586,6 @@ a security risk. Note that using this option only takes effect when
the secret key is encrypted - the simplest way to make this happen is
to change the passphrase on the key (even changing it to the same
value is acceptable).
- at end ifclear
@item --no-sig-cache
@opindex no-sig-cache
@@ -1778,46 +1616,18 @@ process. @option{--no-auto-check-trustdb} disables this option.
@item --use-agent
@itemx --no-use-agent
@opindex use-agent
- at ifclear gpgone
-This is dummy option. @command{@gpgname} always requires the agent.
- at end ifclear
- at ifset gpgone
Try to use the GnuPG-Agent. With this option, GnuPG first tries to
connect to the agent before it asks for a
passphrase. @option{--no-use-agent} disables this option.
- at end ifset
@item --gpg-agent-info
@opindex gpg-agent-info
- at ifclear gpgone
-This is dummy option. It has no effect when used with @command{gpg2}.
- at end ifclear
- at ifset gpgone
Override the value of the environment variable
@samp{GPG_AGENT_INFO}. This is only used when @option{--use-agent} has
been given. Given that this option is not anymore used by
@command{gpg2}, it should be avoided if possible.
- at end ifset
- at ifclear gpgone
- at item --agent-program @var{file}
- at opindex agent-program
-Specify an agent program to be used for secret key operations. The
-default value is the @file{/usr/bin/gpg-agent}. This is only used
-as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
-set or a running agent cannot be connected.
- at end ifclear
-
- at ifset gpgtwoone
- at item --dirmngr-program @var{file}
- at opindex dirmngr-program
-Specify a dirmngr program to be used for keyserver access. The
-default value is @file{/usr/sbin/dirmngr}. This is only used as a
-fallback when the environment variable @code{DIRMNGR_INFO} is not set or
-a running dirmngr cannot be connected.
- at end ifset
-
@item --lock-once
@opindex lock-once
Lock the databases the first time a lock is requested
@@ -1997,20 +1807,6 @@ Remove all entries from the @option{--group} list.
Use @var{name} as the key to sign with. Note that this option overrides
@option{--default-key}.
- at ifset gpgtwoone
- at item --try-secret-key @var{name}
- at opindex try-secret-key
-For hidden recipients GPG needs to know the keys to use for trial
-decryption. The key set with @option{--default-key} is always tried
-first, but this is often not sufficient. This option allows to set more
-keys to be used for trial decryption. Although any valid user-id
-specification may be used for @var{name} it makes sense to use at least
-the long keyid to avoid ambiguities. Note that gpg-agent might pop up a
-pinentry for a lot keys to do the trial decryption. If you want to stop
-all further trial decryption you may use close-window button instead of
-the cancel button.
- at end ifset
-
@item --try-all-secrets
@opindex try-all-secrets
Don't look at the key ID as stored in the message but try all secret
@@ -2129,17 +1925,11 @@ opposite meaning. The options are:
Include designated revoker information that was marked as
"sensitive". Defaults to no.
- @c Since GnuPG 2.1 gpg-agent manages the secret key and thus the
- @c export-reset-subkey-passwd hack is not anymore justified. Such use
- @c cases need to be implemented using a specialized secret key export
- @c tool.
- at ifclear gpgtwoone
@item export-reset-subkey-passwd
When using the @option{--export-secret-subkeys} command, this option resets
the passphrases for all exported subkeys to empty. This is useful
when the exported subkey is to be used on an unattended machine where
a passphrase doesn't necessarily make sense. Defaults to no.
- at end ifclear
@item export-clean
Compact (remove all signatures from) user IDs on the key being
@@ -2170,37 +1960,12 @@ source distribution.
@opindex fixed-list-mode
Do not merge primary user ID and primary key in @option{--with-colon}
listing mode and print all timestamps as seconds since 1970-01-01.
- at ifclear gpgone
-Since GnuPG 2.0.10, this mode is always used and thus this option is
-obsolete; it does not harm to use it though.
- at end ifclear
-
- at ifset gpgtwoone
- at item --legacy-list-mode
- at opindex legacy-list-mode
-Revert to the pre-2.1 public key list mode. This only affects the
-human readable output and not the machine interface
-(i.e. @code{--with-colons}). Note that the legacy format does not
-allow to convey suitable information for elliptic curves.
- at end ifset
@item --with-fingerprint
@opindex with-fingerprint
Same as the command @option{--fingerprint} but changes only the format
of the output and may be used together with another command.
- at ifset gpgtwoone
- at item --with-keygrip
- at opindex with-keygrip
-Include the keygrip in the key listings.
-
- at item --with-secret
- at opindex with-secret
-Include info about the presence of a secret key in public key listings
-done with @code{--with-colons}.
-
- at end ifset
-
@end table
@c *******************************************
@@ -2223,13 +1988,11 @@ platforms that have different line ending conventions (UNIX-like to Mac,
Mac to Windows, etc). @option{--no-textmode} disables this option, and
is the default.
- at ifset gpgone
If @option{-t} (but not @option{--textmode}) is used together with
armoring and signing, this enables clearsigned messages. This kludge is
needed for command-line compatibility with command-line versions of PGP;
normally you would use @option{--sign} or @option{--clearsign} to select
the type of the signature.
- at end ifset
@item --force-v3-sigs
@itemx --no-force-v3-sigs
@@ -2383,16 +2146,9 @@ a message that PGP 2.x will not be able to handle. Note that `PGP
available, but the MIT release is a good common baseline.
This option implies
- at ifset gpgone
@option{--rfc1991 --disable-mdc --no-force-v4-certs
--escape-from-lines --force-v3-sigs
--cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
- at end ifset
- at ifclear gpgone
- at option{--rfc1991 --disable-mdc --no-force-v4-certs
- --escape-from-lines --force-v3-sigs --allow-weak-digest-algos
- --cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
- at end ifclear
It also disables @option{--textmode} when encrypting.
This option is deprecated will be removed in GnuPG 2.1. The reason
@@ -2493,12 +2249,10 @@ be given in C syntax (e.g. 0x0042).
@opindex debug-all
Set all useful debugging flags.
- at ifset gpgone
@item --debug-ccid-driver
@opindex debug-ccid-driver
Enable debug output from the included CCID driver for smartcards.
Note that this option is only available on some system.
- at end ifset
@item --faked-system-time @var{epoch}
@opindex faked-system-time
@@ -2749,10 +2503,6 @@ Read the passphrase from file descriptor @code{n}. Only the first line
will be read from file descriptor @code{n}. If you use 0 for @code{n},
the passphrase will be read from STDIN. This can only be used if only
one passphrase is supplied.
- at ifclear gpgone
-Note that this passphrase is only used if the option @option{--batch}
-has also been given. This is different from @command{gpg}.
- at end ifclear
@item --passphrase-file @code{file}
@opindex passphrase-file
@@ -2761,10 +2511,6 @@ be read from file @code{file}. This can only be used if only one
passphrase is supplied. Obviously, a passphrase stored in a file is
of questionable security if other users can read this file. Don't use
this option if you can avoid it.
- at ifclear gpgone
-Note that this passphrase is only used if the option @option{--batch}
-has also been given. This is different from @command{gpg}.
- at end ifclear
@item --passphrase @code{string}
@opindex passphrase
@@ -2772,30 +2518,6 @@ Use @code{string} as the passphrase. This can only be used if only one
passphrase is supplied. Obviously, this is of very questionable
security on a multi-user system. Don't use this option if you can
avoid it.
- at ifclear gpgone
-Note that this passphrase is only used if the option @option{--batch}
-has also been given. This is different from @command{gpg}.
- at end ifclear
-
- at ifset gpgtwoone
- at item --pinentry-mode @code{mode}
- at opindex pinentry-mode
-Set the pinentry mode to @code{mode}. Allowed values for @code{mode}
-are:
- at table @asis
- @item default
- Use the default of the agent, which is @code{ask}.
- @item ask
- Force the use of the Pinentry.
- @item cancel
- Emulate use of Pinentry's cancel button.
- @item error
- Return a Pinentry error (``No Pinentry'').
- @item loopback
- Redirect Pinentry queries to the caller. Note that in contrast to
- Pinentry the user is not prompted again if he enters a bad password.
- at end table
- at end ifset
@item --command-fd @code{n}
@opindex command-fd
@@ -2855,14 +2577,6 @@ necessary to get as much data as possible out of the corrupt message.
However, be aware that a MDC protection failure may also mean that the
message was tampered with intentionally by an attacker.
- at ifclear gpgone
- at item --allow-weak-digest-algos
- at opindex allow-weak-digest-algos
-Signatures made with the broken MD5 algorithm are normally rejected
-with an ``invalid digest algorithm'' message. This option allows the
-verification of signatures made with such weak algorithms.
- at end ifclear
-
@item --no-default-keyring
@opindex no-default-keyring
Do not add the default keyrings to the list of keyrings. Note that
@@ -3026,14 +2740,12 @@ on the configuration file.
@table @gnupgtabopt
- at ifset gpgone
@item --load-extension @code{name}
@opindex load-extension
Load an extension module. If @code{name} does not contain a slash it is
searched for in the directory configured when GnuPG was built
(generally "/usr/local/lib/gnupg"). Extensions are not generally
useful anymore, and the use of this option is deprecated.
- at end ifset
@item --show-photos
@itemx --no-show-photos
@@ -3051,13 +2763,11 @@ Display the keyring name at the head of key listings to show which
keyring a given key resides on. This option is deprecated: use
@option{--list-options [no-]show-keyring} instead.
- at ifset gpgone
@item --ctapi-driver @code{file}
@opindex ctapi-driver
Use @code{file} to access the smartcard reader. The current default
is `libtowitoko.so'. Note that the use of this interface is
deprecated; it may be removed in future releases.
- at end ifset
@item --always-trust
@opindex always-trust
@@ -3113,10 +2823,6 @@ current home directory (@pxref{option --homedir}).
Note that on larger installations, it is useful to put predefined files
into the directory @file{/etc/skel/.gnupg/} so that newly created users
start up with a working configuration.
- at ifclear gpgone
-For existing users the a small
-helper script is provided to create these files (@pxref{addgnupghome}).
- at end ifclear
For internal purposes @command{@gpgname} creates and maintains a few other
files; They all live in in the current home directory (@pxref{option
@@ -3130,26 +2836,13 @@ files; They all live in in the current home directory (@pxref{option
@item ~/.gnupg/pubring.gpg.lock
The lock file for the public keyring.
- at ifset gpgtwoone
@item ~/.gnupg/pubring.kbx
- The public keyring using a different format. This file is sharred
- with @command{gpgsm}. You should backup this file.
-
- @item ~/.gnupg/pubring.kbx.lock
- The lock file for @file{pubring.kbx}.
- at end ifset
+ @itemx ~/.gnupg/pubring.kbx.lock
+ A public keyring and its lock file used by GnuPG versions >= 2.
+ It is ignored by GnuPG 1.x
@item ~/.gnupg/secring.gpg
- at ifclear gpgtwoone
The secret keyring. You should backup this file.
- at end ifclear
- at ifset gpgtwoone
- A secret keyring as used by GnuPG versions before 2.1. It is not
- used by GnuPG 2.1 and later.
-
- @item ~/.gnupg/.gpg-v21-migrated
- File indicating that a migration to GnuPG 2.1 has taken place.
- at end ifset
@item ~/.gnupg/trustdb.gpg
The trust database. There is no need to backup this file; it is better
@@ -3195,9 +2888,8 @@ Operation is further controlled by a few environment variables:
@item GPG_AGENT_INFO
Used to locate the gpg-agent.
- at ifset gpgone
This is only honored when @option{--use-agent} is set.
- at end ifset
+
The value consists of 3 colon delimited fields: The first is the path
to the Unix Domain Socket, the second the PID of the gpg-agent and the
protocol version which should be set to 1. When starting the gpg-agent
@@ -3611,9 +3303,5 @@ these parameters:
@mansect see also
@ifset isman
@command{gpgv}(1),
- at ifclear gpgone
- at command{gpgsm}(1),
- at command{gpg-agent}(1)
- at end ifclear
@end ifset
@include see-also-note.texi
commit 3209f270d236fae588edaab3d48fe707eb25641c
Author: Werner Koch <wk at gnupg.org>
Date: Mon Sep 29 11:11:30 2014 +0200
doc: Final update from master (gnupg 2.1)
* doc/Makefile.am (sources_from_trunk): Remove.
(update-source): Make it a dummy.
* doc/gpg.texi: Update.
* doc/yat2m.c: Update.
--
Maintaining 3 versions in of the gpg manual in one file is getting
more complicated with 2.1. Thus we stop this now and keep the manual
for 1.4 separate.
diff --git a/doc/Makefile.am b/doc/Makefile.am
index f7601d7..a31f257 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -26,10 +26,6 @@ EXTRA_DIST = DETAILS FAQ \
myman_sources = gpg.texi gpgv.texi
myman_pages = gpg.1 gpgv.1
-
-sources_from_trunk = $(myman_sources) \
- opt-homedir.texi specify-user-id.texi see-also-note.texi
-
info_TEXINFOS = gnupg1.texi
man_MANS = $(myman_pages) gnupg.7 gpg-zip.1
@@ -83,12 +79,6 @@ dist-hook:
@if test "`wc -c < gpg.1`" -lt 200; then \
echo 'ERROR: dummy man page'; false; fi
-# Copy shared files from the master branch. We keep the texinfo files
-# all in master so that we need to modify only one source. Macros are
-# used to customize them for a specific version.
update-source:
- @set -e; cd $(srcdir); \
- for i in $(sources_from_trunk) yat2m.c ; do \
- echo "updating from master:doc/$$i" >&2 ; \
- git show master:doc/$$i >$$i ; \
- done
+ @echo Not anymore used - we now keep docs for 1.x separate
+ @echo from GnuPG-2.
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 8ea8199..ea6851c 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1,4 +1,4 @@
- at c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ @c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
@c 2008, 2009, 2010 Free Software Foundation, Inc.
@c This is part of the GnuPG manual.
@c For copying conditions, see the file gnupg.texi.
@@ -14,6 +14,19 @@
@cindex command options
@cindex options, GPG command
+ at c Begin algorithm defaults
+
+ at ifclear gpgtwoone
+ at set DEFSYMENCALGO CAST5
+ at end ifclear
+
+ at ifset gpgtwoone
+ at set DEFSYMENCALGO AES128
+ at end ifset
+
+ at c End algorithm defaults
+
+
@c Begin GnuPG 1.x specific stuff
@ifset gpgone
@macro gpgname
@@ -217,7 +230,7 @@ decrypted via a secret key or a passphrase).
@itemx -c
@opindex symmetric
Encrypt with a symmetric cipher using a passphrase. The default
-symmetric cipher used is CAST5, but may be chosen with the
+symmetric cipher used is @value{DEFSYMENCALGO}, but may be chosen with the
@option{--cipher-algo} option. This option may be combined with
@option{--sign} (for a signed and symmetrically encrypted message),
@option{--encrypt} (for a message that may be decrypted via a secret key
@@ -408,8 +421,8 @@ removed first. In batch mode the key must be specified by fingerprint.
@opindex export
Either export all keys from all keyrings (default keyrings and those
registered via option @option{--keyring}), or if at least one name is given,
-those of the given name. The new keyring is written to STDOUT or to the
-file given with option @option{--output}. Use together with
+those of the given name. The exported keys are written to STDOUT or to the
+file given with option @option{--output}. Use together with
@option{--armor} to mail those keys.
@item --send-keys @code{key IDs}
@@ -424,14 +437,30 @@ or changed by you. If no key IDs are given, @command{gpg} does nothing.
@itemx --export-secret-subkeys
@opindex export-secret-keys
@opindex export-secret-subkeys
-Same as @option{--export}, but exports the secret keys instead. This is
-normally not very useful and a security risk. The second form of the
-command has the special property to render the secret part of the
-primary key useless; this is a GNU extension to OpenPGP and other
-implementations can not be expected to successfully import such a key.
+Same as @option{--export}, but exports the secret keys instead. The
+exported keys are written to STDOUT or to the file given with option
+ at option{--output}. This command is often used along with the option
+ at option{--armor} to allow easy printing of the key for paper backup;
+however the external tool @command{paperkey} does a better job for
+creating backups on paper. Note that exporting a secret key can be a
+security risk if the exported keys are send over an insecure channel.
+
+The second form of the command has the special property to render the
+secret part of the primary key useless; this is a GNU extension to
+OpenPGP and other implementations can not be expected to successfully
+import such a key. Its intended use is to generated a full key with
+an additional signing subkey on a dedicated machine and then using
+this command to export the key without the primary key to the main
+machine.
+
+ at ifset gpgtwoone
+GnuPG may ask you to enter the passphrase for the key. This is
+required because the internal protection method of the secret key is
+different from the one specified by the OpenPGP protocol.
+ at end ifset
@ifclear gpgtwoone
-See the option @option{--simple-sk-checksum} if you want to import such
-an exported key with an older OpenPGP implementation.
+See the option @option{--simple-sk-checksum} if you want to import an
+exported secret key into ancient OpenPGP implementations.
@end ifclear
@item --import
@@ -576,14 +605,36 @@ This section explains the main commands for key management
@table @gnupgtabopt
+ at ifset gpgtwoone
+ at item --quick-gen-key @code{user-id}
+ at opindex quick-gen-key
+This is simple command to generate a standard key with one user id.
+In contrast to @option{--gen-key} the key is generated directly
+without the need to answer a bunch of prompts. Unless the option
+ at option{--yes} is given, the key creation will be canceled if the
+given user id already exists in the key ring.
+
+If invoked directly on the console without any special options an
+answer to a ``Continue?'' style confirmation prompt is required. In
+case the user id already exists in the key ring a second prompt to
+force the creation of the key will show up.
+ at end ifset
+
@item --gen-key
@opindex gen-key
-Generate a new key pair. This command is normally only used
-interactively.
+Generate a new key pair using teh current default parameters. This is
+the standard command to create a new key.
-There is an experimental feature which allows you to create keys in
-batch mode. See the file @file{doc/DETAILS} in the source distribution
-on how to use this.
+ at ifset gpgtwoone
+ at item --full-gen-key
+ at opindex gen-key
+Generate a new key pair with dialogs for all options. This is an
+extended version of @option{--gen-key}.
+
+ at end ifset
+There is also a feature which allows you to create keys in batch
+mode. See the the manual section ``Unattended key generation'' on how
+to use this.
@item --gen-revoke @code{name}
@opindex gen-revoke
@@ -916,12 +967,14 @@ interaction. The @code{fpr} must be the verified primary fingerprint
of a key in the local keyring. If no @code{names} are given, all
useful user ids are signed; with given [@code{names}] only useful user
ids matching one of theses names are signed. The command
- at option{--quick-lsign-key} marks the signatures as non-exportable.
+ at option{--quick-lsign-key} marks the signatures as non-exportable. If
+such a non-exportable signature already exists the
+ at option{--quick-sign-key} turns it into a exportable signature.
This command uses reasonable defaults and thus does not provide the
full flexibility of the "sign" subcommand from @option{--edit-key}.
-Its intended use to help unattended signing using a list of verified
-fingerprints.
+Its intended use is to help unattended key signing by utilizing a list
+of verified fingerprints.
@end ifset
@ifclear gpgone
@@ -1063,6 +1116,13 @@ give the opposite meaning. The options are:
see @option{--attribute-fd} for the appropriate way to get photo data
for scripts and other frontends.
+ @item show-usage
+ @opindex list-options:show-usage
+ Show usage information for keys and subkeys in the standard key
+ listing. This is a list of letters indicating the allowed usage for a
+ key (@code{E}=encryption, @code{S}=signing, @code{C}=certification,
+ @code{A}=authentication). Defaults to no.
+
@item show-policy-urls
@opindex list-options:show-policy-urls
Show policy URLs in the @option{--list-sigs} or @option{--check-sigs}
@@ -1226,7 +1286,13 @@ use the specified keyring alone, use @option{--keyring} along with
@item --secret-keyring @code{file}
@opindex secret-keyring
+ at ifset gpgtwoone
+This is an obsolete option and ignored. All secret keys are stored in
+the @file{private-keys-v1.d} directory below the GnuPG home directory.
+ at end ifset
+ at ifclear gpgtwoone
Same as @option{--keyring} but for the secret keyrings.
+ at end ifclear
@item --primary-keyring @code{file}
@opindex primary-keyring
@@ -1436,7 +1502,7 @@ Set what trust model GnuPG should follow. The models are:
@item classic
@opindex trust-mode:classic
- This is the standard Web of Trust as used in PGP 2.x and earlier.
+ This is the standard Web of Trust as introduced by PGP 2.
@item direct
@opindex trust-mode:direct
@@ -2232,7 +2298,7 @@ to consider (e.g. @option{--symmetric}).
@item --s2k-cipher-algo @code{name}
@opindex s2k-cipher-algo
Use @code{name} as the cipher algorithm used to protect secret keys.
-The default cipher is CAST5. This cipher is also used for
+The default cipher is @value{DEFSYMENCALGO}. This cipher is also used for
conventional encryption if @option{--personal-cipher-preferences} and
@option{--cipher-algo} is not given.
@@ -2302,9 +2368,11 @@ behavior. Note that this is currently the same thing as
Reset all packet, cipher and digest options to strict RFC-2440
behavior.
+ at ifclear gpgtowone
@item --rfc1991
@opindex rfc1991
-Try to be more RFC-1991 (PGP 2.x) compliant.
+Try to be more RFC-1991 (PGP 2.x) compliant. This option is
+deprecated will be removed in GnuPG 2.1.
@item --pgp2
@opindex pgp2
@@ -2314,14 +2382,24 @@ a message that PGP 2.x will not be able to handle. Note that `PGP
2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x
available, but the MIT release is a good common baseline.
-This option implies @option{--rfc1991 --disable-mdc
---no-force-v4-certs --escape-from-lines --force-v3-sigs
+This option implies
+ at ifset gpgone
+ at option{--rfc1991 --disable-mdc --no-force-v4-certs
+ --escape-from-lines --force-v3-sigs
+ --cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
+ at end ifset
@ifclear gpgone
---allow-weak-digest-algos
+ at option{--rfc1991 --disable-mdc --no-force-v4-certs
+ --escape-from-lines --force-v3-sigs --allow-weak-digest-algos
+ --cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
+ at end ifclear
+It also disables @option{--textmode} when encrypting.
+
+This option is deprecated will be removed in GnuPG 2.1. The reason
+for dropping PGP-2 support is that the PGP 2 format is not anymore
+considered safe (for example due to the use of the broken MD5 algorithm).
+Note that the decryption of PGP-2 created messages will continue to work.
@end ifclear
---cipher-algo IDEA --digest-algo
-MD5--compress-algo ZIP}. It also disables @option{--textmode} when
-encrypting.
@item --pgp6
@opindex pgp6
@@ -3086,6 +3164,16 @@ files; They all live in in the current home directory (@pxref{option
@item ~/.gnupg/secring.gpg.lock
The lock file for the secret keyring.
+ @item ~/.gnupg/openpgp-revocs.d/
+ This is the directory where gpg stores pre-generated revocation
+ certificates. The file name corresponds to the OpenPGP fingerprint of
+ the respective key. It is suggested to backup those certificates and
+ if the primary private key is not stored on the disk to move them to
+ an external storage device. Anyone who can access theses files is
+ able to revoke the corresponding key. You may want to print them out.
+ You should backup all files in this directory and take care to keep
+ this backup closed away.
+
@item /usr[/local]/share/gnupg/options.skel
The skeleton options file.
@@ -3435,7 +3523,7 @@ sense. Although OpenPGP works with time intervals, GnuPG uses an
absolute value internally and thus the last year we can represent is
2105.
- at item Ceation-Date: @var{iso-date}
+ at item Creation-Date: @var{iso-date}
Set the creation date of the key as stored in the key information and
which is also part of the fingerprint calculation. Either a date like
"1986-04-26" or a full timestamp like "19860426T042640" may be used.
diff --git a/doc/yat2m.c b/doc/yat2m.c
index 2ac4390..f780952 100644
--- a/doc/yat2m.c
+++ b/doc/yat2m.c
@@ -87,6 +87,10 @@
detects the number of white spaces in front of an @item and remove
this number of spaces from all following lines until a new @item
is found or there are less spaces than for the last @item.
+
+ Note that @* does only work correctly if used at the end of an
+ input line.
+
*/
#include <stdio.h>
@@ -136,6 +140,9 @@ typedef struct macro_s *macro_t;
/* List of all defined macros. */
static macro_t macrolist;
+/* List of variables set by @set. */
+static macro_t variablelist;
+
/* List of global macro names. The value part is not used. */
static macro_t predefinedmacrolist;
@@ -375,8 +382,44 @@ set_macro (const char *macroname, char *macrovalue)
}
-/* Return true if the macro NAME is set, i.e. not the empty string and
- not evaluating to 0. */
+/* Create or update a variable with name and value given in NAMEANDVALUE. */
+static void
+set_variable (char *nameandvalue)
+{
+ macro_t m;
+ const char *value;
+ char *p;
+
+ for (p = nameandvalue; *p && *p != ' ' && *p != '\t'; p++)
+ ;
+ if (!*p)
+ value = "";
+ else
+ {
+ *p++ = 0;
+ while (*p == ' ' || *p == '\t')
+ p++;
+ value = p;
+ }
+
+ for (m=variablelist; m; m = m->next)
+ if (!strcmp (m->name, nameandvalue))
+ break;
+ if (m)
+ free (m->value);
+ else
+ {
+ m = xcalloc (1, sizeof *m + strlen (nameandvalue));
+ strcpy (m->name, nameandvalue);
+ m->next = variablelist;
+ variablelist = m;
+ }
+ m->value = xstrdup (value);
+}
+
+
+/* Return true if the macro or variable NAME is set, i.e. not the
+ empty string and not evaluating to 0. */
static int
macro_set_p (const char *name)
{
@@ -385,6 +428,10 @@ macro_set_p (const char *name)
for (m = macrolist; m ; m = m->next)
if (!strcmp (m->name, name))
break;
+ if (!m)
+ for (m = variablelist; m ; m = m->next)
+ if (!strcmp (m->name, name))
+ break;
if (!m || !m->value || !*m->value)
return 0;
if ((*m->value & 0x80) || !isdigit (*m->value))
@@ -664,8 +711,11 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
{ "table", 3 },
{ "itemize", 3 },
{ "bullet", 0, "* " },
+ { "*", 0, "\n.br"},
+ { "/", 0 },
{ "end", 4 },
{ "quotation",1, ".RS\n\\fB" },
+ { "value", 8 },
{ NULL }
};
size_t n;
@@ -741,11 +791,46 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
case 7:
ignore_args = 1;
break;
+ case 8:
+ ignore_args = 1;
+ if (*rest != '{')
+ {
+ err ("opening brace for command '%s' missing", command);
+ return len;
+ }
+ else
+ {
+ /* Find closing brace. */
+ for (s=rest+1, n=1; *s && n < len; s++, n++)
+ if (*s == '}')
+ break;
+ if (*s != '}')
+ {
+ err ("closing brace for command '%s' not found", command);
+ return len;
+ }
+ else
+ {
+ size_t len = s - (rest + 1);
+ macro_t m;
+
+ for (m = variablelist; m; m = m->next)
+ if (strlen (m->name) == len
+ &&!strncmp (m->name, rest+1, len))
+ break;
+ if (m)
+ fputs (m->value, fp);
+ else
+ inf ("texinfo variable '%.*s' is not set",
+ (int)len, rest+1);
+ }
+ }
+ break;
default:
break;
}
}
- else
+ else /* macro */
{
macro_t m;
@@ -1215,6 +1300,10 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
macrovalue = xmalloc ((macrovaluesize = 1024));
macrovalueused = 0;
}
+ else if (n == 4 && !memcmp (line, "@set", 4))
+ {
+ set_variable (p);
+ }
else if (n == 8 && !memcmp (line, "@manpage", 8))
{
free (*section_name);
@@ -1325,6 +1414,13 @@ top_parse_file (const char *fname, FILE *fp)
free (macrolist);
macrolist = next;
}
+ while (variablelist)
+ {
+ macro_t next = variablelist->next;
+ free (variablelist->value);
+ free (variablelist);
+ variablelist = next;
+ }
for (m=predefinedmacrolist; m; m = m->next)
set_macro (m->name, xstrdup ("1"));
cond_is_active = 1;
commit ad30b2a4ae06a51f747bbd8a3c0985333295f8c6
Author: Werner Koch <wk at gnupg.org>
Date: Thu Sep 25 09:47:28 2014 +0200
Allow use of --debug-level=LEVEL without '='.
* g10/gpg.c (opts): Fix "debug-level".
diff --git a/NEWS b/NEWS
index 5e12a86..6fb00cd 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
Noteworthy changes in version 1.4.19 (unreleased)
-------------------------------------------------
+ * Fix argument parsing for option --debug-level.
+
Noteworthy changes in version 1.4.18 (2014-06-30)
-------------------------------------------------
diff --git a/g10/gpg.c b/g10/gpg.c
index dbf2f40..1b0a364 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -518,7 +518,7 @@ static ARGPARSE_OPTS opts[] = {
{ oOptions, "options", 2, "@"},
{ oDebug, "debug" ,4|16, "@"},
{ oDebugAll, "debug-all" ,0, "@"},
- { oDebugLevel, "debug-level" ,0, "@"},
+ { oDebugLevel, "debug-level" ,2, "@"},
{ oStatusFD, "status-fd" ,1, "@"},
{ oStatusFile, "status-file" ,2, "@"},
{ oAttributeFD, "attribute-fd" ,1, "@" },
-----------------------------------------------------------------------
Summary of changes:
NEWS | 2 +
doc/Makefile.am | 16 +--
doc/gpg.texi | 384 ++++++++++++-------------------------------------------
doc/yat2m.c | 102 ++++++++++++++-
g10/gpg.c | 2 +-
5 files changed, 185 insertions(+), 321 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list