diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-18 21:21:05 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-18 21:21:05 +0000 |
| commit | e7fd617327ed9d30f093a78a016511ab5c984ba4 (patch) | |
| tree | bb534b4fd912969c90022ad00726253be891ad8a /doc/gpg-agent.texi | |
| parent | Releasing progress-linux version 2.2.40-3~progress7.99u1. (diff) | |
| download | gnupg2-e7fd617327ed9d30f093a78a016511ab5c984ba4.tar.xz gnupg2-e7fd617327ed9d30f093a78a016511ab5c984ba4.zip | |
Merging upstream version 2.2.43.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/gpg-agent.texi')
| -rw-r--r-- | doc/gpg-agent.texi | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 8766250..463b6a6 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -632,16 +632,10 @@ remote machine. @itemx --disable-extended-key-format @opindex enable-extended-key-format @opindex disable-extended-key-format -Since version 2.2.22 keys are created in the extended private key -format by default. Changing the passphrase of a key will also convert -the key to that new format. This key format is supported since GnuPG -version 2.1.12 and thus there should be no need to disable it. -Anyway, the disable option still allows to revert to the old behavior -for new keys; be aware that keys are never migrated back to the old -format. If the enable option has been used the disable option won't -have an effect. The advantage of the extended private key format is -that it is text based and can carry additional meta data. In extended -key format the OCB mode is used for key protection. +These options are obsolete and have no effect. The extended key format +is used for years now and has been supported since 2.1.12. Existing +keys in the old format are migrated to the new format as soon as they +are touched. @anchor{option --enable-ssh-support} @item --enable-ssh-support @@ -829,6 +823,17 @@ CRL checking for the root certificate. If validation of a certificate finally issued by a CA with this flag set fails, try again using the chain validation model. +@item qual +The CA is allowed to issue certificates for qualified signatures. +This flag has an effect only if used in the global list. This is now +the preferred way to mark such CA; the old way of having a separate +file @file{qualified.txt} is still supported. + +@item de-vs +The CA is part of an approved PKI for the German classification level +VS-NfD. It is only valid in the global trustlist. As of now this is +used only for documentation purpose. + @end table |