Old and new FAQs

A.M. Kuchling amk at amk.ca
Sun Sep 8 04:24:41 CEST 2013

I took a look at the question titles in the existing and proposed new
FAQs, assuming that we'd want to start from the new FAQ and
cherry-pick bits from the old FAQ, since portions of it are obsolete,
rather than the other way around.

What I thought:

* We can ignore the old FAQ's 'Compatibility Issues' and 'Problems
  and Error Messages' sections; it's not clear if any of them apply
  to GPG 2.0, and we'd have to figure out what error messages are
  currently relevant.

* The old FAQ had an empty 'Bug reporting and hacking' section; the new
  FAQ should have a brief entry for that.

* Some old FAQ questions that seemed worth examining further and
  possibly incorporating in the new FAQ:

** What is the difference between options and commands?

(three related questions)
** I can't delete a user ID on my secret keyring because it has
   already been deleted on my public keyring. What can I do?
** I can't delete my secret key because the public key disappeared.  What can I do?
** I still have my secret key, but lost my public key. What can I do?
   gpgsplit not installed by my MacOS binary installation.

** How do I sign a patch file?
** How can I get rid of the Version and Comment headers in armored messages?
   (answer is outdated; correct answer for gpg2 is --no-version --no-comments)
** What does the "You are using the xxxx character set." mean?
** How can I get list of key IDs used to encrypt a message? (answer still works)
** How can I use GnuPG in an automated environment?
** Clearsigned messages sent from my web-mail account have an invalid signature. Why?

Some of these may actually be addressed in the new FAQ; I haven't
actually read the entry texts yet.  I've included the question lists
below, so that others can compare them and suggest other topics that
should or shouldn't be included.

(BTW, I'm happy to take this discussion back to gnupg-doc if it's too
off-topic or gets too high-traffic for gnupg-devel.)


Old FAQ:

* Welcome
** What conventions are used in this FAQ?
* General Questions
** What is GnuPG?
** Is GnuPG compatible with PGP?
** Is GnuPG free to use for personal or commercial use?
* Sources of Information
** Where can I find more information on GnuPG?
** Where do I get GnuPG?
* Installation
** Which OSes does GnuPG run on?
** Which random data gatherer should I use?
** How do I include support for RSA and IDEA?
* Usage
** What is the recommended key size?
** Why does it sometimes take so long to create keys?
** And it really takes long when I work on a remote system. Why?
** What is the difference between options and commands?
** I can't delete a user ID on my secret keyring because it has already been deleted on my public keyring. What can I do?
** I can't delete my secret key because the public key disappeared.  What can I do?
** What are trust, validity and ownertrust?
** How do I sign a patch file?
** Where is the "encrypt-to-self" option?
** How can I get rid of the Version and Comment headers in armored messages?
** What does the "You are using the xxxx character set." mean?
** How can I get list of key IDs used to encrypt a message?
** Why can't I decrypt files encrypted as symmetrical-only (-c) with a version of GnuPG prior to 1.0.1.
** How can I use GnuPG in an automated environment?
** Which email-client can I use with GnuPG?
** Can't we have a gpg library?
** I have successfully generated a revocation certificate, but I don't understand how to send it to the key servers.
** How do I put my keyring in a different directory?
** How do I verify signed packages?
** How do I export a keyring with only selected signatures (keys)?
** I still have my secret key, but lost my public key. What can I do?
** Clearsigned messages sent from my web-mail account have an invalid signature. Why?
* Compatibility Issues
** How can I encrypt a message with GnuPG so that PGP is able to decrypt it?
** How do I migrate from PGP 2.x to GnuPG?
** Why is PGP 5.x not able to encrypt messages with some keys?
** Why is PGP 5.x not able to verify my messages?
** How do I transfer owner trust values from PGP to GnuPG?
** PGP does not like my secret key.
** GnuPG no longer installs a ~/.gnupg/options file. Is it missing?
** How do you export GnuPG keys for use with PGP?
** What are DH/DSS keys?
* Problems and Error Messages
** Why do I get "gpg: Warning: using insecure memory!"
** Large File Support doesn't work
** In the edit menu the trust values are not displayed correctly after signing uids. Why?
** What does "skipping pubkey 1: already loaded" mean?
** GnuPG 1.0.4 doesn't create ~/.gnupg ...
** An Elgamal signature does not verify anymore since version 1.0.2
** Old versions of GnuPG can't verify Elgamal signatures
** When I use --clearsign, the plain text has sometimes extra dashes in it - why?
** What is the thing with "can't handle multiple signatures"?
** If I submit a key to a keyserver, nothing happens
** I get "gpg: waiting for lock ..."
** Older gpg binaries (e.g., 1.0) have problems with keys from newer gpg binaries
** With 1.0.4, I get "this cipher algorithm is deprecated ..."
** Some dates are displayed as ????-??-??. Why?
** I still have a problem. How do I report a bug?
** Why doesn't GnuPG support X.509 certificates?
** Why do national characters in my user ID look funny?
** I get 'sed' errors when running ./configure on Mac OS X ...
** Why does GnuPG 1.0.6 bail out on keyrings used with 1.0.7?
** I upgraded to GnuPG version 1.0.7 and now it takes longer to load my keyrings. What can I do?
** Doesn't a fully trusted user ID on a key prevent warning messages when encrypting to other IDs on the key?
** I just compiled GnuPG from source on my GNU/Linux RPM-based system and it's not working. Why?
* Advanced Topics
** How does this whole thing work?
** Why are some signatures with an ELG-E key valid?
** How does the whole trust thing work?
** What kind of output is this: "key C26EE891.298, uid 09FB: ...."?
** How do I interpret some of the informational outputs?
** Are the header lines of a cleartext signature part of the signed material?
** What is the list of preferred algorithms?
** How do I change the list of preferred algorithms?
** How can I import all the missing signer keys?
* Bug reporting and hacking
** Copyright assignments
** U.S. export restrictions
* Acknowledgements
* Changes

New FAQ:

    <section name="Foreword" id="foreword">
      <section name="Trademark notice" id="trademarks"/>
      <section name="Creative Commons license" id="documentation_license"/>
      <section name="Disclaimer of liability" id="liability"/>
    <section name="Welcome" id="welcome">
      <section name="What conventions are used in this FAQ?" id="conventions"/>
      <section name="Who maintains this FAQ?" id="maintainer"/>
      <section name="Is this the official GnuPG FAQ?" id="is_it_official"/>
      <section name="When was this FAQ last checked for accuracy?" id="last_checked"/>
    <section name="General questions" id="general">
      <section name="What’s GnuPG?" id="whats_gnupg"/>
      <section name="How do I pronounce GnuPG?" id="pronunciation"/>
      <section name="Is it compatible with Symantec’s PGP?" id="compatible"/>
      <section name="Which operating systems does it run on?" id="oses"/>
      <section name="How much does it cost?" id="free_as_in_beer"/>
      <section name="From where can I download it…" id="get_gnupg">
        <section name="… for Microsoft Windows?" id="get_gnupg_win32"/>
	      <section name="… for Mac OS X?" id="get_gnupg_osx"/>
	      <section name="… for Linux?" id="get_gnupg_linux">
	        <section name="… for Debian GNU/Linux?" id="get_gnupg_debian"/>
	        <section name="… for OpenSUSE?" id="get_gnupg_opensuse"/>
	        <section name="… for Fedora?" id="get_gnupg_fedora"/>
	        <section name="… for CentOS or RHEL?" id="get_gnupg_centos"/>
	        <section name="… for Ubuntu?" id="get_gnupg_ubuntu"/>
	        <section name="… for Slackware?" id="get_gnupg_slack"/>
	        <section name="… for Gentoo?" id="get_gnupg_gentoo"/>
	      <section name="… for FreeBSD?" id="get_gnupg_freebsd"/>
      <section name="Is there source code available for it?" id="source_code"/>
      <section name="What’s Free Software, and why does it matter?" id="gpl"/>
      <section name="How can I donate money to the GnuPG project?" id="donate"/>
    <section name="Where can I get more information?" id="more_info">
      <section name="How can I spot the charlatans?" id="fraudsters"/>
      <section name="What are some useful mailing lists?" id="mailing_lists">
	      <section name="The GnuPG-Users mailing list" id="gnupg-users_list"/>
	      <section name="The Enigmail mailing list" id="enigmail_list"/>
	      <section name="PGP-Basics" id="pgp-basics_list"/>
	      <section name="PGPNET" id="pgpnet_list"/>
      <section name="What are some useful webpages?" id="webpages">
	      <section name="Where can I find the homepage for…" id="homepages">
	        <section name="… GnuPG?" id="gnupg_homepage"/>
	        <section name="… Enigmail?" id="enigmail_homepage"/>
	        <section name="… GPGTools?" id="gpgtools_homepage"/>
	        <section name="… GPG4WIN?" id="gpg4win_homepage"/>
	      <section name="Where can I find webpages covering…" id="pages_about">
	        <section name="… an easy introduction to cryptography?" id="pages_about_introduction_to_crypto"/>
	        <section name="… the deeper mathematics of cryptography?" id="pages_about_cryptographic_mathematics"/>
	        <section name="… best practices for using GnuPG?" id="pages_about_best_practices"/>
	        <section name="… the politics of cryptography?" id="pages_about_politics"/>
    <section name="What email clients support GnuPG on…" id="email_clients">
      <section name="… Microsoft Windows?" id="email_clients_win32"/>
      <section name="… Mac OS X?" id="email_clients_osx"/>
      <section name="… Linux or FreeBSD?" id="email_clients_linux"/>
    <section name="Is GnuPG available as a ‘portable app’?" id="portable_app"/>
    <section name="What do all these strange words mean?" id="glossary">
      <section name="What’s ‘public-key cryptography’?" id="define_asymc"/>
      <section name="What’s ‘symmetric cryptography’?" id="define_symc"/>
      <section name="What’s a ‘key’?" id="define_key"/>
      <section name="What’s a ‘certificate’?" id="define_certificate"/>
      <section name="What’s RSA?" id="define_rsa"/>
      <section name="What’s DSA?" id="define_dsa"/>
      <section name="What’s Elgamal?" id="define_elgamal"/>
      <section name="What’s AES?" id="define_aes"/>
      <section name="What are Twofish and Blowfish?" id="define_fish"/>
      <section name="What’s 3DES?" id="define_3des"/>
      <section name="What’s Camellia?" id="define_camellia"/>
      <section name="What are SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 and SHA-3?" id="define_sha"/>
      <section name="What’s MD5?" id="define_md5"/>
      <section name="What are CAST, CAST5, and CAST5-128?" id="define_cast"/>
      <section name="What are ZLIB, ZIP and BZIP?" id="define_compress"/>
      <section name="What’s a ‘revocation certificate’?" id="define_rev_cert"/>
      <section name="What’s a ‘designated revoker’?" id="define_desig_revkr"/>
      <section name="What does ‘validity’ mean?" id="define_validity"/>
      <section name="What does ‘trust’ mean?" id="define_trust"/>
      <section name="What does ‘ownertrust’ mean?" id="define_ownertrust"/>
    <section name="How do I start using GnuPG?" id="starting_out">
      <section name="Does GnuPG need to be ‘tuned’ before use?" id="tuning"/>
      <section name="How large should my key be?" id="new_key_size"/>
      <section name="What algorithm should I use?" id="new_key_algo"/>
      <section name="Why does it take so long to generate a certificate?" id="new_key_generate_time"/>
      <section name="What should I do after making my certificate?" id="new_key_after_generation">
        <section name="How do I appoint a designated revoker?" id="appoint_revoker"/>
        <section name="How do I generate a revocation certificate?" id="generate_revocation_certificate"/>
        <section name="How do I send my certificate to the keyserver network?" id="send_to_keyservers"/>
      <section name="Where does GnuPG look for configuration options?" id="location_gpg_conf_file"/>
      <section name="What options should I put in my configuration file?" id="new_user_gpg_conf"/>
      <section name="Is there any particular keyserver I should use?" id="new_user_default_keyserver"/>
      <section name="What’s the difference between an ‘option’ and a ‘command’?" id="diff_option_commands"/>
      <section name="What are the most commonly used options?" id="common_options"/>
      <section name="What are the most commonly used commands?" id="common_commands"/>
      <section name="How do I use another person’s certificate?" id="using_certificates">
        <section name="How do I search the keyserver for someone’s certificate?" id="searching_keyservers"/>
        <section name="How do I retrieve a certificate if I already know its fingerprint?" id="retrieving_by_fingerprint"/>
        <section name="Why do I need to validate certificates?" id="why_validate"/>
        <section name="How do I validate certificates?" id="how_to_validate"/>
      <section name="Why can’t I read emails I’ve sent, and how do I fix it?" id="encrypt_to_self"/>
      <section name="How do I encrypt a file for multiple recipients?" id="multiple_recipients"/>
      <section name="How do I sign a file with multiple certificates?" id="multiple_signers"/>
      <section name="How do I combine encryption with signing?" id="encrypt_and_sign"/>
      <section name="How do I force GnuPG to make printable-text output?" id="ascii_armor"/>
      <section name="How do I create an ‘inline signature’?" id="generate_inline_signature"/>
      <section name="I’m a programmer and I need a GnuPG library.  Is there one?" id="yes_gpgme"/>
      <section name="I’m a programmer and I need a way to call GnuPG internals directly.  Is there a library for this?" id="keep_dreaming"/>
    <section name="What common problems come up?" id="common_problems">
      <section name="Why is GnuPG warning me this certificate might not belong to whom I think it does?" id="you_need_to_validate"/>
      <section name="Why is GnuPG warning me about using insecure memory?" id="insecure_memory"/>
      <section name="Why is GnuPG changing my message?" id="escaped_dashes"/>
    <section name="What are some common best practices?" id="best_practices">
      <section name="How can I choose a strong passphrase?" id="strong_passphrase"/>
      <section name="How can I keep my revocation certificate safe?" id="keep_rev_cert_safe"/>
      <section name="How can I keep my computer safe from malware?" id="malware"/>
      <section name="Should I use encrypted disk software like TrueCrypt, BitLocker or FileVault?" id="disk_encryption"/>
    <section name="Advanced topics" id="advanced_topics">
      <section name="Why does GnuPG use RSA-2048 by default?" id="default_rsa2048"/>
      <section name="Do other high-security applications use RSA-2048?" id="rsa2048_in_the_real_world"/>
      <section name="Why doesn’t GnuPG default to using RSA-4096?" id="no_default_of_rsa4096"/>
      <section name="Why do people advise against using RSA-4096?" id="please_use_ecc"/>
      <section name="Why does GnuPG support RSA-4096 if it’s such a bad idea?" id="not_a_bad_idea_just_unnecessary"/>
      <section name="Can any of the ciphers in GnuPG be brute-forced?" id="brute_force"/>
      <section name="Has GnuPG ever been successfully attacked?" id="successful_attacks"/>
      <section name="Should I use PGP/MIME for my emails?" id="use_pgpmime"/>
      <section name="What are the best algorithms in GnuPG?" id="no_best_algo"/>
      <section name="Why is my DSA key limited to 3072 bits?" id="no_dsa4096"/>
      <section name="Why does my DSA-1024 key use a different digest algorithm than my DSA-2048 or DSA-3072 key?" id="hash_widths_in_dsa"/>

More information about the Gnupg-devel mailing list