« back to all changes in this revision
Viewing changes to doc/gnupg.info-1
- browse files at revision 16
- compare with another revision
- download diff
- download tarball
- view history from revision 16
- Committer: Bazaar Package Importer
- Author(s): Michael Bienia
- Date: 2007-05-15 13:54:55 UTC
- mfrom: (1.1.8 upstream)
- Revision ID: james.westby@ubuntu.com-20070515135455-89qfyalmgjy6gcqw
Tags: 2.0.4-1ubuntu1
* Merge from debian unstable, remaining changes:
- Remove libpcsclite-dev, libopensc2-dev build dependencies (they are in
universe).
- Build-depend on libcurl3-gnutls-dev
- g10/call-agent.c: set DBG_ASSUAN to 0 to suppress a debug message
- Include /doc files as done with gnupg
- debian/rules: add doc/com-certs.pem to the docs for gpgsm
- debian/copyright: update download url
- debian/README.Debian: remove note the gnupg2 isn't released yet.
- debian/control: Change Maintainer/XSBC-Original-Maintainer field.
- Remove libpcsclite-dev, libopensc2-dev build dependencies (they are in
universe).
- Build-depend on libcurl3-gnutls-dev
- g10/call-agent.c: set DBG_ASSUAN to 0 to suppress a debug message
- Include /doc files as done with gnupg
- debian/rules: add doc/com-certs.pem to the docs for gpgsm
- debian/copyright: update download url
- debian/README.Debian: remove note the gnupg2 isn't released yet.
- debian/control: Change Maintainer/XSBC-Original-Maintainer field.
- files added:
- doc/gnupg-logo.eps
- files removed:
- doc/gnupg-badge-openpgp.eps
- files modified:
- ABOUT-NLS
added
removed
doc/gnupg.info-1
1
1
This is gnupg.info, produced by makeinfo version 4.8 from gnupg.texi.
2
2
3
This is the `The GNU Privacy Guard Manual' (version 2.0.3, 8
4
December 2006).
3
This is the `The GNU Privacy Guard Manual' (version 2.0.4,
4
May 2007).
5
5
6
Copyright (C) 2002, 2004, 2005, 2006 Free Software Foundation, Inc.
6
Copyright (C) 2002, 2004, 2005, 2006, 2007 Free Software Foundation,
7
Inc.
7
8
8
9
Permission is granted to copy, distribute and/or modify this
9
10
document under the terms of the GNU General Public License as
23
24
Using the GNU Privacy Guard
24
25
***************************
25
26
26
This is the `The GNU Privacy Guard Manual' (version 2.0.3, 8 December
27
2006).
27
This is the `The GNU Privacy Guard Manual' (version 2.0.4, May 2007).
28
28
29
Copyright (C) 2002, 2004, 2005, 2006 Free Software Foundation, Inc.
29
Copyright (C) 2002, 2004, 2005, 2006, 2007 Free Software Foundation,
30
Inc.
30
31
31
32
Permission is granted to copy, distribute and/or modify this
32
33
document under the terms of the GNU General Public License as
49
50
50
51
* Helper Tools:: Description of small helper tools
51
52
53
* Howtos:: How to do certain things.
52
54
* System Notes:: Notes pertaining to certain OSes.
53
55
* Debugging:: How to solve problems
54
56
56
58
how you can copy and share GnuPG
57
59
* Contributors:: People who have contributed to GnuPG.
58
60
59
* Glossary:: Short descrition of used terms.
61
* Glossary:: Short description of terms used.
60
62
* Option Index:: Index to command line options.
61
63
* Index:: Index of concepts and symbol names.
62
64
324
326
`-c'
325
327
`--csh'
326
328
Format the info output in daemon mode for use with the standard
327
Bourne shell respective the C-shell . The default ist to guess it
329
Bourne shell respective the C-shell . The default is to guess it
328
330
based on the environment variable `SHELL' which is in almost all
329
331
cases sufficient.
330
332
520
522
521
523
As a special feature a line `include-default' will include a global
522
524
list of trusted certificates (e.g. `/etc/gnupg/trustlist.txt').
523
This global list is also used if the local list ios not available.
525
This global list is also used if the local list is not available.
524
526
525
527
`sshcontrol'
526
528
This file is used when support for the secure shell agent protocol
1776
1778
`-q, --quiet'
1777
1779
Try to be as quiet as possible.
1778
1780
1781
`--batch'
1782
`--no-batch'
1783
Use batch mode. Never ask, do not allow interactive commands.
1784
`--no-batch' disables this option.
1785
1786
`--no-tty'
1787
Make sure that the TTY (terminal) is never used for any output.
1788
This option is needed in some cases because GnuPG sometimes prints
1789
warnings to the TTY even if `--batch' is used.
1790
1791
`--yes'
1792
Assume "yes" on most questions.
1793
1794
`--no'
1795
Assume "no" on most questions.
1796
1779
1797
`--list-options `parameters''
1780
1798
This is a space or comma delimited string that gives options used
1781
1799
when listing keys and signatures (that is, `--list-keys',
2611
2629
message modification attack.
2612
2630
2613
2631
`--personal-cipher-preferences `string''
2614
Set the list of personal cipher preferences to `string', this list
2615
should be a string similar to the one printed by the command
2616
"pref" in the edit menu. This allows the user to factor in their
2617
own preferred algorithms when algorithms are chosen via recipient
2618
key preferences. The most highly ranked cipher in this list is
2619
also used for the `--symmetric' encryption command.
2632
Set the list of personal cipher preferences to `string'. Use
2633
`gpg2 --version' to get a list of available algorithms, and use
2634
`none' to set no preference at all. This allows the user to
2635
factor in their own preferred algorithms when algorithms are chosen
2636
via recipient key preferences. The most highly ranked cipher in
2637
this list is also used for the `--symmetric' encryption command.
2620
2638
2621
2639
`--personal-digest-preferences `string''
2622
Set the list of personal digest preferences to `string', this list
2623
should be a string similar to the one printed by the command
2624
"pref" in the edit menu. This allows the user to factor in their
2625
own preferred algorithms when algorithms are chosen via recipient
2626
key preferences. The most highly ranked digest algorithm in this
2627
list is algo used when signing without encryption (e.g.
2628
`--clearsign' or `--sign'). The default value is SHA-1.
2640
Set the list of personal digest preferences to `string'. Use
2641
`gpg2 --version' to get a list of available algorithms, and use
2642
`none' to set no preference at all. This allows the user to
2643
factor in their own preferred algorithms when algorithms are chosen
2644
via recipient key preferences. The most highly ranked digest
2645
algorithm in this list is algo used when signing without encryption
2646
(e.g. `--clearsign' or `--sign'). The default value is SHA-1.
2629
2647
2630
2648
`--personal-compress-preferences `string''
2631
Set the list of personal compression preferences to `string', this
2632
list should be a string similar to the one printed by the command
2633
"pref" in the edit menu. This allows the user to factor in their
2634
own preferred algorithms when algorithms are chosen via recipient
2635
key preferences. The most highly ranked algorithm in this list is
2636
also used when there are no recipient keys to consider (e.g.
2637
`--symmetric').
2649
Set the list of personal compression preferences to `string'. Use
2650
`gpg2 --version' to get a list of available algorithms, and use
2651
`none' to set no preference at all. This allows the user to
2652
factor in their own preferred algorithms when algorithms are
2653
chosen via recipient key preferences. The most highly ranked
2654
compression algorithm in this list is algo used when there are no
2655
recipient keys to consider (e.g. `--symmetric').
2638
2656
2639
2657
`--s2k-cipher-algo `name''
2640
2658
Use `name' as the cipher algorithm used to protect secret keys.
3572
3590
Export the private key and the certificate identified by KEY-ID in
3573
3591
a PKCS#12 format. When using along with the `--armor' option a few
3574
3592
informational lines are prepended to the output. Note, that the
3575
PKCS#12 format is higly insecure and this command is only provided
3576
if there is no other way to exchange the private key.
3593
PKCS#12 format is not very secure and this command is only
3594
provided if there is no other way to exchange the private key.
3595
(*note option --p12-charset::)
3577
3596
3578
3597
`--import [FILES]'
3579
3598
Import the certificates from the PEM or binary encoded files as
3739
3758
`--assume-binary'
3740
3759
Assume the input data is binary encoded.
3741
3760
3761
`--p12-charset NAME'
3762
`gpgsm' uses the UTF-8 encoding when encoding passphrases for
3763
PKCS#12 files. This option may be used to force the passphrase to
3764
be encoded in the specified encoding NAME. This is useful if the
3765
application used to import the key uses a different encoding and
3766
thus won't be able to import a file generated by `gpgsm'. Commonly
3767
used values for NAME are `Latin1' and `CP850'. Note that `gpgsm'
3768
itself automagically imports any file with a passphrase encoded to
3769
the most commonly used encodings.
3770
3742
3771
`--local-user USER_ID'
3743
3772
3744
3773
`-u USER_ID'
4547
4576
verbose mode to get a list of available readers. The default is
4548
4577
then the first reader found.
4549
4578
4579
To get a list of available CCID readers you may use this command:
4580
echo scd getinfo reader_list | gpg-connect-agent --decode | awk '/^D/ {print $2}'
4581
4550
4582
`--disable-keypad'
4551
4583
Even if a card reader features a keypad, do not try to use it.
4552
4584
5051
5083
data.
5052
5084
5053
5085
5054
File: gnupg.info, Node: Helper Tools, Next: System Notes, Prev: Specify a User ID, Up: Top
5086
File: gnupg.info, Node: Helper Tools, Next: Howtos, Prev: Specify a User ID, Up: Top
5055
5087
5056
5088
7 Helper Tools
5057
5089
**************
5858
5890
assuan server in extended mode to allow descriptor passing. This
5859
5891
option makes it use the old mode.
5860
5892
5893
`--hex'
5894
Print data lines in a hex format and the ASCII representation of
5895
non-control characters.
5896
5897
`--decode'
5898
Decode data lines. That is to remove percent escapes but make
5899
sure that a new line always starts with a D and a space.
5900
5861
5901
5862
5902
5863
5903
File: gnupg.info, Node: Controlling gpg-connect-agent, Prev: Invoking gpg-connect-agent, Up: gpg-connect-agent
5895
5935
`/recvfd'
5896
5936
Not yet implemented.
5897
5937
5938
`/hex'
5939
`/nohex'
5940
Same as the command line option `--hex'.
5941
5942
`/decode'
5943
`/nodecode'
5944
Same as the command line option `--decode'.
5945
5898
5946
`/help'
5899
5947
Print a list of available control commands.
5900
5948
5996
6044
5997
6045
5998
6046
5999
File: gnupg.info, Node: System Notes, Next: Debugging, Prev: Helper Tools, Up: Top
6000
6001
8 Notes pertaining to certain OSes.
6047
File: gnupg.info, Node: Howtos, Next: System Notes, Prev: Helper Tools, Up: Top
6048
6049
8 How to do certain things
6050
**************************
6051
6052
This is a collection of small howto documents.
6053
6054
* Menu:
6055
6056
* Howto Create a Server Cert:: Creating a TLS server certificate.
6057
6058
6059
File: gnupg.info, Node: Howto Create a Server Cert, Up: Howtos
6060
6061
8.1 Creating a TLS server certificate
6062
=====================================
6063
6064
Here is a brief run up on how to create a server certificate. It has
6065
actually been done this way to get a certificate from CAcert to be used
6066
on a real server. It has only been tested with this CA, but there
6067
shouldn't be any problem to run this against any other CA.
6068
6069
Before you start, make sure that gpg-agent is running. As there is
6070
no need for a configuration file, you may simply enter:
6071
6072
$ gpgsm-gencert.sh >a.p10
6073
Key type
6074
[1] RSA
6075
[2] Existing key
6076
[3] Direct from card
6077
Your selection: 1
6078
You selected: RSA
6079
6080
I opted for creating a new RSA key. The other option is to use an
6081
already existing key, by selecting `2' and entering the so-called
6082
keygrip. Running the command `gpgsm --dump-secret-key USERID' shows
6083
you this keygrip. Using `3' offers another menu to create a
6084
certificate directly from a smart card based key.
6085
6086
Let's continue:
6087
6088
Key length
6089
[1] 1024
6090
[2] 2048
6091
Your selection: 1
6092
You selected: 1024
6093
6094
The script offers two common key sizes. With the current setup of
6095
CAcert, it does not make much sense to use a 2k key; their policies need
6096
to be revised anyway (a CA root key valid for 30 years is not really
6097
serious).
6098
6099
Key usage
6100
[1] sign, encrypt
6101
[2] sign
6102
[3] encrypt
6103
Your selection: 1
6104
You selected: sign, encrypt
6105
6106
We want to sign and encrypt using this key. This is just a suggestion
6107
and the CA may actually assign other key capabilities.
6108
6109
Now for some real data:
6110
6111
Name (DN)
6112
> CN=kerckhoffs.g10code.com
6113
6114
This is the most important value for a server certificate. Enter here
6115
the canonical name of your server machine. You may add other virtual
6116
server names later.
6117
6118
E-Mail addresses (end with an empty line)
6119
>
6120
6121
We don't need email addresses in a server certificate and CAcert
6122
would anyway ignore such a request. Thus just hit enter.
6123
6124
If you want to create a client certificate for email encryption, this
6125
would be the place to enter your mail address (e.g. <joe@example.org>).
6126
You may enter as many addresses as you like, however the CA may not
6127
accept them all or reject the entire request.
6128
6129
DNS Names (optional; end with an empty line)
6130
> www.g10code.com
6131
DNS Names (optional; end with an empty line)
6132
> ftp.g10code.com
6133
DNS Names (optional; end with an empty line)
6134
>
6135
6136
Here I entered the names of the servers which actually run on the
6137
machine given in the DN above. The browser will accept a certificate for
6138
any of these names. As usual the CA must approve all of these names.
6139
6140
URIs (optional; end with an empty line)
6141
>
6142
6143
It is possible to insert arbitrary URIs into a certificate; for a
6144
server certificate this does not make sense.
6145
6146
We have now entered all required information and `gpgsm' will
6147
display what it has gathered and ask whether to create the certificate
6148
request:
6149
6150
Parameters for certificate request to create:
6151
1 Key-Type: RSA
6152
2 Key-Length: 1024
6153
3 Key-Usage: sign, encrypt
6154
4 Name-DN: CN=kerckhoffs.g10code.com
6155
5 Name-DNS: www.g10code.com
6156
6 Name-DNS: ftp.g10code.com
6157
6158
Really create such a CSR?
6159
[1] yes
6160
[2] no
6161
Your selection: 1
6162
You selected: yes
6163
6164
`gpgsm' will now start working on creating the request. As this
6165
includes the creation of an RSA key it may take a while. During this
6166
time you will be asked 3 times for a passphrase to protect the created
6167
private key on your system. A pop up window will appear to ask for it.
6168
The first two prompts are for the new passphrase and for re-entering it;
6169
the third one is required to actually create the certificate signing
6170
request.
6171
6172
When it is ready, you should see the final notice:
6173
6174
gpgsm: certificate request created
6175
6176
Now, you may look at the created request:
6177
6178
$ cat a.p10
6179
-----BEGIN CERTIFICATE REQUEST-----
6180
MIIBnzCCAQgCAQAwITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCB
6181
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVyg
6182
HtB7kr+YISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlS
6183
wFTALLX78GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkm
6184
Bj5cNy+YMbGVldECAwEAAaA+MDwGCSqGSIb3DQEJDjEvMC0wKwYDVR0RBCQwIoIP
6185
d3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5jb20wDQYJKoZIhvcNAQEFBQAD
6186
gYEAzBRIi8KTfKyebOlMtDN6oDYBOv+r9A4w3u/Z1ikjffaiN1Bmd2o9Ez9KXKHA
6187
IezLeSEA/rGUPN5Ur5qIJnRNQ8xrS+iLftr8msWQSZppVnA/vnqMrtqBUpitqAr0
6188
eYBmt1Uem2Y3UFABrKPglv2xzgGkrKX6AqmFoOnJWQ0QcTw=
6189
-----END CERTIFICATE REQUEST-----
6190
$
6191
6192
You may now proceed by logging into your account at the CAcert
6193
website, choose `Server Certificates - New', check `sign by class 3 root
6194
certificate', paste the above request block into the text field and
6195
click on `Submit'.
6196
6197
If everything works out fine, a certificate will be shown. Now run
6198
6199
$ gpgsm --import
6200
6201
and paste the certificate from the CAcert page into your terminal
6202
followed by a Ctrl-D
6203
6204
-----BEGIN CERTIFICATE-----
6205
MIIEIjCCAgqgAwIBAgIBTDANBgkqhkiG9w0BAQQFADBUMRQwEgYDVQQKEwtDQWNl
6206
cnQgSW5jLjEeMBwGA1UECxMVaHR0cDovL3d3dy5DQWNlcnQub3JnMRwwGgYDVQQD
6207
ExNDQWNlcnQgQ2xhc3MgMyBSb290MB4XDTA1MTAyODE2MjA1MVoXDTA3MTAyODE2
6208
MjA1MVowITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCBnzANBgkq
6209
hkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVygHtB7kr+Y
6210
ISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlSwFTALLX7
6211
8GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkmBj5cNy+Y
6212
MbGVldECAwEAAaOBtTCBsjAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUF
6213
BwMCBggrBgEFBQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMAsGA1UdDwQEAwIF
6214
oDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2Vy
6215
dC5vcmcwKwYDVR0RBCQwIoIPd3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5j
6216
b20wDQYJKoZIhvcNAQEEBQADggIBAAj5XAHCtzQR8PV6PkQBgZqUCbcfxGO/ZIp9
6217
aIT6J2z0Jo1OZI6KmConbqnZG9WyDlV5P7msQXW/Z9nBfoj4KSmNR8G/wtb8ClJn
6218
W8s75+K3ZLq1UgEyxBDrS7GjtbVaj7gsfZsuiQzxmk9lbl1gbkpJ3VEMjwVCTMlM
6219
fpjp8etyPhUZqOZaoKVaq//KTOsjhPMwz7TcfOkHvXketPrWTcefJQU7NKLH16D3
6220
mZAwnBxp3P51H6E6VG8AoJO8xCBuVwsbXKEf/FW+tmKG9pog6CaZQ9WibROTtnKj
6221
NJjSBsrUk5C+JowO/EyZRGm6R1tlok8iFXj+2aimyeBqDcxozNmFgh9F3S5u0wK0
6222
6cfYgkPVMHxgwV3f3Qh+tJkgLExN7KfO9hvpZqAh+CLQtxVmvpxEVEXKR6nwBI5U
6223
BaseulvVy3wUfg2daPkG17kDDBzQlsWC0BRF8anH+FWSrvseC3nS0a9g3sXF1Ic3
6224
gIqeAMhkant1Ac3RR6YCWtJKr2rcQNdDAxXK35/gUSQNCi9dclEzoOgjziuA1Mha
6225
94jYcvGKcwThn0iITVS5hOsCfaySBLxTzfIruLbPxXlpWuCW/6I/7YyivppKgEZU
6226
rUTFlNElRXCwIl0YcJkIaYYqWf7+A/aqYJCi8+51usZwMy3Jsq3hJ6MA3h1BgwZs
6227
Rtct3tIX
6228
-----END CERTIFICATE-----
6229
gpgsm: issuer certificate (#/CN=CAcert Class 3 Ro[...]) not found
6230
gpgsm: certificate imported
6231
6232
gpgsm: total number processed: 1
6233
gpgsm: imported: 1
6234
6235
gpgsm tells you that it has imported the certificate. It is now
6236
associated with the key you used when creating the request. The root
6237
certificate has not been found, so you may want to import it from the
6238
CACert website.
6239
6240
To see the content of your certificate, you may now enter:
6241
6242
$ gpgsm -K kerckhoffs.g10code.com
6243
/home/foo/.gnupg/pubring.kbx
6244
---------------------------
6245
Serial number: 4C
6246
Issuer: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.[...]
6247
Subject: /CN=kerckhoffs.g10code.com
6248
aka: (dns-name www.g10code.com)
6249
aka: (dns-name ftp.g10code.com)
6250
validity: 2005-10-28 16:20:51 through 2007-10-28 16:20:51
6251
key type: 1024 bit RSA
6252
key usage: digitalSignature keyEncipherment
6253
ext key usage: clientAuth (suggested), serverAuth (suggested), [...]
6254
fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:19:D8:E9:65:B9:BD:4F:B1:98:CC:57
6255
6256
I used `-K' above because this will only list certificates for which
6257
a private key is available. To see more details, you may use
6258
`--dump-secret-keys' instead of `-K'.
6259
6260
To make actual use of the certificate you need to install it on your
6261
server. Server software usally expects a PKCS\#12 file with key and
6262
certificate. To create such a file, run:
6263
6264
$ gpgsm --export-secret-key-p12 -a >kerckhoffs-cert.pem
6265
6266
You will be asked for the passphrase as well as for a new passphrase
6267
to be used to protect the PKCS\#12 file. The file now contains the
6268
certificate as well as the private key:
6269
6270
$ cat kerckhoffs-cert.pem
6271
Issuer ...: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.CA[...]
6272
Serial ...: 4C
6273
Subject ..: /CN=kerckhoffs.g10code.com
6274
aka ..: (dns-name www.g10code.com)
6275
aka ..: (dns-name ftp.g10code.com)
6276
6277
-----BEGIN PKCS12-----
6278
MIIHlwIBAzCCB5AGCSqGSIb37QdHAaCCB4EEggd9MIIHeTk1BJ8GCSqGSIb3DQEu
6279
[...many more lines...]
6280
-----END PKCS12-----
6281
$
6282
6283
Copy this file in a secure way to the server, install it there and
6284
delete the file then. You may export the file again at any time as long
6285
as it is available in GnuPG's private key database.
6286
6287
6288
File: gnupg.info, Node: System Notes, Next: Debugging, Prev: Howtos, Up: Top
6289
6290
9 Notes pertaining to certain OSes.
6002
6291
***********************************
6003
6292
6004
6293
GnuPG has been developed on GNU/Linux systems and is know to work on
6051
6340
6052
6341
File: gnupg.info, Node: W32 Notes, Up: System Notes
6053
6342
6054
8.1 Microsoft Windows Notes
6343
9.1 Microsoft Windows Notes
6055
6344
===========================
6056
6345
6057
6346
The port to Microsoft Windows based OSes is pretty new and has some
6089
6378
6090
6379
File: gnupg.info, Node: Debugging, Next: Copying, Prev: System Notes, Up: Top
6091
6380
6092
9 How to solve problems
6093
***********************
6381
10 How to solve problems
6382
************************
6094
6383
6095
6384
Everyone knows that software often does not do what it should do and
6096
6385
thus there is a need to track down problems. We call this debugging in
6110
6399
6111
6400
File: gnupg.info, Node: Debugging Tools, Next: Common Problems, Up: Debugging
6112
6401
6113
9.1 Debugging Tools
6114
===================
6402
10.1 Debugging Tools
6403
====================
6115
6404
6116
6405
The GnuPG distribution comes with a couple of tools, useful to help find
6117
6406
and solving problems.
6123
6412
6124
6413
File: gnupg.info, Node: kbxutil, Up: Debugging Tools
6125
6414
6126
9.1.1 Scrutinizing a keybox file
6127
--------------------------------
6415
10.1.1 Scrutinizing a keybox file
6416
---------------------------------
6128
6417
6129
6418
A keybox is a file fomat used to store public keys along with meta
6130
6419
information and indices. The commonly used one is the file
6168
6457
6169
6458
File: gnupg.info, Node: Common Problems, Next: Architecture Details, Prev: Debugging Tools, Up: Debugging
6170
6459
6171
9.2 Commonly Seen Problems
6172
==========================
6460
10.2 Commonly Seen Problems
6461
===========================
6173
6462
6174
6463
* Error code `Not supported' from Dirmngr
6175
6464
6244
6533
6245
6534
File: gnupg.info, Node: Architecture Details, Prev: Common Problems, Up: Debugging
6246
6535
6247
9.3 How the whole thing works internally.
6248
=========================================
6536
10.3 How the whole thing works internally.
6537
==========================================
6249
6538
6250
6539
* Menu:
6251
6540
6254
6543
6255
6544
File: gnupg.info, Node: gpg 1.4 vs. 1.9, Up: Architecture Details
6256
6545
6257
9.3.1 Relationship between the two branches.
6258
--------------------------------------------
6546
10.3.1 Relationship between the two branches.
6547
---------------------------------------------
6259
6548
6260
6549
Here is a little picture showing how the components work together:
6261
6550
6757
7046
to a CRL. It is described in `RFC 2560'.
6758
7047
6759
7048
6760
6761
File: gnupg.info, Node: Option Index, Next: Index, Prev: Glossary, Up: Top
6762
6763
Option Index
6764
************
6765
6766
�[index�]
6767
* Menu:
6768
6769
* --enarmor: Operational GPG Commands.
6770
(line 280)
6771
* -a: Input and Output. (line 8)
6772
* -u: Input and Output. (line 26)
6773
* agent-program: Configuration Options.
6774
(line 34)
6775
* allow-admin: Scdaemon Options. (line 147)
6776
* allow-mark-trusted: Agent Options. (line 138)
6777
* armor <1>: Input and Output. (line 8)
6778
* armor: GPG Input and Output.
6779
(line 8)
6780
* assume-armor: Input and Output. (line 14)
6781
* assume-base64: Input and Output. (line 18)
6782
* assume-binary: Input and Output. (line 21)
6783
* base64: Input and Output. (line 11)
6784
* batch: Agent Options. (line 33)
6785
* c: Agent Options. (line 112)
6786
* call-dirmngr: Operational GPGSM Commands.
6787
(line 27)
6788
* call-protect-tool: Operational GPGSM Commands.
6789
(line 41)
6790
* card-edit: Operational GPG Commands.
6791
(line 134)
6792
* card-status: Operational GPG Commands.
6793
(line 140)
6794
* change-pin: Operational GPG Commands.
6795
(line 143)
6796
* check-sigs: Operational GPG Commands.
6797
(line 120)
6798
* check-trustdb: Operational GPG Commands.
6799
(line 233)
6800
* cipher-algo: CMS Options. (line 13)
6801
* clearsign: Operational GPG Commands.
6802
(line 15)
6803
* csh: Agent Options. (line 112)
6804
* ctapi-driver: Scdaemon Options. (line 124)
6805
* daemon <1>: Scdaemon Commands. (line 31)
6806
* daemon: Agent Commands. (line 27)
6807
* debug <1>: Scdaemon Options. (line 55)
6808
* debug <2>: Esoteric Options. (line 38)
6809
* debug <3>: GPG Esoteric Options.
6810
(line 22)
6811
* debug: Agent Options. (line 65)
6812
* debug-all <1>: Scdaemon Options. (line 87)
6813
* debug-all <2>: Esoteric Options. (line 72)
6814
* debug-all: Agent Options. (line 97)
6815
* debug-allow-core-dump <1>: Scdaemon Options. (line 104)
6816
* debug-allow-core-dump: Esoteric Options. (line 75)
6817
* debug-disable-ticker: Scdaemon Options. (line 100)
6818
* debug-ignore-expiration: Esoteric Options. (line 86)
6819
* debug-level <1>: Scdaemon Options. (line 28)
6820
* debug-level <2>: Esoteric Options. (line 15)
6821
* debug-level: Agent Options. (line 42)
6822
* debug-no-chain-validation: Esoteric Options. (line 82)
6823
* debug-wait <1>: Scdaemon Options. (line 90)
6824
* debug-wait: Agent Options. (line 100)
6825
* decrypt <1>: Operational GPGSM Commands.
6826
(line 11)
6827
* decrypt: Operational GPG Commands.
6828
(line 48)
6829
* decrypt-files: Operational GPG Commands.
6830
(line 83)
6831
* default-cache-ttl: Agent Options. (line 149)
6832
* default-key: GPG Configuration Options.
6833
(line 10)
6834
* default-keyserver-url: GPG Esoteric Options.
6835
(line 420)
6836
* default-preference-list: GPG Esoteric Options.
6837
(line 415)
6838
* default-recipient: GPG Configuration Options.
6839
(line 15)
6840
* default-recipient-self: GPG Configuration Options.
6841
(line 19)
6842
* delete-key: Operational GPG Commands.
6843
(line 148)
6844
* delete-keys: Certificate Management.
6845
(line 55)
6846
* delete-secret-and-public-key: Operational GPG Commands.
6847
(line 157)
6848
* delete-secret-key: Operational GPG Commands.
6849
(line 153)
6850
* deny-admin: Scdaemon Options. (line 147)
6851
* desig-revoke: OpenPGP Key Management.
6852
(line 21)
6853
* detach-sign: Operational GPG Commands.
6854
(line 23)
6855
* dirmnr-program: Configuration Options.
6856
(line 40)
6857
* disable-application: Scdaemon Options. (line 154)
6858
* disable-ccid: Scdaemon Options. (line 129)
6859
* disable-crl-checks: Certificate Options. (line 13)
6860
* disable-keypad: Scdaemon Options. (line 143)
6861
* disable-ocsp: Certificate Options. (line 41)
6862
* disable-policy-checks: Certificate Options. (line 8)
6863
* disable-scdaemon: Agent Options. (line 191)
6864
* disable-trusted-cert-crl-check: Certificate Options. (line 19)
6865
* display: Agent Options. (line 213)
6866
* dry-run: GPG Esoteric Options.
6867
(line 8)
6868
* dump-cert: Certificate Management.
6869
(line 31)
6870
* dump-chain: Certificate Management.
6871
(line 35)
6872
* dump-external-keys: Certificate Management.
6873
(line 42)
6874
* dump-keys: Certificate Management.
6875
(line 31)
6876
* dump-options <1>: Scdaemon Commands. (line 18)
6877
* dump-options <2>: General GPGSM Commands.
6878
(line 18)
6879
* dump-options <3>: General GPG Commands.
6880
(line 19)
6881
* dump-options: Agent Commands. (line 19)
6882
* dump-secret-keys: Certificate Management.
6883
(line 38)
6884
* edit-key: OpenPGP Key Management.
6885
(line 26)
6886
* enable-crl-checks: Certificate Options. (line 13)
6887
* enable-ocsp: Certificate Options. (line 41)
6888
* enable-policy-checks: Certificate Options. (line 8)
6889
* enable-ssh-support: Agent Options. (line 223)
6890
* enable-trusted-cert-crl-check: Certificate Options. (line 19)
6891
* enarmor: Operational GPG Commands.
6892
(line 280)
6893
* encrypt <1>: Operational GPGSM Commands.
6894
(line 7)
6895
* encrypt: Operational GPG Commands.
6896
(line 27)
6897
* encrypt-files: Operational GPG Commands.
6898
(line 80)
6899
* exec: Invoking gpg-connect-agent.
6900
(line 38)
6901
* export <1>: Certificate Management.
6902
(line 58)
6903
* export: Operational GPG Commands.
6904
(line 162)
6905
* export-ownertrust: Operational GPG Commands.
6906
(line 248)
6907
* export-secret-keys: Operational GPG Commands.
6908
(line 177)
6909
* export-secret-subkeys: Operational GPG Commands.
6910
(line 177)
6911
* faked-system-time <1>: Esoteric Options. (line 7)
6912
* faked-system-time: Agent Options. (line 37)
6913
* fetch-keys: Operational GPG Commands.
6914
(line 218)
6915
* fingerprint: Operational GPG Commands.
6916
(line 123)
6917
* fixed-list-mode: GPG Input and Output.
6918
(line 117)
6919
* fixed-passphrase: Esoteric Options. (line 91)
6920
* force: watchgnupg. (line 22)
6921
* force-crl-refresh: Certificate Options. (line 30)
6922
* forget: Invoking gpg-preset-passphrase.
6923
(line 21)
6924
* gen-key <1>: Certificate Management.
6925
(line 7)
6926
* gen-key: OpenPGP Key Management.
6927
(line 9)
6928
* gen-prime: Operational GPG Commands.
6929
(line 274)
6930
* gen-random: Operational GPG Commands.
6931
(line 268)
6932
* gen-revoke: OpenPGP Key Management.
6933
(line 17)
6934
* gnupg: OpenPGP Options. (line 104)
6935
* gpgconf-list: GPG Esoteric Options.
6936
(line 433)
6937
* gpgconf-test: GPG Esoteric Options.
6938
(line 437)
6939
* help <1>: watchgnupg. (line 31)
6940
* help <2>: Scdaemon Commands. (line 14)
6941
* help <3>: General GPGSM Commands.
6942
(line 11)
6943
* help <4>: General GPG Commands.
6944
(line 12)
6945
* help: Agent Commands. (line 15)
6946
* hidden-recipient: GPG Key related Options.
6947
(line 14)
6948
* homedir <1>: Invoking symcryptrun.
6949
(line 38)
6950
* homedir <2>: Invoking gpg-connect-agent.
6951
(line 22)
6952
* homedir <3>: gpgv. (line 53)
6953
* homedir <4>: Scdaemon Options. (line 13)
6954
* homedir <5>: Configuration Options.
6955
(line 16)
6956
* homedir <6>: GPG Configuration Options.
6957
(line 196)
6958
* homedir: Agent Options. (line 13)
6959
* ignore-cache-for-signing: Agent Options. (line 143)
6960
* ignore-time-conflict: gpgv. (line 47)
6961
* import <1>: Certificate Management.
6962
(line 70)
6963
* import: Operational GPG Commands.
6964
(line 187)
6965
* import-ownertrust: Operational GPG Commands.
6966
(line 253)
6967
* include-certs: CMS Options. (line 7)
6968
* interactive: GPG Esoteric Options.
6969
(line 19)
6970
* keep-display: Agent Options. (line 218)
6971
* keep-tty: Agent Options. (line 218)
6972
* keydb-clear-some-cert-flags: Certificate Management.
6973
(line 47)
6974
* keyedit:addcardkey: OpenPGP Key Management.
6975
(line 97)
6976
* keyedit:addkey: OpenPGP Key Management.
6977
(line 94)
6978
* keyedit:addphoto: OpenPGP Key Management.
6979
(line 74)
6980
* keyedit:addrevoker: OpenPGP Key Management.
6981
(line 127)
6982
* keyedit:adduid: OpenPGP Key Management.
6983
(line 71)
6984
* keyedit:bkuptocard: OpenPGP Key Management.
6985
(line 111)
6986
* keyedit:check: OpenPGP Key Management.
6987
(line 159)
6988
* keyedit:clean: OpenPGP Key Management.
6989
(line 207)
6990
* keyedit:cross-certify: OpenPGP Key Management.
6991
(line 221)
6992
* keyedit:delkey: OpenPGP Key Management.
6993
(line 122)
6994
* keyedit:delsig: OpenPGP Key Management.
6995
(line 86)
6996
* keyedit:deluid: OpenPGP Key Management.
6997
(line 81)
6998
* keyedit:disable: OpenPGP Key Management.
6999
(line 67)
7000
* keyedit:enable: OpenPGP Key Management.
7001
(line 67)
7002
* keyedit:expire: OpenPGP Key Management.
7003
(line 135)
7004
* keyedit:key: OpenPGP Key Management.
7005
(line 155)
7006
* keyedit:keyserver: OpenPGP Key Management.
7007
(line 189)
7008
* keyedit:keytocard: OpenPGP Key Management.
7009
(line 100)
7010
* keyedit:lsign: OpenPGP Key Management.
7011
(line 38)
7012
* keyedit:minimize: OpenPGP Key Management.
7013
(line 216)
7014
* keyedit:notation: OpenPGP Key Management.
7015
(line 196)
7016
* keyedit:nrsign: OpenPGP Key Management.
7017
(line 43)
7018
* keyedit:passwd: OpenPGP Key Management.
7019
(line 140)
7020
* keyedit:pref: OpenPGP Key Management.
7021
(line 165)
7022
* keyedit:primary: OpenPGP Key Management.
7023
(line 143)
7024
* keyedit:quit: OpenPGP Key Management.
7025
(line 230)
7026
* keyedit:revkey: OpenPGP Key Management.
7027
(line 132)
7028
* keyedit:revsig: OpenPGP Key Management.
7029
(line 57)
7030
* keyedit:revuid: OpenPGP Key Management.
7031
(line 91)
7032
* keyedit:save: OpenPGP Key Management.
7033
(line 227)
7034
* keyedit:setpref: OpenPGP Key Management.
7035
(line 177)
7036
* keyedit:showphoto: OpenPGP Key Management.
7037
(line 162)
7038
* keyedit:showpref: OpenPGP Key Management.
7039
(line 169)
7040
* keyedit:sign: OpenPGP Key Management.
7041
(line 31)
7042
* keyedit:toggle: OpenPGP Key Management.
7043
(line 204)
7044
* keyedit:trust: OpenPGP Key Management.
7045
(line 62)
7046
* keyedit:tsign: OpenPGP Key Management.
7047
(line 47)
7048
* keyedit:uid: OpenPGP Key Management.
7049
(line 151)
7050
* keyring: gpgv. (line 34)
7051
* lc-messages: Agent Options. (line 213)
7052
* lc-type: Agent Options. (line 213)
7053
* learn-card: Certificate Management.
7054
(line 75)
7055
* list-chain: Certificate Management.
7056
(line 27)
7057
* list-config: GPG Esoteric Options.
7058
(line 425)
7059
* list-keys <1>: Certificate Management.
7060
(line 12)
7061
* list-keys: Operational GPG Commands.
7062
(line 88)
7063
* list-options: GPG Configuration Options.
7064
(line 38)
7065
* list-options:show-notations: GPG Configuration Options.
7066
(line 57)
7067
* list-options:show-photos: GPG Configuration Options.
7068
(line 46)
7069
* list-options:show-policy-urls: GPG Configuration Options.
7070
(line 51)
7071
* list-options:show-std-notations: GPG Configuration Options.
7072
(line 57)
7073
* list-options:show-user-notations: GPG Configuration Options.
7074
(line 57)
7075
* list-packets: Operational GPG Commands.
7076
(line 130)
7077
* list-secret-keys <1>: Certificate Management.
7078
(line 19)
7079
* list-secret-keys: Operational GPG Commands.
7080
(line 98)
7081
* list-sigs: Operational GPG Commands.
7082
(line 104)
7083
* local-user <1>: Input and Output. (line 26)
7084
* local-user: GPG Key related Options.
7085
(line 63)
7086
* log-file <1>: Invoking symcryptrun.
7087
(line 46)
7088
* log-file <2>: Scdaemon Options. (line 114)
7089
* log-file <3>: Configuration Options.
7090
(line 55)
7091
* log-file: Agent Options. (line 134)
7092
* logger-fd: gpgv. (line 44)
7093
* lsign-key: OpenPGP Key Management.
7094
(line 265)
7095
* mangle-dos-filenames: GPG Configuration Options.
7096
(line 267)
7097
* max-cache-ttl: Agent Options. (line 157)
7098
* max-cache-ttl-ssh: Agent Options. (line 162)
7099
* max-output: GPG Input and Output.
7100
(line 19)
7101
* min-passphrase-len: Agent Options. (line 168)
7102
* multi-server: Scdaemon Commands. (line 26)
7103
* multifile: Operational GPG Commands.
7104
(line 69)
7105
* no-default-recipient: GPG Configuration Options.
7106
(line 25)
7107
* no-detach <1>: Scdaemon Options. (line 110)
7108
* no-detach: Agent Options. (line 105)
7109
* no-ext-connect: Invoking gpg-connect-agent.
7110
(line 44)
7111
* no-grab: Agent Options. (line 130)
7112
* no-mangle-dos-filenames: GPG Configuration Options.
7113
(line 267)
7114
* no-secmem-warning: Configuration Options.
7115
(line 51)
7116
* no-use-standard-socket: Agent Options. (line 198)
7117
* no-verbose: GPG Configuration Options.
7118
(line 32)
7119
* openpgp: OpenPGP Options. (line 112)
7120
* options <1>: Scdaemon Options. (line 7)
7121
* options <2>: Configuration Options.
7122
(line 10)
7123
* options: Agent Options. (line 7)
7124
* output <1>: Input and Output. (line 36)
7125
* output: GPG Input and Output.
7126
(line 16)
7127
* passphrase: Invoking gpg-preset-passphrase.
7128
(line 32)
7129
* passwd: Certificate Management.
7130
(line 80)
7131
* pcsc-driver: Scdaemon Options. (line 118)
7132
* pgp2: OpenPGP Options. (line 127)
7133
* pgp6: OpenPGP Options. (line 141)
7134
* pgp7: OpenPGP Options. (line 152)
7135
* pgp8: OpenPGP Options. (line 158)
7136
* pinentry-program: Agent Options. (line 173)
7137
* pinentry-touch-file: Agent Options. (line 177)
7138
* policy-file: Configuration Options.
7139
(line 31)
7140
* prefer-system-dirmngr: Configuration Options.
7141
(line 46)
7142
* preset: Invoking gpg-preset-passphrase.
7143
(line 17)
7144
* print-atr: Scdaemon Commands. (line 35)
7145
* print-md: Operational GPG Commands.
7146
(line 263)
7147
* q <1>: Invoking symcryptrun.
7148
(line 35)
7149
* q <2>: Invoking gpg-connect-agent.
7150
(line 19)
7151
* q: Agent Options. (line 30)
7152
* quiet <1>: Invoking symcryptrun.
7153
(line 35)
7154
* quiet <2>: Invoking gpg-connect-agent.
7155
(line 19)
7156
* quiet <3>: gpgv. (line 31)
7157
* quiet <4>: GPG Configuration Options.
7158
(line 35)
7159
* quiet: Agent Options. (line 30)
7160
* raw-socket: Invoking gpg-connect-agent.
7161
(line 31)
7162
* reader-port: Scdaemon Options. (line 135)
7163
* rebuild-keydb-caches: Operational GPG Commands.
7164
(line 257)
7165
* recipient <1>: Input and Output. (line 31)
7166
* recipient: GPG Key related Options.
7167
(line 8)
7168
* recv-keys: Operational GPG Commands.
7169
(line 196)
7170
* refresh-keys: Operational GPG Commands.
7171
(line 200)
7172
* rfc1991: OpenPGP Options. (line 124)
7173
* rfc2440: OpenPGP Options. (line 119)
7174
* S: Invoking gpg-connect-agent.
7175
(line 31)
7176
* s: Agent Options. (line 112)
7177
* scdaemon-program: Agent Options. (line 186)
7178
* search-keys: Operational GPG Commands.
7179
(line 209)
7180
* send-keys: Operational GPG Commands.
7181
(line 169)
7182
* server <1>: Scdaemon Commands. (line 22)
7183
* server <2>: Operational GPGSM Commands.
7184
(line 24)
7185
* server: Agent Commands. (line 23)
7186
* sh: Agent Options. (line 112)
7187
* sign <1>: Operational GPGSM Commands.
7188
(line 16)
7189
* sign: Operational GPG Commands.
7190
(line 8)
7191
* sign-key: OpenPGP Key Management.
7192
(line 261)
7193
* status-fd: gpgv. (line 40)
7194
* store: Operational GPG Commands.
7195
(line 44)
7196
* symmetric: Operational GPG Commands.
7197
(line 35)
7198
* ttyname: Agent Options. (line 213)
7199
* ttytype: Agent Options. (line 213)
7200
* update-trustdb: Operational GPG Commands.
7201
(line 223)
7202
* use-standard-socket: Agent Options. (line 198)
7203
* v <1>: Scdaemon Options. (line 23)
7204
* v <2>: Configuration Options.
7205
(line 26)
7206
* v: Agent Options. (line 23)
7207
* verbose <1>: Invoking symcryptrun.
7208
(line 30)
7209
* verbose <2>: Invoking gpg-connect-agent.
7210
(line 14)
7211
* verbose <3>: Invoking gpg-preset-passphrase.
7212
(line 28)
7213
* verbose <4>: gpgv. (line 26)
7214
* verbose <5>: watchgnupg. (line 25)
7215
* verbose <6>: Scdaemon Options. (line 23)
7216
* verbose <7>: Configuration Options.
7217
(line 26)
7218
* verbose <8>: GPG Configuration Options.
7219
(line 28)
7220
* verbose: Agent Options. (line 23)
7221
* verify <1>: Operational GPGSM Commands.
7222
(line 20)
7223
* verify: Operational GPG Commands.
7224
(line 56)
7225
* verify-files: Operational GPG Commands.
7226
(line 77)
7227
* version <1>: watchgnupg. (line 28)
7228
* version <2>: Scdaemon Commands. (line 10)
7229
* version <3>: General GPGSM Commands.
7230
(line 7)
7231
* version <4>: General GPG Commands.
7232
(line 7)
7233
* version: Agent Commands. (line 10)
7234
* warranty <1>: General GPGSM Commands.
7235
(line 15)
7236
* warranty: General GPG Commands.
7237
(line 16)
7238
* with-colons: GPG Input and Output.
7239
(line 109)
7240
* with-ephemeral-keys: Esoteric Options. (line 12)
7241
* with-fingerprint: GPG Input and Output.
7242
(line 121)
7243
* with-key-data: Input and Output. (line 39)
7244
* with-validation: Input and Output. (line 45)
7245
* write-env-file: Agent Options. (line 118)
7246
Loggerhead is a web-based interface for Breezy
Version: 2.0.1