diff options
Diffstat (limited to 'doc/gpgsm.texi')
-rw-r--r-- | doc/gpgsm.texi | 39 |
1 files changed, 30 insertions, 9 deletions
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index bdb0378..078d2ad 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -259,13 +259,26 @@ certificate are only exported if all @var{pattern} are given as fingerprints or keygrips. @item --export-secret-key-p12 @var{key-id} -@opindex export +@opindex export-secret-key-p12 Export the private key and the certificate identified by @var{key-id} in -a PKCS#12 format. When using along with the @code{--armor} option a few +a PKCS#12 format. When used with the @code{--armor} option a few informational lines are prepended to the output. Note, that the PKCS#12 format is not very secure and this command is only provided if there is no other way to exchange the private key. (@pxref{option --p12-charset}) +@ifset gpgtwoone +@item --export-secret-key-p8 @var{key-id} +@itemx --export-secret-key-raw @var{key-id} +@opindex export-secret-key-p8 +@opindex export-secret-key-raw +Export the private key of the certificate identified by @var{key-id} +with any encryption stripped. The @code{...-raw} command exports in +PKCS#1 format; the @code{...-p8} command exports in PKCS#8 format. +When used with the @code{--armor} option a few informational lines are +prepended to the output. These commands are useful to prepare a key +for use on a TLS server. +@end ifset + @item --import [@var{files}] @opindex import Import the certificates from the PEM or binary encoded files as well as @@ -319,6 +332,7 @@ in the option file. @table @gnupgtabopt +@anchor{gpgsm-option --options} @item --options @var{file} @opindex options Reads configuration from @var{file} instead of from the default @@ -349,7 +363,7 @@ as a fallback when the environment variable @code{GPG_AGENT_INFO} is not set or a running agent cannot be connected. @item --dirmngr-program @var{file} -@opindex dirmnr-program +@opindex dirmngr-program Specify a dirmngr program to be used for @acronym{CRL} checks. The default value is @file{/usr/sbin/dirmngr}. This is only used as a fallback when the environment variable @code{DIRMNGR_INFO} is not set or @@ -567,6 +581,13 @@ certificate. Include the keygrip in standard key listings. Note that the keygrip is always listed in --with-colons mode. +@ifset gpgtwoone +@item --with-secret +@opindex with-secret +Include info about the presence of a secret key in public key listings +done with @code{--with-colons}. +@end ifset + @end table @c ******************************************* @@ -760,8 +781,8 @@ current home directory (@pxref{option --homedir}). This is the standard configuration file read by @command{gpgsm} on startup. It may contain any valid long option; the leading two dashes may not be entered and the option may not be abbreviated. This default -name may be changed on the command line (@pxref{option - --options}). You should backup this file. +name may be changed on the command line (@pxref{gpgsm-option --options}). +You should backup this file. @item policies.txt @@ -915,8 +936,8 @@ but may also be used in the standard operation mode by using the * CSR and certificate creation:: CSR and certificate creation. @end menu -@node Automated signature checking,,,Unattended Usage -@section Automated signature checking +@node Automated signature checking +@subsection Automated signature checking It is very important to understand the semantics used with signature verification. Checking a signature is not as simple as it may sound and @@ -959,8 +980,8 @@ this is a missing certificate. @end table -@node CSR and certificate creation,,,Unattended Usage -@section CSR and certificate creation +@node CSR and certificate creation +@subsection CSR and certificate creation @ifclear gpgtwoone @strong{Please notice}: The immediate creation of certificates is only |