summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/DETAILS69
-rw-r--r--doc/Makefile.am6
-rw-r--r--doc/Makefile.in27
-rw-r--r--doc/defsincdate2
-rw-r--r--doc/dirmngr.texi28
-rw-r--r--doc/examples/VS-NfD.prf24
-rw-r--r--doc/gnupg-card-architecture.pdfbin19415 -> 19221 bytes
-rw-r--r--doc/gnupg-card-architecture.pngbin8829 -> 8843 bytes
-rw-r--r--doc/gnupg-module-overview.pdf445
-rw-r--r--doc/gnupg-module-overview.pngbin123361 -> 124560 bytes
-rw-r--r--doc/gnupg.info398
-rw-r--r--doc/gnupg.info-1396
-rw-r--r--doc/gnupg.info-2938
-rw-r--r--doc/gpg-agent.texi25
-rw-r--r--doc/gpg.texi92
-rw-r--r--doc/gpgsm.texi56
-rw-r--r--doc/scdaemon.texi3
-rw-r--r--doc/tools.texi14
-rw-r--r--doc/wks.texi10
19 files changed, 1454 insertions, 1079 deletions
diff --git a/doc/DETAILS b/doc/DETAILS
index 420f67d..e064c9d 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -192,6 +192,9 @@ described here.
- s :: Sign
- c :: Certify
- a :: Authentication
+ - r :: Restricted encryption (subkey only use)
+ - t :: Timestamping
+ - g :: Group key
- ? :: Unknown capability
A key may have any combination of them in any order. In addition
@@ -1103,7 +1106,13 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
- learncard :: Send by the agent and gpgsm while learing
the data of a smartcard.
- card_busy :: A smartcard is still working
- - scd_locked :: Waiting for other clients to unlock the scdaemon
+ - scd_locked :: Waiting for other clients to unlock the
+ scdaemon
+ - gpgtar :: Here <char> has a special meaning: 's'
+ indicates total size and 'c' file count. A
+ <total> of zero indicates that gpgtar is in the
+ scanning phase. A positive <total> is used in
+ the writing phase.
When <what> refers to a file path, it may be truncated.
@@ -1129,6 +1138,17 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
send to the client instead of this status line. Such an inquiry
may be used to sync with Pinentry
+*** GPGTAR_EXTRACT <tot> <skp> <bad> <sus> <sym> <hrd> <oth>
+ This status line is emitted after gpgtar has extracted files.
+
+ - tot :: Total number of files extracted and stored
+ - skp :: Total number of files skipped during extraction
+ - bad :: Number of files skipped due to a bad file name
+ - sus :: Number of files skipped due to a suspicious file name
+ - sym :: Number of symlinks not restored
+ - hrd :: Number of hard links not restored
+ - oth :: Number of files not extracted due to other reasons.
+
** Obsolete status codes
*** SIGEXPIRED
Removed on 2011-02-04. This is deprecated in favor of KEYEXPIRED.
@@ -1174,6 +1194,20 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
name of the manufacturer is also given as <string>; spaces are not
escaped. For PKCS#15 cards <string> is TokenInfo.manufactorerID.
+*** KEY-STATUS <keyref> <status>
+ This is the response from scdaemon on GETATTR KEY-STATUS for
+ OpenPGP cards. <keyref> is the usual keyref (e.g. OPENPGP.1 or
+ OPENPGP.129) and <status> is an integer describing the status of
+ the key: 0 = key is not present, 1 = key generated on card, 2 =
+ key imported. See section 4.4.3.8 of the OpenPGP Smart Card
+ Application V3.4.
+
+*** KEY-ATTR-INFO <keyref> <string>
+ This is the response from scdaemon on GETATTR KEY-ATTR-INFO for
+ OpenPGP cards. <keyref> is the usual keyref (e.g. OPENPGP.1 or
+ OPENPGP.129) and <string> is the algoritm or curve name, which
+ is available for the key.
+
* Format of the --attribute-fd output
When --attribute-fd is set, during key listings (--list-keys,
@@ -1540,6 +1574,37 @@ Description of some debug flags:
* Miscellaneous notes
+** List of useful RFCs and I-D.
+ - RFC-1423 :: PEM, Part III: Algorithms, Modes, and Identifiers
+ - RFC-1750 :: Randomness Recommendations for Security
+ - RFC-1991 :: PGP Message Exchange Formats (obsolete)
+ - RFC-2144 :: The CAST-128 Encryption Algorithm
+ - RFC-2279 :: UTF-8, a transformation format of ISO 10646
+ - RFC-2440 :: OpenPGP (obsolete).
+ - RFC-3156 :: MIME Security with Pretty Good Privacy (PGP).
+ - RFC-3447 :: PKCS #1: RSA Cryptography Specifications Version 2.1
+ - RFC-4880 :: OpenPGP
+ - RFC-5083 :: CMS - Authenticated-Enveloped-Data
+ - RFC-5084 :: CMS - AES-GCM
+ - RFC-5280 :: X.509 PKI Certificate and CRL Profile
+ - RFC-5480 :: ECC Subject Public Key Information
+ - RFC-5639 :: ECC Brainpool Standard Curves
+ - RFC-5652 :: CMS (STD0070)
+ - RFC-5753 :: ECC in CMS
+ - RFC-5758 :: CMS - Additional Algorithms for DSA and ECDSA
+ - RFC-6818 :: Updates to the X.509 PKI Certificate and CRL Profile
+ - RFC-6960 :: Online Certificate Status Protocol - OCSP
+ - RFC-8954 :: Online Certificate Status Protocol (OCSP) Nonce Extension
+ - RFC-8398 :: Internationalized Email Addresses in X.509 Certificates
+ - RFC-8399 :: Internationalization Updates to RFC 5280
+ - RFC-8813 :: Clarifications for ECC Subject Public Key
+ - RFC-5915 :: ECC Private Key Structure
+ - RFC-5958 :: Asymmetric Key Packages
+ - RFC-6337 :: ECC in OpenPGP
+ - RFC-7292 :: PKCS #12: Personal Information Exchange Syntax v1.1
+ - RFC-8351 :: The PKCS #8 EncryptedPrivateKeyInfo Media Type
+
+ - draft-koch-openpgp-2015-rfc4880bis :: Updates to RFC-4880
** v3 fingerprints
For packet version 3 we calculate the keyids this way:
@@ -1548,6 +1613,8 @@ Description of some debug flags:
calculate a RMD160 hash value from it. This is used
as the fingerprint and the low 64 bits are the keyid.
+** gnupg.org notations
+
** Simplified revocation certificates
Revocation certificates consist only of the signature packet;
"--import" knows how to handle this. The rationale behind it is to
diff --git a/doc/Makefile.am b/doc/Makefile.am
index aba09b9..2e2b185 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -22,7 +22,7 @@ AM_CPPFLAGS =
include $(top_srcdir)/am/cmacros.am
examples = examples/README examples/scd-event examples/trustlist.txt \
- examples/VS-NfD.prf examples/Automatic.prf \
+ examples/Automatic.prf \
examples/debug.prf \
examples/gpgconf.rnames examples/gpgconf.conf \
examples/systemd-user/README \
@@ -206,8 +206,8 @@ online: gnupg.html gnupg.pdf gnupg-module-overview.png \
if echo "@PACKAGE_VERSION@" | grep -- "-beta" >/dev/null; then \
dashdevel="-devel" ; \
else \
- rsync -v gnupg.pdf $${user}@$${webhost}:webspace/manuals/ ; \
+ rsync -v gnupg.pdf $${user}@$${webhost}:webspace/manuals/gnupg-2.2.pdf ; \
fi ; \
cd gnupg.html ; \
rsync -vr --exclude='.git' . \
- $${user}@$${webhost}:webspace/manuals/gnupg$${dashdevel}/
+ $${user}@$${webhost}:webspace/manuals/gnupg-2.2$${dashdevel}/
diff --git a/doc/Makefile.in b/doc/Makefile.in
index 59b671f..8a4a6db 100644
--- a/doc/Makefile.in
+++ b/doc/Makefile.in
@@ -147,17 +147,16 @@ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
- $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
- $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
- $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
- $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
- $(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
- $(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
- $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
- $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
- $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
- $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
- $(top_srcdir)/configure.ac
+ $(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+ $(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+ $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+ $(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+ $(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/m4/tar-ustar.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(dist_pkgdata_DATA) \
@@ -476,7 +475,7 @@ libcommonpth = ../common/libcommonpth.a
libcommontls = ../common/libcommontls.a
libcommontlsnpth = ../common/libcommontlsnpth.a
examples = examples/README examples/scd-event examples/trustlist.txt \
- examples/VS-NfD.prf examples/Automatic.prf \
+ examples/Automatic.prf \
examples/debug.prf \
examples/gpgconf.rnames examples/gpgconf.conf \
examples/systemd-user/README \
@@ -1262,11 +1261,11 @@ online: gnupg.html gnupg.pdf gnupg-module-overview.png \
if echo "@PACKAGE_VERSION@" | grep -- "-beta" >/dev/null; then \
dashdevel="-devel" ; \
else \
- rsync -v gnupg.pdf $${user}@$${webhost}:webspace/manuals/ ; \
+ rsync -v gnupg.pdf $${user}@$${webhost}:webspace/manuals/gnupg-2.2.pdf ; \
fi ; \
cd gnupg.html ; \
rsync -vr --exclude='.git' . \
- $${user}@$${webhost}:webspace/manuals/gnupg$${dashdevel}/
+ $${user}@$${webhost}:webspace/manuals/gnupg-2.2$${dashdevel}/
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/doc/defsincdate b/doc/defsincdate
index 2ed5769..faf5964 100644
--- a/doc/defsincdate
+++ b/doc/defsincdate
@@ -1 +1 @@
-1665157484
+1709562280
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index d6ef375..f988fe2 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -168,6 +168,14 @@ Append all logging output to @var{file}. This is very helpful in
seeing what the agent actually does. Use @file{socket://} to log to
socket.
+@item --compatibility-flags @var{flags}
+@opindex compatibility-flags
+Set compatibility flags to work around certain problems or to emulate
+bugs. The @var{flags} are given as a comma separated list of flag
+names and are OR-ed together. The special flag "none" clears the list
+and allows to start over with an empty list. To get a list of
+available flags the sole word "help" can be used.
+
@item --debug-level @var{level}
@opindex debug-level
Select the debug level for investigating problems. @var{level} may be a
@@ -320,8 +328,8 @@ keyserver name, optional keyserver configuration options may be
provided. These are the same as the @option{--keyserver-options} of
@command{gpg}, but apply only to this particular keyserver.
-Most keyservers synchronize with each other, so there is generally no
-need to send keys to more than one server. Somes keyservers use round
+Some keyservers synchronize with each other, so there is not always a
+need to send keys to more than one server. Some keyservers use round
robin DNS to give a different keyserver each time you use it.
If exactly two keyservers are configured and only one is a Tor hidden
@@ -330,7 +338,8 @@ whether Tor is locally running or not. The check for a running Tor is
done for each new connection.
If no keyserver is explicitly configured, dirmngr will use the
-built-in default of @code{https://keyserver.ubuntu.com}.
+built-in default of @code{https://keyserver.ubuntu.com}. To avoid the
+use of a default keyserver the value @code{none} can be used.
Windows users with a keyserver running on their Active Directory
may use the short form @code{ldap:///} for @var{name} to access this directory.
@@ -412,7 +421,9 @@ force the use of the default responder.
@item --honor-http-proxy
@opindex honor-http-proxy
If the environment variable @env{http_proxy} has been set, use its
-value to access HTTP servers.
+value to access HTTP servers. If on Windows the option is used but
+the environment variable is not set, the proxy settings are taken
+from the system.
@item --http-proxy [http://]@var{host}[:@var{port}]
@opindex http-proxy
@@ -586,6 +597,15 @@ won't be rejected due to an unknown critical extension. Use this
option with care because extensions are usually flagged as critical
for a reason.
+@item --ignore-crl-extension @var{oid}
+@opindex ignore-crl-extension
+Add @var{oid} to the list of ignored CRL extensions. The @var{oid} is
+expected to be in dotted decimal form. Critical flagged CRL
+extensions matching one of the OIDs in the list are treated as if they
+are actually handled and thus the certificate won't be rejected due to
+an unknown critical extension. Use this option with care because
+extensions are usually flagged as critical for a reason.
+
@item --ignore-cert @var{fpr}|@var{file}
@opindex ignore-cert
Entirely ignore certificates with the fingerprint @var{fpr}. As an
diff --git a/doc/examples/VS-NfD.prf b/doc/examples/VS-NfD.prf
deleted file mode 100644
index edb9e01..0000000
--- a/doc/examples/VS-NfD.prf
+++ /dev/null
@@ -1,24 +0,0 @@
-# VS-NfD.prf - Configure options for the VS-NfD mode -*- conf -*-
-#
-# The options for each tool are configured in a section ("[TOOL]");
-# see the respective man page for a description of these options and
-# the gpgconf manpage for a description of this file's syntax.
-
-[gpg]
-compliance de-vs
-
-[gpgsm]
-compliance de-vs
-enable-crl-checks
-
-[gpg-agent]
-default-cache-ttl 900
-max-cache-ttl 3600
-no-allow-mark-trusted
-no-allow-external-cache
-enforce-passphrase-constraints
-min-passphrase-len 9
-min-passphrase-nonalpha 0
-
-[dirmngr]
-allow-ocsp
diff --git a/doc/gnupg-card-architecture.pdf b/doc/gnupg-card-architecture.pdf
index 8592943..9b91f44 100644
--- a/doc/gnupg-card-architecture.pdf
+++ b/doc/gnupg-card-architecture.pdf
Binary files differ
diff --git a/doc/gnupg-card-architecture.png b/doc/gnupg-card-architecture.png
index 3740d40..b949f76 100644
--- a/doc/gnupg-card-architecture.png
+++ b/doc/gnupg-card-architecture.png
Binary files differ
diff --git a/doc/gnupg-module-overview.pdf b/doc/gnupg-module-overview.pdf
index dcc5f39..2a1f8a0 100644
--- a/doc/gnupg-module-overview.pdf
+++ b/doc/gnupg-module-overview.pdf
@@ -63,238 +63,265 @@ endobj
stream
~Źyvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvb~vbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvTbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbvbmނ~x^.̄@܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D~D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎]D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D܎D֊Bu9Y:I8'΂~F5%j4NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOfOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOHC+~F5%̈́@OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOiOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOON\<~{j3OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOoOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOM~NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOw9{~ǽ\-OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOM$~~ʂ?OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO% ~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~
-<<"Ղ~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~
-oG"ۍDw9
-o5OI5"i3HjH
-tK$ڌD`.@)OOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~
-h2OO6#_.Lb/KOO?)Z+OI
-<'`.ԈBJ0]-OI
-yN%ߏEd0@)OOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~
+<<"Ղ~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~
+s7OOOՉBGL
+ yN%~=. Q4MO=:% jD!NOIǀ>' g29% _.O؋CA* 1 v9OO}<9% mF"NOIvǀ>' g2O=4! F-R(@)OOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~
+oG"ۍDx:
+o5OIA*{;LjH
+uK$ڌD^-@)OOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~
+Y+OO6#_.Lb/KOO?)Z+OI
+yN%ߏEe1 @)OOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~
X9ٌCOL
- xM%d0 w9I
- {O&c0 z;I
-xM%@)OOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~
+ xM%d0 w9I
+ {O&b/ z;I
+
-[fcffffffffffffffffffffffffff$$JfffffffffxfffffffffffffffffffffffffffffffffffffffXf~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~
-dC]
-||2efa;;R88 FF^f99 ;`>>P((Aff)bb'fff CfjffffffffffffffffffffffffffffffffffXf~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~
-d A]
-
-e( Y]
-effE00f`
-fff]
+[a:dfffffffffffffffffffffffff$$JfffffcfffxfffffffffffffffffffffffffffffffffffffffXf~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~
+dC]
+~FF^f99 ;^P''@ff)bb'fff Cfffffffffffffffffffffff)ffffffffffffXf~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~
+d A]
+((*mms ||%%'mmsVVZ <<?335XX]ssy::=
+Y$ Y]
-bfffffffffffffffffffffffffffffffff fffXf~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~
-((*mms ||'')mmsjjp<<?335XX]ssy::=
-fff]
-fff]
+ 88:NNR<<? WW[--/]]bXX\ " 
+qqw WW[
+fff]
- 88:NNR::= WW[ ,,.]]b\\a99< 
-qqw WW[
+bfffffffffffffffffffffffffffffffff fffXf~zgڌDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOrOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB+~
+ 779zz CCFRRVQQU#((* WW[113
+
+xx~99< )--/ZZ_HHKHHKuu{
+fff]
+fff]
- ZZ_HHKHHKuu{
-fff]
-4ff`
-
- ,,.,,. WW[..0
-
-
-
-xx~IIM!<<?ZZ_HHKHHKuu{
-Ŕ$$& UUY
-WW[((*2
-99<##% mms ||==@**,!!#𔔛5xx~ß002 779IIM&&(uu{
-((*~~&&(WW[557GGJ@@C335
+ ddimms ||QQU
+fff]
+VVZ((*2
+99<##% mms ||==@$$&!!#𔔛
+((*~~%%'WW[557GGJAAD335
~

- ,
+ ,
+BB^f\;;Fff^
+>f[AA
-??ffAAyy0bII 
-YffN oo,((ff\\%344**
-@@`ffP oo,$$ffffffffffK‚~fffffffffffffffffffffffffffffffffffffffff~ffffffffffffffffffffffffffffffffffffffffffufffffffffffffffffffffffffffffffffffffff
+]f^
+ff,,
+@@7CC Xfe>>;;8EE
+@@fffffffffffxfffffffffffffffffffffffffffffffffffffff?ϻ~Nfffffffffffffffffffffffffffffffffffffffkk+%f%7^^&
+ff,,
+@@7CC Xfe>>;;8EE
+@@ff??006``&Rf:==: 446mm,
+ff,~,
+@@7CC Xfe>>997CC
+@@fffffffJ]]%6GG^ffHH336HH
+44ffIll+x8;;CCcfE
+))8qq-9fR66^^&QffffffffffffffffffffffXf~mn,ffffffffffffffffffffffffffffffffffffffff~fffffB((fffffffffffffffffffffffffffffffffffxfffffffffffffffffffffffffffffffffffffff`UU5oeembboee~\ffffffffO]ffQVffWUff\P\fffN >]ffcS_ffVf~^RbffffdSa^TffV\^QXfffZUfffP_f]UbRYfffffdS*a_SffffffffffK‚~fffffffffffffffffffffffffffffffHdff4ffpp- % fffHcf GffX
+cfe**@@fffffffffffxfffffffffffffffffffffffffffffffffffffff?ϻ~NffffffffffffffffffffffffffffffffffffffUFYffXX#ff,,22eff==``&fB
+cfe**@@f^
+ffL~ϻ?fffffffffffffffffffffffffffffffUYffWW#ff,~,22eff==``&fB
+cfe**@@fffffff@vv/ffcJfGaff4444ff""<ffd''7fE
-ee K?]fFbff Sf_CfSSV
-((ff\\%Uf?bf6TT"fff$$JfB
-
+??ffAAyy0bII ss.ff[[$AALfH 
+YffQ ZZ$DDff\\%bb'
+**
+@@`ffR  [[$@@ffffffffffK‚~fffffffffffffffffffffffffffffff922fffEffpp-L Lfff\
+@@6BB ((ffbb'
+zz13!! VV"ff[ UU":\\% Yf^
-cfUU"CC\XEE
-tt.[BUVfffll+tt.fe++[[$ZF ++ff\\%||2ffb
-''ffffffffffK‚~fffffffffffffffffffffffffffffffffffffffff~ffffffffffffffffffffffffffffffffffffffffffufffffffffffffffffffffffffffffffffffffff
+ee K?]fGbff Sf_CfSKV
-00HSS!ffll+
+cffcc(DDff\\%XX#ff_
+fSbffgg)@@ffffffffffK‚~fffffffffffffffffffffffffffffffJ `fftt.ffpp-%cff@df@ffR
+
+fffffffffffffffffffffffffffff`UU5oeemccoeeJ\ffffffffd Scc(<JJ==>>ffHcc(99 
+ffpp-
+qq-ff4!! QV@@Jfd$$\\%YH6fpp-!! OY^^&
+bf^
+N]ww0 [fE fff3LLffLLss.ffffffffffff4fffffffffffX
+fffffffffffffffffffffffffffff`UU5oeemccoeeJ\fffffffffFF<--R4``&``&3f>6M\
+
+qq-dffdrr.''HNffZMM
+vv/dfdvv/ GGWff^
+ffL~ϻ?ffffffffffffffffffffffffffffffffV?? CC;%%ff,~,zz1GG&&<fffK..[[$uu/UU"fffffffP00 ++?ll+VfN22TT"~~2IIffe4$$
-CfVAA &&DfVf7ffll+tt.ffWAAII;==ff\\%||2ffb
- }}2effXCCGG<99ffffffffffK‚~fffffffffffffffffffffffffffffffffffffffff~ffffffffffffffffffffffffffffffffffffffffffufffffffffffffffffffffffffffffffffffffff
-bffJJff!! =ffd**<fE
-BB^f\<<Gff^
->f[AA
+x88NffE fff3LLff@RR!ffffffffffffffffffffffXf~mn,fffffffffffffffffffffffffRFff`..ss.cKffZDD\CCjj*fffjj*((fT
+fffffffffffffffffffffffffffff`UU5oeemccoeeJ\fffffffff6NN dK((((MfCC{{1ff\
+fffffffffffffffffffffffffffff`UU5oeemccoeeJ\fffffffffP::fa
-@@7DD ((ffbb'
-zz13!! WW#ff[ UU":YY$Rf^
-efe88((ffdd(HffB ffaa'XX#fff )WW#f^
-fffffffffffffffffffffffffffffffffffffjffffffffffffffffffffffffffffffffff`UU5oeeoee~3ffffffffffffffffffffffffffffffffffffffff~ffffffffffffffffffffffffffffffffffffffffff$fffffffffffff
-N]ww0 [fE fff3LLffLLss.ffffffffffff~ffffffffffffffffffffffffffffffffffffffffff fffTrI =
-fffffffffffffffffffffffffffffffffffffjffffffffffffffffffffffffffffffffff]cdBoeeoee~kk@[ffffffffffffffffffffffffffffffffffffffff~ffffffffffffffffffffffffffffffffffffffffff$fffffffffffMz RR3`fff{{1CCfffN
-aa'`f:88ffc
+cfUU"CC\XEE
+tt.Z;UVfffll+tt.ff==YY$ZBEEff\\%||2ffb
+Cff,,>ffffffV;WA Ufffffffffffxfffffffffffffffffffffffffffffffffffffff?ϻ~Nffffffffffffffffffffffffffffffffffffffb o~o,VJ
+Cff,,>ffffffV;WA UffffffffffffffffffffxfffffffffffffffffffffffffffffffffffffffL~ϻ?fffffffffffffffffffffffffffffffb oo,VJ
+Cff,~,>ffffffV;WA UfffffffffffffffZ 7WD QfffffxfffffffffffffffffffffffffffffffffffffffXf~mn,ffffffffffffffffffffffffff4  }}2efcrr. FFVfLf>)) BBC((ff6
+HHN&&@@ffF00
-88NffE fff3LLff@RR!fffffffffffffffffxfffffffffffffffffffffffffffffffffffffff?˵.sDB 
-fffffffffffffffffffffffffffffffffffffjffffffffffffffffffffffffffffffffffNoeeoee
-fffffffffffffffffffffffffffffffffffffjfffffffffffffffffffffffffffffffffe
-oeeoee~WW0Fcffffffffffffffffffffffffffffffffffffff~fffffffffffffffffffffffffffffffffffffffffffffffffa9TppMyz1cfb
-``&ZJ!!
-ss.ffhh*%%QXHH
+%%=ff^
+fffffffffffffffffffffffffffff`UU5oeemccoee~\fffffffffeqq-ff//CCffX::
-@fd$$\\%YP6fpp-!! OY^^& bf^
+00HQQ ffkk+
-~Rffffffffff^qq-TK""7ff,,>ffffffP:VBJfffff~fffffffffffffffffffffffffffffffffffffffffflffffffffffffffffffffffffffffffffffffQ
-HHN''@@ffG00
+CfVAA &&CfVf7ffll+tt.ff[FFPP 3NNff\\%||2ffb
+ ||2eff\GGNN4JJffffffffffK‚~ffffffffffffffffffffffffffffffff[qq-IIcc(Lfff?~8fffffffd:OO UU":dffffffffffffffffffffffffffffufffffffffffffffffffffffffffffffffffffff
+oeemccoee~WW0Fcffffffffffffffffffffffffffffffffffffff~fffffffffffffffffffffffffffffffffffffffffffffffffa9T~ppMyz1cfffffffffffffffffffffffffffffffffffffff~ffffffffffffffffffffffffffffffffffffffffffofffffffffffffffffffffffffffffffffffcxx0rrO~Ϻ!! Wfffffffffffffffffffffffffffffffffffffff~ffffffffffffffffffffffffffffffffffffffffffrffffffffffffffffffffffffffffffffffffK
-%%=ff^
-fffffffffffffffffffffffffffffffffffffgffffffffffffffffffffffffffffffff]CDoeeoeeģwwK
-'----))
-##--------------
-##-------------- ~  ------------------------------------------------!II\p!II------------------------~------------------------------------------------------------------------------------- ---iiGX.332&& ,-----
-##-------------- ~  ----------------------------------!!   ----------------------------------~-------------------------------------------------------------------------------------1---------------------------------
-
-g
-KOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOY+s
-ޯ~oZG|<OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOi3}j||rhhrhh~*IOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOɁ>s^J~^<OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!OOOOOOOOOO^=Ă)~wcw9OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!OOOOOOOOOK߂~ʽrI#OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!OOOOOOOOOOI/҂||rhhrhh~_.OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO$OOOOOOOOOOOR4ׂ~?/ HOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!OOOOOOOOOOHA1"~0OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO$OOOOOOOOOOOn5ކ~&JOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!OOOOOOOOOOEYE3||rhhrhh~- KOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO$OOOOOOOOOOO֊B}hT~fB OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO'OOOOOOOOOOOOfA ҂
-
+~Rfffffffffffffffffffffffffffffffffffffff~fffffffffffffffffffffffffffffffffffffffffflffffffffffffffffffffffffffffffffffffQ
+ Kfffffffffffffffffffffffffffffffffffffff~ffffffffffffffffffffffffffffffffffffffffffrffffffffffffffffffffffffffffffffffffW!! Ϻ~//Bfffffffffffffffffffffffffffffffffffffff~ffffffffffffffffffffffffffffffffffffffffffrffffffffffffffffffffffffffffffffffff]CDoeemccoeeģwwK
+
+g
+KOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOY+s
+ޯ~oZG|<OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOi3}jkaapffrhh~*IOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOɁ>s^J~^<OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!OOOOOOOOOO^=Ă)~wcw9OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!OOOOOOOOOK߂~ʽrI#OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!OOOOOOOOOOI/҂kaapffrhh~_.OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO$OOOOOOOOOOOR4ׂ~?/ HOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!OOOOOOOOOOHA1"~0OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO$OOOOOOOOOOOn5ކ~&JOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!OOOOOOOOOOEYE3kaapffrhh~- KOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO$OOOOOOOOOOO֊B}hT~fB OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO'OOOOOOOOOOOOfA ҂
+
1 h2OOOOOOOOOOOOOOOOOOOn5
~Q'G
G
OOOOOOH
l4OOOǀ> U)OOOOOOOOOOOOOOOOOOOOO%OOOOOOOOOOON WV)ЀS(OOOOOOOOOOO@)
-l4OOOǀ> U)OUOOOOOOOOOOOOOOOOOOOOOOOOOOOOP3~~~hEKrhhrhh~6'MOOOOOOOOOOOOOOg2OOOOOOOOOOOOOOOOOOOOOOOO~OOZ:1 {;F{;8$K0OOOOOOOOOOOOOOOOȁ> OOOOOOOOOOOOOO 
+l4OOOǀ> U)OUOOOOOOOOOOOOOOOOOOOOOOOOOOOOP3~~~h8yKpffrhh~6'MOOOOOOOOOOOOOOg2OOOOOOOOOOOOOOOOOOOOOOOO~OOZ:0m4E|<9%Y9OOOOOOOOOOOOOOOOȁ> OOOOOOOOOOOOOO 
y*:OOOOOOOOOOOOݎDs_~kE!OOOOOOOOOOOOO܍D
-\;y:˃?Y+ e1OOOOOOOOOOOOOOOOOO7#U`.NOMOOOOOOOOOOOOOO8$nG"܍D܍D܍D܍DޏEOMOH
-OOOOOOH
+^<z;̃?Y+ e1OOOOOOOOOOOOOOOOOO7#U`.NKZ+NOOOOOOOOOOOOO8$nG"܍D܍D܍D܍DޏEKZ+NH
+OOOOOOH
l4OOʂ?
-U)OOOOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOON  ߂~ЂS(OOOOOOOOOOO@)jD!܍D܍D΄@a>ߏEOOOOOOMOOOOOOOOOOOOOO~OOO$ v9OOOOOOOOOOOOOO
+U)OOOOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOON  ߂~ЂS(OOOOOOOOOOO@)jD!܍D܍Dz;U7ߏEOOOOMLZ+MOOOOOOOOOOOOO~OOO$ v9OOOOOOOOOOOOOO
l4OOʂ?
-U)OOOOOOOOOOOOOOOO*OOOOOOOOOOOOOOP4~
-' ]-OOOՉB<'
-G.Y+H.OOOOONt8OOO׊C
-( _.OOOۍDD, 0s7Oȁ> OOU) GOGQ4 |P&NO5" _.OOOOOOOOOOOݎDs_~kE!OOOOOOOOOOOOOF-^<OOOOZ+" OOޏEI/
-' ]-OOL8$цA:% A*GOD,
-R(G
-I/W*L1OOOOOO8$R(OOOOOG
-d0$ hC LOH
+U)OOOOOOOOOOOOOOOO*OOOOOOOOOOOOOOP4~
+% [,OOO܍D>(
+K0rI#d@OOOOONs7OOO׊C
+& ]-OOOۍDC+ 0s7Oȁ> OOU) GOGQ4 1 Y+OO5" _.OOOOOOOOOOOݎDs_bkE!OOOOOOOOOOOOOF-_=OOOO[,!
+OOޏEH.
+% [,OOL
+R(G
+M2pH#hC OOOOOO8$R(OOOOOG
+d0$ fB LOH
l4Ö́@
-V)OOOGQ4 |P&NOgB b?OOO% g2Ob/" 4!Ɂ>%OOOOOOOOOOON  ߂PЂS(OOOOOOOOOOO@)|P&OOON f1K8$̈́@* c0H
+V)OOOGQ4 1 Y+OOgB b?OOO% g2Ob/" 4!Ɂ>%OOOOOOOOOOON  ߂AЂS(OOOOOOOOOOO@)|P&OOON f1J
l4Ö́@
-V)OOOUGQ4 |P&NOgB b?OOO% g2O`." 6#̃?OOOOOOOOP4~
-b?܍Dr7 k3OM vL%܍DY+Gȁ> Oe1 ׊CON+ iD!ߏE~=& zN&OO 
-y*:OOOOOOOOOOOOݎDs_,kE!OOOOOOOOOOOOH
-kE!OH
-l4υ@ V*OOON+ iD!ߏE~=& zN&Ou8NOцAJ΄@l4ۍD[;,%OOOOOOOOOOON 
-lE!ۍDy: i3OO$ v9ON+ iD!ߏE~=& zN&OOOOOO
-l4υ@ V*OOON+U iD!ߏE~=& zN&Ou8NOцAJ˃?m5ڌDX90OOOOOOOOP4~
-y*:OOOOOOOOOOOOݎDs_bkE!OOOOOOOOOOOO{;MOOOOOOOr7 MOOW*8$OL
-yN%̃?OOOw9 NOOr7,OM ǀ>O}P'L1On5
-JOIw9%OOOOOOOOOOON 
-yN%̃?OOOw9U NOOr7,OM ǀ>O}P'L1Ok4 KOHx:OOOOOOOOP4~
-k4OO^-   
-
-OO 
-y*:OOOOOOOOOOOOݎDs_bkE!OOOOOOOOOOOOy:MOOOOOOOZ+A*OOO{; OL
-
-OI3!
-_=s7OOOOOOOOOOOOiD!
-h2jD!( LOO^-   
-
-OOT6yN%O) i2OJ5" ^<r7O%OOOOOOOOOOON 
-
-OOOOOO
-h2jD!( LOO^-U   
-
-OOT6yN%O) i2OI3!
-_=s7OOOOOOOOOP4~
-OrI#Z:OOO~Q'H.OOOO~OFq7OOOOцAb/W*F-OOOz; OvL%[;OOOOOȁ>r7R'
-MOg2-OOOOOOO 
+V)OOOUGQ4 1 Y+OOgB b?OOO% g2O`." 6#̃?OOOOOOOOP4~
+c@ݎDs7 i3OMvL%܍DY+
+y:OOOOOOOOOOOOݎDs_,kE!OOOOOOOOOOOOH
+xM%ߏEW*
+iD!OH
+l4υ@ V*OOON+ d@ߏE=' [,Ou8NOцAJ΄@l4ۍD[;,%OOOOOOOOOOON 
+lE!ۍDz; i3OO$ v9ON+ d@ߏE=' [,OOOOOO
+l4υ@ V*OOON+U d@ߏE=' [,Ou8NOцAJ˃?n5ڌDX90OOOOOOOOP4~
+9%zN&Ɂ>OOp6MOOU);&Oi3# OOOeAw9ȁ> t8=OOw9 KOOo5OO 
+y*:OOOOOOOOOOOOݎDs_bkE!OOOOOOOOOOOO{;MOOOOOOOr7 MOOW*7#OL
+yN%̃?OOOw9 KOOo5OM ǀ>O}P'L1On5
+JOIw9%OOOOOOOOOOON 
+yN%̃?OOOw9U KOOo5OM ǀ>O}P'L1Ok4 KOHx:OOOOOOOOP4~
+k4OO^-   
+
+y*:OOOOOOOOOOOOݎDs_bkE!OOOOOOOOOOOOy:MOOOOOOOZ+A*OOO{; OL
+
+_=l4MOOOOOOOOOOOiD!
+h2jD!( LOO^-   
+
+
+h2jD!( LOO^-U   
+
+_=l4MOOOOOOOOP4~
+OV*H.OOOc@d@OOOO~OFq7OOOO؋Cb/W*F-OOOz; OvL%[;OOOOOȁ>r7R'
+MOf1='OOOOOOO 
y*:OOOOOOOOOOOOݎDs_,kE!OOOOOOOOOOOOH
-OL
-V*OL$ lE!OOg2-OOOOOOOi3,ՉBKOOO{;gB  5"%MOOOOOOOOOON 
-V*OL$ lE!OOg2-UOOOOOOOi3,ՉBKOOOz;fB  7#MOOOOOOOP4~
-y*:OOOOOOOOOOOOݎDs_bkE!OOOOOOOOOOOOO='[;OOOOY+
-Nr7 MOOY+5"OL
-l4OOǀ>w9OɁ>KOOf1kE!OOJ_=P3OOx:e1OOJ%~=OOOOOOOOOON 
-l4OOǀ>w9OɁ>UKOOf1kE!OOJ_=P3OOw9f1OOIȁ>OOOOOOOP4~
-gB Fv9 j3OK }P'Gi2؋Cȁ> OOf1 HO8$N2ٌCt8 _.OO!
-i*3NOOOOOOOOOOOݎDs_bkE!OOOOOOOOOOOOOٌC Y9z;̃?W*`.OM" d@Fw9 h2OL
-R(Gb/ N2OOOOOO8$R(OOOOOG
-`>Oy:
-l4OOO{O&IO8$N2ٌCt8 _.OOOB*
-x:G[,HOOOOOOOOOON 
-l4OOO{O&IO8$N2ٌCt8 _.OOOB*
-$ ]-OOOǀ>4!
-\;{O&]<OOOOOOMzN&1 
-V7֊BOOۍDF- % ^-OOO҇A=' 'g o5Oȁ> OON1 hC OHR5 R'OOO}P' _.OOOOOOOOOOOݎDs_bkE!OOOOOOOOOOOOOOۍDP3 3!i3OOOݎDG.
-$ ]-OOL
-l4OOOM1 U7OHR5 R'OOOO]- KOOOxM%1 t8%OOOOOOOOOOON 
-ނAЂS(OOOOOOOOOOO@)|P&OOOOOOJ
- xM%f1
-t8OS( ]-OHR5 R'OOOOOOO
-l4OOOM1 U7OUHR5 R'OOOO]- KOOOuK$ 2 v9OOOOOOOOP4~
-ނ~ЂS(OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOvL%S5OOO*OOOOOOOOOOOOOOP4~
-lE!OOOOOOOO*OOOOOOOOOOOOON 
-lE!OOOO*OOOOOOOOOOOOOOP4~
-P
-OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!OOOOOOOOOOJ ~l4OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!OOOOOOOOOOl4
-ۂD
-
-SSW<<?
-
+OL
+V*OL$ lE!OOf1='OOOOOOOi3,ՉBKOOMr7gB  ,%MOOOOOOOOOON 
+V*OL$ lE!OOf1=U'OOOOOOOi3,ՉBKOOMq7fB  /MOOOOOOOP4~
+y*:OOOOOOOOOOOOݎDs_bkE!OOOOOOOOOOOOO<'[;OOOOY+
+Nr7 MOOZ+5"OL
+l4OOǀ>w9Oȁ> LOOf1kE!OOJ_=P3OOx:h2OOJ%~=OOOOOOOOOON 
+l4OOǀ>w9Oȁ>U LOOf1kE!OOJ_=P3OOw9i3OOIȁ>OOOOOOOP4~
+d@Fx: f1OM zN&G\,
+fB OOOO~OO@)0r7׊C˃?hC HM gB Fv9 i2OK }P'F]-؋Cȁ> OOf1 HO6#N2ٌCt8 _.OO!
+i*3NOOOOOOOOOOOݎDs_bkE!OOOOOOOOOOOOO׊C
+Y9z;̃?W*`.OM!
+d@Fx: f1OL
+jD!OOOOOO8$R(OOOOOG
+l4OOO{O&IO6#N2ٌCt8 _.OOOB*
+x:GY+HOOOOOOOOOON 
+l4OOO{O&IO6#N2ٌCt8 _.OOOB*
+% \,OOO҇A7# gB d@yN%OOOOOOMyN%0
+V7֊BOOڌDE, & ]-OOO҇A=' (g o5Oȁ> OON1 hC OHQ4 R'OOO|P& _.OOOOOOOOOOOݎDs_bkE!OOOOOOOOOOOOOOڌDP3 3!i3OOO܍DF-
+% \,OOL
+l4OOOM1 U7OHQ4 R'OOOO]- KOOOxM%1 t8%OOOOOOOOOOON 
+ނAЂS(OOOOOOOOOOO@)|P&OOOOOOJ
+ xM%e1
+t8OR( ]-OHQ4 R'OOOOOOO
+l4OOOM1 U7OUHQ4 R'OOOO]- KOOOuK$ 2 v9OOOOOOOOP4~
+ނ~ЂS(OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOvL%S5OOO*OOOOOOOOOOOOOOP4~
+a/Kr7
+HOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO*OOOOOOOOOOOOOݎDs_~kE!OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOH d0Kp6
+HOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO-OOOOOOOOOOOOOOiD!
+a>NOOOOOOO*OOOOOOOOOOOOON 
+a>NOOO*OOOOOOOOOOOOOOP4~
+P
+OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!OOOOOOOOOOJ ~l4OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!OOOOOOOOOOl4
+ۂD
+
+
+
-
-M;y
-/
-ނ~
+
+M;y
-`fffffffffffffffffffffffffffffffffffffff~ffffffffffffffffffffffffffffffffffffffffff~fffffffffffffffffffffffffffffffffffffffffffqffffffffffffffffffffffffffffffffffff7~;,~Q'HOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOuOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOߐEhC ZF4~
-v9Jυ@:%^<OOOOOOOOOOOOOJOMOO ߏEOMOOO~OOOOOOOOOOOOLOOOOOOOOOOO`.!
-x:J΄@8$b?OOOOOOOOOOEOOOOԈB$ OOOOOOOOOOOOOOOOX+ʌ~
-.~=OF-
-΄@OOÖ́@.LOb/# /ǀ>OOp6(  Z:JԈB# T)
-h2OO~=3! Q4ՉBOOOOOX+ʌ~
-OOO(OOOOO$ t8OOFmF"W8ON
-HІ@,O܍D ~?IL1vL%F~=MT(@)OOLI w9M[,
-NOOOy:( OOOOOOOߏE=M~Q'D,O؋C ̃ ?II/zN&ԈB
-HІ@,OT(iD!~OOߏEt8MGOLY+0OOLd0T6OOO ܍DOOOc0C+OOOOOOOMGOLW*4!O~Q'mF"EOOݎDu8ԈB NOKOa/X9OOOEOOOOX+l~
-OOO(OOi3ޏEO$ r7NNKS5a>ON
-HІ@,Od@X*~OOOONzN&.;&T60OOL}P' ( ( ( ( ȁ>OOOx:( OOOOOh2FMxM%-<'S54!O`>[,EOOOOԈB# OOLOyN% ( ( ( ( ˃?OOOOX+l
+
+
+
+/
+ނ~
+
+`fffffffffffffffffffffffffffffffffffffff~ffffffffffffffffffffffffffffffffffffffffff~fffffffffffffffffffffffffffffffffffffffffffqffffffffffffffffffffffffffffffffffff7~;,~Q'HOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOuOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOߐEhC ZF4~
+ CC]ffW==MMpp-hh*f^P))>fffffffffffffffffffffffsfffffffffffffffffffffffffffffffffffff?ϻ8r7OOOOOOOOo67#  mF"KOO$
+w9JцAA*^<OOOOOOOOOOOMOJJz;OO ߏEJz;OOO~OOOOOOOOOOOOLOOOOOOOOOOO`." x:Jυ@?)b?OOOOOOOOOOEOOOOԈB$ OOOOOOOOOOOOOOOOX+ʌ~
+.~=OF-
+υ@OOOݎD.LOb/# /=OOo6(  Z:JԈB# V) 
+0m4OO}<2  Q4EOOOOOX+ʌ~
+OOO(OOOOO$ t8OOF_=W8ON
+HІ@,OۍD ~?IL1vL%F~=MT)@)OOLI
+v9NZ+/MOOOy:( OOOOOOOߏE=MR'D,O׊C ̈́E@II/zN&ԈB
+HІ@,OT(hC ~OOߏEt8MGOLY+0OOLd0?)OOM
+ʂ?OOOc0C+OOOOOOOMGOLW*4!O~Q'lE!EOOݎDu8ԈBIOJOa/C+OOM ΄@OOOOX+ʌ~
+OOO(OOi3ޏEO$ r7NNFM2Z:ON
+HІ@,Od@W*~OOOONyN%!
+2 L10OOL}P' ( ( ( ( |<OOOx:( OOOOOh2FNvL% 
+3!K04!O`>Z+EOOOOԈB" OOLOyN% ( ( ( ( ~=OOOOX+ʌ
+
+jj*f^
OOOJІ@,OO
-HІ@,O{O&mF"OO܍D_.k3* HO~=0OOL_.O3+OOOǀ>MOOOI ̈́@OOOߏE
+HІ@,O|P&mF"OO܍D_.k3+ HOɁ>0OOL_.`>+OOOǀ>MOOOI ̈́@OOOߏE
OOOHІ@,OO
-HІ@,Oυ@ ~AJT6hC _.9%MKM2) OOIF y:M_. NOOOO]- 
-w9K̈́@4!Z:O]-<'MKJ0-Õ?ӈEAJQ4lE!ԈB$ OOLOߏE {;M\,!
-OOOOOX+lVjR[a;
+HІ@,OІ@ ~AJT6hC _.9%MKX9) OOIF y:M_. NOOOO]- 
+w9K̈́@4!Y9O]-<'MKU7-Ö́@ӈEAJQ4lE!ԈB$ OOLOޏE {;M\,!
+OOOOOX+ʌ~

-oG"KOO$ t8OOOH
+oG"KOO$ t8OOOH

-qI#KOOx:. 7#̈́@OԈB 
-OOOY9x:,OO
+qI#KOOw9- 7#̈́@OԈB 
+OOOX9x:,OO
HІ@,OOi3$ 
-Q4I~KH. 4!q6$ R(OU7Hv9- 9%υ@OOOOOOg2/
+Q4I~KI/ 4!p6# R(OT6Hu8, 9%υ@OOOOOOg2/
 
-sJ$LOJF- 5"q6" T)Oh2# 
-S5JԈ9B$ OOLOOt8+ :%҇AOOOOOX+lRx|[~b~
-OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOON
+sJ$LOJG. 5"q6!
+T)Oh2#  S5JԈ9B$ OOLOOs7+ :%҇AOOOOOX+ʌ~
+
+^ffffffffffffffffffffffffffffftfffffffffffffffffffffffffffffffffffff?ϻ~r7OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOX+ʌ~
+OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO~OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOON
$$&$$&
-
-~
-
-
-8N
-o$
-q. 7 Y,,$QF5"U-9P[ ~
-
+
+蚚~Ģձ˺䒒Ɣ~g
+ՏP~綶[[\zz~̱bbd~Z
+oqM~纺ssukkmZZ[hhk~Z
+Rfffff~fffffffffffffff]iiHd
+~
+_.OOOOOOOOOOOOOOOOOOOOOOOOOOԈB~2
+f1v9A*W*N7#S(|<L1}P'Nh2M2KOOOOOOOOO~OOOOOOOOOOOOOOOOOIvb򂂆wwzwwzzz}.~~zz}򁁅wwzwwz6~~
+o$
+q- 7 X,,$QG5!T,9QZ ~
endstream
endobj
9 0 obj
-457292
+454646
endobj
10 0 obj
/DeviceRGB
@@ -309,18 +336,18 @@ endobj
/Length 12 0 R
>>
stream
-
+
endstream
endobj
12 0 obj
-9346
+9294
endobj
13 0 obj
<<
>>
endobj
14 0 obj
-9346
+9294
endobj
15 0 obj
<<
@@ -343,9 +370,9 @@ endobj
endobj
17 0 obj
<<
-/Title (
-/CreationDate (D:20221010135803)
-/ModDate (D:20221010135803)
+/Title <0067006E007500700067002D006D006F00640075006C0065002D006F00760065007200760069006500770000>
+/CreationDate (D:20240416090542)
+/ModDate (D:20240416090542)
/Producer (https://imagemagick.org)
>>
endobj
@@ -360,22 +387,22 @@ xref
0000000405 00000 n
0000000443 00000 n
0000000464 00000 n
-0000457957 00000 n
-0000457979 00000 n
-0000458006 00000 n
-0000467497 00000 n
-0000467518 00000 n
-0000467540 00000 n
-0000467561 00000 n
-0000480082 00000 n
-0000480104 00000 n
+0000455311 00000 n
+0000455333 00000 n
+0000455360 00000 n
+0000464799 00000 n
+0000464820 00000 n
+0000464842 00000 n
+0000464863 00000 n
+0000477384 00000 n
+0000477406 00000 n
trailer
<<
/Size 18
/Info 17 0 R
/Root 1 0 R
-/ID [<82dfca7e38da96118e28c32df36dd8031dbd96f4470decd5fafe68b1366d6064> <82dfca7e38da96118e28c32df36dd8031dbd96f4470decd5fafe68b1366d6064>]
+/ID [<e87b2f456920d06098abf4f7a8326cb22f02cd372d8bdf5ce93e928123d65662> <e87b2f456920d06098abf4f7a8326cb22f02cd372d8bdf5ce93e928123d65662>]
>>
startxref
-480279
+477623
%%EOF
diff --git a/doc/gnupg-module-overview.png b/doc/gnupg-module-overview.png
index cae6c48..1e3dc10 100644
--- a/doc/gnupg-module-overview.png
+++ b/doc/gnupg-module-overview.png
Binary files differ
diff --git a/doc/gnupg.info b/doc/gnupg.info
index d3b8fe5..2c5a60f 100644
--- a/doc/gnupg.info
+++ b/doc/gnupg.info
@@ -1,7 +1,6 @@
-This is gnupg.info, produced by makeinfo version 6.5 from gnupg.texi.
+This is gnupg.info, produced by makeinfo version 6.7 from gnupg.texi.
-This is the 'The GNU Privacy Guard Manual' (version 2.2.40-beta3,
-October 2022).
+This is the 'The GNU Privacy Guard Manual' (version 2.2.43, March 2024).
(C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc.
(C) 2013, 2014, 2015 Werner Koch.
@@ -23,202 +22,207 @@ END-INFO-DIR-ENTRY

Indirect:
-gnupg.info-1: 990
-gnupg.info-2: 305399
+gnupg.info-1: 982
+gnupg.info-2: 302397

Tag Table:
(Indirect)
-Node: Top990
-Node: Installation2917
-Node: Invoking GPG-AGENT5266
-Node: Agent Commands7032
-Node: Agent Options8836
-Ref: option --options9116
-Ref: option --homedir9442
-Ref: option --log-file14860
-Ref: option --no-allow-mark-trusted15233
-Ref: option --no-user-trustlist15437
-Ref: option --allow-preset-passphrase15903
-Ref: option --no-allow-loopback-pinentry16056
-Ref: option --extra-socket24409
-Ref: option --enable-ssh-support25875
-Ref: option --ssh-fingerprint-digest28212
-Node: Agent Configuration29869
-Node: Agent Signals35359
-Node: Agent Examples36819
-Node: Agent Protocol37386
-Node: Agent PKDECRYPT39540
-Node: Agent PKSIGN41452
-Node: Agent GENKEY43756
-Node: Agent IMPORT45653
-Node: Agent EXPORT46097
-Node: Agent ISTRUSTED46312
-Node: Agent GET_PASSPHRASE48687
-Node: Agent CLEAR_PASSPHRASE51128
-Node: Agent PRESET_PASSPHRASE51519
-Node: Agent GET_CONFIRMATION52357
-Node: Agent HAVEKEY53029
-Node: Agent LEARN53661
-Node: Agent PASSWD53959
-Node: Agent UPDATESTARTUPTTY54425
-Node: Agent GETEVENTCOUNTER54903
-Node: Agent GETINFO55705
-Node: Agent OPTION56409
-Node: Invoking DIRMNGR59467
-Node: Dirmngr Commands60365
-Node: Dirmngr Options62818
-Ref: Dirmngr Options-Footnote-181071
-Node: Dirmngr Configuration81206
-Node: Dirmngr Signals84336
-Node: Dirmngr Examples85364
-Node: Dirmngr Protocol86046
-Node: Dirmngr LOOKUP86696
-Node: Dirmngr ISVALID88067
-Node: Dirmngr CHECKCRL90640
-Node: Dirmngr CHECKOCSP91697
-Node: Dirmngr CACHECERT93003
-Node: Dirmngr VALIDATE93842
-Node: Invoking GPG94410
-Node: GPG Commands95640
-Node: General GPG Commands96534
-Node: Operational GPG Commands97223
-Ref: option --export-ownertrust114524
-Node: OpenPGP Key Management116637
-Node: GPG Options138596
-Node: GPG Configuration Options139929
-Ref: gpg-option --options153467
-Ref: trust-model-tofu158035
-Node: GPG Key related Options178353
-Node: GPG Input and Output183549
-Node: OpenPGP Options197253
-Node: Compliance Options201981
-Node: GPG Esoteric Options205925
-Ref: GPG Esoteric Options-Footnote-1233647
-Node: Deprecated Options233801
-Node: GPG Configuration235304
-Node: GPG Examples241192
-Node: Unattended Usage of GPG250002
-Node: Programmatic use of GnuPG250633
-Node: Ephemeral home directories251184
-Node: The quick key manipulation interface252491
-Node: Unattended GPG key generation253078
-Node: Invoking GPGSM262397
-Node: GPGSM Commands263266
-Node: General GPGSM Commands263704
-Node: Operational GPGSM Commands264392
-Node: Certificate Management266426
-Node: GPGSM Options271402
-Node: Configuration Options271976
-Ref: gpgsm-option --options272245
-Node: Certificate Options275368
-Ref: gpgsm-option --validation-model278972
-Node: Input and Output279952
-Ref: option --p12-charset280535
-Ref: gpgsm-option --with-key-data281779
-Ref: gpgsm-option --with-validation282053
-Node: CMS Options282931
-Node: Esoteric Options283951
-Node: GPGSM Configuration291184
-Node: GPGSM Examples296852
-Node: Unattended Usage297049
-Node: Automated signature checking297640
-Node: CSR and certificate creation299463
-Node: GPGSM Protocol305399
-Node: GPGSM ENCRYPT306655
-Node: GPGSM DECRYPT309330
-Node: GPGSM SIGN310166
-Node: GPGSM VERIFY311622
-Node: GPGSM GENKEY312138
-Node: GPGSM LISTKEYS313153
-Ref: gpgsm-cmd listkeys313312
-Node: GPGSM EXPORT314065
-Node: GPGSM IMPORT315029
-Node: GPGSM DELETE315770
-Node: GPGSM GETAUDITLOG316277
-Ref: gpgsm-cmd getauditlog316446
-Node: GPGSM GETINFO316790
-Node: GPGSM OPTION317639
-Node: Invoking SCDAEMON320992
-Node: Scdaemon Commands321666
-Node: Scdaemon Options322794
-Node: Card applications332236
-Node: OpenPGP Card332901
-Node: NKS Card333374
-Node: DINSIG Card333700
-Node: PKCS#15 Card334076
-Node: Geldkarte Card334346
-Node: SmartCard-HSM334737
-Node: Undefined Card335333
-Node: Scdaemon Configuration335746
-Node: Scdaemon Examples336784
-Node: Scdaemon Protocol336967
-Node: Scdaemon SERIALNO338486
-Node: Scdaemon LEARN339332
-Node: Scdaemon READCERT340179
-Node: Scdaemon READKEY340581
-Node: Scdaemon PKSIGN340867
-Node: Scdaemon PKDECRYPT341593
-Node: Scdaemon GETATTR342343
-Node: Scdaemon SETATTR342545
-Node: Scdaemon WRITEKEY342750
-Node: Scdaemon GENKEY343452
-Node: Scdaemon RANDOM343655
-Node: Scdaemon PASSWD343878
-Node: Scdaemon CHECKPIN344269
-Node: Scdaemon RESTART345272
-Node: Scdaemon APDU345805
-Node: Specify a User ID346778
-Ref: how-to-specify-a-user-id346936
-Node: Trust Values351794
-Ref: trust-values351923
-Node: Helper Tools352528
-Node: watchgnupg353380
-Ref: option watchgnupg --tcp354202
-Node: gpgv355780
-Node: addgnupghome360979
-Node: gpgconf361675
-Ref: gpgconf-Footnote-1363862
-Node: Invoking gpgconf364160
-Node: Format conventions370852
-Node: Listing components376183
-Node: Checking programs378266
-Node: Listing options381004
-Node: Changing options388710
-Node: Listing global options390412
-Node: Querying versions392392
-Node: Files used by gpgconf395090
-Node: applygnupgdefaults395696
-Node: gpg-preset-passphrase396566
-Node: Invoking gpg-preset-passphrase397601
-Node: gpg-connect-agent399003
-Node: Invoking gpg-connect-agent399717
-Node: Controlling gpg-connect-agent403263
-Node: dirmngr-client409736
-Node: gpgparsemail413087
-Node: gpgtar413400
-Node: gpg-check-pattern418128
-Node: Web Key Service420430
-Node: gpg-wks-client420743
-Node: gpg-wks-server426549
-Node: Howtos431906
-Node: Howto Create a Server Cert432178
-Node: System Notes440591
-Node: W32 Notes441802
-Node: Debugging442224
-Node: Debugging Tools443052
-Node: kbxutil443332
-Node: Debugging Hints444863
-Node: Common Problems445994
-Node: Architecture Details451231
-Node: Component interaction451541
-Ref: fig:moduleoverview451727
-Node: GnuPG-1 and GnuPG-2451834
-Ref: fig:cardarchitecture452124
-Node: Copying452239
-Node: Contributors489763
-Node: Glossary496018
-Node: Option Index498537
-Node: Environment Index579841
-Node: Index585434
+Node: Top982
+Node: Installation2901
+Node: Invoking GPG-AGENT5250
+Node: Agent Commands7016
+Node: Agent Options8820
+Ref: option --options9100
+Ref: option --homedir9426
+Ref: option --log-file14844
+Ref: option --no-allow-mark-trusted15217
+Ref: option --no-user-trustlist15421
+Ref: option --allow-preset-passphrase15907
+Ref: option --no-allow-loopback-pinentry16060
+Ref: option --extra-socket24423
+Ref: option --enable-ssh-support25407
+Ref: option --ssh-fingerprint-digest27744
+Node: Agent Configuration29401
+Node: Agent Signals35450
+Node: Agent Examples36910
+Node: Agent Protocol37477
+Node: Agent PKDECRYPT39631
+Node: Agent PKSIGN41543
+Node: Agent GENKEY43847
+Node: Agent IMPORT45744
+Node: Agent EXPORT46188
+Node: Agent ISTRUSTED46403
+Node: Agent GET_PASSPHRASE48778
+Node: Agent CLEAR_PASSPHRASE51219
+Node: Agent PRESET_PASSPHRASE51610
+Node: Agent GET_CONFIRMATION52448
+Node: Agent HAVEKEY53120
+Node: Agent LEARN53752
+Node: Agent PASSWD54050
+Node: Agent UPDATESTARTUPTTY54516
+Node: Agent GETEVENTCOUNTER54994
+Node: Agent GETINFO55796
+Node: Agent OPTION56500
+Node: Invoking DIRMNGR59558
+Node: Dirmngr Commands60456
+Node: Dirmngr Options62909
+Ref: Dirmngr Options-Footnote-182184
+Node: Dirmngr Configuration82319
+Node: Dirmngr Signals85449
+Node: Dirmngr Examples86477
+Node: Dirmngr Protocol87159
+Node: Dirmngr LOOKUP87809
+Node: Dirmngr ISVALID89180
+Node: Dirmngr CHECKCRL91753
+Node: Dirmngr CHECKOCSP92810
+Node: Dirmngr CACHECERT94116
+Node: Dirmngr VALIDATE94955
+Node: Invoking GPG95523
+Node: GPG Commands96753
+Node: General GPG Commands97647
+Node: Operational GPG Commands98336
+Ref: option --export-ownertrust115637
+Node: OpenPGP Key Management117811
+Node: GPG Options140427
+Node: GPG Configuration Options141760
+Ref: gpg-option --options155298
+Ref: trust-model-tofu161285
+Node: GPG Key related Options181603
+Node: GPG Input and Output186799
+Node: OpenPGP Options200690
+Node: Compliance Options205778
+Node: GPG Esoteric Options209722
+Ref: GPG Esoteric Options-Footnote-1237481
+Node: Deprecated Options237635
+Node: GPG Configuration239138
+Node: GPG Examples245036
+Node: Unattended Usage of GPG253847
+Node: Programmatic use of GnuPG254478
+Node: Ephemeral home directories255029
+Node: The quick key manipulation interface256336
+Node: Unattended GPG key generation256923
+Node: Invoking GPGSM266242
+Node: GPGSM Commands267111
+Node: General GPGSM Commands267549
+Node: Operational GPGSM Commands268237
+Node: Certificate Management270271
+Node: GPGSM Options275247
+Node: Configuration Options275821
+Ref: gpgsm-option --options276090
+Node: Certificate Options279213
+Ref: gpgsm-option --validation-model282964
+Node: Input and Output283944
+Ref: option --p12-charset284804
+Ref: gpgsm-option --with-key-data286048
+Ref: gpgsm-option --with-validation286322
+Node: CMS Options287200
+Node: Esoteric Options288220
+Node: GPGSM Configuration295732
+Node: GPGSM Examples302397
+Node: Unattended Usage302594
+Node: Automated signature checking303185
+Node: CSR and certificate creation305008
+Node: GPGSM Protocol310667
+Node: GPGSM ENCRYPT311923
+Node: GPGSM DECRYPT314598
+Node: GPGSM SIGN315434
+Node: GPGSM VERIFY316890
+Node: GPGSM GENKEY317406
+Node: GPGSM LISTKEYS318421
+Ref: gpgsm-cmd listkeys318580
+Node: GPGSM EXPORT319333
+Node: GPGSM IMPORT320297
+Node: GPGSM DELETE321038
+Node: GPGSM GETAUDITLOG321545
+Ref: gpgsm-cmd getauditlog321714
+Node: GPGSM GETINFO322058
+Node: GPGSM OPTION323062
+Node: Invoking SCDAEMON326986
+Node: Scdaemon Commands327660
+Node: Scdaemon Options328788
+Node: Card applications338229
+Node: OpenPGP Card338894
+Node: NKS Card339367
+Node: DINSIG Card339693
+Node: PKCS#15 Card340069
+Node: Geldkarte Card340339
+Node: SmartCard-HSM340730
+Node: Undefined Card341326
+Node: Scdaemon Configuration341739
+Node: Scdaemon Examples342777
+Node: Scdaemon Protocol342960
+Node: Scdaemon SERIALNO344489
+Node: Scdaemon LEARN345335
+Node: Scdaemon READCERT346182
+Node: Scdaemon READKEY346584
+Node: Scdaemon PKSIGN346870
+Node: Scdaemon PKDECRYPT347596
+Node: Scdaemon GETATTR348346
+Node: Scdaemon SETATTR348548
+Node: Scdaemon WRITEKEY348753
+Node: Scdaemon GENKEY349455
+Node: Scdaemon RANDOM349658
+Node: Scdaemon PASSWD349881
+Node: Scdaemon CHECKPIN350272
+Node: Scdaemon RESTART351275
+Node: Scdaemon APDU351808
+Node: Specify a User ID352781
+Ref: how-to-specify-a-user-id352939
+Node: Trust Values357797
+Ref: trust-values357926
+Node: Helper Tools358531
+Node: watchgnupg359383
+Ref: option watchgnupg --tcp360205
+Node: gpgv361783
+Node: addgnupghome366982
+Node: gpgconf367678
+Ref: gpgconf-Footnote-1369865
+Node: Invoking gpgconf370163
+Node: Format conventions376855
+Node: Listing components382186
+Node: Checking programs384269
+Node: Listing options387007
+Node: Changing options394713
+Node: Listing global options396415
+Node: Querying versions398395
+Node: Files used by gpgconf401093
+Node: applygnupgdefaults401699
+Node: gpg-preset-passphrase402569
+Node: Invoking gpg-preset-passphrase403604
+Node: gpg-connect-agent405006
+Node: Invoking gpg-connect-agent405720
+Node: Controlling gpg-connect-agent409266
+Node: dirmngr-client415739
+Node: gpgparsemail419090
+Node: gpgtar419403
+Node: gpg-check-pattern424574
+Node: Web Key Service426876
+Node: gpg-wks-client427189
+Node: gpg-wks-server433382
+Node: Howtos438739
+Node: Howto Create a Server Cert439011
+Node: System Notes447424
+Node: W32 Notes448635
+Node: Debugging449057
+Node: Debugging Tools449885
+Node: kbxutil450165
+Node: Debugging Hints451696
+Node: Common Problems452827
+Node: Architecture Details458064
+Node: Component interaction458374
+Ref: fig:moduleoverview458560
+Node: GnuPG-1 and GnuPG-2458667
+Ref: fig:cardarchitecture458957
+Node: Copying459072
+Node: Contributors496596
+Node: Glossary502852
+Node: Option Index505371
+Node: Environment Index587679
+Node: Index593272

End Tag Table
+
+
+Local Variables:
+coding: utf-8
+End:
diff --git a/doc/gnupg.info-1 b/doc/gnupg.info-1
index 3d95d00..fde81d5 100644
--- a/doc/gnupg.info-1
+++ b/doc/gnupg.info-1
@@ -1,7 +1,6 @@
-This is gnupg.info, produced by makeinfo version 6.5 from gnupg.texi.
+This is gnupg.info, produced by makeinfo version 6.7 from gnupg.texi.
-This is the 'The GNU Privacy Guard Manual' (version 2.2.40-beta3,
-October 2022).
+This is the 'The GNU Privacy Guard Manual' (version 2.2.43, March 2024).
(C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc.
(C) 2013, 2014, 2015 Werner Koch.
@@ -27,8 +26,7 @@ File: gnupg.info, Node: Top, Next: Installation, Up: (dir)
Using the GNU Privacy Guard
***************************
-This is the 'The GNU Privacy Guard Manual' (version 2.2.40-beta3,
-October 2022).
+This is the 'The GNU Privacy Guard Manual' (version 2.2.43, March 2024).
(C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc.
(C) 2013, 2014, 2015 Werner Koch.
@@ -396,14 +394,14 @@ the two leading dashes, in the configuration file.
'--no-user-trustlist'
Entirely ignore the user trust list and consider only the global
- trustlist ('/etc/gnupg/trustlist.txt'). This implies the *note
- option --no-allow-mark-trusted::.
+ trustlist ('/usr/local/etc/gnupg/trustlist.txt'). This implies the
+ *note option --no-allow-mark-trusted::.
'--sys-trustlist-name FILE'
Changes the default name for the global trustlist from
"trustlist.txt" to FILE. If FILE does not contain any slashes and
does not start with "~/" it is searched in the system configuration
- directory ('/etc/gnupg').
+ directory ('/usr/local/etc/gnupg').
'--allow-preset-passphrase'
This option allows the use of 'gpg-preset-passphrase' to seed the
@@ -487,10 +485,10 @@ the two leading dashes, in the configuration file.
entering a new passphrase matching one of these pattern a warning
will be displayed. If FILE does not contain any slashes and does
not start with "~/" it is searched in the system configuration
- directory ('/etc/gnupg'). The default is not to use any pattern
- file. The second version of this option is only used when creating
- a new symmetric key to allow the use of different patterns for such
- passphrases.
+ directory ('/usr/local/etc/gnupg'). The default is not to use any
+ pattern file. The second version of this option is only used when
+ creating a new symmetric key to allow the use of different patterns
+ for such passphrases.
Security note: It is known that checking a passphrase against a
list of pattern or even against a complete dictionary is not very
@@ -611,17 +609,10 @@ the two leading dashes, in the configuration file.
'--enable-extended-key-format'
'--disable-extended-key-format'
- Since version 2.2.22 keys are created in the extended private key
- format by default. Changing the passphrase of a key will also
- convert the key to that new format. This key format is supported
- since GnuPG version 2.1.12 and thus there should be no need to
- disable it. Anyway, the disable option still allows to revert to
- the old behavior for new keys; be aware that keys are never
- migrated back to the old format. If the enable option has been
- used the disable option won't have an effect. The advantage of the
- extended private key format is that it is text based and can carry
- additional meta data. In extended key format the OCB mode is used
- for key protection.
+ These options are obsolete and have no effect. The extended key
+ format is used for years now and has been supported since 2.1.12.
+ Existing keys in the old format are migrated to the new format as
+ soon as they are touched.
'--enable-ssh-support'
'--enable-putty-support'
@@ -766,10 +757,10 @@ agent. By default they may all be found in the current home directory
changed inadvertently.
As a special feature a line 'include-default' will include a global
- list of trusted certificates (e.g. '/etc/gnupg/trustlist.txt').
- This global list is also used if the local list is not available;
- the *note option --no-user-trustlist:: enforces the use of only
- this global list.
+ list of trusted certificates (e.g.
+ '/usr/local/etc/gnupg/trustlist.txt'). This global list is also
+ used if the local list is not available; the *note option
+ --no-user-trustlist:: enforces the use of only this global list.
It is possible to add further flags after the 'S' for use by the
caller:
@@ -786,6 +777,19 @@ agent. By default they may all be found in the current home directory
this flag set fails, try again using the chain validation
model.
+ 'qual'
+ The CA is allowed to issue certificates for qualified
+ signatures. This flag has an effect only if used in the
+ global list. This is now the preferred way to mark such CA;
+ the old way of having a separate file 'qualified.txt' is still
+ supported.
+
+ 'de-vs'
+ The CA is part of an approved PKI for the German
+ classification level VS-NfD. It is only valid in the global
+ trustlist. As of now this is used only for documentation
+ purpose.
+
'sshcontrol'
This file is used when support for the secure shell agent protocol
has been enabled (*note option --enable-ssh-support::). Only keys
@@ -824,9 +828,10 @@ agent. By default they may all be found in the current home directory
directory and take great care to keep this backup closed away.
Note that on larger installations, it is useful to put predefined
-files into the directory '/etc/skel/.gnupg' so that newly created users
-start up with a working configuration. For existing users the a small
-helper script is provided to create these files (*note addgnupghome::).
+files into the directory '/usr/local/etc/skel/.gnupg' so that newly
+created users start up with a working configuration. For existing users
+the a small helper script is provided to create these files (*note
+addgnupghome::).

File: gnupg.info, Node: Agent Signals, Next: Agent Examples, Prev: Agent Configuration, Up: Invoking GPG-AGENT
@@ -1637,6 +1642,13 @@ off the two leading dashes.
Append all logging output to FILE. This is very helpful in seeing
what the agent actually does. Use 'socket://' to log to socket.
+'--compatibility-flags FLAGS'
+ Set compatibility flags to work around certain problems or to
+ emulate bugs. The FLAGS are given as a comma separated list of
+ flag names and are OR-ed together. The special flag "none" clears
+ the list and allows to start over with an empty list. To get a
+ list of available flags the sole word "help" can be used.
+
'--debug-level LEVEL'
Select the debug level for investigating problems. LEVEL may be a
numeric value or by a keyword:
@@ -1764,8 +1776,8 @@ off the two leading dashes.
These are the same as the '--keyserver-options' of 'gpg', but apply
only to this particular keyserver.
- Most keyservers synchronize with each other, so there is generally
- no need to send keys to more than one server. Somes keyservers use
+ Some keyservers synchronize with each other, so there is not always
+ a need to send keys to more than one server. Some keyservers use
round robin DNS to give a different keyserver each time you use it.
If exactly two keyservers are configured and only one is a Tor
@@ -1774,7 +1786,8 @@ off the two leading dashes.
a running Tor is done for each new connection.
If no keyserver is explicitly configured, dirmngr will use the
- built-in default of 'https://keyserver.ubuntu.com'.
+ built-in default of 'https://keyserver.ubuntu.com'. To avoid the
+ use of a default keyserver the value 'none' can be used.
Windows users with a keyserver running on their Active Directory
may use the short form 'ldap:///' for NAME to access this
@@ -1841,7 +1854,9 @@ off the two leading dashes.
'--honor-http-proxy'
If the environment variable 'http_proxy' has been set, use its
- value to access HTTP servers.
+ value to access HTTP servers. If on Windows the option is used but
+ the environment variable is not set, the proxy settings are taken
+ from the system.
'--http-proxy [http://]HOST[:PORT]'
Use HOST and PORT to access HTTP servers. The use of this option
@@ -1992,6 +2007,14 @@ off the two leading dashes.
with care because extensions are usually flagged as critical for a
reason.
+'--ignore-crl-extension OID'
+ Add OID to the list of ignored CRL extensions. The OID is expected
+ to be in dotted decimal form. Critical flagged CRL extensions
+ matching one of the OIDs in the list are treated as if they are
+ actually handled and thus the certificate won't be rejected due to
+ an unknown critical extension. Use this option with care because
+ extensions are usually flagged as critical for a reason.
+
'--ignore-cert FPR|FILE'
Entirely ignore certificates with the fingerprint FPR. As an
alternative to the fingerprint a filename can be given in which
@@ -2840,12 +2863,13 @@ File: gnupg.info, Node: Operational GPG Commands, Next: OpenPGP Key Management
STDIN. With the second form (or a deprecated "*" for ALGO) digests
for all available algorithms are printed.
-'--gen-random 0|1|2 COUNT'
+'--gen-random 0|1|2|16|30 COUNT'
Emit COUNT random bytes of the given quality level 0, 1 or 2. If
COUNT is not given or zero, an endless sequence of random bytes
will be emitted. If used with '--armor' the output will be base64
- encoded. PLEASE, don't use this command unless you know what you
- are doing; it may remove precious entropy from the system!
+ encoded. The special level 16 uses a quality level of 1 and
+ outputs and endless stream of hex-encoded octets. The special
+ level 30 outputs random as 30 zBase-32 characters.
'--gen-prime MODE BITS'
Use the source, Luke :-). The output format is subject to change
@@ -3033,10 +3057,11 @@ This section explains the main commands for key management.
tsign
Make a trust signature. This is a signature that combines the
notions of certification (like a regular signature), and trust
- (like the "trust" command). It is generally only useful in
- distinct communities or groups. For more information please
- read the sections "Trust Signature" and "Regular Expression"
- in RFC-4880.
+ (like the "trust" command). It is generally useful in
+ distinct communities or groups to implement the concept of a
+ Trusted Introducer. For more information please read the
+ sections "Trust Signature" and "Regular Expression" in
+ RFC-4880.
Note that "l" (for local / non-exportable), "nr" (for
non-revocable, and "t" (for trust) may be freely mixed and prefixed
@@ -3126,7 +3151,9 @@ This section explains the main commands for key management.
'gpg --version' to get a list of available algorithms. Note
that while you can change the preferences on an attribute user
ID (aka "photo ID"), GnuPG does not select keys via attribute
- user IDs so these preferences will not be used by GnuPG.
+ user IDs so these preferences will not be used by GnuPG. Note
+ that an unattended version of this command is available as
+ '--quick-update-pref'.
When setting preferences, you should list the algorithms in
the order which you'd like to see them used by someone else
@@ -3314,6 +3341,15 @@ This section explains the main commands for key management.
user ID flag is removed from all other user ids and the timestamp
of all affected self-signatures is set one second ahead.
+'--quick-update-pref USER-ID'
+ This command updates the preference list of the key to the current
+ default value (either built-in or set via
+ '--default-preference-list'). This is the unattended version of of
+ using "setpref" in the '--key-edit' menu without giving a list.
+ Note that you can show the preferences in a key listing by using
+ '--list-options show-pref' or '--list-options show-pref-verbose'.
+ You should also re-distribute updated keys to your peers.
+
'--change-passphrase USER-ID'
'--passwd USER-ID'
Change the passphrase of the secret key belonging to the
@@ -3688,14 +3724,26 @@ usually found in the option file.
'-z N'
'--compress-level N'
'--bzip2-compress-level N'
+'--no-compress'
Set compression level to N for the ZIP and ZLIB compression
algorithms. The default is to use the default compression level of
zlib (normally 6). '--bzip2-compress-level' sets the compression
level for the BZIP2 compression algorithm (defaulting to 6 as
well). This is a different option from '--compress-level' since
BZIP2 uses a significant amount of memory for each additional
- compression level. '-z' sets both. A value of 0 for N disables
- compression.
+ compression level.
+
+ Option '-z' sets both. A value of 0 for N disables compression. A
+ value of -1 forces compression using the default level. Option
+ '--no-compress' is identical to '-z0'.
+
+ Except for the '--store' command compression is always used unless
+ 'gpg' detects that the input is already compressed. To inhibit the
+ use of compression use '-z0' or '--no-compress'; to force
+ compression use '-z-1' or option 'z' with another compression level
+ than the default as indicated by -1. Note that this overriding of
+ the default deection works only with 'z' and not with the long
+ variant of this option.
'--bzip2-decompress-lowmem'
Use a different decompression method for BZIP2 compressed files.
@@ -3763,7 +3811,21 @@ usually found in the option file.
(or one of them) online but still want to be able to check the
validity of a given recipient's or signator's key. If the given
key is not locally available but an LDAP keyserver is configured
- the missing key is imported from that server.
+ the missing key is imported from that server. The value "none" is
+ explicitly allowed to distinguish between the use of any
+ trusted-key option and no use of this option at all (e.g. due to
+ the '--no-options' option).
+
+'--add-desig-revoker [sensitive:]FINGERPRINT'
+ Add the key specified by FINGERPRINT as a designated revoker to
+ newly created keys. If the fingerprint is prefixed with the
+ keyword "sensitive:" that info is normally not exported wit the
+ key. This option may be given several time to add more than one
+ designated revoker. If the keyword "clear" is used instead of a
+ fingerprint, all designated options previously encountered are
+ discarded. Designated revokers are marked on the key as
+ non-revocable. Note that a designated revoker specified using a
+ parameter file will also be added to the key.
'--trust-model {pgp|classic|tofu|tofu+pgp|direct|always|auto}'
Set what trust model GnuPG should follow. The models are:
@@ -4593,6 +4655,11 @@ File: gnupg.info, Node: GPG Input and Output, Next: OpenPGP Options, Prev: GP
printed before each record to allow diverting the records to
the corresponding zone file.
+ export-revocs
+ Export only standalone revocation certificates of the key.
+ This option does not export revocations of 3rd party
+ certificate revocations.
+
export-dane
Instead of outputting the key material output OpenPGP DANE
records suitable to put into DNS zone files. An ORIGIN line
@@ -4676,6 +4743,13 @@ File: gnupg.info, Node: OpenPGP Options, Next: Compliance Options, Prev: GPG
'--no-force-v4-certs'
These options are obsolete and have no effect since GnuPG 2.1.
+'--force-ocb'
+ Force the use of OCB mode encryption instead of CFB+MDC encryption.
+ OCB is a modern and faster way to do authenticated encryption than
+ the older CFB+MDC method. This option is only useful for
+ symmetric-only encryption because the mode is automatically
+ selected based on the preferences of the recipients's public keys.
+
'--force-mdc'
'--disable-mdc'
These options are obsolete and have no effect since GnuPG 2.2.8.
@@ -4858,6 +4932,14 @@ File: gnupg.info, Node: GPG Esoteric Options, Next: Deprecated Options, Prev:
'--interactive'
Prompt before overwriting any files.
+'--compatibility-flags FLAGS'
+ Set compatibility flags to work around problems due to
+ non-compliant keys or data. The FLAGS are given as a comma
+ separated list of flag names and are OR-ed together. The special
+ flag "none" clears the list and allows to start over with an empty
+ list. To get a list of available flags the sole word "help" can be
+ used.
+
'--debug-level LEVEL'
Select the debug level for investigating problems. LEVEL may be a
numeric value or by a keyword:
@@ -5261,12 +5343,7 @@ File: gnupg.info, Node: GPG Esoteric Options, Next: Deprecated Options, Prev:
invalid. This options allows to override this restriction.
'--override-compliance-check'
- The signature verification only allows the use of keys suitable in
- the current compliance mode. If the compliance mode has been
- forced by a global option, there might be no way to check certain
- signature. This option allows to override this and prints an extra
- warning in such a case. This option is ignored in -batch mode so
- that no accidental unattended verification may happen.
+ This was a temporary introduced option and has no more effect.
'--no-default-keyring'
Do not add the default keyring to the list of keyrings. Note that
@@ -5514,9 +5591,10 @@ directory (*note option --homedir::).
--options::). You should backup this file.
Note that on larger installations, it is useful to put predefined
-files into the directory '/etc/skel/.gnupg' so that newly created users
-start up with a working configuration. For existing users a small
-helper script is provided to create these files (*note addgnupghome::).
+files into the directory '/usr/local/etc/skel/.gnupg' so that newly
+created users start up with a working configuration. For existing users
+a small helper script is provided to create these files (*note
+addgnupghome::).
For internal purposes 'gpg' creates and maintains a few other files;
They all live in the current home directory (*note option --homedir::).
@@ -5792,7 +5870,7 @@ The program returns 0 if there are no severe errors, 1 if at least a
signature was bad, and other error codes for fatal errors.
Note that signature verification requires exact knowledge of what has
-been signed and by whom it has beensigned. Using only the return code
+been signed and by whom it has been signed. Using only the return code
is thus not an appropriate way to verify a signature by a script.
Either make proper use or the status codes or use the 'gpgv' tool which
has been designed to make signature verification easy for scripts.
@@ -6567,7 +6645,9 @@ File: gnupg.info, Node: Certificate Options, Next: Input and Output, Prev: Co
request, so by sending you a message signed by a brand new key
(which you naturally will not have on your local keybox), the
operator can tell both your IP address and the time when you
- verified the signature.
+ verified the signature. Note that if CRL checking is not disabled
+ issuer certificates are retrieved in any case using the caIssuers
+ authorityInfoAccess method.
'--validation-model NAME'
This option changes the default validation model. The only
@@ -6611,6 +6691,12 @@ File: gnupg.info, Node: Input and Output, Next: CMS Options, Prev: Certificat
'--assume-binary'
Assume the input data is binary encoded.
+'--input-size-hint N'
+ This option can be used to tell GPGSM the size of the input data in
+ bytes. N must be a positive base-10 number. It is used by the
+ '--status-fd' line "PROGRESS" to provide a value for "total" if
+ that is not available by other means.
+
'--p12-charset NAME'
'gpgsm' uses the UTF-8 encoding when encoding passphrases for
PKCS#12 files. This option may be used to force the passphrase to
@@ -6729,6 +6815,12 @@ File: gnupg.info, Node: Esoteric Options, Prev: CMS Options, Up: GPGSM Option
exits with a failure if the compliance rules are not fulfilled.
Note that this option has currently an effect only in "de-vs" mode.
+'--always-trust'
+ Force encryption to the specified certificates without any
+ validation of the certificate chain. The only requirement is that
+ the certificate is capable of encryption. Note that this option is
+ ineffective if '--require-compliance' is used.
+
'--ignore-cert-with-oid OID'
Add OID to the list of OIDs to be checked while reading
certificates from smartcards. The OID is expected to be in dotted
@@ -6946,8 +7038,9 @@ home directory (*note option --homedir::).
files in the data directory (e.g.
'/usr/local/share/gnupg/gnupg/help.de.txt') and allows overriding
of any help item by help files stored in the system configuration
- directory (e.g. '/etc/gnupg/help.de.txt'). For a reference of the
- help file's syntax, please see the installed 'help.txt' file.
+ directory (e.g. '/usr/local/etc/gnupg/help.de.txt'). For a
+ reference of the help file's syntax, please see the installed
+ 'help.txt' file.
'com-certs.pem'
This file is a collection of common certificates used to populated
@@ -6983,190 +7076,3 @@ files; they all live in the current home directory (*note option
file describing a regular TCP listening port) is the standard way
of connecting the 'gpg-agent'.
-
-File: gnupg.info, Node: GPGSM Examples, Next: Unattended Usage, Prev: GPGSM Configuration, Up: Invoking GPGSM
-
-5.4 Examples
-============
-
- $ gpgsm -er goo@bar.net <plaintext >ciphertext
-
-
-File: gnupg.info, Node: Unattended Usage, Next: GPGSM Protocol, Prev: GPGSM Examples, Up: Invoking GPGSM
-
-5.5 Unattended Usage
-====================
-
-'gpgsm' is often used as a backend engine by other software. To help
-with this a machine interface has been defined to have an unambiguous
-way to do this. This is most likely used with the '--server' command
-but may also be used in the standard operation mode by using the
-'--status-fd' option.
-
-* Menu:
-
-* Automated signature checking:: Automated signature checking.
-* CSR and certificate creation:: CSR and certificate creation.
-
-
-File: gnupg.info, Node: Automated signature checking, Next: CSR and certificate creation, Up: Unattended Usage
-
-5.5.1 Automated signature checking
-----------------------------------
-
-It is very important to understand the semantics used with signature
-verification. Checking a signature is not as simple as it may sound and
-so the operation is a bit complicated. In most cases it is required to
-look at several status lines. Here is a table of all cases a signed
-message may have:
-
-The signature is valid
- This does mean that the signature has been successfully verified,
- the certificates are all sane. However there are two subcases with
- important information: One of the certificates may have expired or
- a signature of a message itself as expired. It is a sound practise
- to consider such a signature still as valid but additional
- information should be displayed. Depending on the subcase 'gpgsm'
- will issue these status codes:
- signature valid and nothing did expire
- 'GOODSIG', 'VALIDSIG', 'TRUST_FULLY'
- signature valid but at least one certificate has expired
- 'EXPKEYSIG', 'VALIDSIG', 'TRUST_FULLY'
- signature valid but expired
- 'EXPSIG', 'VALIDSIG', 'TRUST_FULLY' Note, that this case is
- currently not implemented.
-
-The signature is invalid
- This means that the signature verification failed (this is an
- indication of a transfer error, a program error or tampering with
- the message). 'gpgsm' issues one of these status codes sequences:
- 'BADSIG'
- 'GOODSIG, VALIDSIG TRUST_NEVER'
-
-Error verifying a signature
- For some reason the signature could not be verified, i.e. it
- cannot be decided whether the signature is valid or invalid. A
- common reason for this is a missing certificate.
-
-
-File: gnupg.info, Node: CSR and certificate creation, Prev: Automated signature checking, Up: Unattended Usage
-
-5.5.2 CSR and certificate creation
-----------------------------------
-
-The command '--generate-key' may be used along with the option '--batch'
-to either create a certificate signing request (CSR) or an X.509
-certificate. This is controlled by a parameter file; the format of this
-file is as follows:
-
- * Text only, line length is limited to about 1000 characters.
- * UTF-8 encoding must be used to specify non-ASCII characters.
- * Empty lines are ignored.
- * Leading and trailing while space is ignored.
- * A hash sign as the first non white space character indicates a
- comment line.
- * Control statements are indicated by a leading percent sign, the
- arguments are separated by white space from the keyword.
- * Parameters are specified by a keyword, followed by a colon.
- Arguments are separated by white space.
- * The first parameter must be 'Key-Type', control statements may be
- placed anywhere.
- * The order of the parameters does not matter except for 'Key-Type'
- which must be the first parameter. The parameters are only used
- for the generated CSR/certificate; parameters from previous sets
- are not used. Some syntactically checks may be performed.
- * Key generation takes place when either the end of the parameter
- file is reached, the next 'Key-Type' parameter is encountered or at
- the control statement '%commit' is encountered.
-
-Control statements:
-
-%echo TEXT
- Print TEXT as diagnostic.
-
-%dry-run
- Suppress actual key generation (useful for syntax checking).
-
-%commit
- Perform the key generation. Note that an implicit commit is done
- at the next Key-Type parameter.
-
-General Parameters:
-
-Key-Type: ALGO
- Starts a new parameter block by giving the type of the primary key.
- The algorithm must be capable of signing. This is a required
- parameter. The only supported value for ALGO is 'rsa'.
-
-Key-Length: NBITS
- The requested length of a generated key in bits. Defaults to 3072.
-
-Key-Grip: HEXSTRING
- This is optional and used to generate a CSR or certificate for an
- already existing key. Key-Length will be ignored when given.
-
-Key-Usage: USAGE-LIST
- Space or comma delimited list of key usage, allowed values are
- 'encrypt', 'sign' and 'cert'. This is used to generate the
- keyUsage extension. Please make sure that the algorithm is capable
- of this usage. Default is to allow encrypt and sign.
-
-Name-DN: SUBJECT-NAME
- This is the Distinguished Name (DN) of the subject in RFC-2253
- format.
-
-Name-Email: STRING
- This is an email address for the altSubjectName. This parameter is
- optional but may occur several times to add several email addresses
- to a certificate.
-
-Name-DNS: STRING
- The is an DNS name for the altSubjectName. This parameter is
- optional but may occur several times to add several DNS names to a
- certificate.
-
-Name-URI: STRING
- This is an URI for the altSubjectName. This parameter is optional
- but may occur several times to add several URIs to a certificate.
-
-Additional parameters used to create a certificate (in contrast to a
-certificate signing request):
-
-Serial: SN
- If this parameter is given an X.509 certificate will be generated.
- SN is expected to be a hex string representing an unsigned integer
- of arbitrary length. The special value 'random' can be used to
- create a 64 bit random serial number.
-
-Issuer-DN: ISSUER-NAME
- This is the DN name of the issuer in RFC-2253 format. If it is not
- set it will default to the subject DN and a special GnuPG extension
- will be included in the certificate to mark it as a standalone
- certificate.
-
-Creation-Date: ISO-DATE
-Not-Before: ISO-DATE
- Set the notBefore date of the certificate. Either a date like
- '1986-04-26' or '1986-04-26 12:00' or a standard ISO timestamp like
- '19860426T042640' may be used. The time is considered to be UTC.
- If it is not given the current date is used.
-
-Expire-Date: ISO-DATE
-Not-After: ISO-DATE
- Set the notAfter date of the certificate. Either a date like
- '2063-04-05' or '2063-04-05 17:00' or a standard ISO timestamp like
- '20630405T170000' may be used. The time is considered to be UTC.
- If it is not given a default value in the not too far future is
- used.
-
-Signing-Key: KEYGRIP
- This gives the keygrip of the key used to sign the certificate. If
- it is not given a self-signed certificate will be created. For
- compatibility with future versions, it is suggested to prefix the
- keygrip with a '&'.
-
-Hash-Algo: HASH-ALGO
- Use HASH-ALGO for this CSR or certificate. The supported hash
- algorithms are: 'sha1', 'sha256', 'sha384' and 'sha512'; they may
- also be specified with uppercase letters. The default is 'sha256'.
-
diff --git a/doc/gnupg.info-2 b/doc/gnupg.info-2
index 7895f56..9d32bae 100644
--- a/doc/gnupg.info-2
+++ b/doc/gnupg.info-2
@@ -1,7 +1,6 @@
-This is gnupg.info, produced by makeinfo version 6.5 from gnupg.texi.
+This is gnupg.info, produced by makeinfo version 6.7 from gnupg.texi.
-This is the 'The GNU Privacy Guard Manual' (version 2.2.40-beta3,
-October 2022).
+This is the 'The GNU Privacy Guard Manual' (version 2.2.43, March 2024).
(C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc.
(C) 2013, 2014, 2015 Werner Koch.
@@ -22,6 +21,208 @@ START-INFO-DIR-ENTRY
END-INFO-DIR-ENTRY

+File: gnupg.info, Node: GPGSM Examples, Next: Unattended Usage, Prev: GPGSM Configuration, Up: Invoking GPGSM
+
+5.4 Examples
+============
+
+ $ gpgsm -er goo@bar.net <plaintext >ciphertext
+
+
+File: gnupg.info, Node: Unattended Usage, Next: GPGSM Protocol, Prev: GPGSM Examples, Up: Invoking GPGSM
+
+5.5 Unattended Usage
+====================
+
+'gpgsm' is often used as a backend engine by other software. To help
+with this a machine interface has been defined to have an unambiguous
+way to do this. This is most likely used with the '--server' command
+but may also be used in the standard operation mode by using the
+'--status-fd' option.
+
+* Menu:
+
+* Automated signature checking:: Automated signature checking.
+* CSR and certificate creation:: CSR and certificate creation.
+
+
+File: gnupg.info, Node: Automated signature checking, Next: CSR and certificate creation, Up: Unattended Usage
+
+5.5.1 Automated signature checking
+----------------------------------
+
+It is very important to understand the semantics used with signature
+verification. Checking a signature is not as simple as it may sound and
+so the operation is a bit complicated. In most cases it is required to
+look at several status lines. Here is a table of all cases a signed
+message may have:
+
+The signature is valid
+ This does mean that the signature has been successfully verified,
+ the certificates are all sane. However there are two subcases with
+ important information: One of the certificates may have expired or
+ a signature of a message itself as expired. It is a sound practise
+ to consider such a signature still as valid but additional
+ information should be displayed. Depending on the subcase 'gpgsm'
+ will issue these status codes:
+ signature valid and nothing did expire
+ 'GOODSIG', 'VALIDSIG', 'TRUST_FULLY'
+ signature valid but at least one certificate has expired
+ 'EXPKEYSIG', 'VALIDSIG', 'TRUST_FULLY'
+ signature valid but expired
+ 'EXPSIG', 'VALIDSIG', 'TRUST_FULLY' Note, that this case is
+ currently not implemented.
+
+The signature is invalid
+ This means that the signature verification failed (this is an
+ indication of a transfer error, a program error or tampering with
+ the message). 'gpgsm' issues one of these status codes sequences:
+ 'BADSIG'
+ 'GOODSIG, VALIDSIG TRUST_NEVER'
+
+Error verifying a signature
+ For some reason the signature could not be verified, i.e. it
+ cannot be decided whether the signature is valid or invalid. A
+ common reason for this is a missing certificate.
+
+
+File: gnupg.info, Node: CSR and certificate creation, Prev: Automated signature checking, Up: Unattended Usage
+
+5.5.2 CSR and certificate creation
+----------------------------------
+
+The command '--generate-key' may be used along with the option '--batch'
+to either create a certificate signing request (CSR) or an X.509
+certificate. This is controlled by a parameter file; the format of this
+file is as follows:
+
+ * Text only, line length is limited to about 1000 characters.
+ * UTF-8 encoding must be used to specify non-ASCII characters.
+ * Empty lines are ignored.
+ * Leading and trailing while space is ignored.
+ * A hash sign as the first non white space character indicates a
+ comment line.
+ * Control statements are indicated by a leading percent sign, the
+ arguments are separated by white space from the keyword.
+ * Parameters are specified by a keyword, followed by a colon.
+ Arguments are separated by white space.
+ * The first parameter must be 'Key-Type', control statements may be
+ placed anywhere.
+ * The order of the parameters does not matter except for 'Key-Type'
+ which must be the first parameter. The parameters are only used
+ for the generated CSR/certificate; parameters from previous sets
+ are not used. Some syntactically checks may be performed.
+ * Key generation takes place when either the end of the parameter
+ file is reached, the next 'Key-Type' parameter is encountered or at
+ the control statement '%commit' is encountered.
+
+Control statements:
+
+%echo TEXT
+ Print TEXT as diagnostic.
+
+%dry-run
+ Suppress actual key generation (useful for syntax checking).
+
+%commit
+ Perform the key generation. Note that an implicit commit is done
+ at the next Key-Type parameter.
+
+General Parameters:
+
+Key-Type: ALGO
+ Starts a new parameter block by giving the type of the primary key.
+ The algorithm must be capable of signing. This is a required
+ parameter. The supported values for ALGO are 'rsa', 'ecdsa', and
+ 'eddsa'.
+
+Key-Length: NBITS
+ The requested length of a generated key in bits. Defaults to 3072.
+ The value is ignored for ECC algorithms.
+
+Key-Grip: HEXSTRING
+ This is optional and used to generate a CSR or certificate for an
+ already existing key. Key-Length will be ignored when given.
+
+Key-Usage: USAGE-LIST
+ Space or comma delimited list of key usage, allowed values are
+ 'encrypt', 'sign' and 'cert'. This is used to generate the
+ keyUsage extension. Please make sure that the algorithm is capable
+ of this usage. Default is to allow encrypt and sign.
+
+Name-DN: SUBJECT-NAME
+ This is the Distinguished Name (DN) of the subject in RFC-2253
+ format.
+
+Name-Email: STRING
+ This is an email address for the altSubjectName. This parameter is
+ optional but may occur several times to add several email addresses
+ to a certificate.
+
+Name-DNS: STRING
+ The is an DNS name for the altSubjectName. This parameter is
+ optional but may occur several times to add several DNS names to a
+ certificate.
+
+Name-URI: STRING
+ This is an URI for the altSubjectName. This parameter is optional
+ but may occur several times to add several URIs to a certificate.
+
+Additional parameters used to create a certificate (in contrast to a
+certificate signing request):
+
+Serial: SN
+ If this parameter is given an X.509 certificate will be generated.
+ SN is expected to be a hex string representing an unsigned integer
+ of arbitrary length. The special value 'random' can be used to
+ create a 64 bit random serial number.
+
+Issuer-DN: ISSUER-NAME
+ This is the DN name of the issuer in RFC-2253 format. If it is not
+ set it will default to the subject DN and a special GnuPG extension
+ will be included in the certificate to mark it as a standalone
+ certificate.
+
+Creation-Date: ISO-DATE
+Not-Before: ISO-DATE
+ Set the notBefore date of the certificate. Either a date like
+ '1986-04-26' or '1986-04-26 12:00' or a standard ISO timestamp like
+ '19860426T042640' may be used. The time is considered to be UTC.
+ If it is not given the current date is used.
+
+Expire-Date: ISO-DATE
+Not-After: ISO-DATE
+ Set the notAfter date of the certificate. Either a date like
+ '2063-04-05' or '2063-04-05 17:00' or a standard ISO timestamp like
+ '20630405T170000' may be used. The time is considered to be UTC.
+ If it is not given a default value in the not too far future is
+ used.
+
+Signing-Key: KEYGRIP
+ This gives the keygrip of the key used to sign the certificate. If
+ it is not given a self-signed certificate will be created. For
+ compatibility with future versions, it is suggested to prefix the
+ keygrip with a '&'.
+
+Hash-Algo: HASH-ALGO
+ Use HASH-ALGO for this CSR or certificate. The supported hash
+ algorithms are: 'sha1', 'sha256', 'sha384' and 'sha512'; they may
+ also be specified with uppercase letters. The default is 'sha256'.
+
+Authority-Key-Id: HEXSTRING
+ Insert the decoded value of HEXSTRING as authorityKeyIdentifier.
+ If this is not given and an ECC algorithm is used the public part
+ of the certified public key is used as authorityKeyIdentifier. To
+ inhibit any authorityKeyIdentifier use the special value 'none' for
+ HEXSTRING.
+
+Subject-Key-Id: HEXSTRING
+ Insert the decoded value of HEXSTRING as subjectKeyIdentifier. If
+ this is not given and an ECC algorithm is used the public part of
+ the signing key is used as authorityKeyIdentifier. To inhibit any
+ subjectKeyIdentifier use the special value 'none' for HEXSTRING.
+
+
File: gnupg.info, Node: GPGSM Protocol, Prev: Unattended Usage, Up: Invoking GPGSM
5.6 The Protocol the Server Mode Uses
@@ -355,6 +556,9 @@ This is a multipurpose function to return a variety of information.
Return OK if the connection is in offline mode. This may be either
due to a 'OPTION offline=1' or due to 'gpgsm' being started with
option '--disable-dirmngr'.
+'always-trust'
+ Returns OK of the connection is in always-trust mode. That is
+ either '--always-trust' or 'GPGSM OPTION always-trust' are active.

File: gnupg.info, Node: GPGSM OPTION, Prev: GPGSM GETINFO, Up: GPGSM Protocol
@@ -449,6 +653,18 @@ The standard Assuan option handler supports these options.
disabled for this session. This is the same as the command line
option '--disable-dirmngr'.
+'always-trust'
+ If VALUE is true or VALUE is not given encryption to the specified
+ certificates is forced without any validation of the certificate
+ chain. The only requirement is that the certificates are capable
+ of encryption. If set to false the standard behaviour is
+ re-established. This option is cleared by a RESET and after each
+ encrypt operation. Note that this option is ignored if
+ '--always-trust' or '--require-compliance' are used.
+
+'input-size-hint'
+ This is the same as the '--input-size-hint' command line option.
+

File: gnupg.info, Node: Invoking SCDAEMON, Next: Specify a User ID, Prev: Invoking GPGSM, Up: Top
@@ -649,7 +865,7 @@ File: gnupg.info, Node: Scdaemon Options, Next: Card applications, Prev: Scda
'--pcsc-shared'
Use shared mode to access the card via PC/SC. This is a somewhat
- dangerous option because Scdaemon assumes exclusivbe access to teh
+ dangerous option because Scdaemon assumes exclusive access to the
card and for example caches certain information from the card. Use
this option only if you know what you are doing.
@@ -871,7 +1087,7 @@ accounts are hosted on the machine.
A client connects to the SC-Daemon by connecting to the socket named
'/usr/local/var/run/gnupg/scdaemon/socket', configuration information is
-read from /ETC/GNUPG/SCDAEMON.CONF
+read from /USR/LOCAL/ETC/GNUPG/SCDAEMON.CONF
Each connection acts as one session, SC-Daemon takes care of
synchronizing access to a token between sessions.
@@ -2930,7 +3146,8 @@ using the same format as used by PGP's PGP Zip.
Put given files and directories into a vanilla "ustar" archive.
'--extract'
- Extract all files from a vanilla "ustar" archive.
+ Extract all files from a vanilla "ustar" archive. If no file name
+ is given (or it is "-") the archive is taken from stdin.
'--encrypt'
'-e'
@@ -2940,7 +3157,8 @@ using the same format as used by PGP's PGP Zip.
'--decrypt'
'-d'
- Extract all files from an encrypted archive.
+ Extract all files from an encrypted archive. If no file name is
+ given (or it is "-") the archive is taken from stdin.
'--sign'
'-s'
@@ -2950,7 +3168,8 @@ using the same format as used by PGP's PGP Zip.
'--list-archive'
'-t'
- List the contents of the specified archive.
+ List the contents of the specified archive. If no file name is
+ given (or it is "-") the archive is taken from stdin.
'--symmetric'
'-c'
@@ -3045,6 +3264,11 @@ using the same format as used by PGP's PGP Zip.
no input filename is known a directory named 'GPGARCH' is used.
This option is deprecated in favor of option '--directory'.
+'--no-compress'
+ This option tells gpg to disable compression (i.e. using option
+ -z0). It is useful for archiving only large files which are are
+ already compressed (e.g. a set of videos).
+
'--gpg GPGCMD'
Use the specified command GPGCMD instead of 'gpg'.
@@ -3280,6 +3504,14 @@ invoked manually to check for a Web Key Directory entry for
addrspec, e.g. "postel@isi.edu") per line. Empty lines and lines
starting with a '#' are ignored.
+'--add-revocs'
+'--no-add-revocs'
+ If enabled append revocation certificates for the same addrspec as
+ used in the WKD to the key. Modern gpg version are able to import
+ and apply them for existing keys. Note that when used with the
+ '--mirror' command the revocation are searched in the local keyring
+ and not in an LDAP directory. The default is '--add-revocs'.
+
'--verbose'
Enable extra informational output.
@@ -4696,15 +4928,15 @@ are not listed.
David Shaw, Matthew Skala, Michael Roth, Niklas Hernaeus, Nils
Ellmenreich, Rémi Guyomarch, Stefan Bellon, Timo Schulz and Werner Koch
wrote the code. Birger Langkjer, Daniel Resare, Dokianakis Theofanis,
-Edmund GRIMLEY EVANS, Gaël Quéri, Gregory Steuck, Nagy Ferenc
-László, Ivo Timmermans, Jacobo Tarri'o Barreiro, Janusz Aleksander
-Urbanowicz, Jedi Lin, Jouni Hiltunen, Laurentiu Buzdugan, Magda
-Procha'zkova', Michael Anckaert, Michal Majer, Marco d'Itri, Nilgun
-Belma Buguner, Pedro Morais, Tedi Heriyanto, Thiago Jung Bauermann,
-Rafael Caetano dos Santos, Toomas Soome, Urko Lusa, Walter Koch, Yosiaki
-IIDA did the official translations. Mike Ashley wrote and maintains the
-GNU Privacy Handbook. David Scribner is the current FAQ editor.
-Lorenzo Cappelletti maintains the web site.
+Edmund GRIMLEY EVANS, Gaël Quéri, Gregory Steuck, Nagy Ferenc László,
+Ivo Timmermans, Jacobo Tarri'o Barreiro, Janusz Aleksander Urbanowicz,
+Jedi Lin, Jouni Hiltunen, Laurentiu Buzdugan, Magda Procha'zkova',
+Michael Anckaert, Michal Majer, Marco d'Itri, Nilgun Belma Buguner,
+Pedro Morais, Tedi Heriyanto, Thiago Jung Bauermann, Rafael Caetano dos
+Santos, Toomas Soome, Urko Lusa, Walter Koch, Yosiaki IIDA did the
+official translations. Mike Ashley wrote and maintains the GNU Privacy
+Handbook. David Scribner is the current FAQ editor. Lorenzo
+Cappelletti maintains the web site.
The new modularized architecture of gnupg 1.9 as well as the
X.509/CMS part has been developed as part of the Ägypten project.
@@ -4859,11 +5091,12 @@ Option Index
* Menu:
-* --override-compliance-check: GPG Esoteric Options.
- (line 424)
-* add-servers: Dirmngr Options. (line 313)
+* add-desig-revoker: GPG Configuration Options.
+ (line 427)
+* add-revocs: gpg-wks-client. (line 133)
+* add-servers: Dirmngr Options. (line 323)
* agent-program: GPG Configuration Options.
- (line 755)
+ (line 781)
* agent-program <1>: Configuration Options.
(line 53)
* agent-program <2>: Invoking gpg-connect-agent.
@@ -4871,59 +5104,60 @@ Option Index
* allow-admin: Scdaemon Options. (line 204)
* allow-emacs-pinentry: Agent Options. (line 206)
* allow-freeform-uid: GPG Esoteric Options.
- (line 367)
+ (line 375)
* allow-loopback-pinentry: Agent Options. (line 188)
* allow-multiple-messages: GPG Esoteric Options.
- (line 560)
+ (line 563)
* allow-non-selfsigned-uid: GPG Esoteric Options.
- (line 362)
-* allow-ocsp: Dirmngr Options. (line 330)
+ (line 370)
+* allow-ocsp: Dirmngr Options. (line 340)
* allow-preset-passphrase: Agent Options. (line 183)
* allow-secret-key-import: GPG Esoteric Options.
- (line 556)
-* allow-version-check: Dirmngr Options. (line 138)
+ (line 559)
+* allow-version-check: Dirmngr Options. (line 145)
* allow-weak-digest-algos: GPG Esoteric Options.
- (line 403)
+ (line 411)
* allow-weak-key-signatures: GPG Esoteric Options.
- (line 419)
+ (line 427)
* always-trust: Deprecated Options. (line 21)
+* always-trust <1>: Esoteric Options. (line 37)
* armor: GPG Input and Output.
(line 8)
* armor <1>: Input and Output. (line 8)
* ask-cert-expire: GPG Esoteric Options.
- (line 521)
+ (line 524)
* ask-cert-level: GPG Configuration Options.
- (line 360)
+ (line 372)
* ask-sig-expire: GPG Esoteric Options.
- (line 507)
+ (line 510)
* assume-armor: Input and Output. (line 14)
* assume-base64: Input and Output. (line 18)
* assume-binary: Input and Output. (line 21)
* attribute-fd: GPG Esoteric Options.
- (line 92)
+ (line 100)
* attribute-file: GPG Esoteric Options.
- (line 98)
+ (line 106)
* auto-check-trustdb: GPG Configuration Options.
- (line 742)
-* auto-expand-secmem: Agent Options. (line 456)
+ (line 768)
+* auto-expand-secmem: Agent Options. (line 449)
* auto-issuer-key-retrieve: Certificate Options. (line 62)
* auto-key-import: GPG Configuration Options.
- (line 578)
+ (line 604)
* auto-key-locate: GPG Configuration Options.
- (line 509)
+ (line 535)
* auto-key-retrieve: GPG Configuration Options.
- (line 590)
+ (line 616)
* base64: Input and Output. (line 11)
* batch: Agent Options. (line 48)
* batch <1>: GPG Configuration Options.
(line 45)
-* batch <2>: gpgtar. (line 104)
+* batch <2>: gpgtar. (line 107)
* blacklist: gpg-wks-client. (line 126)
* bzip2-compress-level: GPG Configuration Options.
- (line 334)
+ (line 335)
* bzip2-decompress-lowmem: GPG Configuration Options.
- (line 344)
-* c: Dirmngr Options. (line 87)
+ (line 356)
+* c: Dirmngr Options. (line 94)
* cache-cert: dirmngr-client. (line 72)
* call-dirmngr: Operational GPGSM Commands.
(line 27)
@@ -4935,13 +5169,13 @@ Option Index
(line 216)
* card-timeout: Scdaemon Options. (line 180)
* cert-digest-algo: GPG Esoteric Options.
- (line 238)
+ (line 246)
* cert-notation: GPG Esoteric Options.
- (line 124)
+ (line 132)
* cert-policy-url: GPG Esoteric Options.
- (line 160)
+ (line 168)
* change-passphrase: OpenPGP Key Management.
- (line 452)
+ (line 464)
* change-passphrase <1>: Certificate Management.
(line 109)
* change-pin: Operational GPG Commands.
@@ -4956,71 +5190,74 @@ Option Index
* check-trustdb: Operational GPG Commands.
(line 349)
* cipher-algo: GPG Esoteric Options.
- (line 199)
+ (line 207)
* cipher-algo <1>: CMS Options. (line 13)
* clear-sign: Operational GPG Commands.
(line 17)
* clearsign: Operational GPG Commands.
(line 18)
-* cms: gpgtar. (line 99)
+* cms: gpgtar. (line 102)
* command-fd: GPG Esoteric Options.
- (line 350)
+ (line 358)
* command-file: GPG Esoteric Options.
- (line 357)
+ (line 365)
* comment: GPG Esoteric Options.
- (line 103)
-* compatibility-flags: Esoteric Options. (line 57)
+ (line 111)
+* compatibility-flags: Dirmngr Options. (line 34)
+* compatibility-flags <1>: GPG Esoteric Options.
+ (line 22)
+* compatibility-flags <2>: Esoteric Options. (line 63)
* compliance: Compliance Options. (line 67)
* compliance <1>: Esoteric Options. (line 18)
* compliant-needed: GPG Configuration Options.
- (line 717)
+ (line 743)
* compress-algo: GPG Esoteric Options.
- (line 215)
+ (line 223)
* compress-level: GPG Configuration Options.
- (line 334)
-* connect-quick-timeout: Dirmngr Options. (line 125)
-* connect-timeout: Dirmngr Options. (line 125)
+ (line 335)
+* connect-quick-timeout: Dirmngr Options. (line 132)
+* connect-timeout: Dirmngr Options. (line 132)
* create: gpgtar. (line 16)
* create-socketdir: Invoking gpgconf. (line 96)
* csh: Agent Options. (line 146)
-* csh <1>: Dirmngr Options. (line 87)
+* csh <1>: Dirmngr Options. (line 94)
* ctapi-driver: Scdaemon Options. (line 157)
* daemon: Agent Commands. (line 27)
* daemon <1>: Dirmngr Commands. (line 27)
* daemon <2>: Scdaemon Commands. (line 31)
* dearmor: Operational GPG Commands.
- (line 403)
+ (line 404)
* debug: Agent Options. (line 82)
-* debug <1>: Dirmngr Options. (line 59)
+* debug <1>: Dirmngr Options. (line 66)
* debug <2>: GPG Esoteric Options.
- (line 47)
-* debug <3>: Esoteric Options. (line 90)
+ (line 55)
+* debug <3>: Esoteric Options. (line 96)
* debug <4>: Scdaemon Options. (line 69)
* debug-all: Agent Options. (line 106)
-* debug-all <1>: Dirmngr Options. (line 66)
+* debug-all <1>: Dirmngr Options. (line 73)
* debug-all <2>: GPG Esoteric Options.
- (line 53)
-* debug-all <3>: Esoteric Options. (line 117)
+ (line 61)
+* debug-all <3>: Esoteric Options. (line 123)
* debug-all <4>: Scdaemon Options. (line 96)
-* debug-allow-core-dump: Esoteric Options. (line 120)
+* debug-allow-core-dump: Esoteric Options. (line 126)
* debug-allow-core-dump <1>: Scdaemon Options. (line 113)
* debug-assuan-log-cats: Scdaemon Options. (line 122)
* debug-disable-ticker: Scdaemon Options. (line 109)
-* debug-ignore-expiration: Esoteric Options. (line 131)
+* debug-ignore-expiration: Esoteric Options. (line 137)
* debug-iolbf: GPG Esoteric Options.
- (line 56)
+ (line 64)
* debug-level: Agent Options. (line 57)
-* debug-level <1>: Dirmngr Options. (line 34)
+* debug-level <1>: Dirmngr Options. (line 41)
* debug-level <2>: GPG Esoteric Options.
- (line 22)
-* debug-level <3>: Esoteric Options. (line 65)
+ (line 30)
+* debug-level <3>: Esoteric Options. (line 71)
* debug-level <4>: Scdaemon Options. (line 40)
* debug-log-tid: Scdaemon Options. (line 119)
-* debug-no-chain-validation: Esoteric Options. (line 127)
+* debug-no-chain-validation: Esoteric Options. (line 133)
* debug-pinentry: Agent Options. (line 126)
* debug-quick-random: Agent Options. (line 114)
* debug-wait: Agent Options. (line 109)
-* debug-wait <1>: Dirmngr Options. (line 74)
+* debug-wait <1>: Dirmngr Options. (line 81)
* debug-wait <2>: Scdaemon Options. (line 99)
* debug-wait <3>: Scdaemon Options. (line 104)
* decode: Invoking gpg-connect-agent.
@@ -5029,30 +5266,30 @@ Option Index
(line 59)
* decrypt <1>: Operational GPGSM Commands.
(line 11)
-* decrypt <2>: gpgtar. (line 29)
+* decrypt <2>: gpgtar. (line 30)
* decrypt-files: Operational GPG Commands.
(line 114)
* default-cache-ttl: Agent Options. (line 217)
* default-cache-ttl <1>: Agent Options. (line 226)
* default-cert-expire: GPG Esoteric Options.
- (line 527)
+ (line 530)
* default-cert-level: GPG Configuration Options.
- (line 368)
+ (line 380)
* default-key: GPG Configuration Options.
(line 10)
-* default-key <1>: Input and Output. (line 34)
+* default-key <1>: Input and Output. (line 40)
* default-keyserver-url: GPG Esoteric Options.
- (line 589)
+ (line 592)
* default-new-key-algo STRING: GPG Esoteric Options.
- (line 534)
+ (line 537)
* default-preference-list: GPG Esoteric Options.
- (line 584)
+ (line 587)
* default-recipient: GPG Configuration Options.
(line 19)
* default-recipient-self: GPG Configuration Options.
(line 23)
* default-sig-expire: GPG Esoteric Options.
- (line 513)
+ (line 516)
* delete-keys: Operational GPG Commands.
(line 224)
* delete-keys <1>: Certificate Management.
@@ -5067,14 +5304,14 @@ Option Index
* detach-sign: Operational GPG Commands.
(line 28)
* digest-algo: GPG Esoteric Options.
- (line 208)
-* directory: gpgtar. (line 76)
+ (line 216)
+* directory: gpgtar. (line 79)
* directory <1>: gpg-wks-client. (line 122)
* directory <2>: gpg-wks-server. (line 50)
* dirmngr: Invoking gpg-connect-agent.
(line 54)
* dirmngr-program: GPG Configuration Options.
- (line 762)
+ (line 788)
* dirmngr-program <1>: Configuration Options.
(line 59)
* dirmngr-program <2>: Invoking gpg-connect-agent.
@@ -5082,27 +5319,27 @@ Option Index
* disable-application: Scdaemon Options. (line 214)
* disable-ccid: Scdaemon Options. (line 162)
* disable-check-own-socket: Agent Options. (line 342)
-* disable-check-own-socket <1>: Dirmngr Options. (line 79)
+* disable-check-own-socket <1>: Dirmngr Options. (line 86)
* disable-cipher-algo: GPG Esoteric Options.
- (line 246)
+ (line 254)
* disable-crl-checks: Certificate Options. (line 13)
* disable-dsa2: GPG Configuration Options.
(line 196)
* disable-extended-key-format: Agent Options. (line 388)
-* disable-http: Dirmngr Options. (line 217)
-* disable-ipv4: Dirmngr Options. (line 211)
-* disable-ipv6: Dirmngr Options. (line 211)
+* disable-http: Dirmngr Options. (line 225)
+* disable-ipv4: Dirmngr Options. (line 219)
+* disable-ipv6: Dirmngr Options. (line 219)
* disable-large-rsa: GPG Configuration Options.
(line 187)
-* disable-ldap: Dirmngr Options. (line 214)
-* disable-mdc: OpenPGP Options. (line 25)
+* disable-ldap: Dirmngr Options. (line 222)
+* disable-mdc: OpenPGP Options. (line 32)
* disable-ocsp: Certificate Options. (line 53)
* disable-pinpad: Scdaemon Options. (line 201)
* disable-policy-checks: Certificate Options. (line 8)
* disable-pubkey-algo: GPG Esoteric Options.
- (line 251)
+ (line 259)
* disable-scdaemon: Agent Options. (line 336)
-* disable-signer-uid: OpenPGP Options. (line 31)
+* disable-signer-uid: OpenPGP Options. (line 38)
* disable-trusted-cert-crl-check: Certificate Options. (line 24)
* display: Agent Options. (line 360)
* display-charset: GPG Configuration Options.
@@ -5119,7 +5356,7 @@ Option Index
(line 303)
* dry-run: GPG Esoteric Options.
(line 8)
-* dry-run <1>: gpgtar. (line 72)
+* dry-run <1>: gpgtar. (line 75)
* dump-cert: Certificate Management.
(line 36)
* dump-chain: Certificate Management.
@@ -5142,7 +5379,7 @@ Option Index
* edit-key: OpenPGP Key Management.
(line 139)
* emit-version: GPG Esoteric Options.
- (line 114)
+ (line 122)
* enable-crl-checks: Certificate Options. (line 13)
* enable-dsa2: GPG Configuration Options.
(line 196)
@@ -5155,35 +5392,35 @@ Option Index
* enable-pinpad-varlen: Scdaemon Options. (line 193)
* enable-policy-checks: Certificate Options. (line 8)
* enable-progress-filter: GPG Esoteric Options.
- (line 69)
-* enable-putty-support: Agent Options. (line 402)
+ (line 77)
+* enable-putty-support: Agent Options. (line 395)
* enable-special-filenames: GPG Esoteric Options.
- (line 571)
+ (line 574)
* enable-special-filenames <1>: gpgv. (line 97)
-* enable-ssh-support: Agent Options. (line 402)
+* enable-ssh-support: Agent Options. (line 395)
* enable-trusted-cert-crl-check: Certificate Options. (line 24)
* enarmor: Operational GPG Commands.
- (line 403)
+ (line 404)
* encrypt: Operational GPG Commands.
(line 32)
* encrypt <1>: Operational GPGSM Commands.
(line 7)
-* encrypt <2>: gpgtar. (line 23)
+* encrypt <2>: gpgtar. (line 24)
* encrypt-files: Operational GPG Commands.
(line 111)
* encrypt-to: GPG Key related Options.
(line 35)
* enforce-passphrase-constraints: Agent Options. (line 244)
* escape-from-lines: GPG Esoteric Options.
- (line 276)
+ (line 284)
* exec: Invoking gpg-connect-agent.
(line 65)
* exec-path: GPG Configuration Options.
(line 225)
* exit-on-status-write-error: GPG Configuration Options.
- (line 791)
+ (line 817)
* expert: GPG Configuration Options.
- (line 846)
+ (line 872)
* export: Operational GPG Commands.
(line 250)
* export <1>: Certificate Management.
@@ -5211,29 +5448,30 @@ Option Index
* extract: gpgtar. (line 19)
* faked-system-time: Agent Options. (line 52)
* faked-system-time <1>: GPG Esoteric Options.
- (line 60)
-* faked-system-time <2>: Esoteric Options. (line 46)
+ (line 68)
+* faked-system-time <2>: Esoteric Options. (line 52)
* fast-list-mode: GPG Esoteric Options.
- (line 462)
+ (line 465)
* fetch-crl: Dirmngr Commands. (line 52)
* fetch-keys: Operational GPG Commands.
(line 333)
* fingerprint: Operational GPG Commands.
(line 194)
* fixed-list-mode: GPG Input and Output.
- (line 284)
+ (line 289)
* flush: Dirmngr Commands. (line 62)
* for-your-eyes-only: GPG Esoteric Options.
- (line 185)
+ (line 193)
* forbid-gen-key: GPG Esoteric Options.
- (line 551)
-* force: Dirmngr Options. (line 93)
+ (line 554)
+* force: Dirmngr Options. (line 100)
* force <1>: watchgnupg. (line 23)
* force-crl-refresh: Certificate Options. (line 35)
* force-default-responder: dirmngr-client. (line 64)
-* force-mdc: OpenPGP Options. (line 25)
+* force-mdc: OpenPGP Options. (line 32)
+* force-ocb: OpenPGP Options. (line 24)
* force-sign-key: GPG Esoteric Options.
- (line 545)
+ (line 548)
* forget: Invoking gpg-preset-passphrase.
(line 26)
* from: gpg-wks-server. (line 54)
@@ -5246,7 +5484,7 @@ Option Index
* gen-key <1>: Certificate Management.
(line 8)
* gen-prime: Operational GPG Commands.
- (line 398)
+ (line 399)
* gen-random: Operational GPG Commands.
(line 391)
* gen-revoke: OpenPGP Key Management.
@@ -5260,14 +5498,14 @@ Option Index
* generate-revocation: OpenPGP Key Management.
(line 119)
* gnupg: Compliance Options. (line 12)
-* gpg: gpgtar. (line 135)
+* gpg: gpgtar. (line 143)
* gpg-agent-info: GPG Configuration Options.
- (line 752)
-* gpg-args: gpgtar. (line 138)
+ (line 778)
+* gpg-args: gpgtar. (line 146)
* gpgconf-list: GPG Esoteric Options.
- (line 605)
+ (line 608)
* gpgconf-test: GPG Esoteric Options.
- (line 609)
+ (line 612)
* grab: Agent Options. (line 153)
* group: GPG Key related Options.
(line 55)
@@ -5281,8 +5519,8 @@ Option Index
* help <4>: Scdaemon Commands. (line 14)
* help <5>: watchgnupg. (line 39)
* help <6>: dirmngr-client. (line 44)
-* help <7>: gpgtar. (line 150)
-* help <8>: gpg-wks-client. (line 141)
+* help <7>: gpgtar. (line 158)
+* help <8>: gpg-wks-client. (line 149)
* help <9>: gpg-wks-server. (line 87)
* hex: Invoking gpg-connect-agent.
(line 91)
@@ -5302,25 +5540,26 @@ Option Index
* homedir <5>: Invoking gpgconf. (line 120)
* homedir <6>: Invoking gpg-connect-agent.
(line 21)
-* honor-http-proxy: Dirmngr Options. (line 236)
-* http-proxy: Dirmngr Options. (line 240)
+* honor-http-proxy: Dirmngr Options. (line 244)
+* http-proxy: Dirmngr Options. (line 250)
* ignore-cache-for-signing: Agent Options. (line 211)
-* ignore-cert: Dirmngr Options. (line 389)
-* ignore-cert-extension: Dirmngr Options. (line 379)
-* ignore-cert-extension <1>: Certificate Options. (line 82)
-* ignore-cert-with-oid: Esoteric Options. (line 37)
+* ignore-cert: Dirmngr Options. (line 407)
+* ignore-cert-extension: Dirmngr Options. (line 389)
+* ignore-cert-extension <1>: Certificate Options. (line 84)
+* ignore-cert-with-oid: Esoteric Options. (line 43)
* ignore-crc-error: GPG Esoteric Options.
- (line 387)
-* ignore-http-dp: Dirmngr Options. (line 220)
-* ignore-ldap-dp: Dirmngr Options. (line 227)
+ (line 395)
+* ignore-crl-extension: Dirmngr Options. (line 399)
+* ignore-http-dp: Dirmngr Options. (line 228)
+* ignore-ldap-dp: Dirmngr Options. (line 235)
* ignore-mdc-error: GPG Esoteric Options.
- (line 394)
-* ignore-ocsp-service-url: Dirmngr Options. (line 232)
+ (line 402)
+* ignore-ocsp-service-url: Dirmngr Options. (line 240)
* ignore-time-conflict: GPG Esoteric Options.
- (line 373)
+ (line 381)
* ignore-time-conflict <1>: gpgv. (line 63)
* ignore-valid-from: GPG Esoteric Options.
- (line 380)
+ (line 388)
* import: Operational GPG Commands.
(line 304)
* import <1>: Certificate Management.
@@ -5332,9 +5571,10 @@ Option Index
* import-ownertrust: Operational GPG Commands.
(line 370)
* include-certs: CMS Options. (line 7)
-* include-key-block: OpenPGP Options. (line 38)
+* include-key-block: OpenPGP Options. (line 45)
* input-size-hint: GPG Input and Output.
(line 29)
+* input-size-hint <1>: Input and Output. (line 24)
* interactive: GPG Esoteric Options.
(line 19)
* keep-display: Agent Options. (line 365)
@@ -5344,119 +5584,119 @@ Option Index
* keydb-clear-some-cert-flags: Certificate Management.
(line 52)
* keyedit:addcardkey: OpenPGP Key Management.
- (line 281)
+ (line 284)
* keyedit:addkey: OpenPGP Key Management.
- (line 278)
+ (line 281)
* keyedit:addphoto: OpenPGP Key Management.
- (line 201)
+ (line 202)
* keyedit:addrevoker: OpenPGP Key Management.
- (line 330)
+ (line 333)
* keyedit:adduid: OpenPGP Key Management.
- (line 198)
+ (line 199)
* keyedit:bkuptocard: OpenPGP Key Management.
- (line 295)
+ (line 298)
* keyedit:change-usage: OpenPGP Key Management.
- (line 357)
+ (line 360)
* keyedit:check: OpenPGP Key Management.
- (line 194)
+ (line 195)
* keyedit:clean: OpenPGP Key Management.
- (line 343)
+ (line 346)
* keyedit:cross-certify: OpenPGP Key Management.
- (line 366)
+ (line 369)
* keyedit:delkey: OpenPGP Key Management.
- (line 306)
+ (line 309)
* keyedit:delsig: OpenPGP Key Management.
- (line 184)
+ (line 185)
* keyedit:deluid: OpenPGP Key Management.
- (line 211)
+ (line 212)
* keyedit:disable: OpenPGP Key Management.
- (line 326)
+ (line 329)
* keyedit:enable: OpenPGP Key Management.
- (line 326)
+ (line 329)
* keyedit:expire: OpenPGP Key Management.
- (line 315)
+ (line 318)
* keyedit:key: OpenPGP Key Management.
(line 148)
* keyedit:keyserver: OpenPGP Key Management.
- (line 228)
+ (line 229)
* keyedit:keytocard: OpenPGP Key Management.
- (line 284)
+ (line 287)
* keyedit:lsign: OpenPGP Key Management.
(line 159)
* keyedit:minimize: OpenPGP Key Management.
- (line 352)
+ (line 355)
* keyedit:notation: OpenPGP Key Management.
- (line 235)
+ (line 236)
* keyedit:nrsign: OpenPGP Key Management.
(line 164)
* keyedit:passwd: OpenPGP Key Management.
- (line 336)
+ (line 339)
* keyedit:pref: OpenPGP Key Management.
- (line 243)
+ (line 244)
* keyedit:primary: OpenPGP Key Management.
- (line 220)
+ (line 221)
* keyedit:quit: OpenPGP Key Management.
- (line 377)
+ (line 380)
* keyedit:revkey: OpenPGP Key Management.
- (line 312)
+ (line 315)
* keyedit:revsig: OpenPGP Key Management.
- (line 189)
+ (line 190)
* keyedit:revuid: OpenPGP Key Management.
- (line 217)
+ (line 218)
* keyedit:save: OpenPGP Key Management.
- (line 374)
+ (line 377)
* keyedit:setpref: OpenPGP Key Management.
- (line 255)
+ (line 256)
* keyedit:showphoto: OpenPGP Key Management.
- (line 208)
+ (line 209)
* keyedit:showpref: OpenPGP Key Management.
- (line 247)
+ (line 248)
* keyedit:sign: OpenPGP Key Management.
(line 152)
* keyedit:toggle: OpenPGP Key Management.
- (line 339)
+ (line 342)
* keyedit:trust: OpenPGP Key Management.
- (line 321)
+ (line 324)
* keyedit:tsign: OpenPGP Key Management.
(line 168)
* keyedit:uid: OpenPGP Key Management.
(line 144)
* keyid-format: GPG Configuration Options.
- (line 627)
+ (line 653)
* keyring: GPG Configuration Options.
(line 229)
* keyring <1>: gpgv. (line 38)
-* keyserver: Dirmngr Options. (line 148)
+* keyserver: Dirmngr Options. (line 155)
* keyserver <1>: GPG Configuration Options.
- (line 636)
+ (line 662)
* keyserver <2>: Configuration Options.
(line 43)
* keyserver-options: GPG Configuration Options.
- (line 655)
+ (line 681)
* kill: Invoking gpgconf. (line 89)
* known-notation: GPG Esoteric Options.
- (line 151)
+ (line 159)
* launch: Invoking gpgconf. (line 80)
* lc-ctype: Agent Options. (line 360)
* lc-messages: Agent Options. (line 360)
-* ldap-proxy: Dirmngr Options. (line 245)
-* ldapserver: Dirmngr Options. (line 275)
-* ldapserverlist-file: Dirmngr Options. (line 256)
-* ldaptimeout: Dirmngr Options. (line 309)
+* ldap-proxy: Dirmngr Options. (line 255)
+* ldapserver: Dirmngr Options. (line 285)
+* ldapserverlist-file: Dirmngr Options. (line 266)
+* ldaptimeout: Dirmngr Options. (line 319)
* learn-card: Certificate Management.
(line 104)
* legacy-list-mode: GPG Input and Output.
- (line 290)
+ (line 295)
* limit-card-insert-tries: GPG Configuration Options.
- (line 800)
-* list-archive: gpgtar. (line 39)
+ (line 826)
+* list-archive: gpgtar. (line 41)
* list-chain: Certificate Management.
(line 32)
* list-config: GPG Esoteric Options.
- (line 594)
+ (line 597)
* list-crls: Dirmngr Commands. (line 40)
* list-gcrypt-config: GPG Esoteric Options.
- (line 602)
+ (line 605)
* list-keys: Operational GPG Commands.
(line 119)
* list-keys <1>: Certificate Management.
@@ -5502,56 +5742,56 @@ Option Index
* list-secret-keys <1>: Certificate Management.
(line 24)
* list-signatures: GPG Esoteric Options.
- (line 450)
+ (line 453)
* list-sigs: GPG Esoteric Options.
- (line 451)
+ (line 454)
* listen-backlog: Agent Options. (line 370)
-* listen-backlog <1>: Dirmngr Options. (line 134)
+* listen-backlog <1>: Dirmngr Options. (line 141)
* listen-backlog <2>: Scdaemon Options. (line 135)
* load-crl: Dirmngr Commands. (line 44)
* load-crl <1>: dirmngr-client. (line 80)
* local-user: GPG Key related Options.
(line 77)
-* local-user <1>: Input and Output. (line 41)
-* local-user <2>: gpgtar. (line 53)
+* local-user <1>: Input and Output. (line 47)
+* local-user <2>: gpgtar. (line 56)
* locate-external-keys: Operational GPG Commands.
(line 170)
* locate-keys: Operational GPG Commands.
(line 170)
* lock-multiple: GPG Configuration Options.
- (line 780)
+ (line 806)
* lock-never: GPG Configuration Options.
- (line 784)
+ (line 810)
* lock-once: GPG Configuration Options.
- (line 776)
+ (line 802)
* log-file: Agent Options. (line 159)
* log-file <1>: Dirmngr Options. (line 30)
* log-file <2>: GPG Esoteric Options.
- (line 86)
+ (line 94)
* log-file <3>: Configuration Options.
(line 80)
* log-file <4>: Scdaemon Options. (line 140)
* log-file <5>: gpgv. (line 59)
* logger-fd: GPG Esoteric Options.
- (line 82)
+ (line 90)
* logger-fd <1>: gpgv. (line 56)
* lookup: dirmngr-client. (line 86)
* lsign-key: OpenPGP Key Management.
- (line 392)
+ (line 395)
* mangle-dos-filenames: GPG Configuration Options.
- (line 352)
+ (line 364)
* marginals-needed: GPG Configuration Options.
- (line 721)
+ (line 747)
* max-cache-ttl: Agent Options. (line 232)
* max-cache-ttl-ssh: Agent Options. (line 238)
* max-cert-depth: GPG Configuration Options.
- (line 729)
+ (line 755)
* max-output: GPG Input and Output.
(line 19)
* max-passphrase-days: Agent Options. (line 278)
-* max-replies: Dirmngr Options. (line 376)
+* max-replies: Dirmngr Options. (line 386)
* min-cert-level: GPG Configuration Options.
- (line 397)
+ (line 409)
* min-passphrase-len: Agent Options. (line 248)
* min-passphrase-nonalpha: Agent Options. (line 253)
* min-rsa-length: Compliance Options. (line 72)
@@ -5559,30 +5799,34 @@ Option Index
* multi-server: Scdaemon Commands. (line 26)
* multifile: Operational GPG Commands.
(line 100)
-* nameserver: Dirmngr Options. (line 203)
+* nameserver: Dirmngr Options. (line 211)
* no: GPG Configuration Options.
(line 67)
-* no <1>: gpgtar. (line 113)
+* no <1>: gpgtar. (line 116)
+* no-add-revocs: gpg-wks-client. (line 133)
* no-allow-external-cache: Agent Options. (line 196)
* no-allow-loopback-pinentry: Agent Options. (line 188)
* no-allow-mark-trusted: Agent Options. (line 167)
* no-armor: GPG Input and Output.
(line 12)
* no-auto-key-import: GPG Configuration Options.
- (line 578)
+ (line 604)
* no-auto-key-retrieve: GPG Configuration Options.
- (line 590)
+ (line 616)
* no-autostart: GPG Configuration Options.
- (line 769)
+ (line 795)
* no-autostart <1>: Configuration Options.
(line 69)
* no-autostart <2>: Invoking gpg-connect-agent.
(line 77)
* no-batch: GPG Configuration Options.
(line 45)
-* no-common-certs-import: Esoteric Options. (line 168)
+* no-common-certs-import: Esoteric Options. (line 174)
+* no-compress: GPG Configuration Options.
+ (line 335)
+* no-compress <1>: gpgtar. (line 138)
* no-default-keyring: GPG Esoteric Options.
- (line 432)
+ (line 435)
* no-default-recipient: GPG Configuration Options.
(line 29)
* no-detach: Agent Options. (line 131)
@@ -5590,54 +5834,54 @@ Option Index
* no-encrypt-to: GPG Key related Options.
(line 51)
* no-expensive-trust-checks: GPG Esoteric Options.
- (line 576)
+ (line 579)
* no-ext-connect: Invoking gpg-connect-agent.
(line 72)
* no-grab: Agent Options. (line 153)
* no-greeting: GPG Configuration Options.
- (line 814)
+ (line 840)
* no-groups: GPG Key related Options.
(line 73)
* no-keyring: GPG Esoteric Options.
- (line 438)
+ (line 441)
* no-literal: GPG Esoteric Options.
- (line 470)
+ (line 473)
* no-mangle-dos-filenames: GPG Configuration Options.
- (line 352)
+ (line 364)
* no-options: GPG Configuration Options.
(line 327)
* no-random-seed-file: GPG Configuration Options.
- (line 808)
+ (line 834)
* no-secmem-warning: GPG Configuration Options.
- (line 817)
+ (line 843)
* no-secmem-warning <1>: Configuration Options.
(line 76)
* no-sig-cache: GPG Configuration Options.
- (line 732)
+ (line 758)
* no-skip-hidden-recipients: GPG Key related Options.
(line 108)
* no-symkey-cache: GPG Esoteric Options.
- (line 337)
+ (line 345)
* no-tty: GPG Configuration Options.
(line 58)
* no-use-standard-socket: Agent Options. (line 350)
-* no-use-tor: Dirmngr Options. (line 98)
+* no-use-tor: Dirmngr Options. (line 105)
* no-user-trustlist: Agent Options. (line 172)
* no-verbose: GPG Configuration Options.
(line 37)
* not-dash-escaped: GPG Esoteric Options.
- (line 266)
-* null: gpgtar. (line 86)
+ (line 274)
+* null: gpgtar. (line 89)
* null <1>: gpg-check-pattern. (line 59)
* ocsp: dirmngr-client. (line 61)
-* ocsp-current-period: Dirmngr Options. (line 371)
-* ocsp-max-clock-skew: Dirmngr Options. (line 363)
-* ocsp-max-period: Dirmngr Options. (line 367)
-* ocsp-responder: Dirmngr Options. (line 337)
-* ocsp-signer: Dirmngr Options. (line 342)
-* only-ldap-proxy: Dirmngr Options. (line 251)
+* ocsp-current-period: Dirmngr Options. (line 381)
+* ocsp-max-clock-skew: Dirmngr Options. (line 373)
+* ocsp-max-period: Dirmngr Options. (line 377)
+* ocsp-responder: Dirmngr Options. (line 347)
+* ocsp-signer: Dirmngr Options. (line 352)
+* only-ldap-proxy: Dirmngr Options. (line 261)
* openpgp: Compliance Options. (line 19)
-* openpgp <1>: gpgtar. (line 95)
+* openpgp <1>: gpgtar. (line 98)
* options: Agent Options. (line 10)
* options <1>: Dirmngr Options. (line 11)
* options <2>: Dirmngr Options. (line 16)
@@ -5648,37 +5892,37 @@ Option Index
* options <5>: Scdaemon Options. (line 7)
* output: GPG Input and Output.
(line 16)
-* output <1>: Input and Output. (line 51)
+* output <1>: Input and Output. (line 57)
* output <2>: gpgv. (line 45)
-* output <3>: gpgtar. (line 57)
+* output <3>: gpgtar. (line 60)
* output <4>: gpg-wks-client. (line 111)
* output <5>: gpg-wks-server. (line 65)
* override-session-key: GPG Esoteric Options.
- (line 494)
-* p12-charset: Input and Output. (line 24)
+ (line 497)
+* p12-charset: Input and Output. (line 30)
* passphrase: GPG Esoteric Options.
- (line 312)
+ (line 320)
* passphrase <1>: Invoking gpg-preset-passphrase.
(line 36)
* passphrase-fd: GPG Esoteric Options.
- (line 291)
-* passphrase-fd <1>: Esoteric Options. (line 136)
+ (line 299)
+* passphrase-fd <1>: Esoteric Options. (line 142)
* passphrase-file: GPG Esoteric Options.
- (line 301)
+ (line 309)
* passphrase-repeat: GPG Esoteric Options.
- (line 283)
+ (line 291)
* passwd: OpenPGP Key Management.
- (line 453)
+ (line 465)
* passwd <1>: Certificate Management.
(line 110)
* pcsc-driver: Scdaemon Options. (line 150)
* pcsc-shared: Scdaemon Options. (line 144)
* pem: dirmngr-client. (line 58)
* permission-warning: GPG Configuration Options.
- (line 820)
-* personal-cipher-preferences: OpenPGP Options. (line 46)
-* personal-compress-preferences: OpenPGP Options. (line 64)
-* personal-digest-preferences: OpenPGP Options. (line 55)
+ (line 846)
+* personal-cipher-preferences: OpenPGP Options. (line 53)
+* personal-compress-preferences: OpenPGP Options. (line 71)
+* personal-digest-preferences: OpenPGP Options. (line 62)
* pgp6: Compliance Options. (line 44)
* pgp7: Compliance Options. (line 54)
* pgp8: Compliance Options. (line 60)
@@ -5687,8 +5931,8 @@ Option Index
* pinentry-formatted-passphrase: Agent Options. (line 297)
* pinentry-invisible-char: Agent Options. (line 286)
* pinentry-mode: GPG Esoteric Options.
- (line 322)
-* pinentry-mode <1>: Esoteric Options. (line 145)
+ (line 330)
+* pinentry-mode <1>: Esoteric Options. (line 151)
* pinentry-program: Agent Options. (line 310)
* pinentry-timeout: Agent Options. (line 291)
* pinentry-touch-file: Agent Options. (line 323)
@@ -5698,7 +5942,7 @@ Option Index
* prefer-system-dirmngr: Configuration Options.
(line 63)
* preserve-permissions: GPG Esoteric Options.
- (line 579)
+ (line 582)
* preset: Invoking gpg-preset-passphrase.
(line 22)
* primary-keyring: GPG Configuration Options.
@@ -5710,23 +5954,25 @@ Option Index
* quick-add-key: OpenPGP Key Management.
(line 69)
* quick-add-uid: OpenPGP Key Management.
- (line 420)
+ (line 423)
* quick-gen-key: OpenPGP Key Management.
(line 10)
* quick-generate-key: OpenPGP Key Management.
(line 10)
* quick-lsign-key: OpenPGP Key Management.
- (line 398)
+ (line 401)
* quick-revoke-sig: OpenPGP Key Management.
- (line 435)
+ (line 438)
* quick-revoke-uid: OpenPGP Key Management.
- (line 427)
+ (line 430)
* quick-set-expire: OpenPGP Key Management.
(line 60)
* quick-set-primary-uid: OpenPGP Key Management.
- (line 445)
+ (line 448)
* quick-sign-key: OpenPGP Key Management.
- (line 398)
+ (line 401)
+* quick-update-pref: OpenPGP Key Management.
+ (line 455)
* quiet: Agent Options. (line 45)
* quiet <1>: GPG Configuration Options.
(line 40)
@@ -5735,8 +5981,8 @@ Option Index
* quiet <4>: Invoking gpg-connect-agent.
(line 18)
* quiet <5>: dirmngr-client. (line 48)
-* quiet <6>: gpgtar. (line 65)
-* quiet <7>: gpg-wks-client. (line 135)
+* quiet <6>: gpgtar. (line 68)
+* quiet <7>: gpg-wks-client. (line 143)
* quiet <8>: gpg-wks-server. (line 81)
* raw-socket: Invoking gpg-connect-agent.
(line 59)
@@ -5747,11 +5993,11 @@ Option Index
(line 313)
* recipient: GPG Key related Options.
(line 8)
-* recipient <1>: Input and Output. (line 46)
-* recipient <2>: gpgtar. (line 49)
+* recipient <1>: Input and Output. (line 52)
+* recipient <2>: gpgtar. (line 52)
* recipient-file: GPG Key related Options.
(line 22)
-* recursive-resolver: Dirmngr Options. (line 117)
+* recursive-resolver: Dirmngr Options. (line 124)
* recv-keys: Operational GPG Commands.
(line 314)
* refresh-keys: Operational GPG Commands.
@@ -5759,28 +6005,28 @@ Option Index
* reload: Invoking gpgconf. (line 74)
* remove-socketdir: Invoking gpgconf. (line 102)
* request-origin: GPG Esoteric Options.
- (line 342)
-* request-origin <1>: Esoteric Options. (line 160)
+ (line 350)
+* request-origin <1>: Esoteric Options. (line 166)
* require-compliance: Compliance Options. (line 77)
* require-compliance <1>: Esoteric Options. (line 27)
-* require-compliance <2>: gpgtar. (line 117)
+* require-compliance <2>: gpgtar. (line 120)
* require-cross-certification: GPG Configuration Options.
- (line 839)
+ (line 865)
* require-secmem: GPG Configuration Options.
- (line 834)
-* resolver-timeout: Dirmngr Options. (line 120)
+ (line 860)
+* resolver-timeout: Dirmngr Options. (line 127)
* rfc2440: Compliance Options. (line 37)
* rfc4880: Compliance Options. (line 25)
* rfc4880bis: Compliance Options. (line 30)
* run: Invoking gpg-connect-agent.
(line 82)
-* s: Dirmngr Options. (line 87)
-* s2k-calibration: Agent Options. (line 465)
-* s2k-cipher-algo: OpenPGP Options. (line 74)
-* s2k-count: Agent Options. (line 472)
-* s2k-count <1>: OpenPGP Options. (line 90)
-* s2k-digest-algo: OpenPGP Options. (line 79)
-* s2k-mode: OpenPGP Options. (line 83)
+* s: Dirmngr Options. (line 94)
+* s2k-calibration: Agent Options. (line 458)
+* s2k-cipher-algo: OpenPGP Options. (line 81)
+* s2k-count: Agent Options. (line 465)
+* s2k-count <1>: OpenPGP Options. (line 97)
+* s2k-digest-algo: OpenPGP Options. (line 86)
+* s2k-mode: OpenPGP Options. (line 90)
* scdaemon-program: Agent Options. (line 332)
* search-keys: Operational GPG Commands.
(line 323)
@@ -5798,16 +6044,16 @@ Option Index
(line 24)
* server <3>: Scdaemon Commands. (line 22)
* set-filename: GPG Esoteric Options.
- (line 178)
-* set-filename <1>: gpgtar. (line 129)
+ (line 186)
+* set-filename <1>: gpgtar. (line 132)
* set-filesize: GPG Esoteric Options.
- (line 474)
+ (line 477)
* set-notation: GPG Esoteric Options.
- (line 124)
+ (line 132)
* set-policy-url: GPG Esoteric Options.
- (line 160)
+ (line 168)
* sh: Agent Options. (line 146)
-* sh <1>: Dirmngr Options. (line 87)
+* sh <1>: Dirmngr Options. (line 94)
* show-keyring: Deprecated Options. (line 16)
* show-keys: Operational GPG Commands.
(line 185)
@@ -5815,36 +6061,36 @@ Option Index
* show-photos: Deprecated Options. (line 8)
* show-policy-url: Deprecated Options. (line 33)
* show-session-key: GPG Esoteric Options.
- (line 478)
+ (line 481)
* shutdown: Dirmngr Commands. (line 58)
* sig-keyserver-url: GPG Esoteric Options.
- (line 170)
+ (line 178)
* sig-notation: GPG Esoteric Options.
- (line 124)
+ (line 132)
* sig-policy-url: GPG Esoteric Options.
- (line 160)
+ (line 168)
* sign: Operational GPG Commands.
(line 8)
* sign <1>: Operational GPGSM Commands.
(line 16)
* sign-key: OpenPGP Key Management.
- (line 388)
-* skip-crypto: gpgtar. (line 68)
+ (line 391)
+* skip-crypto: gpgtar. (line 71)
* skip-hidden-recipients: GPG Key related Options.
(line 108)
* skip-verify: GPG Esoteric Options.
- (line 442)
+ (line 445)
* squid-mode: dirmngr-client. (line 101)
-* ssh-fingerprint-digest: Agent Options. (line 450)
-* standard-resolver: Dirmngr Options. (line 110)
+* ssh-fingerprint-digest: Agent Options. (line 443)
+* standard-resolver: Dirmngr Options. (line 117)
* status-fd: GPG Esoteric Options.
- (line 74)
+ (line 82)
* status-fd <1>: gpgv. (line 52)
* status-fd <2>: Invoking gpgconf. (line 158)
-* status-fd <3>: gpgtar. (line 120)
+* status-fd <3>: gpgtar. (line 123)
* status-fd <4>: gpg-wks-client. (line 115)
* status-file: GPG Esoteric Options.
- (line 78)
+ (line 86)
* steal-socket: Agent Options. (line 135)
* store: Operational GPG Commands.
(line 55)
@@ -5855,36 +6101,36 @@ Option Index
* symmetric: Operational GPG Commands.
(line 42)
* sys-trustlist-name: Agent Options. (line 177)
-* tar-args: gpgtar. (line 141)
+* tar-args: gpgtar. (line 149)
* textmode: OpenPGP Options. (line 8)
* throw-keyids: GPG Esoteric Options.
- (line 257)
+ (line 265)
* time-only: watchgnupg. (line 30)
-* tls-debug: Dirmngr Options. (line 69)
+* tls-debug: Dirmngr Options. (line 76)
* tofu-default-policy: GPG Configuration Options.
- (line 725)
+ (line 751)
* tofu-policy: Operational GPG Commands.
- (line 408)
+ (line 409)
* trust-model: GPG Configuration Options.
- (line 412)
+ (line 438)
* trust-model:always: GPG Configuration Options.
- (line 493)
+ (line 519)
* trust-model:auto: GPG Configuration Options.
- (line 502)
+ (line 528)
* trust-model:classic: GPG Configuration Options.
- (line 420)
+ (line 446)
* trust-model:direct: GPG Configuration Options.
- (line 485)
+ (line 511)
* trust-model:pgp: GPG Configuration Options.
- (line 415)
+ (line 441)
* trust-model:tofu: GPG Configuration Options.
- (line 423)
+ (line 449)
* trust-model:tofu+pgp: GPG Configuration Options.
- (line 473)
+ (line 499)
* trustdb-name: GPG Configuration Options.
(line 253)
* trusted-key: GPG Configuration Options.
- (line 403)
+ (line 415)
* try-all-secrets: GPG Key related Options.
(line 100)
* try-secret-key: GPG Key related Options.
@@ -5898,22 +6144,22 @@ Option Index
* url: dirmngr-client. (line 94)
* url <1>: dirmngr-client. (line 98)
* use-agent: GPG Configuration Options.
- (line 749)
+ (line 775)
* use-embedded-filename: GPG Esoteric Options.
- (line 194)
+ (line 202)
* use-standard-socket: Agent Options. (line 350)
* use-standard-socket-p: Agent Options. (line 350)
-* use-tor: Dirmngr Options. (line 98)
+* use-tor: Dirmngr Options. (line 105)
* utf8-strings: GPG Configuration Options.
(line 308)
-* utf8-strings <1>: gpgtar. (line 90)
+* utf8-strings <1>: gpgtar. (line 93)
* v: Dirmngr Options. (line 25)
* v <1>: Configuration Options.
(line 38)
* v <2>: Scdaemon Options. (line 35)
* v <3>: dirmngr-client. (line 53)
* validate: dirmngr-client. (line 76)
-* validation-model: Certificate Options. (line 73)
+* validation-model: Certificate Options. (line 75)
* verbose: Agent Options. (line 39)
* verbose <1>: Dirmngr Options. (line 25)
* verbose <2>: GPG Configuration Options.
@@ -5928,9 +6174,9 @@ Option Index
* verbose <8>: Invoking gpg-connect-agent.
(line 14)
* verbose <9>: dirmngr-client. (line 53)
-* verbose <10>: gpgtar. (line 61)
+* verbose <10>: gpgtar. (line 64)
* verbose <11>: gpg-check-pattern. (line 53)
-* verbose <12>: gpg-wks-client. (line 132)
+* verbose <12>: gpg-wks-client. (line 140)
* verbose <13>: gpg-wks-server. (line 78)
* verify: Operational GPG Commands.
(line 67)
@@ -5971,46 +6217,46 @@ Option Index
* version <4>: Scdaemon Commands. (line 10)
* version <5>: watchgnupg. (line 36)
* version <6>: dirmngr-client. (line 40)
-* version <7>: gpgtar. (line 147)
-* version <8>: gpg-wks-client. (line 138)
+* version <7>: gpgtar. (line 155)
+* version <8>: gpg-wks-client. (line 146)
* version <9>: gpg-wks-server. (line 84)
* warranty: General GPG Commands.
(line 17)
* warranty <1>: General GPGSM Commands.
(line 15)
* weak-digest: GPG Esoteric Options.
- (line 411)
+ (line 419)
* weak-digest <1>: gpgv. (line 90)
* with-colons: GPG Input and Output.
- (line 276)
+ (line 281)
* with-colons <1>: gpg-wks-client. (line 76)
* with-dir: gpg-wks-server. (line 69)
-* with-ephemeral-keys: Esoteric Options. (line 52)
+* with-ephemeral-keys: Esoteric Options. (line 58)
* with-file: gpg-wks-server. (line 73)
* with-fingerprint: GPG Input and Output.
- (line 296)
+ (line 301)
* with-icao-spelling: GPG Input and Output.
- (line 307)
+ (line 312)
* with-key-data: GPG Esoteric Options.
- (line 446)
-* with-key-data <1>: Input and Output. (line 54)
+ (line 449)
+* with-key-data <1>: Input and Output. (line 60)
* with-key-origin: GPG Input and Output.
- (line 315)
+ (line 320)
* with-keygrip: GPG Input and Output.
- (line 311)
-* with-log: gpgtar. (line 124)
+ (line 316)
+* with-log: gpgtar. (line 127)
* with-secret: GPG Input and Output.
- (line 326)
-* with-secret <1>: Input and Output. (line 78)
+ (line 331)
+* with-secret <1>: Input and Output. (line 84)
* with-subkey-fingerprint: GPG Input and Output.
- (line 300)
-* with-validation: Input and Output. (line 60)
+ (line 305)
+* with-validation: Input and Output. (line 66)
* with-wkd-hash: GPG Input and Output.
- (line 321)
+ (line 326)
* xauthority: Agent Options. (line 360)
* yes: GPG Configuration Options.
(line 63)
-* yes <1>: gpgtar. (line 108)
+* yes <1>: gpgtar. (line 111)

File: gnupg.info, Node: Environment Index, Next: Index, Prev: Option Index, Up: Top
@@ -6021,18 +6267,18 @@ Environment Variable and File Index
* Menu:
-* .gpg-v21-migrated: GPG Configuration. (line 77)
-* ~/.gnupg: GPG Configuration. (line 27)
+* .gpg-v21-migrated: GPG Configuration. (line 78)
+* ~/.gnupg: GPG Configuration. (line 28)
* ASSUAN_DEBUG: Scdaemon Options. (line 122)
-* COLUMNS: GPG Configuration. (line 118)
-* com-certs.pem: GPGSM Configuration. (line 84)
+* COLUMNS: GPG Configuration. (line 119)
+* com-certs.pem: GPGSM Configuration. (line 85)
* dirmngr.conf: Dirmngr Configuration.
(line 12)
* DISPLAY: GPGSM OPTION. (line 21)
* GNUPGHOME: Agent Options. (line 17)
* GNUPGHOME <1>: GPG Configuration Options.
(line 260)
-* GNUPGHOME <2>: GPG Configuration. (line 106)
+* GNUPGHOME <2>: GPG Configuration. (line 107)
* GNUPGHOME <3>: Configuration Options.
(line 16)
* GNUPGHOME <4>: Scdaemon Options. (line 13)
@@ -6040,8 +6286,8 @@ Environment Variable and File Index
* GNUPGHOME <6>: Invoking gpgconf. (line 120)
* GNUPGHOME <7>: Invoking gpg-connect-agent.
(line 21)
-* GNUPG_BUILD_ROOT: GPG Configuration. (line 130)
-* GNUPG_EXEC_DEBUG_FLAGS: GPG Configuration. (line 135)
+* GNUPG_BUILD_ROOT: GPG Configuration. (line 131)
+* GNUPG_EXEC_DEBUG_FLAGS: GPG Configuration. (line 136)
* gpg-agent.conf: Agent Configuration. (line 11)
* gpg.conf: GPG Configuration. (line 11)
* gpgconf.ctl: Agent Options. (line 28)
@@ -6069,31 +6315,31 @@ Environment Variable and File Index
* HKCU\Software\GNU\GnuPG:HomeDir <5>: Invoking gpgconf. (line 120)
* HKCU\Software\GNU\GnuPG:HomeDir <6>: Invoking gpg-connect-agent.
(line 21)
-* HOME: GPG Configuration. (line 103)
-* http_proxy: Dirmngr Options. (line 240)
-* LANGUAGE: GPG Configuration. (line 121)
+* HOME: GPG Configuration. (line 104)
+* http_proxy: Dirmngr Options. (line 250)
+* LANGUAGE: GPG Configuration. (line 122)
* LC_CTYPE: GPGSM OPTION. (line 27)
* LC_MESSAGES: GPGSM OPTION. (line 29)
-* LINES: GPG Configuration. (line 118)
-* openpgp-revocs.d: GPG Configuration. (line 91)
+* LINES: GPG Configuration. (line 119)
+* openpgp-revocs.d: GPG Configuration. (line 92)
* PATH: GPG Configuration Options.
(line 225)
-* PINENTRY_USER_DATA: GPG Configuration. (line 113)
+* PINENTRY_USER_DATA: GPG Configuration. (line 114)
* PINENTRY_USER_DATA <1>: GPGSM OPTION. (line 33)
* policies.txt: GPGSM Configuration. (line 18)
-* private-keys-v1.d: Agent Configuration. (line 106)
-* pubring.gpg: GPG Configuration. (line 32)
-* pubring.kbx: GPG Configuration. (line 50)
-* pubring.kbx <1>: GPGSM Configuration. (line 100)
+* private-keys-v1.d: Agent Configuration. (line 119)
+* pubring.gpg: GPG Configuration. (line 33)
+* pubring.kbx: GPG Configuration. (line 51)
+* pubring.kbx <1>: GPGSM Configuration. (line 101)
* qualified.txt: GPGSM Configuration. (line 33)
-* random_seed: GPG Configuration. (line 88)
-* random_seed <1>: GPGSM Configuration. (line 106)
-* S.gpg-agent: GPGSM Configuration. (line 111)
-* secring.gpg: GPG Configuration. (line 69)
+* random_seed: GPG Configuration. (line 89)
+* random_seed <1>: GPGSM Configuration. (line 107)
+* S.gpg-agent: GPGSM Configuration. (line 112)
+* secring.gpg: GPG Configuration. (line 70)
* SHELL: Agent Options. (line 146)
-* sshcontrol: Agent Configuration. (line 76)
+* sshcontrol: Agent Configuration. (line 89)
* TERM: GPGSM OPTION. (line 25)
-* trustdb.gpg: GPG Configuration. (line 80)
+* trustdb.gpg: GPG Configuration. (line 81)
* trustlist.txt: Agent Configuration. (line 20)
* XAUTHORITY: GPGSM OPTION. (line 31)
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 8766250..463b6a6 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -632,16 +632,10 @@ remote machine.
@itemx --disable-extended-key-format
@opindex enable-extended-key-format
@opindex disable-extended-key-format
-Since version 2.2.22 keys are created in the extended private key
-format by default. Changing the passphrase of a key will also convert
-the key to that new format. This key format is supported since GnuPG
-version 2.1.12 and thus there should be no need to disable it.
-Anyway, the disable option still allows to revert to the old behavior
-for new keys; be aware that keys are never migrated back to the old
-format. If the enable option has been used the disable option won't
-have an effect. The advantage of the extended private key format is
-that it is text based and can carry additional meta data. In extended
-key format the OCB mode is used for key protection.
+These options are obsolete and have no effect. The extended key format
+is used for years now and has been supported since 2.1.12. Existing
+keys in the old format are migrated to the new format as soon as they
+are touched.
@anchor{option --enable-ssh-support}
@item --enable-ssh-support
@@ -829,6 +823,17 @@ CRL checking for the root certificate.
If validation of a certificate finally issued by a CA with this flag set
fails, try again using the chain validation model.
+@item qual
+The CA is allowed to issue certificates for qualified signatures.
+This flag has an effect only if used in the global list. This is now
+the preferred way to mark such CA; the old way of having a separate
+file @file{qualified.txt} is still supported.
+
+@item de-vs
+The CA is part of an approved PKI for the German classification level
+VS-NfD. It is only valid in the global trustlist. As of now this is
+used only for documentation purpose.
+
@end table
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 39c996b..d1142a3 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -609,13 +609,14 @@ Print message digest of algorithm @var{algo} for all given files or STDIN.
With the second form (or a deprecated "*" for @var{algo}) digests for all
available algorithms are printed.
-@item --gen-random @var{0|1|2} @var{count}
+@item --gen-random @var{0|1|2|16|30} @var{count}
@opindex gen-random
Emit @var{count} random bytes of the given quality level 0, 1 or 2. If
@var{count} is not given or zero, an endless sequence of random bytes
will be emitted. If used with @option{--armor} the output will be
-base64 encoded. PLEASE, don't use this command unless you know what
-you are doing; it may remove precious entropy from the system!
+base64 encoded. The special level 16 uses a quality level of 1 and
+outputs and endless stream of hex-encoded octets. The special level
+30 outputs random as 30 zBase-32 characters.
@item --gen-prime @var{mode} @var{bits}
@opindex gen-prime
@@ -848,9 +849,10 @@ line.
@opindex keyedit:tsign
Make a trust signature. This is a signature that combines the notions
of certification (like a regular signature), and trust (like the
- "trust" command). It is generally only useful in distinct communities
- or groups. For more information please read the sections
- ``Trust Signature'' and ``Regular Expression'' in RFC-4880.
+ "trust" command). It is generally useful in distinct communities
+ or groups to implement the concept of a Trusted Introducer. For
+ more information please read the sections ``Trust Signature'' and
+ ``Regular Expression'' in RFC-4880.
@end table
@c man:.RS
@@ -956,7 +958,8 @@ signing.
--version} to get a list of available algorithms. Note that while you
can change the preferences on an attribute user ID (aka "photo ID"),
GnuPG does not select keys via attribute user IDs so these preferences
- will not be used by GnuPG.
+ will not be used by GnuPG. Note that an unattended version of this
+ command is available as @option{--quick-update-pref}.
When setting preferences, you should list the algorithms in the order
which you'd like to see them used by someone else when encrypting a
@@ -1164,6 +1167,16 @@ user ID which shall be flagged as the primary user ID. The primary
user ID flag is removed from all other user ids and the timestamp of
all affected self-signatures is set one second ahead.
+@item --quick-update-pref @var{user-id}
+@opindex quick-update-pref
+This command updates the preference list of the key to the current
+default value (either built-in or set via
+@option{--default-preference-list}). This is the unattended version
+of of using "setpref" in the @option{--key-edit} menu without giving a
+list. Note that you can show the preferences in a key listing by
+using @option{--list-options show-pref} or @option{--list-options
+show-pref-verbose}. You should also re-distribute updated keys to
+your peers.
@item --change-passphrase @var{user-id}
@opindex change-passphrase
@@ -1599,15 +1612,30 @@ prevent the creation of a @file{~/.gnupg} homedir.
@item -z @var{n}
@itemx --compress-level @var{n}
@itemx --bzip2-compress-level @var{n}
+@itemx --no-compress
@opindex compress-level
@opindex bzip2-compress-level
+@opindex no-compress
Set compression level to @var{n} for the ZIP and ZLIB compression
algorithms. The default is to use the default compression level of zlib
(normally 6). @option{--bzip2-compress-level} sets the compression level
for the BZIP2 compression algorithm (defaulting to 6 as well). This is a
different option from @option{--compress-level} since BZIP2 uses a
significant amount of memory for each additional compression level.
-@option{-z} sets both. A value of 0 for @var{n} disables compression.
+
+Option @option{-z} sets both. A value of 0 for @var{n} disables
+compression. A value of -1 forces compression using the default
+level. Option @option{--no-compress} is identical to @option{-z0}.
+
+Except for the @option{--store} command compression is always used
+unless @command{gpg} detects that the input is already compressed. To
+inhibit the use of compression use @option{-z0} or
+@option{--no-compress}; to force compression use @option{-z-1} or
+option @option{z} with another compression level than the default as
+indicated by -1. Note that this overriding of the default deection
+works only with @option{z} and not with the long variant of this
+option.
+
@item --bzip2-decompress-lowmem
@opindex bzip2-decompress-lowmem
@@ -1683,7 +1711,22 @@ useful if you don't want to keep your secret keys (or one of them)
online but still want to be able to check the validity of a given
recipient's or signator's key. If the given key is not locally
available but an LDAP keyserver is configured the missing key is
-imported from that server.
+imported from that server. The value "none" is explicitly allowed to
+distinguish between the use of any trusted-key option and no use of
+this option at all (e.g. due to the @option{--no-options} option).
+
+@item --add-desig-revoker [sensitive:]@var{fingerprint}
+@opindex add-desig-revoker
+Add the key specified by @var{fingerprint} as a designated revoker to
+newly created keys. If the fingerprint is prefixed with the keyword
+``sensitive:'' that info is normally not exported wit the key. This
+option may be given several time to add more than one designated
+revoker. If the keyword ``clear'' is used instead of a fingerprint,
+all designated options previously encountered are discarded.
+Designated revokers are marked on the key as non-revocable. Note that
+a designated revoker specified using a parameter file will also be
+added to the key.
+
@item --trust-model @{pgp|classic|tofu|tofu+pgp|direct|always|auto@}
@opindex trust-model
@@ -2611,6 +2654,11 @@ opposite meaning. The options are:
to put into DNS zone files. An ORIGIN line is printed before each
record to allow diverting the records to the corresponding zone file.
+ @item export-revocs
+ Export only standalone revocation certificates of the key. This
+ option does not export revocations of 3rd party certificate
+ revocations.
+
@item export-dane
Instead of outputting the key material output OpenPGP DANE records
suitable to put into DNS zone files. An ORIGIN line is printed before
@@ -2709,6 +2757,14 @@ is the default.
@itemx --no-force-v4-certs
These options are obsolete and have no effect since GnuPG 2.1.
+@item --force-ocb
+@opindex force-ocb
+Force the use of OCB mode encryption instead of CFB+MDC encryption.
+OCB is a modern and faster way to do authenticated encryption than the
+older CFB+MDC method. This option is only useful for symmetric-only
+encryption because the mode is automatically selected based on the
+preferences of the recipients's public keys.
+
@item --force-mdc
@itemx --disable-mdc
@opindex force-mdc
@@ -2928,6 +2984,14 @@ therefore enables a fast listing of the encryption keys.
@opindex interactive
Prompt before overwriting any files.
+@item --compatibility-flags @var{flags}
+@opindex compatibility-flags
+Set compatibility flags to work around problems due to non-compliant
+keys or data. The @var{flags} are given as a comma separated
+list of flag names and are OR-ed together. The special flag "none"
+clears the list and allows to start over with an empty list. To get a
+list of available flags the sole word "help" can be used.
+
@item --debug-level @var{level}
@opindex debug-level
Select the debug level for investigating problems. @var{level} may be
@@ -3381,13 +3445,7 @@ signatures made using SHA-1, those key signatures are considered
invalid. This options allows to override this restriction.
@item --override-compliance-check
-@opindex --override-compliance-check
-The signature verification only allows the use of keys suitable in the
-current compliance mode. If the compliance mode has been forced by a
-global option, there might be no way to check certain signature. This
-option allows to override this and prints an extra warning in such a
-case. This option is ignored in --batch mode so that no accidental
-unattended verification may happen.
+This was a temporary introduced option and has no more effect.
@item --no-default-keyring
@opindex no-default-keyring
@@ -4032,7 +4090,7 @@ The program returns 0 if there are no severe errors, 1 if at least a
signature was bad, and other error codes for fatal errors.
Note that signature verification requires exact knowledge of what has
-been signed and by whom it has beensigned. Using only the return code
+been signed and by whom it has been signed. Using only the return code
is thus not an appropriate way to verify a signature by a script.
Either make proper use or the status codes or use the @command{gpgv}
tool which has been designed to make signature verification easy for
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index ba91aed..03fe1c9 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -480,8 +480,10 @@ This usually means that Dirmngr is employed to search for the
certificate. Note that this option makes a "web bug" like behavior
possible. LDAP server operators can see which keys you request, so by
sending you a message signed by a brand new key (which you naturally
-will not have on your local keybox), the operator can tell both your IP
-address and the time when you verified the signature.
+will not have on your local keybox), the operator can tell both your
+IP address and the time when you verified the signature. Note that if
+CRL checking is not disabled issuer certificates are retrieved in any
+case using the caIssuers authorityInfoAccess method.
@anchor{gpgsm-option --validation-model}
@@ -536,6 +538,13 @@ Assume the input data is plain base-64 encoded.
@opindex assume-binary
Assume the input data is binary encoded.
+@item --input-size-hint @var{n}
+@opindex input-size-hint
+This option can be used to tell GPGSM the size of the input data in
+bytes. @var{n} must be a positive base-10 number. It is used by the
+@option{--status-fd} line ``PROGRESS'' to provide a value for
+``total'' if that is not available by other means.
+
@anchor{option --p12-charset}
@item --p12-charset @var{name}
@opindex p12-charset
@@ -687,6 +696,13 @@ instead to make sure that the gpgsm process exits with a failure if
the compliance rules are not fulfilled. Note that this option has
currently an effect only in "de-vs" mode.
+@item --always-trust
+@opindex always-trust
+Force encryption to the specified certificates without any validation
+of the certificate chain. The only requirement is that the
+certificate is capable of encryption. Note that this option is
+ineffective if @option{--require-compliance} is used.
+
@item --ignore-cert-with-oid @var{oid}
@opindex ignore-cert-with-oid
Add @var{oid} to the list of OIDs to be checked while reading
@@ -1140,10 +1156,12 @@ General Parameters:
@item Key-Type: @var{algo}
Starts a new parameter block by giving the type of the primary
key. The algorithm must be capable of signing. This is a required
-parameter. The only supported value for @var{algo} is @samp{rsa}.
+parameter. The supported values for @var{algo} are @samp{rsa},
+@samp{ecdsa}, and @samp{eddsa}.
@item Key-Length: @var{nbits}
-The requested length of a generated key in bits. Defaults to 3072.
+The requested length of a generated key in bits. Defaults to
+3072. The value is ignored for ECC algorithms.
@item Key-Grip: @var{hexstring}
This is optional and used to generate a CSR or certificate for an
@@ -1216,6 +1234,20 @@ algorithms are: @samp{sha1}, @samp{sha256}, @samp{sha384} and
@samp{sha512}; they may also be specified with uppercase letters. The
default is @samp{sha256}.
+@item Authority-Key-Id: @var{hexstring}
+Insert the decoded value of @var{hexstring} as authorityKeyIdentifier.
+If this is not given and an ECC algorithm is used the public part of
+the certified public key is used as authorityKeyIdentifier. To
+inhibit any authorityKeyIdentifier use the special value @code{none}
+for @var{hexstring}.
+
+@item Subject-Key-Id: @var{hexstring}
+Insert the decoded value of @var{hexstring} as subjectKeyIdentifier.
+If this is not given and an ECC algorithm is used the public part of
+the signing key is used as authorityKeyIdentifier. To inhibit any
+subjectKeyIdentifier use the special value @code{none} for
+@var{hexstring}.
+
@end table
@c *******************************************
@@ -1580,6 +1612,10 @@ The leading two dashes usually used with @var{opt} shall not be given.
Return OK if the connection is in offline mode. This may be either
due to a @code{OPTION offline=1} or due to @command{gpgsm} being
started with option @option{--disable-dirmngr}.
+@item always-trust
+Returns OK of the connection is in always-trust mode. That is either
+@option{--always-trust} or @option{GPGSM OPTION always-trust} are
+active.
@end table
@node GPGSM OPTION
@@ -1686,6 +1722,18 @@ If @var{value} is true or @var{value} is not given all network access
is disabled for this session. This is the same as the command line
option @option{--disable-dirmngr}.
+@item always-trust
+If @var{value} is true or @var{value} is not given encryption to the
+specified certificates is forced without any validation of the
+certificate chain. The only requirement is that the certificates are
+capable of encryption. If set to false the standard behaviour is
+re-established. This option is cleared by a RESET and after each
+encrypt operation. Note that this option is ignored if
+@option{--always-trust} or @option{--require-compliance} are used.
+
+@item input-size-hint
+This is the same as the @option{--input-size-hint} command line option.
+
@end table
@mansect see also
diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi
index 98fa70c..4a6bafb 100644
--- a/doc/scdaemon.texi
+++ b/doc/scdaemon.texi
@@ -251,7 +251,7 @@ socket.
@item --pcsc-shared
@opindex pcsc-shared
Use shared mode to access the card via PC/SC. This is a somewhat
-dangerous option because Scdaemon assumes exclusivbe access to teh
+dangerous option because Scdaemon assumes exclusive access to the
card and for example caches certain information from the card. Use
this option only if you know what you are doing.
@@ -774,4 +774,3 @@ length up to N bytes. If N is not given a default value is used
@command{gpg2}(1)
@end ifset
@include see-also-note.texi
-
diff --git a/doc/tools.texi b/doc/tools.texi
index 6b9a9fe..8381a63 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -1846,6 +1846,8 @@ Put given files and directories into a vanilla ``ustar'' archive.
@item --extract
@opindex extract
Extract all files from a vanilla ``ustar'' archive.
+If no file name is given (or it is "-") the archive is taken from
+stdin.
@item --encrypt
@itemx -e
@@ -1857,7 +1859,8 @@ be decrypted via a secret key or a passphrase.
@item --decrypt
@itemx -d
@opindex decrypt
-Extract all files from an encrypted archive.
+Extract all files from an encrypted archive. If no file name is given
+(or it is "-") the archive is taken from stdin.
@item --sign
@itemx -s
@@ -1868,7 +1871,8 @@ encrypted archive.
@item --list-archive
@itemx -t
@opindex list-archive
-List the contents of the specified archive.
+List the contents of the specified archive. If no file name is given
+(or it is "-") the archive is taken from stdin.
@item --symmetric
@itemx -c
@@ -1984,6 +1988,12 @@ default is to take the directory name from the input filename. If no
input filename is known a directory named @file{GPGARCH} is used.
This option is deprecated in favor of option @option{--directory}.
+@item --no-compress
+@opindex no-compress
+This option tells gpg to disable compression (i.e. using option -z0).
+It is useful for archiving only large files which are are already
+compressed (e.g. a set of videos).
+
@item --gpg @var{gpgcmd}
@opindex gpg
Use the specified command @var{gpgcmd} instead of @command{gpg}.
diff --git a/doc/wks.texi b/doc/wks.texi
index e398ccb..e8d026f 100644
--- a/doc/wks.texi
+++ b/doc/wks.texi
@@ -222,6 +222,16 @@ operation. The format of @var{file} is one mail address (just the
addrspec, e.g. "postel@@isi.edu") per line. Empty lines and lines
starting with a '#' are ignored.
+@item --add-revocs
+@itemx --no-add-revocs
+@opindex add-revocs
+@opindex no-add-revocs
+If enabled append revocation certificates for the same addrspec as
+used in the WKD to the key. Modern gpg version are able to import and
+apply them for existing keys. Note that when used with the
+@option{--mirror} command the revocation are searched in the local
+keyring and not in an LDAP directory. The default is @option{--add-revocs}.
+
@item --verbose
@opindex verbose
Enable extra informational output.