~ubuntu-branches/ubuntu/hardy/gnupg/hardy-updates

« back to all changes in this revision

Viewing changes to doc/gpg.sgml

Committer: Bazaar Package Importer
Author(s): Martin Pitt
Date: 2006-11-03 09:18:26 UTC
mto: This revision was merged to the branch mainline in revision 11.
Revision ID: james.westby@ubuntu.com-20061103091826-89kwl8tk1xypbmtk

Tags: upstream-1.4.5

Import upstream version 1.4.5

files added:
checks/armor.test

m4/noexecstack.m4

po/nb.gmo

po/nb.po

tools/make-dns-cert.c

files removed:
keyserver/gpgkeys_http.c

keyserver/gpgkeys_oldhkp.c

files modified:
AUTHORS

ChangeLog

Makefile.in

NEWS

README

THANKS

TODO

VERSION

acinclude.m4

aclocal.m4

checks/ChangeLog

checks/Makefile.am

checks/Makefile.in

checks/mds.test

checks/sigs.test

cipher/ChangeLog

cipher/Makefile.in

cipher/algorithms.h

cipher/dsa.c

cipher/md.c

cipher/rsa.c

cipher/sha256.c

config.h.in

configure

configure.ac

doc/ChangeLog

doc/DETAILS

doc/Makefile.in

doc/gpg.1

doc/gpg.info

doc/gpg.sgml

doc/gpg.texi

doc/gpgv.info

doc/samplekeys.asc

g10/ChangeLog

g10/Makefile.am

g10/Makefile.in

g10/app-openpgp.c

g10/armor.c

g10/build-packet.c

g10/cardglue.c

g10/decrypt.c

g10/encode.c

g10/encr-data.c

g10/exec.c

g10/getkey.c

g10/gpg.c

g10/import.c

g10/keydb.h

g10/keyedit.c

g10/keygen.c

g10/keyserver.c

g10/main.h

g10/mainproc.c

g10/openfile.c

g10/options.h

g10/options.skel

g10/parse-packet.c

g10/passphrase.c

g10/photoid.c

g10/pkclist.c

g10/plaintext.c

g10/sign.c

g10/verify.c

gnupg.spec

include/ChangeLog

include/cipher.h

include/iobuf.h

keyserver/ChangeLog

keyserver/Makefile.am

keyserver/Makefile.in

keyserver/curl-shim.c

keyserver/gpgkeys_curl.c

keyserver/gpgkeys_hkp.c

keyserver/gpgkeys_ldap.c

keyserver/ksutil.c

keyserver/ksutil.h

m4/ChangeLog

m4/Makefile.am

m4/Makefile.in

m4/libcurl.m4

m4/tar-ustar.m4

mpi/Makefile.in

po/ChangeLog

po/LINGUAS

po/be.gmo

po/be.po

po/ca.gmo

po/ca.po

po/cs.gmo

po/cs.po

po/da.gmo

po/da.po

po/de.gmo

po/de.po

po/el.gmo

po/el.po

po/en@boldquot.gmo

po/en@boldquot.po

po/en@quot.gmo

po/en@quot.po

po/eo.gmo

po/eo.po

po/es.gmo

po/es.po

po/et.gmo

po/et.po

po/fi.gmo

po/fi.po

po/fr.gmo

po/fr.po

po/gl.gmo

po/gl.po

po/gnupg.pot

po/hu.gmo

po/hu.po

po/id.gmo

po/id.po

po/it.gmo

po/it.po

po/ja.gmo

po/ja.po

po/pl.gmo

po/pl.po

po/pt.gmo

po/pt.po

po/pt_BR.gmo

po/pt_BR.po

po/ro.gmo

po/ro.po

po/ru.gmo

po/ru.po

po/sk.gmo

po/sk.po

po/sv.gmo

po/sv.po

po/tr.gmo

po/tr.po

po/zh_CN.gmo

po/zh_CN.po

po/zh_TW.gmo

po/zh_TW.po

scripts/ChangeLog

scripts/w32installer.nsi

tools/ChangeLog

tools/Makefile.am

tools/Makefile.in

util/ChangeLog

util/Makefile.am

util/Makefile.in

util/http.c

util/iobuf.c

util/memory.c

util/miscutil.c

util/secmem.c

zlib/Makefile.in

Show diffs side-by-side

added added

removed removed

doc/gpg.sgml

120

121

<term>--clearsign &OptParmFile;</term>

122

123

Make a clear text signature.

123

Make a clear text signature. The content in a clear text signature is

124

readable without any special software. OpenPGP software is only

125

needed to verify the signature. Clear text signatures may modify

126

end-of-line whitespace for platform independence and are not intended

127

to be reversible.

124

128

</para></listitem></varlistentry>

125

129

126

130

554

558

that is no longer usable (e.g. revoked, or expired). Then, remove any

555

559

signatures that are not usable by the trust calculations.

556

560

Specifically, this removes any signature that does not validate, any

557

signature that is superceded by a later signature, revoked signatures,

561

signature that is superseded by a later signature, revoked signatures,

558

562

and signatures issued by keys that are not present on the keyring.

559

563

</para></listitem></varlistentry>

560

564

1719

1723

</para></listitem></varlistentry>

1720

1724

1721

1725

1726

<term>--enable-dsa2</term>

1727

<term>--disable-dsa2</term>

1728

1729

Enables new-style DSA keys which (unlike the old style) may be larger

1730

than 1024 bit and use hashes other than SHA-1 and RIPEMD/160. Note

1731

that very few programs currently support these keys and signatures

1732

from them.

1733

</para></listitem></varlistentry>

1734

1735

1736

1722

1737

<term>--show-photos</term>

1723

1738

<term>--no-show-photos</term>

1724

1739

2159

2174

2160

2175

<term>--cipher-algo &ParmName;</term>

2161

2176

2162

Use &ParmName; as cipher algorithm. Running the program

2163

with the command --version yields a list of supported

2164

algorithms. If this is not used the cipher algorithm is

2165

selected from the preferences stored with the key.

2177

Use &ParmName; as cipher algorithm. Running the program with the

2178

command --version yields a list of supported algorithms. If this is

2179

not used the cipher algorithm is selected from the preferences stored

2180

with the key. In general, you do not want to use this option as it

2181

allows you to violate the OpenPGP standard.

2182

--personal-cipher-preferences is the safe way to accomplish the same

2183

thing.

2166

2184

</para></listitem></varlistentry>

2167

2185

2168

2186

2170

2188

<term>--digest-algo &ParmName;</term>

2171

2189

2172

2190

Use &ParmName; as the message digest algorithm. Running the program

2173

with the command --version yields a list of supported algorithms.

2191

with the command --version yields a list of supported algorithms. In

2192

general, you do not want to use this option as it allows you to

2193

violate the OpenPGP standard. --personal-digest-preferences is the

2194

safe way to accomplish the same thing.

2174

2195

</para></listitem></varlistentry>

2175

2196

2176

2197

2193

2214

amount of memory while compressing and decompressing. This may be

2194

2215

significant in low memory situations. Note, however, that PGP (all

2195

2216

versions) only supports ZIP compression. Using any algorithm other

2196

than ZIP or "none" will make the message unreadable with PGP.

2217

than ZIP or "none" will make the message unreadable with PGP. In

2218

general, you do not want to use this option as it allows you to

2219

violate the OpenPGP standard. --personal-compress-preferences is the

2220

safe way to accomplish the same thing.

2197

2221

</para></listitem></varlistentry>

2198

2222

2199

2223

2340

2364

2341

2365

<term>--passphrase-fd &ParmN;</term>

2342

2366

2343

Read the passphrase from file descriptor &ParmN;. If you use 0 for

2344

&ParmN;, the passphrase will be read from stdin. This can only be

2345

used if only one passphrase is supplied.

2367

Read the passphrase from file descriptor &ParmN;. Only the first line

2368

will be read from file descriptor &ParmN;. If you use 0 for &ParmN;,

2369

the passphrase will be read from stdin. This can only be used if only

2370

one passphrase is supplied.

2346

2371

</para></listitem></varlistentry>

2347

2372

2348

2373

2349

2374

<term>--passphrase-file &ParmFile;</term>

2350

2375

2351

Read the passphrase from file &ParmFile;. This can only be used if

2352

only one passphrase is supplied. Obviously, a passphrase stored in a

2353

file is of questionable security if other users can read this file.

2354

Don't use this option if you can avoid it.

2376

Read the passphrase from file &ParmFile;. Only the first line will

2377

be read from file &ParmFile;. This can only be used if only one

2378

passphrase is supplied. Obviously, a passphrase stored in a file is

2379

of questionable security if other users can read this file. Don't use

2380

this option if you can avoid it.

2355

2381

</para></listitem></varlistentry>

2356

2382

2357

2383

2485

2511

Set up all options to be as PGP 8 compliant as possible. PGP 8 is a

2486

2512

lot closer to the OpenPGP standard than previous versions of PGP, so

2487

2513

all this does is disable --throw-keyids and set --escape-from-lines.

2488

All algorithms are allowed except for the SHA384 and SHA512 digests.

2514

All algorithms are allowed except for the SHA224, SHA384, and SHA512

2515

digests.

2489

2516

</para></listitem></varlistentry>

2490

2517

2491

2518

</variablelist></para></listitem></varlistentry>

2671

2698

warning means that your system is secure.

2672

2699

</para><para>

2673

2700

Note that the warning for unsafe --homedir permissions cannot be

2674

supressed in the gpg.conf file, as this would allow an attacker to

2675

place an unsafe gpg.conf file in place, and use this file to supress

2701

suppressed in the gpg.conf file, as this would allow an attacker to

2702

place an unsafe gpg.conf file in place, and use this file to suppress

2676

2703

warnings about itself. The --homedir permissions warning may only be

2677

supressed on the command line.

2704

suppressed on the command line.

2678

2705

</para></listitem></varlistentry>

2679

2706

2680

2707

2892

2919

2893

2920

Allow verification of concatenated signed messages. This will run a

2894

2921

signature verification for each data+signature block. There are some

2895

security issues with this option thus it is off by default. Note that

2896

versions of gpg rpior to version 1.4.3 implicityly allowed for this.

2922

security issues with this option and thus it is off by default. Note

2923

that versions of GPG prior to version 1.4.3 implicitly allowed this.

2897

2924

</para></listitem></varlistentry>

2898

2925

2899

2926

2989

3016

</para></listitem></varlistentry>

2990

3017

2991

3018

3019

<term>--default-keyserver-url &ParmName;</term>

3020

3021

Set the default keyserver URL to &ParmName;. This keyserver will be

3022

used as the keyserver URL when writing a new self-signature on a key,

3023

which includes key generation and changing preferences.

3024

</para></listitem></varlistentry>

3025

3026

2992

3027

<term>--list-config &OptParmNames;</term>

2993

3028

2994

3029

Display various internal configuration parameters of GnuPG. This

Older »