summaryrefslogtreecommitdiff
path: root/doc/gpg.texi
diff options
context:
space:
mode:
Diffstat (limited to 'doc/gpg.texi')
-rw-r--r--doc/gpg.texi39
1 files changed, 32 insertions, 7 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi
index ddebc69..086b4fc 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -306,7 +306,7 @@ List the specified secret keys. If no keys are specified, then all
known secret keys are listed. A @code{#} after the initial tags
@code{sec} or @code{ssb} means that the secret key or subkey is
currently not usable. We also say that this key has been taken
-offline (for example, a primary key can be taken offline by exported
+offline (for example, a primary key can be taken offline by exporting
the key using the command @option{--export-secret-subkeys}). A
@code{>} after these tags indicate that the key is stored on a
smartcard. See also @option{--list-keys}.
@@ -1007,6 +1007,15 @@ signing.
Make the key as small as possible. This removes all signatures from
each user ID except for the most recent self-signature.
+ @item change-usage
+ @opindex keyedit:change-usage
+ Change the usage flags (capabilities) of the primary key or of
+ subkeys. These usage flags (e.g. Certify, Sign, Authenticate,
+ Encrypt) are set during key creation. Sometimes it is useful to
+ have the opportunity to change them (for example to add
+ Authenticate) after they have been created. Please take care when
+ doing this; the allowed usage flags depend on the key algorithm.
+
@item cross-certify
@opindex keyedit:cross-certify
Add cross-certification signatures to signing subkeys that may not
@@ -1126,7 +1135,9 @@ all affected self-signatures is set one second ahead.
@opindex passwd
Change the passphrase of the secret key belonging to the certificate
specified as @var{user-id}. This is a shortcut for the sub-command
-@code{passwd} of the edit key menu.
+@code{passwd} of the edit key menu. When using together with the
+option @option{--dry-run} this will not actually change the passphrase
+but check that the current passphrase is correct.
@end table
@@ -2213,8 +2224,8 @@ handy in case where an encrypted message contains a bogus key ID.
@opindex skip-hidden-recipients
@opindex no-skip-hidden-recipients
During decryption skip all anonymous recipients. This option helps in
-the case that people use the hidden recipients feature to hide there
-own encrypt-to key from others. If oneself has many secret keys this
+the case that people use the hidden recipients feature to hide their
+own encrypt-to key from others. If one has many secret keys this
may lead to a major annoyance because all keys are tried in turn to
decrypt something which was not really intended for it. The drawback
of this option is that it is currently not possible to decrypt a
@@ -3129,6 +3140,15 @@ are:
Pinentry the user is not prompted again if he enters a bad password.
@end table
+@item --request-origin @var{origin}
+@opindex request-origin
+Tell gpg to assume that the operation ultimately originated at
+@var{origin}. Depending on the origin certain restrictions are applied
+and the Pinentry may include an extra note on the origin. Supported
+values for @var{origin} are: @code{local} which is the default,
+@code{remote} to indicate a remote origin or @code{browser} for an
+operation requested by a web browser.
+
@item --command-fd @var{n}
@opindex command-fd
This is a replacement for the deprecated shared-memory IPC mode.
@@ -3318,9 +3338,14 @@ absolute date in the form YYYY-MM-DD. Defaults to "0".
@item --default-new-key-algo @var{string}
@opindex default-new-key-algo @var{string}
This option can be used to change the default algorithms for key
-generation. Note that the advanced key generation commands can always
-be used to specify a key algorithm directly. Please consult the
-source code to learn the syntax of @var{string}.
+generation. The @var{string} is similar to the arguments required for
+the command @option{--quick-add-key} but slighly different. For
+example the current default of @code{"rsa2048/cert,sign+rsa2048/encr"}
+(or @code{"rsa3072"}) can be changed to the value of what we currently
+call future default, which is @code{"ed25519/cert,sign+cv25519/encr"}.
+You need to consult the source code to learn the details. Note that
+the advanced key generation commands can always be used to specify a
+key algorithm directly.
@item --allow-secret-key-import
@opindex allow-secret-key-import
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-17 09:57:20 +0000