diff options
Diffstat (limited to 'doc')
78 files changed, 39940 insertions, 0 deletions
diff --git a/doc/ChangeLog-2011 b/doc/ChangeLog-2011 new file mode 100644 index 0000000..680affa --- /dev/null +++ b/doc/ChangeLog-2011 @@ -0,0 +1,798 @@ +2011-12-02 Werner Koch <wk@g10code.com> + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-01-13 Werner Koch <wk@g10code.com> + + * FAQ: Make it a static file with a pointer to the online location. + * Makefile.am (EXTRA_DIST): Remove faq.raw and faq.html. + (FAQ, faq.html): Remove these targets + +2010-03-05 Werner Koch <wk@g10code.com> + + * gpg.texi (GPG Configuration Options): Mention that + show-uid-validity does only work with public keys. Noted by + Daniel Kahn Gillmor. + +2009-08-24 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi: Suggested new ordering for --edit-key. + +2009-08-17 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi (OpenPGP Options): Clarify that + personal-foo-preferences overrides recipient preferences (safely). + +2009-08-14 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi (GPG Configuration Options): Document keyserver options + check-cert and ca-cert-file. + +2009-08-06 Werner Koch <wk@g10code.com> + + * DETAILS: Describe the new INV_SNDR and NO_SNDR.. + +2009-07-31 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi (OpenPGP Options): Don't mention + --no-sk-comment (doesn't exist any longer). + +2009-07-23 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi (GPG Configuration Options): LDAP uses DNS-SD to locate + a server before falling back to keys.{domain}. + +2009-07-23 Werner Koch <wk@g10code.com> + + * help.txt (gpgsm.crl-problem): New. + +2009-07-22 Werner Koch <wk@g10code.com> + + * scdaemon.texi, instguide.texi, gpgsm.texi, sysnotes.texi + * glossary.texi, howto-create-a-server-cert.texi, tools.texi + * gpg-agent.texi, gpg.texi, debugging.texi: Typo fixes. Reported + by Jeroen Schot. Fixes bug#1093. + + * gpg.texi (GPG Configuration Options): Tell what files to backup. + * sysnotes.texi: Remove some warning notes for W32. + +2009-07-20 Werner Koch <wk@g10code.com> + + * gpg.texi (Operational GPG Commands): Add a note for --send-keys. + Fixes bug#1090. + +2009-07-06 Werner Koch <wk@g10code.com> + + * debugging.texi (Common Problems): Add a note about corrupted + keys in --search-keys. + +2009-06-02 Werner Koch <wk@g10code.com> + + * tools.texi (watchgnupg): Typo fix. Fixes bug#1065. + + * gpg-agent.texi (Agent Commands): Update description of --daemon. + +2009-05-20 Werner Koch <wk@g10code.com> + + * gpg.texi (GPG Configuration Options): Explain new meaning of + --enable-dsa2. + +2009-03-16 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi (GPG Configuration Options): Document keyserver-options + debug. + +2009-03-04 Werner Koch <wk@g10code.com> + + * help.txt (gpg.keygen.size): Add a link to web page. + +2009-03-03 Werner Koch <wk@g10code.com> + + * gpg.texi (Operational GPG Commands): "merge-only" is an + import-option. Reported by Joseph Oreste Bruni. + +2009-03-02 Werner Koch <wk@g10code.com> + + * gpg-agent.texi (Invoking GPG-AGENT): Modernized instructions. + (Agent Options): Fix spelling of option --lc-ctype. + +2009-01-12 Werner Koch <wk@g10code.com> + + * faq.raw: Fix bug reorting address. + +2008-12-12 Werner Koch <wk@g10code.com> + + * gpgsm.texi (General GPGSM Commands): Fix --help, --version and + --warranty wording. + +2008-12-08 Werner Koch <wk@g10code.com> + + * DETAILS: Clarify the use of "trust" and "validity" as suggested + by Daniel Kahn Gillmor. Fix some typos. Remove the outdated + sections on packet headers and pipemode. Point to the libgcrypt + manual for a description of the key generation. + +2008-11-12 Werner Koch <wk@g10code.com> + + * gpg-agent.texi (Agent Options): Use Posix $() instead of + backticks to avoid rendering problems. + +2008-10-13 Werner Koch <wk@g10code.com> + + * gpgsm.texi (Certificate Management): Explain hot to delete the + secret key. + +2008-10-01 Werner Koch <wk@g10code.com> + + * tools.texi (Controlling gpg-connect-agent): Describe /datafile. + +2008-09-23 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi (OpenPGP Key Management): Clarify setpref a bit. + +2008-08-30 Werner Koch <wk@g10code.com> + + * yat2m.c (write_th): Print a note that this is generated source. + (VERSION): Bump up to 1.0. + +2008-07-30 Werner Koch <wk@g10code.com> + + * gpgsm.texi (GPGSM Configuration): Mention com-cert.pem. + +2008-06-25 Werner Koch <wk@g10code.com> + + * qualified.txt: Add new BnetzA certs 12R and 13R. + * com-certs.pem: Ditto. + * examples/trustlist.txt: Ditto. + +2008-06-19 Werner Koch <wk@g10code.com> + + * tools.texi (Listing options): Describe new complect gpgconf type + "alias list". + +2008-06-16 Werner Koch <wk@g10code.com> + + * DETAILS (group): Document %ask-passphrase. + +2008-05-26 Werner Koch <wk@g10code.com> + + * gpgv.texi: Minor fixes. Fixes bug#918. + + * opt-homedir.texi: Typo fixes. Fixes bug#917. + +2008-05-26 Marcus Brinkmann <marcus@g10code.de> + + * tools.texi (Invoking gpgconf): Document --list-dirs. + +2008-05-20 Marcus Brinkmann <marcus@g10code.de> + + * tools.texi (Invoking gpgconf): Add --dry-run and --check-options. + (Checking programs): Document --check-options. + +2008-05-15 Marcus Brinkmann <marcus@g10code.de> + + * gpg.texi (Operational GPG Commands): Mention the way to change + the default signing key. + +2008-05-06 Werner Koch <wk@g10code.com> + + * Makefile.am (myman_pages): Add gpg-zip.1. + + * tools.texi (gpg-zip): Add new section. + +2008-04-08 Werner Koch <wk@g10code.com> + + * gpg.texi (GPG Configuration Options): Change subkeys.pgp.net to + keys.gnupg.net. Describe --auto-key-locate mechanisms local and + nodefault. + +2008-04-03 Werner Koch <wk@g10code.com> + + * yat2m.c (proc_texi_cmd): Remove extra apostrophe from @samp and + use open and close quote to @file and @env. + +2008-04-02 Werner Koch <wk@g10code.com> + + * opt-homedir.texi: Remove special case for Registry key. + + * yat2m.c (proc_texi_cmd): Use the \(aq glyph for @samp. This is + bug#898. + (proc_texi_buffer): Handle backslashs correctly. + +2008-03-27 Werner Koch <wk@g10code.com> + + * Makefile.am (nobase_dist_doc_DATA, dist_html_DATA): New. Move + relevant files to here. + (install-html-local): Remove. + +2008-02-27 Marcus Brinkmann <marcus@g10code.de> + + * tools.texi (Listing options): Document new types. + +2008-02-26 Werner Koch <wk@g10code.com> + + * gpg.texi (GPG Configuration Options): Mention rfc4398. + +2008-02-05 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi (GPG Esoteric Options): Tweak mention of Tempest font + to add a "claimed" in there. + +2008-01-29 Justin Pryzby <jpryzby+d@quoininc.com> (wk) + + * gpg-agent.texi (Agent Options): Grammar fixes + + * qualified.txt: Spelling fixes. + +2008-01-28 Justin Pryzby <jpryzby+d@quoininc.com> (wk) + + * gpg-agent.texi, yat2m.c, scdaemon.texi, qualified.txt + * tools.texi, gpgsm.texi: Typo fixes and minor grammer fixes. + +2008-01-10 Werner Koch <wk@g10code.com> + + * qualified.txt: Add missing country tag to the last entries. + Reported by Marcus Brinkmann. + +2008-01-10 Marcus Brinkmann <marcus@g10code.de> + + * tools.texi (gpgconf): Some clarifications. + +2008-01-02 Werner Koch <wk@g10code.com> + + * gpg.texi (GPG Esoteric Options): Mention --log-file. + +2007-12-13 Werner Koch <wk@g10code.com> + + * qualified.txt: Add 2 root certs from S-Trust for 2008-2012. + * examples/trustlist.txt: Ditto. + * com-certs.pem: Ditto. + + * gpgsm.texi (Esoteric Options): Document --extra-digest-algo. + +2007-12-12 Werner Koch <wk@g10code.com> + + * gpg.texi: Typo fixes. From Christer Andersson. + +2007-12-04 Werner Koch <wk@g10code.com> + + * help.txt: New online help file. + * help.be.txt, help.ca.txt, help.cs.txt, help.da.txt, help.de.txt + * help.el.txt, help.eo.txt, help.es.txt, help.et.txt, help.fi.txt + * help.fr.txt, help.gl.txt, help.hu.txt, help.id.txt, help.it.txt + * help.ja.txt, help.nb.txt, help.pl.txt, help.pt.txt + * help.pt_BR.txt, help.ro.txt, help.ru.txt, help.sk.txt + * help.sv.txt, help.tr.txt, help.zh_CN.txt, help.zh_TW.txt: New + online file, generated from teh current po files. + * Makefile.am (dist_pkgdata_DATA): Add them. + +2007-11-19 Werner Koch <wk@g10code.com> + + * gpg.texi (GPG Configuration Options): English Grammar fix. + Thanks to Gerg Troxel. + + * gpgsm.texi (Certificate Options): Document + --auto-issuer-key-retrieve. + +2007-11-15 Werner Koch <wk@g10code.com> + + * gpg.texi (GPG Configuration): Add PINENTRY_USER_DATA. + + * gpg-agent.texi (Agent Options): Add xauthority. + +2007-10-31 Marcus Brinkmann <marcus@g10code.de> + + * gpg-agent.texi (Agent Options): Fix typos, by Bernhard Reiter. + +2007-10-27 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi: Document --rfc4880 (the new --openpgp). + +2007-10-25 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi: Clarify --force-v3-sigs, --pgp2, and --pgp6 a bit. + +2007-10-23 Werner Koch <wk@g10code.com> + + * tools.texi (Listing global options): New. + +2007-10-19 Werner Koch <wk@g10code.com> + + * tools.texi (Controlling gpg-connect-agent): Updated. + +2007-08-29 Werner Koch <wk@g10code.com> + + * tools.texi (Checking programs): New. + +2007-08-27 Werner Koch <wk@g10code.com> + + * examples/pwpattern.list: New. + +2007-08-24 Werner Koch <wk@g10code.com> + + * debugging.texi (Common Problems): Add "A root certifciate does + not validate." + +2007-08-14 Werner Koch <wk@g10code.com> + + * glossary.texi (Glossary): Add a more items. + +2007-08-13 Werner Koch <wk@g10code.com> + + * yat2m.c (proc_texi_cmd): Do not put @samp content between two + newlines. + + * gpg-agent.texi (Agent Configuration): Explain the CM flag for + trustlist.txt. + +2007-08-09 Werner Koch <wk@g10code.com> + + * gpgsm.texi (Certificate Options): Describe --validation-model. + +2007-07-23 Werner Koch <wk@g10code.com> + + * scdaemon.texi (Scdaemon Commands): Remove obsolete --print-atr. + +2007-07-17 Werner Koch <wk@g10code.com> + + * gpgsm.texi (Input and Output): Document --default-key. + +2007-07-04 Werner Koch <wk@g10code.com> + + * gpl.texi: Updated to GPLv3. + +2007-06-22 Werner Koch <wk@g10code.com> + + * gpg.texi (Operational GPG Commands): Describe the flags used by + --check-sigs. + +2007-06-21 Werner Koch <wk@g10code.com> + + * gpgsm.texi (Certificate Management): Changed description of + --gen-key. + +2007-06-19 Werner Koch <wk@g10code.com> + + * glossary.texi (Glossary): Describe PSE. + +2007-06-18 Werner Koch <wk@g10code.com> + + * gpg-agent.texi (Agent GETINFO): New. + +2007-06-06 Werner Koch <wk@g10code.com> + + * Makefile.am (yat2m): Use a plain rule to build it for the sake + of cross-compiling. + + * yat2m.c (finish_page): Init SECT to NULL. + +2007-05-11 Werner Koch <wk@g10code.com> + + * gpgsm.texi (--export): Enhanced description. + +2007-05-09 Werner Koch <wk@g10code.com> + + * examples/gpgconf.conf: Remove active example line. + + * Makefile.am (online): Distinguish between released and svn manuals. + +2007-05-08 Werner Koch <wk@g10code.com> + + * howtos.texi: New. + * howto-create-a-server-cert.texi: New. + * Makefile.am (gnupg_TEXINFOS): Add new files. + + * gnupg.texi: Moved the logo for HTML more to the top. + * Makefile.am (install-html-local): New. + (DVIPS): Redefine to include srcdir. + +2007-05-04 Werner Koch <wk@g10code.com> + + * gnupg.texi (Top): Fix typo and a grammar issue. + * Makefile.am (EXTRA_DIST): Add gnupg-logo.png. Suggested by + Bernard Leak. + +2007-04-15 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi (OpenPGP Options): Update the personal-foo-preferences + documentation a bit. + +2007-04-10 Werner Koch <wk@g10code.com> + + * gpg.texi (GPG Configuration Options): Document --batch, no-tty, + --yes and --no. + +2007-03-08 Werner Koch <wk@g10code.com> + + * gnupg-logo.png, gnupg-logo.eps, gnupg-logo.pdf: New. + * gnupg-badge-openpgp.eps, gnupg-badge-openpgp.eps + * gnupg-badge-openpgp.jpg: Removed. + * gnupg.texi: Use new logo. + +2007-03-07 Werner Koch <wk@g10code.com> + + * tools.texi (applygnupgdefaults): New. + +2007-03-06 Werner Koch <wk@g10code.com> + + * examples/gpgconf.conf: New. + +2007-03-04 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi (GPG Esoteric Options): Document + --allow-multiple-messages. + +2007-02-26 Werner Koch <wk@g10code.com> + + * gpg.texi (GPG Configuration): Document envvar LANGUAGE. + (GPG Configuration Options): Document show-primary-uid-only. + +2007-02-18 Werner Koch <wk@g10code.com> + + * gpg.texi (GPG Esoteric Options): No card reader options for gpg2. + +2007-02-14 Werner Koch <wk@g10code.com> + + * gpg-agent.texi (Agent Options): Doc --pinentry-touch-file. + +2007-02-05 Werner Koch <wk@g10code.com> + + * debugging.texi (Common Problems): Tell how to export a private + key without a certificate. + +2007-01-30 Werner Koch <wk@g10code.com> + + * com-certs.pem: Added the current root certifcates of D-Trust and + S-Trust. + +2007-01-18 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi, specify-user-id.texi: Only some of the mentions of + exclamation marks have an example. Give examples to the rest. + +2007-01-17 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi (GPG Configuration Options): Make http_proxy option + documentation match reality. + (BUGS): Warn about hibernate/safe-sleep/etc writing main RAM to + disk, despite locking. + +2006-12-08 Werner Koch <wk@g10code.com> + + * gnupg.texi (direntry): Rename gpg to gpg2. + +2006-12-04 Werner Koch <wk@g10code.com> + + * gpgv.texi: New. + * tools.texi: Include new file. + +2006-12-02 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi (GPG Esoteric Options): Document --passphrase-repeat. + +2006-11-14 Werner Koch <wk@g10code.com> + + * gpgsm.texi (GPGSM EXPORT): Document changes. + +2006-11-11 Werner Koch <wk@g10code.com> + + * gnupg.texi (Top): Move gpg-agent part before gpg. + +2006-11-05 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi: Reference to --s2k-count in --s2k-mode. + +2006-10-30 Werner Koch <wk@g10code.com> + + * faq.raw: Minor corrections. + +2006-10-12 Werner Koch <wk@g10code.com> + + * Makefile.am (man_MANS): Do not install gnupg.7 due to a conflict + with gpg1. + +2006-10-12 David Shaw <dshaw@jabberwocky.com> + + * gpg.texi: Document --s2k-count. + +2006-09-25 Werner Koch <wk@g10code.com> + + * gpg.texi (GPG Examples): Add markup to all options. This is + required to have the double dashs printed correclty. + +2006-09-22 Werner Koch <wk@g10code.com> + + * instguide.texi (Installation): New. + * assuan.texi (Assuan): Removed. Use the libassuan manual instead. + * gnupg.texi: Reflect these changes. + + * gpg.texi: Make some parts depend on the "gpgone" set + command. This allows us to use the same source for gpg1 and gpg2. + + * yat2m.c (parse_file): Better parsing of @ifset and ifclear. + (main): Allow definition of "-D gpgone". + (parse_file): Allow macro definitions. + (proc_texi_cmd): Expand macros. + (proc_texi_buffer): Process commands terminated by the closing + brace of the enclosing command. + +2006-09-20 Werner Koch <wk@g10code.com> + + * texi.css: New. Note that the current vesion of makeinfo has a + bug while copying the @import directive. A pacth has been send to + upstream. + +2006-09-19 Werner Koch <wk@g10code.com> + + * gpg.texi: Some restructuring. + + * Makefile.am (online): New target. + +2006-09-18 Werner Koch <wk@g10code.com> + + * com-certs.pem: New. + +2006-09-13 Werner Koch <wk@g10code.com> + + * gpg.texi (GPG Esoteric Options): Fixed typo in + --require-cross-certification and made it the default. + +2006-09-11 Werner Koch <wk@g10code.com> + + * HACKING: Cleaned up. + +2006-09-08 Werner Koch <wk@g10code.com> + + * yat2m.c (parse_file): Ignore @node lines immediately. + (proc_texi_cmd): No special @end ifset processing anymore. + + * specify-user-id.texi: New. Factored out of gpg.texi and ../README. + +2006-09-07 Werner Koch <wk@g10code.com> + + * scdaemon.texi (Scdaemon Configuration): New. + + * examples/scd-event: Event handler for sdaemon. + * examples/: New directory + +2006-08-22 Werner Koch <wk@g10code.com> + + * yat2m.c (parse_file): Added code to skip a line after @mansect. + + * gnupg7.texi: New. + +2006-08-21 Werner Koch <wk@g10code.com> + + * Makefile.am: Added other doc files from gpg 1.4. + +2006-08-17 Werner Koch <wk@g10code.com> + + * Makefile.am: Added rules to build man pages. + + * yat2m.c: New. + +2006-02-14 Werner Koch <wk@gnupg.org> + + * gpgsm.texi (GPGSM Configuration): New section. + +2005-11-14 Werner Koch <wk@g10code.com> + + * qualified.txt: Added real information. + +2005-11-13 Werner Koch <wk@g10code.com> + + * qualified.txt: New. + * Makefile.am (dist_pkgdata_DATA): New. + +2005-08-16 Werner Koch <wk@g10code.com> + + * gpg-agent.texi (Agent Options): Note default file name for + --write-env-file. + +2005-06-03 Werner Koch <wk@g10code.com> + + * debugging.texi (Architecture Details): New section, mostly empty. + * gnupg-card-architecture.fig: New. + * Makefile.am: Rules to build png and eps versions. + + * gpg-agent.texi (Agent UPDATESTARTUPTTY): New. + +2005-05-17 Werner Koch <wk@g10code.com> + + * gpg-agent.texi (Agent Options): Removed --disable-pth. + +2005-04-27 Werner Koch <wk@g10code.com> + + * tools.texi (symcryptrun): Added. + + * scdaemon.texi: Removed OpenSC specific options. + +2005-04-20 Werner Koch <wk@g10code.com> + + * gpg-agent.texi (Agent Configuration): New section. + +2005-02-24 Werner Koch <wk@g10code.com> + + * tools.texi (gpg-connect-agent): New. + +2005-02-14 Werner Koch <wk@g10code.com> + + * gpgsm.texi (Certificate Management): Document --import. + +2005-01-27 Moritz Schulte <moritz@g10code.com> + + * gpg-agent.texi: Document ssh-agent emulation layer. + +2005-01-04 Werner Koch <wk@g10code.com> + + * gnupg.texi: Updated to use @copying. + +2004-12-22 Werner Koch <wk@g10code.com> + + * gnupg.texi: Reordered. + * contrib.texi: Updated. + +2004-12-21 Werner Koch <wk@g10code.com> + + * tools.texi (gpg-preset-passphrase): New section. + + * gnupg-badge-openpgp.eps, gnupg-badge-openpgp.jpg: New + * gnupg.texi: Add a logo. + * sysnotes.texi: New. + +2004-11-05 Werner Koch <wk@g10code.com> + + * debugging.texi (Common Problems): Curses pinentry problem. + +2004-10-22 Werner Koch <wk@g10code.com> + + * tools.texi (Helper Tools): Document gpgsm-gencert.sh. + +2004-10-05 Werner Koch <wk@g10code.com> + + * gpg-agent.texi (Invoking GPG-AGENT): Tell that GPG_TTY needs to + be set in all cases. + +2004-09-30 Werner Koch <wk@g10code.com> + + * gpg.texi: New. + * gnupg.texi: Include gpg.texi + + * tools.texi: Add a few @command markups. + * gpgsm.texi: Ditto. + * gpg-agent.texi: Ditto. + * scdaemon.texi: Ditto. + +2004-09-30 Marcus Brinkmann <marcus@g10code.de> + + * tools.texi (Changing options): Add documentation for gpgconf. + + * contrib.texi (Contributors): Add two missing periods. + +2004-09-29 Werner Koch <wk@g10code.com> + + * gpgsm.texi (Configuration Options): Add --log-file. + + * gpg-agent.texi (Invoking GPG-AGENT): Add a few words about the + expected pinentry filename. + + Changed license of the manual stuff to GPL. + + * gnupg.texi (Top): New menu item Helper Tools. + + * tools.texi (Helper Tools): New. + * Makefile.am (gnupg_TEXINFOS): Add tools.texi. + +2004-08-05 Werner Koch <wk@g10code.de> + + * scdaemon.texi (Card applications): New section. + +2004-06-22 Werner Koch <wk@g10code.com> + + * glossary.texi: New. + +2004-06-18 Werner Koch <wk@gnupg.org> + + * debugging.texi: New. + * gnupg.texi: Include it. + +2004-05-11 Werner Koch <wk@gnupg.org> + + * gpgsm.texi (Esoteric Options): Add --debug-allow-core-dump. + +2004-05-03 Werner Koch <wk@gnupg.org> + + * gpg-agent.texi (Agent Options): Add --allow-mark-trusted. + +2004-02-03 Werner Koch <wk@gnupg.org> + + * contrib.texi (Contributors): Updated from the gpg 1.2.3 thanks + list. + * gpgsm.texi, gpg-agent.texi, scdaemon.texi: Language cleanups. + +2003-12-01 Werner Koch <wk@gnupg.org> + + * gpgsm.texi (Certificate Options): Add --{enable,disable}-ocsp. + +2003-11-17 Werner Koch <wk@gnupg.org> + + * scdaemon.texi (Scdaemon Options): Added --allow-admin and + --deny-admin. + +2003-10-27 Werner Koch <wk@gnupg.org> + + * gpg-agent.texi (Agent GET_CONFIRMATION): New. + +2002-12-04 Werner Koch <wk@gnupg.org> + + * gpg-agent.texi (Agent Signals): New. + +2002-12-03 Werner Koch <wk@gnupg.org> + + * gpgsm.texi (Operational Commands): Add --passwd and + --call-protect-tool. + * gpg-agent.texi (Agent PASSWD): New + +2002-11-13 Werner Koch <wk@gnupg.org> + + * gpg-agent.texi (Invoking GPG-AGENT): Tell about GPG_TTY. + +2002-11-12 Werner Koch <wk@gnupg.org> + + * gpgsm.texi (Operational Commands): Add --call-dirmngr. + +2002-09-25 Werner Koch <wk@gnupg.org> + + * gpg-agent.texi (Agent Options): Add --keep-tty and --keep-display. + +2002-09-12 Werner Koch <wk@gnupg.org> + + * gpg-agent.texi (Invoking GPG-AGENT): Explained how to start only + one instance. + +2002-08-28 Werner Koch <wk@gnupg.org> + + * gpg-agent.texi (Agent Options): Explained more options. + * scdaemon.texi (Scdaemon Options): Ditto. + +2002-08-09 Werner Koch <wk@gnupg.org> + + * Makefile.am (gnupg_TEXINFOS): Include contrib.texi. + +2002-08-06 Werner Koch <wk@gnupg.org> + + * gpgsm.texi: Added more options. + +2002-07-26 Werner Koch <wk@gnupg.org> + + * assuan.texi: New. + * gpgsm.texi, scdaemon.texi, gpg-agent.texi: Documented the Assuan + protocol used. + +2002-07-22 Werner Koch <wk@gnupg.org> + + * gnupg.texi, scdaemon.texi, gpg-agent.texi: New. + * contrib.texi, gpl.texi, fdl.texi: New. + * gpgsm.texi: Made this an include file for gnupg.texi. + * Makefile.am: Build gnupg.info instead of gpgsm.info. + +2002-06-04 Werner Koch <wk@gnupg.org> + + * gpgsm.texi (Invocation): Described the various debug flags. + +2002-05-14 Werner Koch <wk@gnupg.org> + + * Makefile.am, gpgsm.texi: New. + + Copyright 2002, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/doc/DETAILS b/doc/DETAILS new file mode 100644 index 0000000..423eea9 --- /dev/null +++ b/doc/DETAILS @@ -0,0 +1,1299 @@ + -*- text -*- +Format of colon listings +======================== +First an example: + +$ gpg --fixed-list-mode --with-colons --list-keys \ + --with-fingerprint --with-fingerprint wk@gnupg.org + +pub:f:1024:17:6C7EE1B8621CC013:899817715:1055898235::m:::scESC: +fpr:::::::::ECAF7590EB3443B5C7CF3ACB6C7EE1B8621CC013: +uid:f::::::::Werner Koch <wk@g10code.com>: +uid:f::::::::Werner Koch <wk@gnupg.org>: +sub:f:1536:16:06AD222CADF6A6E1:919537416:1036177416:::::e: +fpr:::::::::CF8BCC4B18DE08FCD8A1615906AD222CADF6A6E1: +sub:r:1536:20:5CE086B5B5A18FF4:899817788:1025961788:::::esc: +fpr:::::::::AB059359A3B81F410FCFF97F5CE086B5B5A18FF4: + +The double --with-fingerprint prints the fingerprint for the subkeys +too. --fixed-list-mode is the modern listing way printing dates in +seconds since Epoch and does not merge the first userID with the pub +record; gpg2 does this by default and the option is a dummy. + + + 1. Field: Type of record + pub = public key + crt = X.509 certificate + crs = X.509 certificate and private key available + sub = subkey (secondary key) + sec = secret key + ssb = secret subkey (secondary key) + uid = user id (only field 10 is used). + uat = user attribute (same as user id except for field 10). + sig = signature + rev = revocation signature + fpr = fingerprint: (fingerprint is in field 10) + pkd = public key data (special field format, see below) + grp = keygrip + rvk = revocation key + tru = trust database information + spk = signature subpacket + + 2. Field: A letter describing the calculated validity. This is a single + letter, but be prepared that additional information may follow + in some future versions. (not used for secret keys) + o = Unknown (this key is new to the system) + i = The key is invalid (e.g. due to a missing self-signature) + d = The key has been disabled + (deprecated - use the 'D' in field 12 instead) + r = The key has been revoked + e = The key has expired + - = Unknown validity (i.e. no value assigned) + q = Undefined validity + '-' and 'q' may safely be treated as the same + value for most purposes + n = The key is valid + m = The key is marginal valid. + f = The key is fully valid + u = The key is ultimately valid. This often means + that the secret key is available, but any key may + be marked as ultimately valid. + + If the validity information is given for a UID or UAT + record, it describes the validity calculated based on this + user ID. If given for a key record it describes the best + validity taken from the best rated user ID. + + For X.509 certificates a 'u' is used for a trusted root + certificate (i.e. for the trust anchor) and an 'f' for all + other valid certificates. + + 3. Field: length of key in bits. + + 4. Field: Algorithm: 1 = RSA + 16 = Elgamal (encrypt only) + 17 = DSA (sometimes called DH, sign only) + 20 = Elgamal (sign and encrypt - don't use them!) + (for other id's see include/cipher.h) + + 5. Field: KeyID + + 6. Field: Creation Date (in UTC). For UID and UAT records, this is + the self-signature date. Note that the date is usally + printed in seconds since epoch, however, we are migrating + to an ISO 8601 format (e.g. "19660205T091500"). This is + currently only relevant for X.509. A simple way to detect + the new format is to scan for the 'T'. + + 7. Field: Key or user ID/user attribute expiration date or empty if none. + + 8. Field: Used for serial number in crt records (used to be the Local-ID). + For UID and UAT records, this is a hash of the user ID contents + used to represent that exact user ID. For trust signatures, + this is the trust depth seperated by the trust value by a + space. + + 9. Field: Ownertrust (primary public keys only) + This is a single letter, but be prepared that additional + information may follow in some future versions. For trust + signatures with a regular expression, this is the regular + expression value, quoted as in field 10. + +10. Field: User-ID. The value is quoted like a C string to avoid + control characters (the colon is quoted "\x3a"). + For a "pub" record this field is not used on --fixed-list-mode. + A UAT record puts the attribute subpacket count here, a + space, and then the total attribute subpacket size. + In gpgsm the issuer name comes here + An FPR record stores the fingerprint here. + The fingerprint of an revocation key is stored here. + +11. Field: Signature class as per RFC-4880. This is a 2 digit + hexnumber followed by either the letter 'x' for an + exportable signature or the letter 'l' for a local-only + signature. The class byte of an revocation key is also + given here, 'x' and 'l' is used the same way. IT is not + used for X.509. + +12. Field: Key capabilities: + e = encrypt + s = sign + c = certify + a = authentication + A key may have any combination of them in any order. In + addition to these letters, the primary key has uppercase + versions of the letters to denote the _usable_ + capabilities of the entire key, and a potential letter 'D' + to indicate a disabled key. + +13. Field: Used in FPR records for S/MIME keys to store the + fingerprint of the issuer certificate. This is useful to + build the certificate path based on certificates stored in + the local keyDB; it is only filled if the issuer + certificate is available. The root has been reached if + this is the same string as the fingerprint. The advantage + of using this value is that it is guaranteed to have been + been build by the same lookup algorithm as gpgsm uses. + For "uid" records this lists the preferences in the same + way the gpg's --edit-key menu does. + For "sig" records, this is the fingerprint of the key that + issued the signature. Note that this is only filled in if + the signature verified correctly. Note also that for + various technical reasons, this fingerprint is only + available if --no-sig-cache is used. + +14. Field Flag field used in the --edit menu output: + +15. Field Used in sec/sbb to print the serial number of a token + (internal protect mode 1002) or a '#' if that key is a + simple stub (internal protect mode 1001) + +All dates are displayed in the format yyyy-mm-dd unless you use the +option --fixed-list-mode in which case they are displayed as seconds +since Epoch. More fields may be added later, so parsers should be +prepared for this. When parsing a number the parser should stop at the +first non-number character so that additional information can later be +added. + +If field 1 has the tag "pkd", a listing looks like this: +pkd:0:1024:B665B1435F4C2 .... FF26ABB: + ! ! !-- the value + ! !------ for information number of bits in the value + !--------- index (eg. DSA goes from 0 to 3: p,q,g,y) + + +Example for a "tru" trust base record: + + tru:o:0:1166697654:1:3:1:5 + + The fields are: + + 2: Reason for staleness of trust. If this field is empty, then the + trustdb is not stale. This field may have multiple flags in it: + + o: Trustdb is old + t: Trustdb was built with a different trust model than the one we + are using now. + + 3: Trust model: + 0: Classic trust model, as used in PGP 2.x. + 1: PGP trust model, as used in PGP 6 and later. This is the same + as the classic trust model, except for the addition of trust + signatures. + + GnuPG before version 1.4 used the classic trust model by default. + GnuPG 1.4 and later uses the PGP trust model by default. + + 4: Date trustdb was created in seconds since 1970-01-01. + 5: Date trustdb will expire in seconds since 1970-01-01. + 6: Number of marginally trusted users to introduce a new key signer + (gpg's option --marginals-needed) + 7: Number of completely trusted users to introduce a new key signer. + (gpg's option --completes-needed) + 8: Maximum depth of a certification chain. + *gpg's option --max-cert-depth) + +The "spk" signature subpacket records have the fields: + + 2: Subpacket number as per RFC-4880 and later. + 3: Flags in hex. Currently the only two bits assigned are 1, to + indicate that the subpacket came from the hashed part of the + signature, and 2, to indicate the subpacket was marked critical. + 4: Length of the subpacket. Note that this is the length of the + subpacket, and not the length of field 5 below. Due to the need + for %-encoding, the length of field 5 may be up to 3x this value. + 5: The subpacket data. Printable ASCII is shown as ASCII, but other + values are rendered as %XX where XX is the hex value for the byte. + + +Format of the "--status-fd" output +================================== +Every line is prefixed with "[GNUPG:] ", followed by a keyword with +the type of the status line and a some arguments depending on the +type (maybe none); an application should always be prepared to see +more arguments in future versions. + + + NEWSIG + May be issued right before a signature verification starts. This + is useful to define a context for parsing ERROR status + messages. No arguments are currently defined. + + GOODSIG <long_keyid_or_fpr> <username> + The signature with the keyid is good. For each signature only + one of the codes GOODSIG, BADSIG, EXPSIG, EXPKEYSIG, REVKEYSIG + or ERRSIG will be emitted. In the past they were used as a + marker for a new signature; new code should use the NEWSIG + status instead. The username is the primary one encoded in + UTF-8 and %XX escaped. The fingerprint may be used instead of + the long keyid if it is available. This is the case with CMS + and might eventually also be available for OpenPGP. + + EXPSIG <long_keyid_or_fpr> <username> + The signature with the keyid is good, but the signature is + expired. The username is the primary one encoded in UTF-8 and + %XX escaped. The fingerprint may be used instead of the long + keyid if it is available. This is the case with CMS and might + eventually also be available for OpenPGP. + + EXPKEYSIG <long_keyid_or_fpr> <username> + The signature with the keyid is good, but the signature was + made by an expired key. The username is the primary one + encoded in UTF-8 and %XX escaped. The fingerprint may be used + instead of the long keyid if it is available. This is the + case with CMS and might eventually also be available for + OpenPGP. + + REVKEYSIG <long_keyid_or_fpr> <username> + The signature with the keyid is good, but the signature was + made by a revoked key. The username is the primary one encoded + in UTF-8 and %XX escaped. The fingerprint may be used instead + of the long keyid if it is available. This is the case with + CMS and might eventually also be available for OpenPGP. + + BADSIG <long_keyid_or_fpr> <username> + The signature with the keyid has not been verified okay. The + username is the primary one encoded in UTF-8 and %XX + escaped. The fingerprint may be used instead of the long keyid + if it is available. This is the case with CMS and might + eventually also be available for OpenPGP. + + ERRSIG <long_keyid_or_fpr> <pubkey_algo> <hash_algo> \ + <sig_class> <timestamp> <rc> + It was not possible to check the signature. This may be + caused by a missing public key or an unsupported algorithm. A + RC of 4 indicates unknown algorithm, a 9 indicates a missing + public key. The other fields give more information about this + signature. sig_class is a 2 byte hex-value. The fingerprint + may be used instead of the long keyid if it is available. + This is the case with CMS and might eventually also be + available for OpenPGP. + + Note, that TIMESTAMP may either be a number with seconds since + epoch or an ISO 8601 string which can be detected by the + presence of the letter 'T' inside. + + VALIDSIG <fingerprint in hex> <sig_creation_date> <sig-timestamp> + <expire-timestamp> <sig-version> <reserved> <pubkey-algo> + <hash-algo> <sig-class> [ <primary-key-fpr> ] + + The signature with the keyid is good. This is the same as + GOODSIG but has the fingerprint as the argument. Both status + lines are emitted for a good signature. All arguments here + are on one long line. sig-timestamp is the signature creation + time in seconds after the epoch. expire-timestamp is the + signature expiration time in seconds after the epoch (zero + means "does not expire"). sig-version, pubkey-algo, hash-algo, + and sig-class (a 2-byte hex value) are all straight from the + signature packet. PRIMARY-KEY-FPR is the fingerprint of the + primary key or identical to the first argument. This is + useful to get back to the primary key without running gpg + again for this purpose. + + The primary-key-fpr parameter is used for OpenPGP and not + available for CMS signatures. The sig-version as well as the + sig class is not defined for CMS and currently set to 0 and 00. + + Note, that *-TIMESTAMP may either be a number with seconds + since epoch or an ISO 8601 string which can be detected by the + presence of the letter 'T' inside. + + SIG_ID <radix64_string> <sig_creation_date> <sig-timestamp> + This is emitted only for signatures of class 0 or 1 which + have been verified okay. The string is a signature id + and may be used in applications to detect replay attacks + of signed messages. Note that only DLP algorithms give + unique ids - others may yield duplicated ones when they + have been created in the same second. + + Note, that SIG-TIMESTAMP may either be a number with seconds + since epoch or an ISO 8601 string which can be detected by the + presence of the letter 'T' inside. + + ENC_TO <long_keyid> <keytype> <keylength> + The message is encrypted to this LONG_KEYID. KEYTYPE is the + numerical value of the public key algorithm or 0 if it is not + known, KEYLENGTH is the length of the key or 0 if it is not + known (which is currently always the case). Gpg prints this + line always; Gpgsm only if it knows the certificate. + + NODATA <what> + No data has been found. Codes for what are: + 1 - No armored data. + 2 - Expected a packet but did not found one. + 3 - Invalid packet found, this may indicate a non OpenPGP + message. + 4 - signature expected but not found + You may see more than one of these status lines. + + UNEXPECTED <what> + Unexpected data has been encountered + 0 - not further specified 1 + + + TRUST_UNDEFINED <error token> + TRUST_NEVER <error token> + TRUST_MARGINAL [0 [<validation_model>]] + TRUST_FULLY [0 [<validation_model>]] + TRUST_ULTIMATE [0 [<validation_model>]] + For good signatures one of these status lines are emitted to + indicate the validity of the key used to create the signature. + The error token values are currently only emitted by gpgsm. + VALIDATION_MODEL describes the algorithm used to check the + validity of the key. The defaults are the standard Web of + Trust model for gpg and the the standard X.509 model for + gpgsm. The defined values are + + "pgp" for the standard PGP WoT. + "shell" for the standard X.509 model. + "chain" for the chain model. + + Note that we use the term "TRUST_" in the status names for + historic reasons; we now speak of validity. + + PKA_TRUST_GOOD <mailbox> + PKA_TRUST_BAD <mailbox> + Depending on the outcome of the PKA check one of the above + status codes is emitted in addition to a TRUST_* status. + Without PKA info available or + + SIGEXPIRED + This is deprecated in favor of KEYEXPIRED. + + KEYEXPIRED <expire-timestamp> + The key has expired. expire-timestamp is the expiration time + in seconds since Epoch. This status line is not very useful + because it will also be emitted for expired subkeys even if + this subkey is not used. To check whether a key used to sign + a message has expired, the EXPKEYSIG status line is to be + used. + + Note, that TIMESTAMP may either be a number with seconds since + epoch or an ISO 8601 string which can be detected by the + presence of the letter 'T' inside. + + KEYREVOKED + The used key has been revoked by its owner. No arguments yet. + + BADARMOR + The ASCII armor is corrupted. No arguments yet. + + RSA_OR_IDEA + The IDEA algorithms has been used in the data. A + program might want to fallback to another program to handle + the data if GnuPG failed. This status message used to be emitted + also for RSA but this has been dropped after the RSA patent expired. + However we can't change the name of the message. + + SHM_INFO + SHM_GET + SHM_GET_BOOL + SHM_GET_HIDDEN + + GET_BOOL + GET_LINE + GET_HIDDEN + GOT_IT + + NEED_PASSPHRASE <long main keyid> <long keyid> <keytype> <keylength> + Issued whenever a passphrase is needed. + keytype is the numerical value of the public key algorithm + or 0 if this is not applicable, keylength is the length + of the key or 0 if it is not known (this is currently always the case). + + NEED_PASSPHRASE_SYM <cipher_algo> <s2k_mode> <s2k_hash> + Issued whenever a passphrase for symmetric encryption is needed. + + NEED_PASSPHRASE_PIN <card_type> <chvno> [<serialno>] + Issued whenever a PIN is requested to unlock a card. + + MISSING_PASSPHRASE + No passphrase was supplied. An application which encounters this + message may want to stop parsing immediately because the next message + will probably be a BAD_PASSPHRASE. However, if the application + is a wrapper around the key edit menu functionality it might not + make sense to stop parsing but simply ignoring the following + BAD_PASSPHRASE. + + BAD_PASSPHRASE <long keyid> + The supplied passphrase was wrong or not given. In the latter case + you may have seen a MISSING_PASSPHRASE. + + GOOD_PASSPHRASE + The supplied passphrase was good and the secret key material + is therefore usable. + + DECRYPTION_FAILED + The symmetric decryption failed - one reason could be a wrong + passphrase for a symmetrical encrypted message. + + DECRYPTION_OKAY + The decryption process succeeded. This means, that either the + correct secret key has been used or the correct passphrase + for a conventional encrypted message was given. The program + itself may return an errorcode because it may not be possible to + verify a signature for some reasons. + + NO_PUBKEY <long keyid> + NO_SECKEY <long keyid> + The key is not available + + IMPORT_CHECK <long keyid> <fingerprint> <user ID> + This status is emitted in interactive mode right before + the "import.okay" prompt. + + IMPORTED <long keyid> <username> + The keyid and name of the signature just imported + + IMPORT_OK <reason> [<fingerprint>] + The key with the primary key's FINGERPRINT has been imported. + Reason flags: + 0 := Not actually changed + 1 := Entirely new key. + 2 := New user IDs + 4 := New signatures + 8 := New subkeys + 16 := Contains private key. + The flags may be ORed. + + IMPORT_PROBLEM <reason> [<fingerprint>] + Issued for each import failure. Reason codes are: + 0 := "No specific reason given". + 1 := "Invalid Certificate". + 2 := "Issuer Certificate missing". + 3 := "Certificate Chain too long". + 4 := "Error storing certificate". + + IMPORT_RES <count> <no_user_id> <imported> <imported_rsa> <unchanged> + <n_uids> <n_subk> <n_sigs> <n_revoc> <sec_read> <sec_imported> + <sec_dups> <skipped_new_keys> <not_imported> + Final statistics on import process (this is one long line) + + FILE_START <what> <filename> + Start processing a file <filename>. <what> indicates the performed + operation: + 1 - verify + 2 - encrypt + 3 - decrypt + + FILE_DONE + Marks the end of a file processing which has been started + by FILE_START. + + BEGIN_DECRYPTION + END_DECRYPTION + Mark the start and end of the actual decryption process. These + are also emitted when in --list-only mode. + + BEGIN_ENCRYPTION <mdc_method> <sym_algo> + END_ENCRYPTION + Mark the start and end of the actual encryption process. + + BEGIN_SIGNING + Mark the start of the actual signing process. This may be used + as an indication that all requested secret keys are ready for + use. + + DELETE_PROBLEM reason_code + Deleting a key failed. Reason codes are: + 1 - No such key + 2 - Must delete secret key first + 3 - Ambigious specification + + PROGRESS what char cur total + Used by the primegen and Public key functions to indicate progress. + "char" is the character displayed with no --status-fd enabled, with + the linefeed replaced by an 'X'. "cur" is the current amount + done and "total" is amount to be done; a "total" of 0 indicates that + the total amount is not known. The condition + TOATL && CUR == TOTAL + may be used to detect the end of an operation. + Well known values for WHAT: + "pk_dsa" - DSA key generation + "pk_elg" - Elgamal key generation + "primegen" - Prime generation + "need_entropy" - Waiting for new entropy in the RNG + "file:XXX" - processing file XXX + (note that current gpg versions leave out the + "file:" prefix). + "tick" - generic tick without any special meaning - useful + for letting clients know that the server is + still working. + "starting_agent" - A gpg-agent was started because it is not + running as a daemon. + "learncard" Send by the agent and gpgsm while learing + the data of a smartcard. + "card_busy" A smartcard is still working + + SIG_CREATED <type> <pubkey algo> <hash algo> <class> <timestamp> <key fpr> + A signature has been created using these parameters. + type: 'D' = detached + 'C' = cleartext + 'S' = standard + (only the first character should be checked) + class: 2 hex digits with the signature class + + Note, that TIMESTAMP may either be a number with seconds since + epoch or an ISO 8601 string which can be detected by the + presence of the letter 'T' inside. + + KEY_CREATED <type> <fingerprint> [<handle>] + A key has been created + type: 'B' = primary and subkey + 'P' = primary + 'S' = subkey + The fingerprint is one of the primary key for type B and P and + the one of the subkey for S. Handle is an arbitrary + non-whitespace string used to match key parameters from batch + key creation run. + + KEY_NOT_CREATED [<handle>] + The key from batch run has not been created due to errors. + + + SESSION_KEY <algo>:<hexdigits> + The session key used to decrypt the message. This message will + only be emitted when the special option --show-session-key + is used. The format is suitable to be passed to the option + --override-session-key + + NOTATION_NAME <name> + NOTATION_DATA <string> + name and string are %XX escaped; the data may be split + among several NOTATION_DATA lines. + + USERID_HINT <long main keyid> <string> + Give a hint about the user ID for a certain keyID. + + POLICY_URL <string> + string is %XX escaped + + BEGIN_STREAM + END_STREAM + Issued by pipemode. + + INV_RECP <reason> <requested_recipient> + INV_SGNR <reason> <requested_sender> + Issued for each unusable recipient/sender. The reasons codes + currently in use are: + 0 := "No specific reason given". + 1 := "Not Found" + 2 := "Ambigious specification" + 3 := "Wrong key usage" + 4 := "Key revoked" + 5 := "Key expired" + 6 := "No CRL known" + 7 := "CRL too old" + 8 := "Policy mismatch" + 9 := "Not a secret key" + 10 := "Key not trusted" + 11 := "Missing certificate" + 12 := "Missing issuer certificate" + + Note that for historical reasons the INV_RECP status is also + used for gpgsm's SIGNER command where it relates to signer's + of course. Newer GnuPG versions are using INV_SGNR; + applications should ignore the INV_RECP during the sender's + command processing once they have seen an INV_SGNR. We use + different code so that we can distinguish them while doing an + encrypt+sign. + + + NO_RECP <reserved> + NO_SGNR <reserved> + Issued when no recipients/senders are usable. + + ALREADY_SIGNED <long-keyid> + Warning: This is experimental and might be removed at any time. + + TRUNCATED <maxno> + The output was truncated to MAXNO items. This status code is issued + for certain external requests + + ERROR <error location> <error code> [<more>] + + This is a generic error status message, it might be followed + by error location specific data. <error code> and + <error_location> should not contain spaces. The error code is + a either a string commencing with a letter or such a string + prefixed with a numerical error code and an underscore; e.g.: + "151011327_EOF". + + SUCCESS [<location>] + Postive confirimation that an operation succeeded. <location> + is optional but if given should not contain spaces. + Used only with a few commands. + + + ATTRIBUTE <fpr> <octets> <type> <index> <count> + <timestamp> <expiredate> <flags> + This is one long line issued for each attribute subpacket when + an attribute packet is seen during key listing. <fpr> is the + fingerprint of the key. <octets> is the length of the + attribute subpacket. <type> is the attribute type + (1==image). <index>/<count> indicates that this is the Nth + indexed subpacket of count total subpackets in this attribute + packet. <timestamp> and <expiredate> are from the + self-signature on the attribute packet. If the attribute + packet does not have a valid self-signature, then the + timestamp is 0. <flags> are a bitwise OR of: + 0x01 = this attribute packet is a primary uid + 0x02 = this attribute packet is revoked + 0x04 = this attribute packet is expired + + CARDCTRL <what> [<serialno>] + This is used to control smartcard operations. + Defined values for WHAT are: + 1 = Request insertion of a card. Serialnumber may be given + to request a specific card. Used by gpg 1.4 w/o scdaemon. + 2 = Request removal of a card. Used by gpg 1.4 w/o scdaemon. + 3 = Card with serialnumber detected + 4 = No card available. + 5 = No card reader available + 6 = No card support available + + PLAINTEXT <format> <timestamp> <filename> + This indicates the format of the plaintext that is about to be + written. The format is a 1 byte hex code that shows the + format of the plaintext: 62 ('b') is binary data, 74 ('t') is + text data with no character set specified, and 75 ('u') is + text data encoded in the UTF-8 character set. The timestamp + is in seconds since the epoch. If a filename is available it + gets printed as the third argument, percent-escaped as usual. + + PLAINTEXT_LENGTH <length> + This indicates the length of the plaintext that is about to be + written. Note that if the plaintext packet has partial length + encoding it is not possible to know the length ahead of time. + In that case, this status tag does not appear. + + SIG_SUBPACKET <type> <flags> <len> <data> + This indicates that a signature subpacket was seen. The + format is the same as the "spk" record above. + + SC_OP_FAILURE [<code>] + An operation on a smartcard definitely failed. Currently + there is no indication of the actual error code, but + application should be prepared to later accept more arguments. + Defined values for CODE are: + 0 - unspecified error (identically to a missing CODE) + 1 - canceled + 2 - bad PIN + + SC_OP_SUCCESS + A smart card operaion succeeded. This status is only printed + for certain operation and is mostly useful to check whether a + PIN change really worked. + + BACKUP_KEY_CREATED fingerprint fname + A backup key named FNAME has been created for the key with + KEYID. + + MOUNTPOINT <name> + NAME is a percent-plus escaped filename describing the + mountpoint for the current operation (e.g. g13 --mount). This + may either be the specified mountpoint or one randomly choosen + by g13. + + DECRYPTION_INFO <mdc_method> <sym_algo> + Print information about the symmetric encryption algorithm and + the MDC method. This will be emitted even if the decryption + fails. + + + +Format of the "--attribute-fd" output +===================================== + +When --attribute-fd is set, during key listings (--list-keys, +--list-secret-keys) GnuPG dumps each attribute packet to the file +descriptor specified. --attribute-fd is intended for use with +--status-fd as part of the required information is carried on the +ATTRIBUTE status tag (see above). + +The contents of the attribute data is specified by RFC 4880. For +convenience, here is the Photo ID format, as it is currently the only +attribute defined: + + Byte 0-1: The length of the image header. Due to a historical + accident (i.e. oops!) back in the NAI PGP days, this is + a little-endian number. Currently 16 (0x10 0x00). + + Byte 2: The image header version. Currently 0x01. + + Byte 3: Encoding format. 0x01 == JPEG. + + Byte 4-15: Reserved, and currently unused. + + All other data after this header is raw image (JPEG) data. + + +Format of the "--list-config" output +==================================== + +--list-config outputs information about the GnuPG configuration for +the benefit of frontends or other programs that call GnuPG. There are +several list-config items, all colon delimited like the rest of the +--with-colons output. The first field is always "cfg" to indicate +configuration information. The second field is one of (with +examples): + +version: the third field contains the version of GnuPG. + + cfg:version:1.3.5 + +pubkey: the third field contains the public key algorithmdcaiphers + this version of GnuPG supports, separated by semicolons. The + algorithm numbers are as specified in RFC-4880. Note that in + contrast to the --status-fd interface these are _not_ the + Libgcrypt identifiers. + + cfg:pubkey:1;2;3;16;17 + +cipher: the third field contains the symmetric ciphers this version of + GnuPG supports, separated by semicolons. The cipher numbers + are as specified in RFC-4880. + + cfg:cipher:2;3;4;7;8;9;10 + +digest: the third field contains the digest (hash) algorithms this + version of GnuPG supports, separated by semicolons. The + digest numbers are as specified in RFC-4880. + + cfg:digest:1;2;3;8;9;10 + +compress: the third field contains the compression algorithms this + version of GnuPG supports, separated by semicolons. The + algorithm numbers are as specified in RFC-4880. + + cfg:compress:0;1;2;3 + +group: the third field contains the name of the group, and the fourth + field contains the values that the group expands to, separated + by semicolons. + +For example, a group of: + group mynames = paige 0x12345678 joe patti + +would result in: + cfg:group:mynames:patti;joe;0x12345678;paige + + +Key generation +============== + See the Libcrypt manual. + + +Unattended key generation +========================= +This feature allows unattended generation of keys controlled by a +parameter file. To use this feature, you use --gen-key together with +--batch and feed the parameters either from stdin or from a file given +on the commandline. + +The format of this file is as follows: + o Text only, line length is limited to about 1000 chars. + o You must use UTF-8 encoding to specify non-ascii characters. + o Empty lines are ignored. + o Leading and trailing spaces are ignored. + o A hash sign as the first non white space character indicates a comment line. + o Control statements are indicated by a leading percent sign, the + arguments are separated by white space from the keyword. + o Parameters are specified by a keyword, followed by a colon. Arguments + are separated by white space. + o The first parameter must be "Key-Type", control statements + may be placed anywhere. + o Key generation takes place when either the end of the parameter file + is reached, the next "Key-Type" parameter is encountered or at the + control statement "%commit" + o Control statements: + %echo <text> + Print <text>. + %dry-run + Suppress actual key generation (useful for syntax checking). + %commit + Perform the key generation. An implicit commit is done + at the next "Key-Type" parameter. + %pubring <filename> + %secring <filename> + Do not write the key to the default or commandline given + keyring but to <filename>. This must be given before the first + commit to take place, duplicate specification of the same filename + is ignored, the last filename before a commit is used. + The filename is used until a new filename is used (at commit points) + and all keys are written to that file. If a new filename is given, + this file is created (and overwrites an existing one). + GnuPG < 2.1: Both control statements must be given. + GnuPG >= 2.1: "%secring" is now a no-op. + %ask-passphrase + Enable a mode where the command "passphrase" is ignored and + instead the usual passphrase dialog is used. This does not + make sense for batch key generation; however the unattended + key generation feature is also used by GUIs and this feature + relinquishes the GUI from implementing its own passphrase + entry code. This is a global option. + %no-ask-passphrase + Disable the ask-passphrase mode. + %no-protection + With GnuPG 2.1 it is not anymore possible to specify a + passphrase for unattended key generation. The passphrase + command is simply ignored and %ask-passpharse is thus + implicitly enabled. Using this option allows to the creation + of keys without any passphrases. This option is mainly + intended for regression tests. + %transient-key + If given the keys are created using a faster and a somewhat + less secure random number generator. This option may be used + for keys which are only used for a short time and do not + require full cryptographic strength. It takes only effect if + used together with the option no-protection. + + o The order of the parameters does not matter except for "Key-Type" + which must be the first parameter. The parameters are only for the + generated keyblock and parameters from previous key generations are not + used. Some syntactically checks may be performed. + The currently defined parameters are: + Key-Type: <algo-number>|<algo-string> + Starts a new parameter block by giving the type of the primary + key. The algorithm must be capable of signing. This is a + required parameter. It may be "default" to use the default + one; in this case don't give a Key-Usage and use "default" for + the Subkey-Type. + Key-Length: <length-in-bits> + Length of the key in bits. The default is returned by running + the command "gpg --gpgconf-list". + Key-Usage: <usage-list> + Space or comma delimited list of key usage, allowed values are + "encrypt", "sign", and "auth". This is used to generate the + key flags. Please make sure that the algorithm is capable of + this usage. Note that OpenPGP requires that all primary keys + are capable of certification, so no matter what usage is given + here, the "cert" flag will be on. If no Key-Usage is + specified and the key-type is not "default", all allowed + usages for that particular algorithm are used; if it is not + given but "default" is used the usage will be "sign". + Subkey-Type: <algo-number>|<algo-string> + This generates a secondary key. Currently only one subkey + can be handled. "default" is also supported. + Subkey-Length: <length-in-bits> + Length of the subkey in bits. The default is returned by running + the command "gpg --gpgconf-list". + Subkey-Usage: <usage-list> + Similar to Key-Usage. + Passphrase: <string> + If you want to specify a passphrase for the secret key, + enter it here. Default is not to use any passphrase. + Name-Real: <string> + Name-Comment: <string> + Name-Email: <string> + The 3 parts of a key. Remember to use UTF-8 here. + If you don't give any of them, no user ID is created. + Expire-Date: <iso-date>|(<number>[d|w|m|y]) + Set the expiration date for the key (and the subkey). It may + either be entered in ISO date format (2000-08-15) or as number + of days, weeks, month or years. The special notation + "seconds=N" is also allowed to directly give an Epoch + value. Without a letter days are assumed. Note that there is + no check done on the overflow of the type used by OpenPGP for + timestamps. Thus you better make sure that the given value + make sense. Although OpenPGP works with time intervals, GnuPG + uses an absolute value internally and thus the last year we + can represent is 2105. + Creation-Date: <iso-date> + Set the creation date of the key as stored in the key + information and which is also part of the fingerprint + calculation. Either a date like "1986-04-26" or a full + timestamp like "19860426T042640" may be used. The time is + considered to be UTC. If it is not given the current time + is used. + Preferences: <string> + Set the cipher, hash, and compression preference values for + this key. This expects the same type of string as "setpref" + in the --edit menu. + Revoker: <algo>:<fpr> [sensitive] + Add a designated revoker to the generated key. Algo is the + public key algorithm of the designated revoker (i.e. RSA=1, + DSA=17, etc.) Fpr is the fingerprint of the designated + revoker. The optional "sensitive" flag marks the designated + revoker as sensitive information. Only v4 keys may be + designated revokers. + Handle: <string> + This is an optional parameter only used with the status lines + KEY_CREATED and KEY_NOT_CREATED. STRING may be up to 100 + characters and should not contain spaces. It is useful for + batch key generation to associate a key parameter block with a + status line. + Keyserver: <string> + This is an optional parameter that specifies the preferred + keyserver URL for the key. + + +Here is an example on how to create a key: +$ cat >foo <<EOF + %echo Generating a basic OpenPGP key + Key-Type: DSA + Key-Length: 1024 + Subkey-Type: ELG-E + Subkey-Length: 1024 + Name-Real: Joe Tester + Name-Comment: with stupid passphrase + Name-Email: joe@foo.bar + Expire-Date: 0 + Passphrase: abc + %pubring foo.pub + %secring foo.sec + # Do a commit here, so that we can later print "done" :-) + %commit + %echo done +EOF +$ gpg --batch --gen-key foo + [...] +$ gpg --no-default-keyring --secret-keyring ./foo.sec \ + --keyring ./foo.pub --list-secret-keys +/home/wk/work/gnupg-stable/scratch/foo.sec +------------------------------------------ +sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <joe@foo.bar> +ssb 1024g/8F70E2C0 2000-03-09 + +If you want to create a key with the default algorithms you would +use these parameters: + + %echo Generating a default key + Key-Type: default + Subkey-Type: default + Name-Real: Joe Tester + Name-Comment: with stupid passphrase + Name-Email: joe@foo.bar + Expire-Date: 0 + Passphrase: abc + %pubring foo.pub + %secring foo.sec + # Do a commit here, so that we can later print "done" :-) + %commit + %echo done + + + + +Layout of the TrustDB +===================== +The TrustDB is built from fixed length records, where the first byte +describes the record type. All numeric values are stored in network +byte order. The length of each record is 40 bytes. The first record of +the DB is always of type 1 and this is the only record of this type. + +FIXME: The layout changed, document it here. + + Record type 0: + -------------- + Unused record, can be reused for any purpose. + + Record type 1: + -------------- + Version information for this TrustDB. This is always the first + record of the DB and the only one with type 1. + 1 byte value 1 + 3 bytes 'gpg' magic value + 1 byte Version of the TrustDB (2) + 1 byte marginals needed + 1 byte completes needed + 1 byte max_cert_depth + The three items are used to check whether the cached + validity value from the dir record can be used. + 1 u32 locked flags [not used] + 1 u32 timestamp of trustdb creation + 1 u32 timestamp of last modification which may affect the validity + of keys in the trustdb. This value is checked against the + validity timestamp in the dir records. + 1 u32 timestamp of last validation [currently not used] + (Used to keep track of the time, when this TrustDB was checked + against the pubring) + 1 u32 record number of keyhashtable [currently not used] + 1 u32 first free record + 1 u32 record number of shadow directory hash table [currently not used] + It does not make sense to combine this table with the key table + because the keyid is not in every case a part of the fingerprint. + 1 u32 record number of the trusthashtbale + + + Record type 2: (directory record) + -------------- + Informations about a public key certificate. + These are static values which are never changed without user interaction. + + 1 byte value 2 + 1 byte reserved + 1 u32 LID . (This is simply the record number of this record.) + 1 u32 List of key-records (the first one is the primary key) + 1 u32 List of uid-records + 1 u32 cache record + 1 byte ownertrust + 1 byte dirflag + 1 byte maximum validity of all the user ids + 1 u32 time of last validity check. + 1 u32 Must check when this time has been reached. + (0 = no check required) + + + Record type 3: (key record) + -------------- + Informations about a primary public key. + (This is mainly used to lookup a trust record) + + 1 byte value 3 + 1 byte reserved + 1 u32 LID + 1 u32 next - next key record + 7 bytes reserved + 1 byte keyflags + 1 byte pubkey algorithm + 1 byte length of the fingerprint (in bytes) + 20 bytes fingerprint of the public key + (This is the value we use to identify a key) + + Record type 4: (uid record) + -------------- + Informations about a userid + We do not store the userid but the hash value of the userid because that + is sufficient. + + 1 byte value 4 + 1 byte reserved + 1 u32 LID points to the directory record. + 1 u32 next next userid + 1 u32 pointer to preference record + 1 u32 siglist list of valid signatures + 1 byte uidflags + 1 byte validity of the key calculated over this user id + 20 bytes ripemd160 hash of the username. + + + Record type 5: (pref record) + -------------- + This record type is not anymore used. + + 1 byte value 5 + 1 byte reserved + 1 u32 LID; points to the directory record (and not to the uid record!). + (or 0 for standard preference record) + 1 u32 next + 30 byte preference data + + Record type 6 (sigrec) + ------------- + Used to keep track of key signatures. Self-signatures are not + stored. If a public key is not in the DB, the signature points to + a shadow dir record, which in turn has a list of records which + might be interested in this key (and the signature record here + is one). + + 1 byte value 6 + 1 byte reserved + 1 u32 LID points back to the dir record + 1 u32 next next sigrec of this uid or 0 to indicate the + last sigrec. + 6 times + 1 u32 Local_id of signatures dir or shadow dir record + 1 byte Flag: Bit 0 = checked: Bit 1 is valid (we have a real + directory record for this) + 1 = valid is set (but may be revoked) + + + + Record type 8: (shadow directory record) + -------------- + This record is used to reserve a LID for a public key. We + need this to create the sig records of other keys, even if we + do not yet have the public key of the signature. + This record (the record number to be more precise) will be reused + as the dir record when we import the real public key. + + 1 byte value 8 + 1 byte reserved + 1 u32 LID (This is simply the record number of this record.) + 2 u32 keyid + 1 byte pubkey algorithm + 3 byte reserved + 1 u32 hintlist A list of records which have references to + this key. This is used for fast access to + signature records which are not yet checked. + Note, that this is only a hint and the actual records + may not anymore hold signature records for that key + but that the code cares about this. + 18 byte reserved + + + + Record Type 10 (hash table) + -------------- + Due to the fact that we use fingerprints to lookup keys, we can + implement quick access by some simple hash methods, and avoid + the overhead of gdbm. A property of fingerprints is that they can be + used directly as hash values. (They can be considered as strong + random numbers.) + What we use is a dynamic multilevel architecture, which combines + hashtables, record lists, and linked lists. + + This record is a hashtable of 256 entries; a special property + is that all these records are stored consecutively to make one + big table. The hash value is simple the 1st, 2nd, ... byte of + the fingerprint (depending on the indirection level). + + When used to hash shadow directory records, a different table is used + and indexed by the keyid. + + 1 byte value 10 + 1 byte reserved + n u32 recnum; n depends on the record length: + n = (reclen-2)/4 which yields 9 for the current record length + of 40 bytes. + + the total number of such record which makes up the table is: + m = (256+n-1) / n + which is 29 for a record length of 40. + + To look up a key we use the first byte of the fingerprint to get + the recnum from this hashtable and look up the addressed record: + - If this record is another hashtable, we use 2nd byte + to index this hash table and so on. + - if this record is a hashlist, we walk all entries + until we found one a matching one. + - if this record is a key record, we compare the + fingerprint and to decide whether it is the requested key; + + + Record type 11 (hash list) + -------------- + see hash table for an explanation. + This is also used for other purposes. + + 1 byte value 11 + 1 byte reserved + 1 u32 next next hash list record + n times n = (reclen-5)/5 + 1 u32 recnum + + For the current record length of 40, n is 7 + + + + Record type 254 (free record) + --------------- + All these records form a linked list of unused records. + 1 byte value 254 + 1 byte reserved (0) + 1 u32 next_free + + + +GNU extensions to the S2K algorithm +=================================== +S2K mode 101 is used to identify these extensions. +After the hash algorithm the 3 bytes "GNU" are used to make +clear that these are extensions for GNU, the next bytes gives the +GNU protection mode - 1000. Defined modes are: + 1001 - do not store the secret part at all + 1002 - a stub to access smartcards (not used in 1.2.x) + + + +Other Notes +=========== + * For packet version 3 we calculate the keyids this way: + RSA := low 64 bits of n + ELGAMAL := build a v3 pubkey packet (with CTB 0x99) and calculate + a rmd160 hash value from it. This is used as the + fingerprint and the low 64 bits are the keyid. + + * Revocation certificates consist only of the signature packet; + "import" knows how to handle this. The rationale behind it is + to keep them small. + + +OIDs below the GnuPG arc: +========================= + + 1.3.6.1.4.1.11591.2 GnuPG + 1.3.6.1.4.1.11591.2.1 notation + 1.3.6.1.4.1.11591.2.1.1 pkaAddress + 1.3.6.1.4.1.11591.2.12242973 invalid encoded OID + + + +Keyserver Message Format +========================= + +The keyserver may be contacted by a Unix Domain socket or via TCP. + +The format of a request is: + +==== +command-tag +"Content-length:" digits +CRLF +======= + +Where command-tag is + +NOOP +GET <user-name> +PUT +DELETE <user-name> + + +The format of a response is: + +====== +"GNUPG/1.0" status-code status-text +"Content-length:" digits +CRLF +============ +followed by <digits> bytes of data + + +Status codes are: + + o 1xx: Informational - Request received, continuing process + + o 2xx: Success - The action was successfully received, understood, + and accepted + + o 4xx: Client Error - The request contains bad syntax or cannot be + fulfilled + + o 5xx: Server Error - The server failed to fulfill an apparently + valid request + + + +Documentation on HKP (the http keyserver protocol): + +A minimalistic HTTP server on port 11371 recognizes a GET for /pks/lookup. +The standard http URL encoded query parameters are this (always key=value): + +- op=index (like pgp -kv), op=vindex (like pgp -kvv) and op=get (like + pgp -kxa) + +- search=<stringlist>. This is a list of words that must occur in the key. + The words are delimited with space, points, @ and so on. The delimiters + are not searched for and the order of the words doesn't matter (but see + next option). + +- exact=on. This switch tells the hkp server to only report exact matching + keys back. In this case the order and the "delimiters" are important. + +- fingerprint=on. Also reports the fingerprints when used with 'index' or + 'vindex' + +The keyserver also recognizes http-POSTs to /pks/add. Use this to upload +keys. + + +A better way to do this would be a request like: + + /pks/lookup/<gnupg_formatierte_user_id>?op=<operation> + +This can be implemented using Hurd's translator mechanism. +However, I think the whole key server stuff has to be re-thought; +I have some ideas and probably create a white paper. + @@ -0,0 +1,13 @@ +GnuPG Frequently Asked Questions + +A FAQ is a fast moving target and thus we don't distribute it anymore +with GnuPG. You may retrieve the current FAQ in HTML format at + + http://www.gnupg.org/faq/GnuPG-FAQ.html + +or in plain text format at the FTP server: + + ftp://ftp.gnupg.org/gcrypt/gnupg/GnuPG-FAQ.txt + + + diff --git a/doc/HACKING b/doc/HACKING new file mode 100644 index 0000000..e27bc07 --- /dev/null +++ b/doc/HACKING @@ -0,0 +1,200 @@ + A Hacker's Guide to GNUPG + ================================ + (Some notes on GNUPG internals.) + + +* No more ChangeLog files + +Do not modify any of the ChangeLog files in GnuPG. Starting on +December 1st, 2011 we put change information only in the GIT commit +log, and generate a top-level ChangeLog file from logs at "make dist" +time. As such, there are strict requirements on the form of the +commit log messages. The old ChangeLog files have all be renamed to +ChangeLog-2011 + + +* Commit log requirements + +Your commit log should always start with a one-line summary, the second +line should be blank, and the remaining lines are usually ChangeLog-style +entries for all affected files. However, it's fine -- even recommended -- +to write a few lines of prose describing the change, when the summary +and ChangeLog entries don't give enough of the big picture. Omit the +leading TABs that you're used to seeing in a "real" ChangeLog file, but +keep the maximum line length at 72 or smaller, so that the generated +ChangeLog lines, each with its leading TAB, will not exceed 80 columns. + + + +===> What follows is probably out of date <=== + + + +RFCs +==== + +1423 Privacy Enhancement for Internet Electronic Mail: + Part III: Algorithms, Modes, and Identifiers. + +1489 Registration of a Cyrillic Character Set. + +1750 Randomness Recommendations for Security. + +1991 PGP Message Exchange Formats. + +2015 MIME Security with Pretty Good Privacy (PGP). + +2144 The CAST-128 Encryption Algorithm. + +2279 UTF-8, a transformation format of ISO 10646. + +2440 OpenPGP. + + + +Directory Layout +---------------- + ./ Readme, configure + ./agent Gpg-agent and related tools + ./doc Documentation + ./doc Documentation + ./g10 Gpg program here called gpg2 + ./jnlib Utility functions + ./kbx Keybox library + ./scd Smartcard daemon + ./scripts Scripts needed by configure and others + ./sm Gpgsm program + + +Detailed Roadmap +---------------- +g10/gpg.c Main module with option parsing and all the stuff you have + to do on startup. Also has the exout handler and some + helper functions. +g10/sign.c Create signature and optionally encrypt + +g10/parse-packet.c +g10/build-packet.c +g10/free-packet.c + Parsing and creating of OpenPGP message packets. + +g10/getkey.c Key selection code +g10/pkclist.c Build a list of public keys +g10/skclist.c Build a list of secret keys +g10/ringedit.c Keyring I/O +g10/keydb.h + +g10/keyid.c Helper functions to get the keyid, fingerprint etc. + + +g10/trustdb.c +g10/trustdb.h +g10/tdbdump.c + Management of the trustdb.gpg + +g10/compress.c Filter to handle compression +g10/filter.h Declarations for all filter functions +g10/delkey.c Delete a key +g10/kbnode.c Helper for the KBNODE linked list +g10/main.h Prototypes and some constants +g10/mainproc.c Message processing +g10/armor.c Ascii armor filter +g10/mdfilter.c Filter to calculate hashs +g10/textfilter.c Filter to handle CR/LF and trailing white space +g10/cipher.c En-/Decryption filter +g10/misc.c Utlity functions +g10/options.h Structure with all the command line options + and related constants +g10/openfile.c Create/Open Files +g10/tdbio.c I/O handling for the trustdb.gpg +g10/tdbio.h +g10/hkp.h Keyserver access +g10/hkp.c +g10/packet.h Defintion of OpenPGP structures. +g10/passphrase.c Passphrase handling code +g10/pubkey-enc.c +g10/seckey-cert.c +g10/seskey.c +g10/import.c +g10/export.c +g10/comment.c +g10/status.c +g10/status.h +g10/sign.c +g10/plaintext.c +g10/encr-data.c +g10/encode.c +g10/revoke.c +g10/keylist.c +g10/sig-check.c +g10/signal.c +g10/helptext.c +g10/verify.c +g10/decrypt.c +g10/keyedit.c +g10/dearmor.c +g10/keygen.c + + + +Memory allocation +----------------- +Use only the functions: + + xmalloc + xmalloc_secure + xtrymalloc + xtrymalloc_secure + xcalloc + xcalloc_secure + xtrycalloc + xtrycalloc_secure + xrealloc + xtryrealloc + xstrdup + xtrystrdup + xfree + + +The *secure versions allocated memory in the secure memory. That is, +swapping out of this memory is avoided and is gets overwritten on +free. Use this for passphrases, session keys and other sensitive +material. This memory set aside for secure memory is linited to a few +k. In general the function don't print a memeory message and +terminate the process if there is not enough memory available. The +"try" versions of the functions return NULL instead. + + +Logging +------- + + + + + + +Option parsing +--------------- +GNUPG does not use getopt or GNU getopt but functions of it's own. See +util/argparse.c for details. The advantage of these functions is that +it is more easy to display and maintain the help texts for the options. +The same option table is also used to parse resource files. + + + +What is an IOBUF +---------------- +This is the data structure used for most I/O of gnupg. It is similar +to System V Streams but much simpler. Because OpenPGP messages are nested +in different ways; the use of such a system has big advantages. Here is +an example, how it works: If the parser sees a packet header with a partial +length, it pushes the block_filter onto the IOBUF to handle these partial +length packets: from now on you don't have to worry about this. When it sees +a compressed packet it pushes the uncompress filter and the next read byte +is one which has already been uncompressed by this filter. Same goes for +enciphered packet, plaintext packets and so on. The file g10/encode.c +might be a good staring point to see how it is used - actually this is +the other way: constructing messages using pushed filters but it may be +easier to understand. + + diff --git a/doc/KEYSERVER b/doc/KEYSERVER new file mode 100644 index 0000000..f63200a --- /dev/null +++ b/doc/KEYSERVER @@ -0,0 +1,83 @@ +Format of keyserver colon listings +================================== + +David Shaw <dshaw@jabberwocky.com> + +The machine readable response begins with an optional information +line: + +info:<version>:<count> + +<version> = this is the version of this protocol. Currently, this is + the number 1. + +<count> = the number of keys returned in this response. Note this is + the number of keys, and not the number of lines returned. + It should match the number of "pub:" lines returned. + +If this optional line is not included, or the version information is +not supplied, the version number is assumed to be 1. + +The key listings are made up of several lines per key. The first line +is for the primary key: + +pub:<fingerprint>:<algo>:<keylen>:<creationdate>:<expirationdate>:<flags> + +<fingerprint> = this is either the fingerprint or the keyid of the + key. Either the 16-digit or 8-digit keyids are + acceptable, but obviously the fingerprint is best. + Since it is not possible to calculate the keyid from a + V3 key fingerprint, for V3 keys this should be either + the 16-digit or 8-digit keyid only. + +<algo> = the algorithm number from RFC-2440. (i.e. 1==RSA, 17==DSA, + etc). + +<keylen> = the key length (i.e. 1024, 2048, 4096, etc.) + +<creationdate> = creation date of the key in standard RFC-2440 form + (i.e. number of seconds since 1/1/1970 UTC time) + +<expirationdate> = expiration date of the key in standard RFC-2440 + form (i.e. number of seconds since 1/1/1970 UTC time) + +<flags> = letter codes to indicate details of the key, if any. Flags + may be in any order. + + r == revoked + d == disabled + e == expired + +Following the "pub" line are one or more "uid" lines to indicate user +IDs on the key: + +uid:<escaped uid string>:<creationdate>:<expirationdate>:<flags> + +<escaped uid string> == the user ID string, with HTTP %-escaping for + anything that isn't 7-bit safe as well as for + the ":" character. Any other characters may + be escaped, as desired. + +creationdate, expirationdate, and flags mean the same here as before. +The information is taken from the self-sig, if any, and applies to the +user ID in question, and not to the key as a whole. + +Details: + +* All characters except for the <escaped uid string> are + case-insensitive. + +* Obviously, on a keyserver without integrated crypto, many of the + items given here are not fully trustworthy until the key is + downloaded and signatures checked. For example, the information + that a key is flagged "r" for revoked should be treated as + untrustworthy information until the key is checked on the client + side. + +* Empty fields are allowed. For example, a key with no expiration + date would have the <expirationdate> field empty. Also, a keyserver + that does not track a particular piece of information may leave that + field empty as well. I expect that the creation and expiration + dates for user IDs will be left empty in current keyservers. Colons + for empty fields on the end of each line may be left off, if + desired. diff --git a/doc/Makefile.am b/doc/Makefile.am new file mode 100644 index 0000000..c8d799b --- /dev/null +++ b/doc/Makefile.am @@ -0,0 +1,150 @@ +# Copyright (C) 2002, 2004 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +## Process this file with automake to produce Makefile.in + +examples = examples/README examples/scd-event examples/trustlist.txt \ + examples/gpgconf.conf examples/pwpattern.list + +helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \ + help.da.txt help.de.txt help.el.txt help.eo.txt \ + help.es.txt help.et.txt help.fi.txt help.fr.txt \ + help.gl.txt help.hu.txt help.id.txt help.it.txt \ + help.ja.txt help.nb.txt help.pl.txt help.pt.txt \ + help.pt_BR.txt help.ro.txt help.ru.txt help.sk.txt \ + help.sv.txt help.tr.txt help.zh_CN.txt help.zh_TW.txt + +EXTRA_DIST = samplekeys.asc ChangeLog-2011 \ + gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png \ + gnupg-card-architecture.eps gnupg-card-architecture.png \ + gnupg-card-architecture.pdf \ + FAQ gnupg7.texi \ + opt-homedir.texi see-also-note.texi specify-user-id.texi \ + gpgv.texi texi.css yat2m.c + +BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \ + gnupg-card-architecture.pdf + +info_TEXINFOS = gnupg.texi + +dist_pkgdata_DATA = qualified.txt com-certs.pem $(helpfiles) + +nobase_dist_doc_DATA = FAQ DETAILS HACKING TRANSLATE OpenPGP KEYSERVER \ + $(examples) + + +gnupg_TEXINFOS = \ + gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi instguide.texi \ + tools.texi debugging.texi glossary.texi contrib.texi gpl.texi \ + sysnotes.texi gnupg-card-architecture.fig \ + howtos.texi howto-create-a-server-cert.texi + +DVIPS = TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" dvips + +AM_MAKEINFOFLAGS = -I $(srcdir) --css-include=$(srcdir)/texi.css + +YAT2M_OPTIONS = -I $(srcdir) \ + --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard" + +myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \ + scdaemon.texi tools.texi +myman_pages = gpg2.1 gpgsm.1 gpg-agent.1 scdaemon.1 gpgv2.1 \ + watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \ + gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 \ + gpgsm-gencert.sh.1 applygnupgdefaults.8 gpg-zip.1 + +man_MANS = $(myman_pages) +noinst_MANS = gnupg.7 + +watchgnupg_SOURCE = gnupg.texi + + +CLEANFILES = yat2m faq.txt + +DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \ + $(myman_pages) gnupg.7 + +yat2m: yat2m.c + $(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c + +.fig.png: + fig2dev -L png `test -f '$<' || echo '$(srcdir)/'`$< $@ + +.fig.jpg: + fig2dev -L jpg `test -f '$<' || echo '$(srcdir)/'`$< $@ + +.fig.eps: + fig2dev -L eps `test -f '$<' || echo '$(srcdir)/'`$< $@ + +.fig.pdf: + fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@ + +# Note that yatm --store has a bug in that the @ifset gpgtwoone still +# creates a dirmngr-client page from tools.texi. +yat2m-stamp: $(myman_sources) + @rm -f yat2m-stamp.tmp + @touch yat2m-stamp.tmp + for file in $(myman_sources) ; do \ + ./yat2m $(YAT2M_OPTIONS) --store \ + `test -f '$$file' || echo '$(srcdir)/'`$$file ; done + @test -f dirmngr-client.1 && rm dirmngr-client.1 + @mv -f yat2m-stamp.tmp $@ + +yat2m-stamp: yat2m + +$(myman_pages) gnupg.7 : yat2m-stamp + @if test -f $@; then :; else \ + trap 'rm -rf yat2m-stamp yat2m-lock' 1 2 13 15; \ + if mkdir yat2m-lock 2>/dev/null; then \ + rm -f yat2m-stamp; \ + $(MAKE) $(AM_MAKEFLAGS) yat2m-stamp; \ + rmdir yat2m-lock; \ + else \ + while test -d yat2m-lock; do sleep 1; done; \ + test -f yat2m-stamp; exit $$?; \ + fi; \ + fi + +# Make sure that gnupg.texi is touched if any other source file has +# been modified. This is required so that the version.texi magic +# updates the release date. +gnupg.texi : $(gnupg_TEXINFOS) + touch $(srcdir)/gnupg.texi + +# Copy shared files from the master branch. We keep the texinfo files +# all in master so that we need to modify only one source. Macros are +# used to customize them for a specific version. +update-source: + @set -e; cd $(srcdir); \ + for i in $(gnupg_TEXINFOS) yat2m.c ; do \ + echo "updating from master:doc/$$i" >&2 ; \ + git show master:doc/$$i >$$i ; \ + done + +online: gnupg.html gnupg.pdf + set -e; \ + echo "Uploading current manuals to www.gnupg.org ..."; \ + cp $(srcdir)/gnupg-logo.png gnupg.html/; \ + user=werner ; dashdevel="" ; \ + if echo "@PACKAGE_VERSION@" | grep -- "-git" >/dev/null; then \ + dashdevel="-devel" ; \ + else \ + rsync -v gnupg.pdf $${user}@cvs.gnupg.org:webspace/manuals/ ; \ + fi ; \ + cd gnupg.html ; \ + rsync -vr --exclude='.svn' . \ + $${user}@cvs.gnupg.org:webspace/manuals/gnupg$${dashdevel}/ diff --git a/doc/Makefile.in b/doc/Makefile.in new file mode 100644 index 0000000..cb96a30 --- /dev/null +++ b/doc/Makefile.in @@ -0,0 +1,1029 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# Copyright (C) 2002, 2004 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = doc +DIST_COMMON = $(dist_pkgdata_DATA) $(gnupg_TEXINFOS) \ + $(nobase_dist_doc_DATA) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(srcdir)/stamp-vti \ + $(srcdir)/version.texi +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \ + $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \ + $(top_srcdir)/gl/m4/eealloc.m4 \ + $(top_srcdir)/gl/m4/gnulib-comp.m4 \ + $(top_srcdir)/gl/m4/gnulib-tool.m4 \ + $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \ + $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \ + $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \ + $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \ + $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \ + $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \ + $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \ + $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \ + $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \ + $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \ + $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \ + $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \ + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +SOURCES = +DIST_SOURCES = +INFO_DEPS = $(srcdir)/gnupg.info +TEXINFO_TEX = $(top_srcdir)/scripts/texinfo.tex +am__TEXINFO_TEX_DIR = $(top_srcdir)/scripts +DVIS = gnupg.dvi +PDFS = gnupg.pdf +PSS = gnupg.ps +HTMLS = gnupg.html +TEXINFOS = gnupg.texi +TEXI2DVI = texi2dvi +TEXI2PDF = $(TEXI2DVI) --pdf --batch +MAKEINFOHTML = $(MAKEINFO) --html +AM_MAKEINFOHTMLFLAGS = $(AM_MAKEINFOFLAGS) +am__installdirs = "$(DESTDIR)$(infodir)" "$(DESTDIR)$(man1dir)" \ + "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgdatadir)" \ + "$(DESTDIR)$(docdir)" +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +man1dir = $(mandir)/man1 +man8dir = $(mandir)/man8 +NROFF = nroff +MANS = $(man_MANS) +DATA = $(dist_pkgdata_DATA) $(nobase_dist_doc_DATA) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@ +ACLOCAL = @ACLOCAL@ +ADNSLIBS = @ADNSLIBS@ +ALLOCA = @ALLOCA@ +ALLOCA_H = @ALLOCA_H@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@ +BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@ +BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@ +BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@ +BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@ +BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CC_FOR_BUILD = @CC_FOR_BUILD@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DL_LIBS = @DL_LIBS@ +DNSLIBS = @DNSLIBS@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FAQPROG = @FAQPROG@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@ +GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@ +GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@ +GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@ +GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@ +GPGKEYS_CURL = @GPGKEYS_CURL@ +GPGKEYS_FINGER = @GPGKEYS_FINGER@ +GPGKEYS_HKP = @GPGKEYS_HKP@ +GPGKEYS_KDNS = @GPGKEYS_KDNS@ +GPGKEYS_LDAP = @GPGKEYS_LDAP@ +GPGKEYS_MAILTO = @GPGKEYS_MAILTO@ +GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@ +GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@ +GPG_ERROR_LIBS = @GPG_ERROR_LIBS@ +GREP = @GREP@ +HAVE_INTTYPES_H = @HAVE_INTTYPES_H@ +HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@ +HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@ +HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@ +HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@ +HAVE_STDINT_H = @HAVE_STDINT_H@ +HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@ +HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@ +HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ +HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@ +HAVE_WCHAR_H = @HAVE_WCHAR_H@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +KSBA_CFLAGS = @KSBA_CFLAGS@ +KSBA_CONFIG = @KSBA_CONFIG@ +KSBA_LIBS = @KSBA_LIBS@ +LDAPLIBS = @LDAPLIBS@ +LDAP_CPPFLAGS = @LDAP_CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ +LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ +LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ +LIBCURL = @LIBCURL@ +LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@ +LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ +LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ +LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ +LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@ +LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@ +LIBICONV = @LIBICONV@ +LIBINTL = @LIBINTL@ +LIBOBJS = @LIBOBJS@ +LIBREADLINE = @LIBREADLINE@ +LIBS = @LIBS@ +LIBUSB_LIBS = @LIBUSB_LIBS@ +LIBUTIL_LIBS = @LIBUTIL_LIBS@ +LN_S = @LN_S@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGFMT_015 = @MSGFMT_015@ +MSGMERGE = @MSGMERGE@ +NETLIBS = @NETLIBS@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_GT = @PACKAGE_GT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +POSUB = @POSUB@ +PTH_CFLAGS = @PTH_CFLAGS@ +PTH_CONFIG = @PTH_CONFIG@ +PTH_LIBS = @PTH_LIBS@ +PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@ +RANLIB = @RANLIB@ +SENDMAIL = @SENDMAIL@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SHRED = @SHRED@ +SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@ +SIZE_T_SUFFIX = @SIZE_T_SUFFIX@ +STDINT_H = @STDINT_H@ +STRIP = @STRIP@ +SYS_SOCKET_H = @SYS_SOCKET_H@ +TAR = @TAR@ +UNISTD_H = @UNISTD_H@ +USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +W32SOCKLIBS = @W32SOCKLIBS@ +WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@ +WINDRES = @WINDRES@ +WINT_T_SUFFIX = @WINT_T_SUFFIX@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +ZLIBS = @ZLIBS@ +_libcurl_config = @_libcurl_config@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +examples = examples/README examples/scd-event examples/trustlist.txt \ + examples/gpgconf.conf examples/pwpattern.list + +helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \ + help.da.txt help.de.txt help.el.txt help.eo.txt \ + help.es.txt help.et.txt help.fi.txt help.fr.txt \ + help.gl.txt help.hu.txt help.id.txt help.it.txt \ + help.ja.txt help.nb.txt help.pl.txt help.pt.txt \ + help.pt_BR.txt help.ro.txt help.ru.txt help.sk.txt \ + help.sv.txt help.tr.txt help.zh_CN.txt help.zh_TW.txt + +EXTRA_DIST = samplekeys.asc ChangeLog-2011 \ + gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png \ + gnupg-card-architecture.eps gnupg-card-architecture.png \ + gnupg-card-architecture.pdf \ + FAQ gnupg7.texi \ + opt-homedir.texi see-also-note.texi specify-user-id.texi \ + gpgv.texi texi.css yat2m.c + +BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \ + gnupg-card-architecture.pdf + +info_TEXINFOS = gnupg.texi +dist_pkgdata_DATA = qualified.txt com-certs.pem $(helpfiles) +nobase_dist_doc_DATA = FAQ DETAILS HACKING TRANSLATE OpenPGP KEYSERVER \ + $(examples) + +gnupg_TEXINFOS = \ + gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi instguide.texi \ + tools.texi debugging.texi glossary.texi contrib.texi gpl.texi \ + sysnotes.texi gnupg-card-architecture.fig \ + howtos.texi howto-create-a-server-cert.texi + +DVIPS = TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" dvips +AM_MAKEINFOFLAGS = -I $(srcdir) --css-include=$(srcdir)/texi.css +YAT2M_OPTIONS = -I $(srcdir) \ + --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard" + +myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \ + scdaemon.texi tools.texi + +myman_pages = gpg2.1 gpgsm.1 gpg-agent.1 scdaemon.1 gpgv2.1 \ + watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \ + gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 \ + gpgsm-gencert.sh.1 applygnupgdefaults.8 gpg-zip.1 + +man_MANS = $(myman_pages) +noinst_MANS = gnupg.7 +watchgnupg_SOURCE = gnupg.texi +CLEANFILES = yat2m faq.txt +DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \ + $(myman_pages) gnupg.7 + +all: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) all-am + +.SUFFIXES: +.SUFFIXES: .dvi .eps .fig .html .info .jpg .pdf .png .ps .texi +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu doc/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +.texi.info: + restore=: && backupdir="$(am__leading_dot)am$$$$" && \ + am__cwd=`pwd` && $(am__cd) $(srcdir) && \ + rm -rf $$backupdir && mkdir $$backupdir && \ + if ($(MAKEINFO) --version) >/dev/null 2>&1; then \ + for f in $@ $@-[0-9] $@-[0-9][0-9] $(@:.info=).i[0-9] $(@:.info=).i[0-9][0-9]; do \ + if test -f $$f; then mv $$f $$backupdir; restore=mv; else :; fi; \ + done; \ + else :; fi && \ + cd "$$am__cwd"; \ + if $(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \ + -o $@ $<; \ + then \ + rc=0; \ + $(am__cd) $(srcdir); \ + else \ + rc=$$?; \ + $(am__cd) $(srcdir) && \ + $$restore $$backupdir/* `echo "./$@" | sed 's|[^/]*$$||'`; \ + fi; \ + rm -rf $$backupdir; exit $$rc + +.texi.dvi: + TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \ + MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \ + $(TEXI2DVI) $< + +.texi.pdf: + TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \ + MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \ + $(TEXI2PDF) $< + +.texi.html: + rm -rf $(@:.html=.htp) + if $(MAKEINFOHTML) $(AM_MAKEINFOHTMLFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \ + -o $(@:.html=.htp) $<; \ + then \ + rm -rf $@; \ + if test ! -d $(@:.html=.htp) && test -d $(@:.html=); then \ + mv $(@:.html=) $@; else mv $(@:.html=.htp) $@; fi; \ + else \ + if test ! -d $(@:.html=.htp) && test -d $(@:.html=); then \ + rm -rf $(@:.html=); else rm -Rf $(@:.html=.htp) $@; fi; \ + exit 1; \ + fi +$(srcdir)/gnupg.info: gnupg.texi $(srcdir)/version.texi $(gnupg_TEXINFOS) +gnupg.dvi: gnupg.texi $(srcdir)/version.texi $(gnupg_TEXINFOS) +gnupg.pdf: gnupg.texi $(srcdir)/version.texi $(gnupg_TEXINFOS) +gnupg.html: gnupg.texi $(srcdir)/version.texi $(gnupg_TEXINFOS) +$(srcdir)/version.texi: @MAINTAINER_MODE_TRUE@ $(srcdir)/stamp-vti +$(srcdir)/stamp-vti: gnupg.texi $(top_srcdir)/configure + @(dir=.; test -f ./gnupg.texi || dir=$(srcdir); \ + set `$(SHELL) $(top_srcdir)/scripts/mdate-sh $$dir/gnupg.texi`; \ + echo "@set UPDATED $$1 $$2 $$3"; \ + echo "@set UPDATED-MONTH $$2 $$3"; \ + echo "@set EDITION $(VERSION)"; \ + echo "@set VERSION $(VERSION)") > vti.tmp + @cmp -s vti.tmp $(srcdir)/version.texi \ + || (echo "Updating $(srcdir)/version.texi"; \ + cp vti.tmp $(srcdir)/version.texi) + -@rm -f vti.tmp + @cp $(srcdir)/version.texi $@ + +mostlyclean-vti: + -rm -f vti.tmp + +maintainer-clean-vti: +@MAINTAINER_MODE_TRUE@ -rm -f $(srcdir)/stamp-vti $(srcdir)/version.texi +.dvi.ps: + TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \ + $(DVIPS) -o $@ $< + +uninstall-dvi-am: + @$(NORMAL_UNINSTALL) + @list='$(DVIS)'; test -n "$(dvidir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " rm -f '$(DESTDIR)$(dvidir)/$$f'"; \ + rm -f "$(DESTDIR)$(dvidir)/$$f"; \ + done + +uninstall-html-am: + @$(NORMAL_UNINSTALL) + @list='$(HTMLS)'; test -n "$(htmldir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " rm -rf '$(DESTDIR)$(htmldir)/$$f'"; \ + rm -rf "$(DESTDIR)$(htmldir)/$$f"; \ + done + +uninstall-info-am: + @$(PRE_UNINSTALL) + @if test -d '$(DESTDIR)$(infodir)' && \ + (install-info --version && \ + install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \ + list='$(INFO_DEPS)'; \ + for file in $$list; do \ + relfile=`echo "$$file" | sed 's|^.*/||'`; \ + echo " install-info --info-dir='$(DESTDIR)$(infodir)' --remove '$(DESTDIR)$(infodir)/$$relfile'"; \ + if install-info --info-dir="$(DESTDIR)$(infodir)" --remove "$(DESTDIR)$(infodir)/$$relfile"; \ + then :; else test ! -f "$(DESTDIR)$(infodir)/$$relfile" || exit 1; fi; \ + done; \ + else :; fi + @$(NORMAL_UNINSTALL) + @list='$(INFO_DEPS)'; \ + for file in $$list; do \ + relfile=`echo "$$file" | sed 's|^.*/||'`; \ + relfile_i=`echo "$$relfile" | sed 's|\.info$$||;s|$$|.i|'`; \ + (if test -d "$(DESTDIR)$(infodir)" && cd "$(DESTDIR)$(infodir)"; then \ + echo " cd '$(DESTDIR)$(infodir)' && rm -f $$relfile $$relfile-[0-9] $$relfile-[0-9][0-9] $$relfile_i[0-9] $$relfile_i[0-9][0-9]"; \ + rm -f $$relfile $$relfile-[0-9] $$relfile-[0-9][0-9] $$relfile_i[0-9] $$relfile_i[0-9][0-9]; \ + else :; fi); \ + done + +uninstall-pdf-am: + @$(NORMAL_UNINSTALL) + @list='$(PDFS)'; test -n "$(pdfdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " rm -f '$(DESTDIR)$(pdfdir)/$$f'"; \ + rm -f "$(DESTDIR)$(pdfdir)/$$f"; \ + done + +uninstall-ps-am: + @$(NORMAL_UNINSTALL) + @list='$(PSS)'; test -n "$(psdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " rm -f '$(DESTDIR)$(psdir)/$$f'"; \ + rm -f "$(DESTDIR)$(psdir)/$$f"; \ + done + +dist-info: $(INFO_DEPS) + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + list='$(INFO_DEPS)'; \ + for base in $$list; do \ + case $$base in \ + $(srcdir)/*) base=`echo "$$base" | sed "s|^$$srcdirstrip/||"`;; \ + esac; \ + if test -f $$base; then d=.; else d=$(srcdir); fi; \ + base_i=`echo "$$base" | sed 's|\.info$$||;s|$$|.i|'`; \ + for file in $$d/$$base $$d/$$base-[0-9] $$d/$$base-[0-9][0-9] $$d/$$base_i[0-9] $$d/$$base_i[0-9][0-9]; do \ + if test -f $$file; then \ + relfile=`expr "$$file" : "$$d/\(.*\)"`; \ + test -f "$(distdir)/$$relfile" || \ + cp -p $$file "$(distdir)/$$relfile"; \ + else :; fi; \ + done; \ + done + +mostlyclean-aminfo: + -rm -rf gnupg.aux gnupg.cp gnupg.cps gnupg.fn gnupg.ky gnupg.log gnupg.op \ + gnupg.ops gnupg.pg gnupg.tmp gnupg.toc gnupg.tp gnupg.vr + +clean-aminfo: + -test -z "gnupg.dvi gnupg.pdf gnupg.ps gnupg.html" \ + || rm -rf gnupg.dvi gnupg.pdf gnupg.ps gnupg.html + +maintainer-clean-aminfo: + @list='$(INFO_DEPS)'; for i in $$list; do \ + i_i=`echo "$$i" | sed 's|\.info$$||;s|$$|.i|'`; \ + echo " rm -f $$i $$i-[0-9] $$i-[0-9][0-9] $$i_i[0-9] $$i_i[0-9][0-9]"; \ + rm -f $$i $$i-[0-9] $$i-[0-9][0-9] $$i_i[0-9] $$i_i[0-9][0-9]; \ + done +install-man1: $(man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" + @list=''; test -n "$(man1dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man1dir)" && rm -f $$files; } +install-man8: $(man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +install-dist_pkgdataDATA: $(dist_pkgdata_DATA) + @$(NORMAL_INSTALL) + test -z "$(pkgdatadir)" || $(MKDIR_P) "$(DESTDIR)$(pkgdatadir)" + @list='$(dist_pkgdata_DATA)'; test -n "$(pkgdatadir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgdatadir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgdatadir)" || exit $$?; \ + done + +uninstall-dist_pkgdataDATA: + @$(NORMAL_UNINSTALL) + @list='$(dist_pkgdata_DATA)'; test -n "$(pkgdatadir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(pkgdatadir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(pkgdatadir)" && rm -f $$files +install-nobase_dist_docDATA: $(nobase_dist_doc_DATA) + @$(NORMAL_INSTALL) + test -z "$(docdir)" || $(MKDIR_P) "$(DESTDIR)$(docdir)" + @list='$(nobase_dist_doc_DATA)'; test -n "$(docdir)" || list=; \ + $(am__nobase_list) | while read dir files; do \ + xfiles=; for file in $$files; do \ + if test -f "$$file"; then xfiles="$$xfiles $$file"; \ + else xfiles="$$xfiles $(srcdir)/$$file"; fi; done; \ + test -z "$$xfiles" || { \ + test "x$$dir" = x. || { \ + echo "$(MKDIR_P) '$(DESTDIR)$(docdir)/$$dir'"; \ + $(MKDIR_P) "$(DESTDIR)$(docdir)/$$dir"; }; \ + echo " $(INSTALL_DATA) $$xfiles '$(DESTDIR)$(docdir)/$$dir'"; \ + $(INSTALL_DATA) $$xfiles "$(DESTDIR)$(docdir)/$$dir" || exit $$?; }; \ + done + +uninstall-nobase_dist_docDATA: + @$(NORMAL_UNINSTALL) + @list='$(nobase_dist_doc_DATA)'; test -n "$(docdir)" || list=; \ + $(am__nobase_strip_setup); files=`$(am__nobase_strip)`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(docdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(docdir)" && rm -f $$files +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-info +check-am: all-am +check: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) check-am +all-am: Makefile $(INFO_DEPS) $(MANS) $(DATA) +installdirs: + for dir in "$(DESTDIR)$(infodir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgdatadir)" "$(DESTDIR)$(docdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." + -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) +clean: clean-am + +clean-am: clean-aminfo clean-generic mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: $(DVIS) + +html: html-am + +html-am: $(HTMLS) + +info: info-am + +info-am: $(INFO_DEPS) + +install-data-am: install-dist_pkgdataDATA install-info-am install-man \ + install-nobase_dist_docDATA + +install-dvi: install-dvi-am + +install-dvi-am: $(DVIS) + @$(NORMAL_INSTALL) + test -z "$(dvidir)" || $(MKDIR_P) "$(DESTDIR)$(dvidir)" + @list='$(DVIS)'; test -n "$(dvidir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dvidir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(dvidir)" || exit $$?; \ + done +install-exec-am: + +install-html: install-html-am + +install-html-am: $(HTMLS) + @$(NORMAL_INSTALL) + test -z "$(htmldir)" || $(MKDIR_P) "$(DESTDIR)$(htmldir)" + @list='$(HTMLS)'; list2=; test -n "$(htmldir)" || list=; \ + for p in $$list; do \ + if test -f "$$p" || test -d "$$p"; then d=; else d="$(srcdir)/"; fi; \ + $(am__strip_dir) \ + if test -d "$$d$$p"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(htmldir)/$$f'"; \ + $(MKDIR_P) "$(DESTDIR)$(htmldir)/$$f" || exit 1; \ + echo " $(INSTALL_DATA) '$$d$$p'/* '$(DESTDIR)$(htmldir)/$$f'"; \ + $(INSTALL_DATA) "$$d$$p"/* "$(DESTDIR)$(htmldir)/$$f" || exit $$?; \ + else \ + list2="$$list2 $$d$$p"; \ + fi; \ + done; \ + test -z "$$list2" || { echo "$$list2" | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(htmldir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(htmldir)" || exit $$?; \ + done; } +install-info: install-info-am + +install-info-am: $(INFO_DEPS) + @$(NORMAL_INSTALL) + test -z "$(infodir)" || $(MKDIR_P) "$(DESTDIR)$(infodir)" + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + list='$(INFO_DEPS)'; test -n "$(infodir)" || list=; \ + for file in $$list; do \ + case $$file in \ + $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ + esac; \ + if test -f $$file; then d=.; else d=$(srcdir); fi; \ + file_i=`echo "$$file" | sed 's|\.info$$||;s|$$|.i|'`; \ + for ifile in $$d/$$file $$d/$$file-[0-9] $$d/$$file-[0-9][0-9] \ + $$d/$$file_i[0-9] $$d/$$file_i[0-9][0-9] ; do \ + if test -f $$ifile; then \ + echo "$$ifile"; \ + else : ; fi; \ + done; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(infodir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(infodir)" || exit $$?; done + @$(POST_INSTALL) + @if (install-info --version && \ + install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \ + list='$(INFO_DEPS)'; test -n "$(infodir)" || list=; \ + for file in $$list; do \ + relfile=`echo "$$file" | sed 's|^.*/||'`; \ + echo " install-info --info-dir='$(DESTDIR)$(infodir)' '$(DESTDIR)$(infodir)/$$relfile'";\ + install-info --info-dir="$(DESTDIR)$(infodir)" "$(DESTDIR)$(infodir)/$$relfile" || :;\ + done; \ + else : ; fi +install-man: install-man1 install-man8 + +install-pdf: install-pdf-am + +install-pdf-am: $(PDFS) + @$(NORMAL_INSTALL) + test -z "$(pdfdir)" || $(MKDIR_P) "$(DESTDIR)$(pdfdir)" + @list='$(PDFS)'; test -n "$(pdfdir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pdfdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(pdfdir)" || exit $$?; done +install-ps: install-ps-am + +install-ps-am: $(PSS) + @$(NORMAL_INSTALL) + test -z "$(psdir)" || $(MKDIR_P) "$(DESTDIR)$(psdir)" + @list='$(PSS)'; test -n "$(psdir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(psdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(psdir)" || exit $$?; done +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-aminfo \ + maintainer-clean-generic maintainer-clean-vti + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-aminfo mostlyclean-generic mostlyclean-vti + +pdf: pdf-am + +pdf-am: $(PDFS) + +ps: ps-am + +ps-am: $(PSS) + +uninstall-am: uninstall-dist_pkgdataDATA uninstall-dvi-am \ + uninstall-html-am uninstall-info-am uninstall-man \ + uninstall-nobase_dist_docDATA uninstall-pdf-am uninstall-ps-am + +uninstall-man: uninstall-man1 uninstall-man8 + +.MAKE: all check install install-am install-strip + +.PHONY: all all-am check check-am clean clean-aminfo clean-generic \ + dist-info distclean distclean-generic distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dist_pkgdataDATA install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-man1 install-man8 install-nobase_dist_docDATA \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-aminfo \ + maintainer-clean-generic maintainer-clean-vti mostlyclean \ + mostlyclean-aminfo mostlyclean-generic mostlyclean-vti pdf \ + pdf-am ps ps-am uninstall uninstall-am \ + uninstall-dist_pkgdataDATA uninstall-dvi-am uninstall-html-am \ + uninstall-info-am uninstall-man uninstall-man1 uninstall-man8 \ + uninstall-nobase_dist_docDATA uninstall-pdf-am uninstall-ps-am + + +yat2m: yat2m.c + $(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c + +.fig.png: + fig2dev -L png `test -f '$<' || echo '$(srcdir)/'`$< $@ + +.fig.jpg: + fig2dev -L jpg `test -f '$<' || echo '$(srcdir)/'`$< $@ + +.fig.eps: + fig2dev -L eps `test -f '$<' || echo '$(srcdir)/'`$< $@ + +.fig.pdf: + fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@ + +# Note that yatm --store has a bug in that the @ifset gpgtwoone still +# creates a dirmngr-client page from tools.texi. +yat2m-stamp: $(myman_sources) + @rm -f yat2m-stamp.tmp + @touch yat2m-stamp.tmp + for file in $(myman_sources) ; do \ + ./yat2m $(YAT2M_OPTIONS) --store \ + `test -f '$$file' || echo '$(srcdir)/'`$$file ; done + @test -f dirmngr-client.1 && rm dirmngr-client.1 + @mv -f yat2m-stamp.tmp $@ + +yat2m-stamp: yat2m + +$(myman_pages) gnupg.7 : yat2m-stamp + @if test -f $@; then :; else \ + trap 'rm -rf yat2m-stamp yat2m-lock' 1 2 13 15; \ + if mkdir yat2m-lock 2>/dev/null; then \ + rm -f yat2m-stamp; \ + $(MAKE) $(AM_MAKEFLAGS) yat2m-stamp; \ + rmdir yat2m-lock; \ + else \ + while test -d yat2m-lock; do sleep 1; done; \ + test -f yat2m-stamp; exit $$?; \ + fi; \ + fi + +# Make sure that gnupg.texi is touched if any other source file has +# been modified. This is required so that the version.texi magic +# updates the release date. +gnupg.texi : $(gnupg_TEXINFOS) + touch $(srcdir)/gnupg.texi + +# Copy shared files from the master branch. We keep the texinfo files +# all in master so that we need to modify only one source. Macros are +# used to customize them for a specific version. +update-source: + @set -e; cd $(srcdir); \ + for i in $(gnupg_TEXINFOS) yat2m.c ; do \ + echo "updating from master:doc/$$i" >&2 ; \ + git show master:doc/$$i >$$i ; \ + done + +online: gnupg.html gnupg.pdf + set -e; \ + echo "Uploading current manuals to www.gnupg.org ..."; \ + cp $(srcdir)/gnupg-logo.png gnupg.html/; \ + user=werner ; dashdevel="" ; \ + if echo "@PACKAGE_VERSION@" | grep -- "-git" >/dev/null; then \ + dashdevel="-devel" ; \ + else \ + rsync -v gnupg.pdf $${user}@cvs.gnupg.org:webspace/manuals/ ; \ + fi ; \ + cd gnupg.html ; \ + rsync -vr --exclude='.svn' . \ + $${user}@cvs.gnupg.org:webspace/manuals/gnupg$${dashdevel}/ + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/doc/OpenPGP b/doc/OpenPGP new file mode 100644 index 0000000..a511ad7 --- /dev/null +++ b/doc/OpenPGP @@ -0,0 +1,108 @@ + GnuPG and OpenPGP + ================= + + See RFC2440 for a description of OpenPGP. We have an annotated version + of this RFC online: http://www.gnupg.org/rfc2440.html + + + + Compatibility Notes + =================== + GnuPG (>=1.0.3) is in compliance with RFC2440 despite these exceptions: + + * (9.2) states that IDEA SHOULD be implemented. This is not done + due to patent problems. + + + All MAY features are implemented with this exception: + + * multi-part armored messages are not supported. + MIME (rfc2015) should be used instead. + + Most of the OPTIONAL stuff is implemented. + + There are a couple of options which can be used to override some + RFC requirements. This is always mentioned with the description + of that options. + + A special format of partial packet length exists for v3 packets + which can be considered to be in compliance with RFC1991; this + format is only created if a special option is active. + + GnuPG uses a S2K mode of 101 for GNU extensions to the secret key + protection algorithms. This number is not defined in OpenPGP, but + given the fact that this number is in a range which used at many + other places in OpenPGP for private/experimenat algorithm identifiers, + this should be not a so bad choice. The 3 bytes "GNU" are used + to identify this as a GNU extension - see the file DETAILS for a + definition of the used data formats. + + + + Some Notes on OpenPGP / PGP Compatibility: + ========================================== + + * PGP 5.x does not accept V4 signatures for anything other than + key material. The GnuPG option --force-v3-sigs mimics this + behavior. + + * PGP 5.x does not recognize the "five-octet" lengths in + new-format headers or in signature subpacket lengths. + + * PGP 5.0 rejects an encrypted session key if the keylength + differs from the S2K symmetric algorithm. This is a bug in its + validation function. + + * PGP 5.0 does not handle multiple one-pass signature headers and + trailers. Signing one will compress the one-pass signed literal + and prefix a V3 signature instead of doing a nested one-pass + signature. + + * When exporting a private key, PGP 2.x generates the header + "BEGIN PGP SECRET KEY BLOCK" instead of "BEGIN PGP PRIVATE KEY + BLOCK". All previous versions ignore the implied data type, and + look directly at the packet data type. + + * In a clear-signed signature, PGP 5.0 will figure out the correct + hash algorithm if there is no "Hash:" header, but it will reject + a mismatch between the header and the actual algorithm used. The + "standard" (i.e. Zimmermann/Finney/et al.) version of PGP 2.x + rejects the "Hash:" header and assumes MD5. There are a number + of enhanced variants of PGP 2.6.x that have been modified for + SHA-1 signatures. + + * PGP 5.0 can read an RSA key in V4 format, but can only recognize + it with a V3 keyid, and can properly use only a V3 format RSA + key. + + * Neither PGP 5.x nor PGP 6.0 recognize ElGamal Encrypt and Sign + keys. They only handle ElGamal Encrypt-only keys. + + + Parts of this document are taken from: + ====================================== + + OpenPGP Message Format + draft-ietf-openpgp-formats-07.txt + + + Copyright 1998 by The Internet Society. All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph + are included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + diff --git a/doc/TRANSLATE b/doc/TRANSLATE new file mode 100644 index 0000000..8dfc183 --- /dev/null +++ b/doc/TRANSLATE @@ -0,0 +1,62 @@ +$Id$ + +Note for translators +-------------------- + +Some strings in GnuPG are for matching user input against. These +strings can accept multiple values that mean essentially the same +thing. + +For example, the string "yes" in English is "sÃ" in Spanish. However, +some users will type "si" (without the accent). To accomodate both +users, you can translate the string "yes" as "sÃ|si". You can have +any number of alternate matches seperated by the | character like +"sÃ|si|seguro". + +The strings that can be handled in this way are of the form "yes|yes", +(or "no|no", etc.) There should also be a comment in the .po file +directing you to this file. + + +Help files +---------- + +GnuPG provides a little help feature (entering a ? on a prompt). This +help used to be translated the usual way with gettext but it turned +out that this is too inflexible and does for example not allow to +correct little mistakes in the English text. For some newer features +we require editable help files anyway and thus the existing help +strings have neen moved to plain text files names "help.LL.txt". We +distribute these files and allow overriding them by files of that name +in /etc/gnupg. The syntax of these files is documented in +doc/help.txt. This is also the original we use to describe new +possible online help keys. The source files are located in doc/ and +need to be in encoded in UTF-8. Strings which require a translation +are disabled like this + + .#gpgsm.some.help-item + This string is not translated. + +After translation you should remove the the hash mark so that the +entry looks like. + + .gpgsm.some.help-item + This string has been translated. + +The percent sign is not a special character and if there is something +to watch out there will be a remark. + + + +Sending new or updated translations +----------------------------------- + +Please note that we do not use the TP Robot but require that +translations are to be send by mail to translations@gnupg.org. We +also strongly advise to get subscribed to i18n@gnupg.org and request +assistance if it is not clear on how to translate certain strings. A +wrongly translated string may lead to a security problem. + +A copyright disclaimer to the FSF is required by all translators. + + diff --git a/doc/com-certs.pem b/doc/com-certs.pem new file mode 100644 index 0000000..43e93b7 --- /dev/null +++ b/doc/com-certs.pem @@ -0,0 +1,484 @@ +# Common certificates for initial keybox creation. + +Issuer ...: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support@cacert.org +Serial ...: 00 +Subject ..: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support@cacert.org + +-----BEGIN CERTIFICATE----- +MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO +BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi +MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ +ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ +8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 +zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y +fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 +w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc +G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k +epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q +laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ +QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU +fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 +YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w +ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY +gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe +MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 +IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy +dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw +czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 +dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl +aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC +AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg +b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB +ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc +nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg +18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c +gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl +Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY +sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T +SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF +CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum +GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk +zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW +omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD +-----END CERTIFICATE----- + +Issuer ...: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und Post/C=DE +Serial ...: 32D18D +Subject ..: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und Post/C=DE + +-----BEGIN CERTIFICATE----- +MIICaDCCAdSgAwIBAgIDMtGNMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w +OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0 +aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6UE4w +IhgPMjAwMTAyMDEwOTUyMTdaGA8yMDA1MDYwMTA5NTIxN1owbzELMAkGA1UEBhMC +REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11 +bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg +MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAg6KrFSTNXKqe+2GKGeW2 +wTmbVeflNkp5H/YxA9K1zmEn5XjKm0S0jH4Wfms6ipPlURVaFwTfnB1s++AnJAWf +mayaE9BP/pdIY6WtZGgW6aZc32VDMCMKPWyBNyagsJVDmzlakIA5cXBVa7Xqqd3P +ew8i2feMnQXcqHfDv02CW88CBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG +KyQDAwECBQADgYEAOkqkUwdaTCt8wcJLA2zLuOwL5ADHMWLhv6gr5zEF+VckA6qe +IVLVf8e7fYlRmzQd+5OJcGglCQJLGT+ZplI3Mjnrd4plkoTNKV4iOzBcvJD7K4tn +XPvs9wCFcC7QU7PLvc1FDsAlr7e4wyefZRDL+wbqNfI7QZTSF1ubLd9AzeQ= +-----END CERTIFICATE----- + +Issuer ...: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE +Serial ...: 2A +Subject ..: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE + +-----BEGIN CERTIFICATE----- +MIIDoTCCAw2gAwIBAgIBKjAKBgYrJAMDAQIFADA/MQswCQYDVQQGEwJERTEaMBgG +A1UECgwRQnVuZGVzbmV0emFnZW50dXIxFDASBgNVBAMMCzEwUi1DQSAxOlBOMB4X +DTA1MDgwMzE1MzAzNloXDTA3MTIzMTE1MDkyM1owPzELMAkGA1UEBhMCREUxGjAY +BgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxMFItQ0EgMTpQTjCB +oDANBgkqhkiG9w0BAQEFAAOBjgAwgYoCgYEAiHXC5/hw6rYNc/4cilHLjd/SqwS3 +4LaogQHZVFciyYJ0+5gAfca/kLnPEvOUuYSYNfb2ar0e/iDPxZAAEfqfVGuRT9Pa +R7hWvPiZUFpoGcNvyOVxKuM9Iyx/i1wan/wS6u12QIgGBUek5ig1+TTwuuNcanlW +kQPuodHs+BoUGHMCBEAAAIGjggGwMIIBrDAOBgNVHQ8BAf8EBAMCAgQwGAYIKwYB +BQUHAQMEDDAKMAgGBgQAjkYBATBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGG +Lmh0dHA6Ly9vY3NwLm5yY2EtZHMuZGU6ODA4MC9vY3NwLW9jc3ByZXNwb25kZXIw +EgYDVR0gBAswCTAHBgUrJAgBATCBsQYDVR0fBIGpMIGmMIGjoIGgoIGdhoGabGRh +cDovL2xkYXAubnJjYS1kcy5kZTozODkvQ049Q1JMLE89QnVuZGVzbmV0emFnZW50 +dXIsQz1ERSxkYz1sZGFwLGRjPW5yY2EtZHMsZGM9ZGU/Y2VydGlmaWNhdGVSZXZv +Y2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRp +b25Qb2ludDAbBgkrBgEEAcBtAwUEDjAMBgorBgEEAcBtAwUBMA8GA1UdEwEB/wQF +MAMBAf8wHwYDVR0jBBgwFoAUw8916sARU0UT/pdlYwBpUwKWuWQwHQYDVR0OBBYE +FMPPderAEVNFE/6XZWMAaVMClrlkMAoGBiskAwMBAgUAA4GBAGXK8m/O9KmfaZuA +1GzMyasIHx8Lu+V0da8NTZzAmqAl+44MtS4QNcZdtxsDvOcqHHs1Tosh9D398hSG +hXd6gjniKWxMKvjL8TQKu999QIn6YKLCowjUYpp8v4B9X8jNa9vJy2EzoPOBmdWT +l5hhXfvWpPe68kN9zaEmcDO+m60H +-----END CERTIFICATE----- + +Issuer ...: /CN=9R-CA 1:PN/O=Regulierungsbehörde für Telekommunikation und Post/C=DE +Serial ...: 02 +Subject ..: /CN=9R-CA 1:PN/O=Regulierungsbehörde für Telekommunikation und Post/C=DE + +-----BEGIN CERTIFICATE----- +MIIEEjCCA36gAwIBAgIBAjAKBgYrJAMDAQIFADBhMQswCQYDVQQGEwJERTE9MDsG +A1UECgw0UmVndWxpZXJ1bmdzYmVow7ZyZGUgZsO8ciBUZWxla29tbXVuaWthdGlv +biB1bmQgUG9zdDETMBEGA1UEAwwKOVItQ0EgMTpQTjAeFw0wNDExMjUxNDU5MTFa +Fw0wNzEyMzExNDU2NTlaMGExCzAJBgNVBAYTAkRFMT0wOwYDVQQKDDRSZWd1bGll +cnVuZ3NiZWjDtnJkZSBmw7xyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MRMw +EQYDVQQDDAo5Ui1DQSAxOlBOMIGgMA0GCSqGSIb3DQEBAQUAA4GOADCBigKBgQCN +0ECEO2KjPsHBz2cmOSePEmKEH33Q/vRUl1u8D2Uus3txZgqRvCs0F7HzAtDJKSap +C1+qj5t1R4g8jrlWwsqi+oOc3bpUuPMLo+ys9PG7ODK+xZuwFlezO6rj30mEj+y0 +HMxCaTAedim2J5CmWcqQtATGGzwqYHEVFYo0y5kuuQIEQAAAgaOCAd0wggHZMA4G +A1UdDwEB/wQEAwICBDAYBggrBgEFBQcBAwQMMAowCAYGBACORgEBMEoGCCsGAQUF +BwEBBD4wPDA6BggrBgEFBQcwAYYuaHR0cDovL29jc3AubnJjYS1kcy5kZTo4MDgw +L29jc3Atb2NzcHJlc3BvbmRlcjASBgNVHSAECzAJMAcGBSskCAEBMIHeBgNVHR8E +gdYwgdMwgdCggc2ggcqGgcdsZGFwOi8vbGRhcC5ucmNhLWRzLmRlOjM4OS9DTj1D +UkwsTz1SZWd1bGllcnVuZ3NiZWglRjZyZGUlMjBmJUZDciUyMFRlbGVrb21tdW5p +a2F0aW9uJTIwdW5kJTIwUG9zdCxDPURFLGRjPWxkYXAsZGM9bnJjYS1kcyxkYz1k +ZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeT9iYXNlP29iamVjdENs +YXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MBsGCSsGAQQBwG0DBQQOMAwGCisGAQQB +wG0DBQEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRnBgT5ZxC7e1vJLBj+ +92+P1kZrJzAdBgNVHQ4EFgQUZwYE+WcQu3tbySwY/vdvj9ZGaycwCgYGKyQDAwEC +BQADgYEACAnkgbAd47VgJqu5CY3B6AlxbGkor2guYHXO+KgBkQeXDVWt4ZvN9hY2 +blhPMc/sLv+Tmg9zjyzjqQdxhWXUDoctorBny8LQQQvMqAtc8qk6DL+X0heq1U2k +s1e8wj9AUGOfvmSL/r1BWPzLOCWay2bHQCQ1sU5QnvNbmJO21GI= +-----END CERTIFICATE----- + +Issuer ...: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE +Serial ...: 2D +Subject ..: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE + +-----BEGIN CERTIFICATE----- +MIIDoTCCAw2gAwIBAgIBLTAKBgYrJAMDAQIFADA/MQswCQYDVQQGEwJERTEaMBgG +A1UECgwRQnVuZGVzbmV0emFnZW50dXIxFDASBgNVBAMMCzExUi1DQSAxOlBOMB4X +DTA1MDgwMzE4MDk0OVoXDTA3MTIzMTE4MDQyOFowPzELMAkGA1UEBhMCREUxGjAY +BgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxMVItQ0EgMTpQTjCB +oDANBgkqhkiG9w0BAQEFAAOBjgAwgYoCgYEAkodoSFtoGjJphYloxQLsmyOe/M5h +UpURxSkop41MtGlrHeOeQsxMSRdCJInwjLKZg9Pxd92QFsB3f6AJUGTO7z6PJ/ST ++m0EBksoPtciWLYtlRXtD/RK6mUB7CG5CfqK6AUHbWtXW6mNAZLoJOd0jLsQCUi8 +XmHP92vfmW2ptSkCBEAAAIGjggGwMIIBrDAOBgNVHQ8BAf8EBAMCAgQwGAYIKwYB +BQUHAQMEDDAKMAgGBgQAjkYBATBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGG +Lmh0dHA6Ly9vY3NwLm5yY2EtZHMuZGU6ODA4MC9vY3NwLW9jc3ByZXNwb25kZXIw +EgYDVR0gBAswCTAHBgUrJAgBATCBsQYDVR0fBIGpMIGmMIGjoIGgoIGdhoGabGRh +cDovL2xkYXAubnJjYS1kcy5kZTozODkvQ049Q1JMLE89QnVuZGVzbmV0emFnZW50 +dXIsQz1ERSxkYz1sZGFwLGRjPW5yY2EtZHMsZGM9ZGU/Y2VydGlmaWNhdGVSZXZv +Y2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRp +b25Qb2ludDAbBgkrBgEEAcBtAwUEDjAMBgorBgEEAcBtAwUBMA8GA1UdEwEB/wQF +MAMBAf8wHwYDVR0jBBgwFoAUXYAPovSdSBb8oBS7lEJmWSK6incwHQYDVR0OBBYE +FF2AD6L0nUgW/KAUu5RCZlkiuop3MAoGBiskAwMBAgUAA4GBAIxx56h5+p2lqK0v +hRVwkWAAPduspH4U9q7QsFIWbEkFe+2TcXx7MV9NAUe4kN9MsN9CEgSSeLDfpIFA +uyHndqgmDaqXmWSDl2QutHQwSj8a04bSNbY7s0FUCMqrr/465Rf6quIWi7qXhwDe +yDmXv3nzPTGVM3F+aavJCybjJ1qk +-----END CERTIFICATE----- + +Issuer ...: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE +Serial ...: 0139 +Subject ..: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE + +-----BEGIN CERTIFICATE----- +MIIErTCCA5WgAwIBAgICATkwDQYJKoZIhvcNAQENBQAwPzELMAkGA1UEBhMCREUx +GjAYBgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxMlItQ0EgMTpQ +TjAeFw0wNzA1MjUxMTAxNDRaFw0xMjA1MjUxMDU2MDdaMD8xCzAJBgNVBAYTAkRF +MRowGAYDVQQKDBFCdW5kZXNuZXR6YWdlbnR1cjEUMBIGA1UEAwwLMTJSLUNBIDE6 +UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIBAQCYOqYxUqr6ZdlIuVaz +1raETmld82tCCFjUnIlHGpaTbBGQ9ddW4pdkdNmK4dHDesAnGFB6tgZzFTYivjTY +Jyzv3NunMth8AjwCivQ0u2RBlunY2jg6dNSeTwGlmOlG709HgWPHvvAboqLDoV81 +knMbNbG4P7Ff/+lsTnbN/gT0X5fHUz5UO3eowyl2kD6GBZwb+noR/86U0V39yXsk +ZD/NNBXKOzKo9VXx09S1Uq027Cc+VIa62DWUeUGiUDjCXXJoaAF2wQcD/crrAJlU +zeOVZkSzRJXpjpG8kZhKgSgOpgfnpjDXAXWbkJuyDL2fqXLPxAyBq3ThgUHZT99s +QSd3AgRAAACBo4IBsDCCAawwDgYDVR0PAQH/BAQDAgIEMBgGCCsGAQUFBwEDBAww +CjAIBgYEAI5GAQEwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzABhi5odHRwOi8v +b2NzcC5ucmNhLWRzLmRlOjgwODAvb2NzcC1vY3NwcmVzcG9uZGVyMBIGA1UdIAQL +MAkwBwYFKyQIAQEwgbEGA1UdHwSBqTCBpjCBo6CBoKCBnYaBmmxkYXA6Ly9sZGFw +Lm5yY2EtZHMuZGU6Mzg5L0NOPUNSTCxPPUJ1bmRlc25ldHphZ2VudHVyLEM9REUs +ZGM9bGRhcCxkYz1ucmNhLWRzLGRjPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp +c3Q7YmluYXJ5P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQw +GwYJKwYBBAHAbQMFBA4wDAYKKwYBBAHAbQMFATAPBgNVHRMBAf8EBTADAQH/MB8G +A1UdIwQYMBaAFATenX/fQ3KJumlJAfToSSjeAhlvMB0GA1UdDgQWBBQE3p1/30Ny +ibppSQH06Eko3gIZbzANBgkqhkiG9w0BAQ0FAAOCAQEADf4IOMHGmSpkPc1UP0LS +sK8Y/xXvOgdHPx4f2CpcgUKRRk+Ue9MKiZG0KCFaNK9Qpnxejuk42Iu3flC5kn8T +fPQWtxC3ZQqD8sd6EX/FDdfkHJFJ9rIYKiSG6m2PDBUcbpQZ9kwhC7qCKE1coUhb +FW3WbntkDtrQycz7ZyQ6Ip+PpRoxwToJqTsExb+8whukhOo1vsgdaMZS/6iwwVkt +rJvl7EWMJVWctm15iDQzp4sawgSOg7U5icyTb1q+FqI5KlAfd/dRbv2yvThiOl7+ +bfN9Brosoxtwi/uJO8vSGOCIUUkiGhIk7+OX+mvppTG+7R1Jn6Af6AOzGSbQz5Ks +Uw== +-----END CERTIFICATE----- + +Issuer ...: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE +Serial ...: 013C +Subject ..: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE + +-----BEGIN CERTIFICATE----- +MIIErTCCA5WgAwIBAgICATwwDQYJKoZIhvcNAQENBQAwPzELMAkGA1UEBhMCREUx +GjAYBgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxM1ItQ0EgMTpQ +TjAeFw0wNzA1MjkxMTAyMzdaFw0xMjA1MjkxMDU1NTRaMD8xCzAJBgNVBAYTAkRF +MRowGAYDVQQKDBFCdW5kZXNuZXR6YWdlbnR1cjEUMBIGA1UEAwwLMTNSLUNBIDE6 +UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIBAQCaXK0TY+Vp+Hxx8B9D +lrHkc0zRdhXNuDP4Cedl9e6wPwdi90HVEjDK3FoDv7UPBtgGwMzRUQVIz/etbcQr +tnGwSQlsDI/Q5R1HAh241+/rWYodi6OqNsNeb065RRBlwHAa4uvT3b/Cj/OJI5Kp +6qRPquK0iuMaFwuxGCxfhTLOmmGVNYOE7/9UzKXA2yvthY3jfmIm18l/z08PgUYj +rjENdrez3ZRgjZ/XsXSNw3B2K3cZQ+xRP4rqfkmfPO8T6UhOeoiQFx2v1PizBWRQ +uiUtFjrCiaDeBjo3kfGgbpdPnHzqUEoEOyAlsglFLJC9xaCiLtt2ic1/1OFFlNgQ +tLJLAgRAAACBo4IBsDCCAawwDgYDVR0PAQH/BAQDAgIEMBgGCCsGAQUFBwEDBAww +CjAIBgYEAI5GAQEwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzABhi5odHRwOi8v +b2NzcC5ucmNhLWRzLmRlOjgwODAvb2NzcC1vY3NwcmVzcG9uZGVyMBIGA1UdIAQL +MAkwBwYFKyQIAQEwgbEGA1UdHwSBqTCBpjCBo6CBoKCBnYaBmmxkYXA6Ly9sZGFw +Lm5yY2EtZHMuZGU6Mzg5L0NOPUNSTCxPPUJ1bmRlc25ldHphZ2VudHVyLEM9REUs +ZGM9bGRhcCxkYz1ucmNhLWRzLGRjPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp +c3Q7YmluYXJ5P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQw +GwYJKwYBBAHAbQMFBA4wDAYKKwYBBAHAbQMFATAPBgNVHRMBAf8EBTADAQH/MB8G +A1UdIwQYMBaAFAYenQPZrutto05LK939ru/TEqiNMB0GA1UdDgQWBBQGHp0D2a7r +baNOSyvd/a7v0xKojTANBgkqhkiG9w0BAQ0FAAOCAQEADrtfqJ8lnYsVyV5YK/H/ +evPf9LY1AfuuQkMkm9UP9a9BBQINoIULB+n+gF/c0dxEboF74Ikp08dhDOq0mjvj +f0lpsBPgX/eN9IOWdMBs3rKIXn7suOoUtnBuFgW6fJ32CPTLUQd5Dqv9DizTiKMf +X66oMBQD784IKya1bLaJd7x1UXtP1h2DAej1scF9DbiDDDieuid0wyibrPDgjUN1 +tbYiLH2did0zZRLlp6gDpgh4t8Efqb7XDijKzQHvWKzr4IALTpYoD42yeslMa5yV +mm15NhiRGAdX+JbvYgfP3aDIMX/yoaMB8GXEUq7CmFhAwpxfhy/oyvswX5MyE8D2 +Lw== +-----END CERTIFICATE----- + + +Issuer ...: /CN=8R-CA 1:PN/O=Regulierungsbehörde für Telekommunikation und Post/C=DE +Serial ...: 01 +Subject ..: /CN=8R-CA 1:PN/O=Regulierungsbehörde für Telekommunikation und Post/C=DE + +-----BEGIN CERTIFICATE----- +MIIEEjCCA36gAwIBAgIBATAKBgYrJAMDAQIFADBhMQswCQYDVQQGEwJERTE9MDsG +A1UECgw0UmVndWxpZXJ1bmdzYmVow7ZyZGUgZsO8ciBUZWxla29tbXVuaWthdGlv +biB1bmQgUG9zdDETMBEGA1UEAwwKOFItQ0EgMTpQTjAeFw0wNDExMjUxNDEwMzda +Fw0wNzEyMzExNDA0MDNaMGExCzAJBgNVBAYTAkRFMT0wOwYDVQQKDDRSZWd1bGll +cnVuZ3NiZWjDtnJkZSBmw7xyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MRMw +EQYDVQQDDAo4Ui1DQSAxOlBOMIGgMA0GCSqGSIb3DQEBAQUAA4GOADCBigKBgQCS +DvtngJbI4K8sbCHFfCalXaDa7xgc2pdsL2oQlgZygt1EY5ZgZB93JThnDSaDzdLj +ZIPrXJLxCOLq6Kmxj63V9p9WUaF5nz/6PVRMmLzI7cvh5QDjsX4ZmEzm/it7e/YH +vC1Yiw5bTULjwVZ27vqO64mhplQM3HKVgk6FX51XnwIEQAAAgaOCAd0wggHZMA4G +A1UdDwEB/wQEAwICBDAYBggrBgEFBQcBAwQMMAowCAYGBACORgEBMEoGCCsGAQUF +BwEBBD4wPDA6BggrBgEFBQcwAYYuaHR0cDovL29jc3AubnJjYS1kcy5kZTo4MDgw +L29jc3Atb2NzcHJlc3BvbmRlcjASBgNVHSAECzAJMAcGBSskCAEBMIHeBgNVHR8E +gdYwgdMwgdCggc2ggcqGgcdsZGFwOi8vbGRhcC5ucmNhLWRzLmRlOjM4OS9DTj1D +UkwsTz1SZWd1bGllcnVuZ3NiZWglRjZyZGUlMjBmJUZDciUyMFRlbGVrb21tdW5p +a2F0aW9uJTIwdW5kJTIwUG9zdCxDPURFLGRjPWxkYXAsZGM9bnJjYS1kcyxkYz1k +ZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeT9iYXNlP29iamVjdENs +YXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MBsGCSsGAQQBwG0DBQQOMAwGCisGAQQB +wG0DBQEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTuKY5dMBMWc1wFL/fr +arlCuHKNBDAdBgNVHQ4EFgQU7imOXTATFnNcBS/362q5QrhyjQQwCgYGKyQDAwEC +BQADgYEAbDMwH4zJB/0qgmbBWvvCGJsm9lmLzLdOcB8HCm1EvlCLqaCX7TwoUuBN +voxU9OHt1wAbChNP+ueDmI/0u2KRNv6/t4cOB8d4navwsW5nmknSzdZ6UZTUfmCr +n6XIdUtl2hkiFlQpCvCIBFj/+PjQRMdovRN42EQ9XVhb5B2MGv8= +-----END CERTIFICATE----- + +Issuer ...: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und Post/C=DE +Serial ...: 00C48C8D +Subject ..: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und Post/C=DE + +-----BEGIN CERTIFICATE----- +MIICaTCCAdWgAwIBAgIEAMSMjTAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9 +MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth +dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo3Ui1DQSAxOlBO +MCIYDzIwMDExMDE1MTExNTE1WhgPMjAwNjAyMTUxMTE1MTVaMG8xCzAJBgNVBAYT +AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t +dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjdSLUNB +IDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIqJA/4+pRD+BXsRd+ej +qVObXlKRhn1CoyKxVwR3O/RtE1M4FcajKDdT1p1pLULyqPBE2roMS5D/f83192gE +Mw1uGZIusehg6n8tPQIJPkSb4X22yM0ZFeLAQXKNJ+98e03xv/TU4Fa//elPiPs/ +9Y99Gm6DOvTpCxIY8QK9Pxm7AgUAwAAAAaMSMBAwDgYDVR0PAQH/BAQDAgEGMAoG +BiskAwMBAgUAA4GBADnITH+fLD0qsWcAncwPztzTAnqUw9O0+yvfmxvEU0zcJRuF +Tl8DK+/aKp4SwVhRJZlWxenHzkjWynsUXBUv878gizllRpA7265REyHQki4NnxAi +OGxEVGe/NbGeU88Pgnk7alhtdA/Ty8/WX9a3U/0G4pLaJppxGSm+ypQZ0XOY +-----END CERTIFICATE----- + + +Issuer ...: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE +Serial ...: 00B95F +Subject ..: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE + aka ..: info@d-trust.net + aka ..: (uri http://www.d-trust.net) + +-----BEGIN CERTIFICATE----- +MIIFCjCCA/KgAwIBAgIDALlfMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxLDAqBgNVBAMMI0QtVFJVU1QgUXVhbGlm +aWVkIFJvb3QgQ0EgMSAyMDA2OlBOMB4XDTA2MDQyNzEyNDA1NFoXDTExMDQyNzEy +NDA1NFowUjELMAkGA1UEBhMCREUxFTATBgNVBAoMDEQtVHJ1c3QgR21iSDEsMCoG +A1UEAwwjRC1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAxIDIwMDY6UE4wggEkMA0G +CSqGSIb3DQEBAQUAA4IBEQAwggEMAoIBAQCPACqp8H/KTbDBUM8BTiRzsfCJmN5G +Uxv8x3wsYLMtZ8meq04vEun2OneNeKZ2LxJy3UchUWitYP9pLPt9M8yt0pyuOXOQ +5r2RPAM46OlfStoPbZ+lCxpZbNcQGLM+/OcQU9GoCNWWkDSctwIN8T4mUf7vSzuT +jM4n5NHW7Y8bANhH7lh2fwkfIk7PxsxFw9amptlqzDqbBPz8/SdBUFt0G8t52Niw +lcYHWDV2YH4Qs1SAxOsyG0O8hpYKiKIwRHxPu5ZD3bMgDJXA3d+9zXlrLlmL0YFC +tvlPxmvqUhmMsL4vGEj/xWivULCTVOz6KcJ9edWwK9JxyO/KmGyDLwKxAgUApBVt +/aOCAeUwggHhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJr+c6YCNnohJ6M3 +fhSzwwTq2CkWMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29j +c3AuZC10cnVzdC5uZXQwFwYDVR0gBBAwDjAMBgorBgEEAaU0Ah4BMDMGA1UdEQQs +MCqBEGluZm9AZC10cnVzdC5uZXSGFmh0dHA6Ly93d3cuZC10cnVzdC5uZXQwGAYI +KwYBBQUHAQMEDDAKMAgGBgQAjkYBATAOBgNVHQ8BAf8EBAMCAQYwggEABgNVHR8E +gfgwgfUwgfKgge+ggeyGgaVsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NO +PUQtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAxJTIwMjAwNiUzQVBO +LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0 +P2Jhc2U/b2JqZWN0Q2xhc3M9Y3JsRGlzdHJpYnV0aW9uUG9pbnSGQmh0dHA6Ly93 +d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfcXVhbGlmaWVkX3Jvb3RfY2FfMV8y +MDA2X3BuLmNybDANBgkqhkiG9w0BAQUFAAOCAQEABsVNHg5zVMB+A4swJ8/vW+RV +mW8KZiJb5AVytFzBeZkkF2+DXFMtursZ0sICIcRCSsNyAQcqHqzcgnDWCHASlu4o +Em3TeBsmWo8r/uGpbFVAOhjq2VOFwjjIr3TC7zmMoLE+WGBRSuZh4/5wnxQ+NNbY +8HHE52UPI6VyV7RZeE0IZfbjkejw8WpvNtRfc6NxOCxf1LYibiCUaYs+EBDD+eod +lWwpmHwPSj4GCzR9wBdbWML/GQZ6iFVOuEmApm2B11KEn4hvKtRMEp1CdHIn8Jwx +51E89XcjJOIitO0lUozimqvlUb0lEynXe1/CUOhAsiAnLvq0GbnjFN6+9GRnqg== +-----END CERTIFICATE----- + +Issuer ...: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE +Serial ...: 00B960 +Subject ..: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE + aka ..: info@d-trust.net + aka ..: (uri http://www.d-trust.net) + +-----BEGIN CERTIFICATE----- +MIIFBjCCA+6gAwIBAgIDALlgMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxLDAqBgNVBAMMI0QtVFJVU1QgUXVhbGlm +aWVkIFJvb3QgQ0EgMiAyMDA2OlBOMB4XDTA2MDQyNzEyNDA1NFoXDTExMDQyNzEy +NDA1NFowUjELMAkGA1UEBhMCREUxFTATBgNVBAoMDEQtVHJ1c3QgR21iSDEsMCoG +A1UEAwwjRC1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyIDIwMDY6UE4wggEkMA0G +CSqGSIb3DQEBAQUAA4IBEQAwggEMAoIBAQC9p9EZM645WSti4m3Lp/m5Cu2PCeAf +DYMsN2UQab5SAD94wc0xB68rhD0QiyXT1bhqnHKGhdsmmNwVbFLWyFWVc69+5pbx +jkEa1Z5oYbftpLZlqblas/iPG1C546c/O5JUHehrpyJziTaIqvDm0hMCarEGrd4i +hdwP7XsLNLeHFVdpVMWKUIJjUud18Wyr6MVRGs85YTme2gPki8JZMjeOteTA8dnY +unohiJM1rs8YQiYgIfQJV5oBd7OWZQLSuoh5tddYnP4KDFZUCCsC1OkBD+MnVlcv +IEfrDDuWdvFgOdS8FB5l4E3D0eYPpn536EDpWeGuCnn8joQPdiMwwGL7AgUAuaHl +M6OCAeEwggHdMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFILMyG0qJl9Aqmsa +DhPJE4d+Xp/JMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29j +c3AuZC10cnVzdC5uZXQwFwYDVR0gBBAwDjAMBgorBgEEAaU0Ah4BMDMGA1UdEQQs +MCqBEGluZm9AZC10cnVzdC5uZXSGFmh0dHA6Ly93d3cuZC10cnVzdC5uZXQwGAYI +KwYBBQUHAQMEDDAKMAgGBgQAjkYBATAOBgNVHQ8BAf8EBAMCAQYwgf0GA1UdHwSB +9TCB8jCB76CB7KCB6YaBpWxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQvQ049 +RC1UUlVTVCUyMFF1YWxpZmllZCUyMFJvb3QlMjBDQSUyMDIlMjAyMDA2JTNBUE4s +Tz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/ +YmFzZT9vYmplY3RDbGFzcz1jcmxEaXN0cmlidXRpb25Qb2ludIY/aHR0cDovL3d3 +dy5kLXRydXN0Lm5ldC9jcmwvZC10cnVzdF9xdWFsaWZpZWRfcm9vdF9jYV8yXzIw +MDYuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB/TeSQASSUVjLVpTMB+S2bEYZWL04N +5UO5sIdV5MQFxmbmQNam4odnkOx/GjHy0uuf14Pz7lztlLh4EMvEZbvoQ8wRsrrl +vMjWBUSnhTMPhohj4gUCEJDBq50qi0057Jos9DF4iLaFgiWBER+FeSHD8uEy6WGG +UrQ9fw8wRa+CRUeZldtZ25VSR++wxBuX3bkF/hRBuSk9PzT6jZojZDWKsqhPGo0W +dK4V81hS4Zri3b3gSD/3iOAJ4EO8jdyeSVomw/u1UOapVFnWhpN7H6Nwekij66eO +4WNzbeTNgJtkdOlzW2AcsWe3mS43BE286z7l/DzDs8JK36va/TRHb29p +-----END CERTIFICATE----- + + +Issuer ...: /CN=S-TRUST Qualified Root CA 2006-001:PN + /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart + /ST=Baden-Wuerttemberg (BW)/C=DE +Serial ...: 00DF749F80AA51F0EDC0CB1FC183E97EE2 +Subject ..: /CN=S-TRUST Qualified Root CA 2006-001:PN + /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart + /ST=Baden-Wuerttemberg (BW)/C=DE + +-----BEGIN CERTIFICATE----- +MIIETDCCAzSgAwIBAgIRAN90n4CqUfDtwMsfwYPpfuIwDQYJKoZIhvcNAQEFBQAw +gZ4xCzAJBgNVBAYTAkRFMSAwHgYDVQQIExdCYWRlbi1XdWVydHRlbWJlcmcgKEJX +KTESMBAGA1UEBxMJU3R1dHRnYXJ0MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmth +c3NlbiBWZXJsYWcgR21iSDEuMCwGA1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9v +dCBDQSAyMDA2LTAwMTpQTjAeFw0wNjAxMDEwMDAwMDBaFw0xMDEyMzAyMzU5NTla +MIGeMQswCQYDVQQGEwJERTEgMB4GA1UECBMXQmFkZW4tV3VlcnR0ZW1iZXJnIChC +VykxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1dHNjaGVyIFNwYXJr +YXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1QgUXVhbGlmaWVkIFJv +b3QgQ0EgMjAwNi0wMDE6UE4wggEkMA0GCSqGSIb3DQEBAQUAA4IBEQAwggEMAoIB +AQCCp5M7qIP3WgNNE9t4kxFLb2HdwE2pivcWfEjFh9AJcwZIaD781+OhuNxhMEil +C+B9N3bYgLMj7r/LbIFwRVmUf9E64kBDrY/wLAlXLpiicOiKE7rS1tcOAdD69s7I +5jaBXCz/eQo20QLsp11/btwYos9PlfptLqHjS8AUwUaMyolqmWqaxLD33ZfoQswP +FpyFFzAnRondt/5WUt244kpqgTlwP4o9J1AZamK5o/kKEXl8hDT6CulFoK51cX/J +C9lEA10mwchVfv+9cel9b2ryPXg3hPf1XFFR+l90/ZYlreaSKz5+LluI6a/ALtYl +hqJpvndXm6YZDzKKtxT3LZ1DAgUA8A8a46OBgDB+MBIGA1UdEwEB/wQIMAYBAf8C +AQEwDgYDVR0PAQH/BAQDAgEGMBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEwHQYD +VR0OBBYEFKhXJN3CR/Jkirm68N+VHxcd09zBMB8GA1UdIwQYMBaAFKhXJN3CR/Jk +irm68N+VHxcd09zBMA0GCSqGSIb3DQEBBQUAA4IBAQBB8UGGU179RK9v5SglLn8m +AdBrwG5B4x0nlI3Ayj+GuP9R8ALcMEBwcFgSZTav7N8ERKa8VlCRNria7Fvf3kOu ++f67smpShBvEkrHy+ThvezBUtLfSSd1HzvaPnfwu86DMVnTIOkEcl0KLrpc/ZjEt +u81iHuiHBemf6gWdTCApiJ+CN4tARi3irvWcjhz/IIcA/ZwAaCW22Z1ysDklCIPS +9OnX9ki1f73PR+kdo4G7Dfo7TbuvV5Kzeh54sZ77A5utdvKer4ZHBmn9CGmk4VeI +BWdFlE7Fispzm+jZCduF0TcazvP/tYontx71GQnHRwLfiY4xnuzXEoSNXoaHzhzO +-----END CERTIFICATE----- + +Issuer ...: /CN=S-TRUST Qualified Root CA 2007-001:PN + /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart + /ST=Baden-Wuerttemberg (BW)/C=DE +Serial ...: 00BC098E0402E92956B8D7DE74977E26F7 +Subject ..: /CN=S-TRUST Qualified Root CA 2007-001:PN + /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart + /ST=Baden-Wuerttemberg (BW)/C=DE + +-----BEGIN CERTIFICATE----- +MIIESzCCAzOgAwIBAgIRALwJjgQC6SlWuNfedJd+JvcwDQYJKoZIhvcNAQELBQAw +gZ4xCzAJBgNVBAYTAkRFMSAwHgYDVQQIExdCYWRlbi1XdWVydHRlbWJlcmcgKEJX +KTESMBAGA1UEBxMJU3R1dHRnYXJ0MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmth +c3NlbiBWZXJsYWcgR21iSDEuMCwGA1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9v +dCBDQSAyMDA3LTAwMTpQTjAeFw0wNzAxMDEwMDAwMDBaFw0xMTEyMzAyMzU5NTla +MIGeMQswCQYDVQQGEwJERTEgMB4GA1UECBMXQmFkZW4tV3VlcnR0ZW1iZXJnIChC +VykxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1dHNjaGVyIFNwYXJr +YXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1QgUXVhbGlmaWVkIFJv +b3QgQ0EgMjAwNy0wMDE6UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIB +AQCnJdNNiDQLKpPIfHTC3ifleXWTf96hLfvP58q41fuywQ+rXju453yjPgr/ej5i +RgYPyJnSc498wyu/XtPLIC3gQvowfiI8WmSj/eEToHUhrLIAtx1VXSi/Rugt3E1Y +uYGkPn/gnrkk+RtPJQuBl1NRxKEVi7rg1Ch5RJvWsUTOmxgeWlr8qZnPoLkA2y6N +lhL6LP3Th+OQIH4RFFfazNYWpH4Cg6I5nzyieHaR6LrGk0L7GfDKdZG4Eqan3JvI +ilrFHzzCm7qudd+31jcRamReqZqJ0wzBmY1LNAzDyCAC3Y+YWEz8crhDW3mK/wFY +H0RHHeow06RMTEVwls+FrhWfAgRAAACBo4GAMH4wEgYDVR0TAQH/BAgwBgEB/wIB +ATAOBgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNV +HQ4EFgQUPAujGBtjPCldr0A+EM4YCZSIX1cwHwYDVR0jBBgwFoAUPAujGBtjPCld +r0A+EM4YCZSIX1cwDQYJKoZIhvcNAQELBQADggEBAJ1pVXXcVb9m0yRPjvE4Rvko +tdjIm29YnY13ILCrPqjfgtpSlId6NHPhykGLkw3ratNlWQp3rmen/8EqQJa0rsPD +CiB20ilLb1CmF8/SViJ26C+K0ayzk8s2v7S/m7/Tx9Dgd2PXWwy2XjeGG/2SkISH +5CtSjbm8U+xTh5SQMgK1MX/bDiNJebDOO0N2lxAjtcGmw7K6OTWS7KnFfjzv6fKK +L7Ed2Gpd2gBkbuJVe/wX2mDP2P4rpcCEkXrDoWbi9WWc+eP5fCgE4Nj7/VhnbPf6 +DJCvmUG571uf1oukFaoeeyzpw2q28Ly1KR8DNPw+B/3PzJUIjXYzPGyUjv3aPew= +-----END CERTIFICATE----- + + +Issuer ...: /CN=S-TRUST Qualified Root CA 2008-001:PN + /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE +Serial ...: 00B3963E0E6C2D65125853E970665402E5 +Subject ..: /CN=S-TRUST Qualified Root CA 2008-001:PN + /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE + +-----BEGIN CERTIFICATE----- +MIIFODCCBCCgAwIBAgIRALOWPg5sLWUSWFPpcGZUAuUwDQYJKoZIhvcNAQELBQAw +fDELMAkGA1UEBhMCREUxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1 +dHNjaGVyIFNwYXJrYXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1Qg +UXVhbGlmaWVkIFJvb3QgQ0EgMjAwOC0wMDE6UE4wHhcNMDgwMTAxMDAwMDAwWhcN +MTIxMjMwMjM1OTU5WjB8MQswCQYDVQQGEwJERTESMBAGA1UEBxMJU3R1dHRnYXJ0 +MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmthc3NlbiBWZXJsYWcgR21iSDEuMCwG +A1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyMDA4LTAwMTpQTjCCASMw +DQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAKfUBh+i0NSWzddPtWG15DdTqbPM +SJmeWw6dXutkR6UNonxC+yAm6rfZJhb83tPGB09qlAcNn7fcdR/g4SNdu3McwT+J +HKHou6hhbMZmsza72Qcj9P/AwWq/o5oJa2eI4pU7I5YjS3x3oGtvmhJkwYiehIyx +7DI+wHKcohwJV83jlZW3YrPmKgpaOZsc5lJM/+Ha4Q77MLPWHdCnxUkrbL1+Q/Ea +qY+DoMMa9wxY+UmwbKe8ANfAf2NIMfJwmb748f+7EJMLjUA8nxrQ4iAPJ1lSrfZs +d9cjzjdXZnhLvR9T2nNa2nROOHk2ARCOPAJgxk9EheRr4B6RbJ4hinuydJUCBEAA +AIGjggGyMIIBrjASBgNVHRMBAf8ECDAGAQH/AgEBMIIBLAYDVR0fBIIBIzCCAR8w +ggEboIIBF6CCAROGZWh0dHA6Ly9vbnNpdGVjcmwucy10cnVzdC5kZS9EZXV0c2No +ZXJTcGFya2Fzc2VuVmVybGFnR21iSFNUUlVTVFF1YWxpZmllZFJvb3RDQTIwMDgw +MDFQTi9MYXRlc3RDUkwuY3JshoGpbGRhcDovL2RpcmVjdG9yeS5zLXRydXN0LmRl +L0NOPVMtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAyMDA4LTAwMSUz +QVBOLE89RGV1dHNjaGVyJTIwU3Bhcmthc3NlbiUyMFZlcmxhZyUyMEdtYkgsTD1T +dHV0dGdhcnQsQz1ERT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTAO +BgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNVHQ4E +FgQU7UBDbxBuOWcii/O2xVNRExXxPj0wHwYDVR0jBBgwFoAU7UBDbxBuOWcii/O2 +xVNRExXxPj0wDQYJKoZIhvcNAQELBQADggEBAEdeesrApdpV+0cz698ZM+fsbcmk +AYTy8U1vcnEPzcxaEAvUO57ndJlSdBK7+5yFbVuFW7CTp90TPgljoDqWDOI2hsLU +YxrHUfDCwsm/ALLDpImRKWGZ07nKxOHGAOxB4tQUaDUHwaClbw3UB3nBi9++f9d0 +FLM9oOVxbhKGco4/qo3LP+QfJU6xjL8itqaf0WHXcnN69CD/5D7e/iziwHvLWLEU +0cUXVDzdyWKEvJ3RpFIk6EUulKFHZrCctis1ixg/iQybKs2DWG/RtCo6CGhtydT8 +I1y6qAwPL2gAt+ypf+Mk4SLewnpXlw6ZVDQlLEBLGto72DAyJTxRh8f6BpY= +-----END CERTIFICATE----- + +Issuer ...: /CN=S-TRUST Qualified Root CA 2008-002:PN + /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE +Serial ...: 00C4216083F35C54F67B09A80C3C55FE7D +Subject ..: /CN=S-TRUST Qualified Root CA 2008-002:PN + /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE + +-----BEGIN CERTIFICATE----- +MIIFODCCBCCgAwIBAgIRAMQhYIPzXFT2ewmoDDxV/n0wDQYJKoZIhvcNAQELBQAw +fDELMAkGA1UEBhMCREUxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1 +dHNjaGVyIFNwYXJrYXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1Qg +UXVhbGlmaWVkIFJvb3QgQ0EgMjAwOC0wMDI6UE4wHhcNMDgwMTAxMDAwMDAwWhcN +MTIxMjMwMjM1OTU5WjB8MQswCQYDVQQGEwJERTESMBAGA1UEBxMJU3R1dHRnYXJ0 +MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmthc3NlbiBWZXJsYWcgR21iSDEuMCwG +A1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyMDA4LTAwMjpQTjCCASMw +DQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAJCrKgvHaZdd5LpNAlVZVf8a3CJY +lBUt4Awwlu5q9wnkObVGHyekGLG6h7wMrY9OCL4uqWn9vIz+5vGXMEvU+NniMXIn +JodZS8CbBBYUxS42PgZp7TNCd4gglEA1xOhsQH8T9iRZzdRCLyZYjysYsHiujn/x +7y0+nxQsYu2mONaPFZq7ZBsDlAk5BPdIZCrutHDHe5inKwbpDUdpnKFlM1UDZ3eS +4dl+YT/3t4QSJAVHVFz/Pzf1tevpMFYP4M7jHaktp327GMtrhYlpeoSZRc1cizHU +Vdhj6Foyj1wWkQMwvb1ChPbRxS+4V3b6R+vgelULDBqFSF0Rtj/kRUgT/q8CBEAA +AIGjggGyMIIBrjASBgNVHRMBAf8ECDAGAQH/AgEBMIIBLAYDVR0fBIIBIzCCAR8w +ggEboIIBF6CCAROGZWh0dHA6Ly9vbnNpdGVjcmwucy10cnVzdC5kZS9EZXV0c2No +ZXJTcGFya2Fzc2VuVmVybGFnR21iSFNUUlVTVFF1YWxpZmllZFJvb3RDQTIwMDgw +MDJQTi9MYXRlc3RDUkwuY3JshoGpbGRhcDovL2RpcmVjdG9yeS5zLXRydXN0LmRl +L0NOPVMtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAyMDA4LTAwMiUz +QVBOLE89RGV1dHNjaGVyJTIwU3Bhcmthc3NlbiUyMFZlcmxhZyUyMEdtYkgsTD1T +dHV0dGdhcnQsQz1ERT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTAO +BgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNVHQ4E +FgQUIQpnbAV/rAz9qSo/4q/3/TlplqwwHwYDVR0jBBgwFoAUIQpnbAV/rAz9qSo/ +4q/3/TlplqwwDQYJKoZIhvcNAQELBQADggEBAHRr6IiNPkWJYHVa8vi4tufRG9nE +Yy8t2ll8xbu4ar+LXCqbttdaQzVU/7RCX4S1aPm6wb9WFJU+/JfZHpez+gJ9uIFy +6rYJDxZ4qTxaGnIKGguZbEkpvne38/vtyjR5RuCj5AwEuP7Vy7/j5O1WZDoROMoD +rRsBHLtg90aDVou0IG+wK5+RPOixSMjfMf79uixHrsriMHrzulTEMmX+S+VfXGmO +G1RRiCiWgYaEtSIDAP0V9ehpcghfJLlmMBnxSf4n7OZvkd1whvme2rXaQxnZi2qV +d2qclY03eJ7zx6Zpq8VFuVvOxvmFZ4mMe706runhCq+rHc5x6x0/oIMhDrk= +-----END CERTIFICATE----- + diff --git a/doc/contrib.texi b/doc/contrib.texi new file mode 100644 index 0000000..bb558bd --- /dev/null +++ b/doc/contrib.texi @@ -0,0 +1,106 @@ +@c Copyright (C) 2002 Free Software Foundation, Inc. +@c This is part of the GnuPG manual. +@c For copying conditions, see the file gnupg.texi. + +@node Contributors +@unnumbered Contributors to GnuPG +@cindex contributors + +The GnuPG project would like to thank its many contributors. Without +them the project would not have been nearly as successful as it has +been. Any omissions in this list are accidental. Feel free to contact +the maintainer if you have been left out or some of your contributions +are not listed. + +David Shaw, Matthew Skala, Michael Roth, Niklas Hernaeus, Nils +Ellmenreich, Rémi Guyomarch, Stefan Bellon, Timo Schulz and Werner +Koch wrote the code. Birger Langkjer, Daniel Resare, Dokianakis +Theofanis, Edmund GRIMLEY EVANS, Gaël Quéri, Gregory Steuck, Nagy +Ferenc László, Ivo Timmermans, Jacobo Tarri'o Barreiro, Janusz +Aleksander Urbanowicz, Jedi Lin, Jouni Hiltunen, Laurentiu Buzdugan, +Magda Procha'zkova', Michael Anckaert, Michal Majer, Marco d'Itri, +Nilgun Belma Buguner, Pedro Morais, Tedi Heriyanto, Thiago Jung +Bauermann, Rafael Caetano dos Santos, Toomas Soome, Urko Lusa, Walter +Koch, Yosiaki IIDA did the official translations. Mike Ashley wrote +and maintains the GNU Privacy Handbook. David Scribner is the current +FAQ editor. Lorenzo Cappelletti maintains the web site. + +The new modularized architecture of gnupg 1.9 as well as the X.509/CMS +part has been developed as part of the Ägypten project. Direct +contributors to this project are: Bernhard Herzog, who did extensive +testing and tracked down a lot of bugs. Bernhard Reiter, who made sure +that we met the specifications and the deadlines. He did extensive +testing and came up with a lot of suggestions. Jan-Oliver Wagner made +sure that we met the specifications and the deadlines. He also did +extensive testing and came up with a lot of suggestions. Karl-Heinz +Zimmer and Marc Mutz had to struggle with all the bugs and +misconceptions while working on KDE integration. Marcus Brinkman +extended GPGME, cleaned up the Assuan code and fixed bugs all over the +place. Moritz Schulte took over Libgcrypt maintenance and developed it +into a stable an useful library. Steffen Hansen had a hard time to +write the dirmngr due to underspecified interfaces. Thomas Koester did +extensive testing and tracked down a lot of bugs. Werner Koch designed +the system and wrote most of the code. + +The following people helped greatly by suggesting improvements, +testing, fixing bugs, providing resources and doing other important +tasks: Adam Mitchell, Albert Chin, Alec Habig, Allan Clark, Anand +Kumria, Andreas Haumer, Anthony Mulcahy, Ariel T Glenn, Bob Mathews, +Bodo Moeller, Brendan O'Dea, Brenno de Winter, Brian M. Carlson, Brian +Moore, Brian Warner, Bryan Fullerton, Caskey L. Dickson, Cees van de +Griend, Charles Levert, Chip Salzenberg, Chris Adams, Christian Biere, +Christian Kurz, Christian von Roques, Christopher Oliver, Christian +Recktenwald, Dan Winship, Daniel Eisenbud, Daniel Koening, Dave +Dykstra, David C Niemi, David Champion, David Ellement, David +Hallinan, David Hollenberg, David Mathog, David R. Bergstein, Detlef +Lannert, Dimitri, Dirk Lattermann, Dirk Meyer, Disastry, Douglas +Calvert, Ed Boraas, Edmund GRIMLEY EVANS, Edwin Woudt, Enzo +Michelangeli, Ernst Molitor, Fabio Coatti, Felix von Leitner, fish +stiqz, Florian Weimer, Francesco Potorti, Frank Donahoe, Frank +Heckenbach, Frank Stajano, Frank Tobin, Gabriel Rosenkoetter, Gaël +Quéri, Gene Carter, Geoff Keating, Georg Schwarz, Giampaolo Tomassoni, +Gilbert Fernandes, Greg Louis, Greg Troxel, Gregory Steuck, Gregery +Barton, Harald Denker, Holger Baust, Hendrik Buschkamp, Holger +Schurig, Holger Smolinski, Holger Trapp, Hugh Daniel, Huy Le, Ian +McKellar, Ivo Timmermans, Jan Krueger, Jan Niehusmann, Janusz +A. Urbanowicz, James Troup, Jean-loup Gailly, Jeff Long, Jeffery Von +Ronne, Jens Bachem, Jeroen C. van Gelderen, J Horacio MG, J. Michael +Ashley, Jim Bauer, Jim Small, Joachim Backes, Joe Rhett, John +A. Martin, Johnny Teveßen, Jörg Schilling, Jos Backus, Joseph Walton, +Juan F. Codagnone, Jun Kuriyama, Kahil D. Jallad, Karl Fogel, Karsten +Thygesen, Katsuhiro Kondou, Kazu Yamamoto, Keith Clayton, Kevin Ryde, +Klaus Singvogel, Kurt Garloff, Lars Kellogg-Stedman, L. Sassaman, M +Taylor, Marcel Waldvogel, Marco d'Itri, Marco Parrone, Marcus +Brinkmann, Mark Adler, Mark Elbrecht, Mark Pettit, Markus Friedl, +Martin Kahlert, Martin Hamilton, Martin Schulte, Matt Kraai, Matthew +Skala, Matthew Wilcox, Matthias Urlichs, Max Valianskiy, Michael +Engels, Michael Fischer v. Mollard, Michael Roth, Michael Sobolev, +Michael Tokarev, Nicolas Graner, Mike McEwan, Neal H Walfield, Nelson +H. F. Beebe, NIIBE Yutaka, Niklas Hernaeus, Nimrod Zimerman, N J Doye, +Oliver Haakert, Oskari Jääskeläinen, Pascal Scheffers, Paul D. Smith, +Per Cederqvist, Phil Blundell, Philippe Laliberte, Peter Fales, Peter +Gutmann, Peter Marschall, Peter Valchev, Piotr Krukowiecki, QingLong, +Ralph Gillen, Rat, Reinhard Wobst, Rémi Guyomarch, Reuben Sumner, +Richard Outerbridge, Robert Joop, Roddy Strachan, Roger Sondermann, +Roland Rosenfeld, Roman Pavlik, Ross Golder, Ryan Malayter, Sam +Roberts, Sami Tolvanen, Sean MacLennan, Sebastian Klemke, Serge +Munhoven, SL Baur, Stefan Bellon, Dr.Stefan.Dalibor, Stefan Karrmann, +Stefan Keller, Steffen Ullrich, Steffen Zahn, Steven Bakker, Steven +Murdoch, Susanne Schultz, Ted Cabeen, Thiago Jung Bauermann, Thijmen +Klok, Thomas Roessler, Tim Mooney, Timo Schulz, Todd Vierling, TOGAWA +Satoshi, Tom Spindler, Tom Zerucha, Tomas Fasth, Tommi Komulainen, +Thomas Klausner, Tomasz Kozlowski, Thomas Mikkelsen, Ulf Möller, Urko +Lusa, Vincent P. Broman, Volker Quetschke, W Lewis, Walter Hofmann, +Walter Koch, Wayne Chapeskie, Wim Vandeputte, Winona Brown, Yosiaki +IIDA, Yoshihiro Kajiki and Gerlinde Klaes. + +This software has been made possible by the previous work of Chris +Wedgwood, Jean-loup Gailly, Jon Callas, Mark Adler, Martin Hellmann +Paul Kendall, Philip R. Zimmermann, Peter Gutmann, Philip A. Nelson, +Taher Elgamal, Torbjorn Granlund, Whitfield Diffie, some unknown NSA +mathematicians and all the folks who have worked hard to create +complete and free operating systems. + +And finally we'd like to thank everyone who uses these tools, submits +bug reports and generally reminds us why we're doing this work in the +first place. diff --git a/doc/debugging.texi b/doc/debugging.texi new file mode 100644 index 0000000..c83ab1e --- /dev/null +++ b/doc/debugging.texi @@ -0,0 +1,277 @@ +@c Copyright (C) 2004 Free Software Foundation, Inc. +@c This is part of the GnuPG manual. +@c For copying conditions, see the file gnupg.texi. + +@node Debugging +@chapter How to solve problems + +Everyone knows that software often does not do what it should do and thus +there is a need to track down problems. We call this debugging in a +reminiscent to the moth jamming a relay in a Mark II box back in 1947. + +Most of the problems a merely configuration and user problems but +nevertheless there are the most annoying ones and responsible for many +gray hairs. We try to give some guidelines here on how to identify and +solve the problem at hand. + + +@menu +* Debugging Tools:: Description of some useful tools. +* Debugging Hints:: Various hints on debugging. +* Common Problems:: Commonly seen problems. +* Architecture Details:: How the whole thing works internally. +@end menu + + +@node Debugging Tools +@section Debugging Tools + +The GnuPG distribution comes with a couple of tools, useful to help find +and solving problems. + +@menu +* kbxutil:: Scrutinizing a keybox file. +@end menu + +@node kbxutil +@subsection Scrutinizing a keybox file + +A keybox is a file format used to store public keys along with meta +information and indices. The commonly used one is the file +@file{pubring.kbx} in the @file{.gnupg} directory. It contains all +X.509 certificates as well as OpenPGP keys@footnote{Well, OpenPGP keys +are not implemented, @command{gpg} still used the keyring file +@file{pubring.gpg}} . + +@noindent +When called the standard way, e.g.: + +@samp{kbxutil ~/.gnupg/pubring.kbx} + +@noindent +it lists all records (called @acronym{blobs}) with there meta-information +in a human readable format. + +@noindent +To see statistics on the keybox in question, run it using + +@samp{kbxutil --stats ~/.gnupg/pubring.kbx} + +@noindent +and you get an output like: + +@example +Total number of blobs: 99 + header: 1 + empty: 0 + openpgp: 0 + x509: 98 + non flagged: 81 + secret flagged: 0 + ephemeral flagged: 17 +@end example + +In this example you see that the keybox does not have any OpenPGP keys +but contains 98 X.509 certificates and a total of 17 keys or certificates +are flagged as ephemeral, meaning that they are only temporary stored +(cached) in the keybox and won't get listed using the usual commands +provided by @command{gpgsm} or @command{gpg}. 81 certificates are stored +in a standard way and directly available from @command{gpgsm}. + +@noindent +To find duplicated certificates and keyblocks in a keybox file (this +should not occur but sometimes things go wrong), run it using + +@samp{kbxutil --find-dups ~/.gnupg/pubring.kbx} + + +@node Debugging Hints +@section Various hints on debugging. + +@itemize @bullet + +@item How to find the IP address of a keyserver + +If a round robin URL of is used for a keyserver +(e.g. subkeys.gnupg.org); it is not easy to see what server is actually +used. Using the keyserver debug option as in + +@smallexample + gpg --keyserver-options debug=1 -v --refresh-key 1E42B367 +@end smallexample + +is thus often helpful. Note that the actual output depends on the +backend and may change from release to release. + +@ifset gpgtwoone +@item Logging on WindowsCE + +For development, the best logging method on WindowsCE is the use of +remote debugging using a log file name of @file{tcp://<ip-addr>:<port>}. +The command @command{watchgnupg} may be used on the remote host to listen +on the given port. (@pxref{option watchgnupg --tcp}). For in the field +tests it is better to make use of the logging facility provided by the +@command{gpgcedev} driver (part of libassuan); this is enabled by using +a log file name of @file{GPG2:}. (@pxref{option --log-file}). +@end ifset + +@end itemize + + +@node Common Problems +@section Commonly Seen Problems + + +@itemize @bullet +@item Error code @samp{Not supported} from Dirmngr + +Most likely the option @option{enable-ocsp} is active for gpgsm +but Dirmngr's OCSP feature has not been enabled using +@option{allow-ocsp} in @file{dirmngr.conf}. + +@item The Curses based Pinentry does not work + +The far most common reason for this is that the environment variable +@code{GPG_TTY} has not been set correctly. Make sure that it has been +set to a real tty devce and not just to @samp{/dev/tty}; +i.e. @samp{GPG_TTY=tty} is plainly wrong; what you want is +@samp{GPG_TTY=`tty`} --- note the back ticks. Also make sure that +this environment variable gets exported, that is you should follow up +the setting with an @samp{export GPG_TTY} (assuming a Bourne style +shell). Even for GUI based Pinentries; you should have set +@code{GPG_TTY}. See the section on installing the @command{gpg-agent} +on how to do it. + + +@item SSH hangs while a popping up pinentry was expected + +SSH has no way to tell the gpg-agent what terminal or X display it is +running on. So when remotely logging into a box where a gpg-agent with +SSH support is running, the pinentry will get popped up on whatever +display the gpg-agent has been started. To solve this problem you may +issue the command + +@smallexample +echo UPDATESTARTUPTTY | gpg-connect-agent +@end smallexample + +and the next pinentry will pop up on your display or screen. However, +you need to kill the running pinentry first because only one pinentry +may be running at once. If you plan to use ssh on a new display you +should issue the above command before invoking ssh or any other service +making use of ssh. + + +@item Exporting a secret key without a certificate + +I may happen that you have created a certificate request using +@command{gpgsm} but not yet received and imported the certificate from +the CA. However, you want to export the secret key to another machine +right now to import the certificate over there then. You can do this +with a little trick but it requires that you know the approximate time +you created the signing request. By running the command + +@smallexample + ls -ltr ~/.gnupg/private-keys-v1.d +@end smallexample + +you get a listing of all private keys under control of @command{gpg-agent}. +Pick the key which best matches the creation time and run the command + +@smallexample + /usr/local/libexec/gpg-protect-tool --p12-export ~/.gnupg/private-keys-v1.d/@var{foo} >@var{foo}.p12 +@end smallexample + +(Please adjust the path to @command{gpg-protect-tool} to the appropriate +location). @var{foo} is the name of the key file you picked (it should +have the suffix @file{.key}). A Pinentry box will pop up and ask you +for the current passphrase of the key and a new passphrase to protect it +in the pkcs#12 file. + +To import the created file on the machine you use this command: + +@smallexample + /usr/local/libexec/gpg-protect-tool --p12-import --store @var{foo}.p12 +@end smallexample + +You will be asked for the pkcs#12 passphrase and a new passphrase to +protect the imported private key at its new location. + +Note that there is no easy way to match existing certificates with +stored private keys because some private keys are used for Secure Shell +or other purposes and don't have a corresponding certificate. + + +@item A root certificate does not verify + +A common problem is that the root certificate misses the required +basicConstraints attribute and thus @command{gpgsm} rejects this +certificate. An error message indicating ``no value'' is a sign for +such a certificate. You may use the @code{relax} flag in +@file{trustlist.txt} to accept the certificate anyway. Note that the +fingerprint and this flag may only be added manually to +@file{trustlist.txt}. + +@item Error message: ``digest algorithm N has not been enabled'' + +The signature is broken. You may try the option +@option{--extra-digest-algo SHA256} to workaround the problem. The +number N is the internal algorithm identifier; for example 8 refers to +SHA-256. + + +@item The Windows version does not work under Wine + +When running the W32 version of @command{gpg} under Wine you may get +an error messages like: + +@smallexample +gpg: fatal: WriteConsole failed: Access denied +@end smallexample + +@noindent +The solution is to use the command @command{wineconsole}. + +Some operations like gen-key really want to talk to the console directly +for increased security (for example to prevent the passphrase from +appearing on the screen). So, you should use @command{wineconsole} +instead of @command{wine}, which will launch a windows console that +implements those additional features. + + +@item Why does GPG's --search-key list weird keys? + +For performance reasons the keyservers do not check the keys the same +way @command{gpg} does. It may happen that the listing of keys +available on the keyservers shows keys with wrong user IDs or with user +Ids from other keys. If you try to import this key, the bad keys or bad +user ids won't get imported, though. This is a bit unfortunate but we +can't do anything about it without actually downloading the keys. + +@end itemize + + +@c ******************************************** +@c *** Architecture Details ***************** +@c ******************************************** +@node Architecture Details +@section How the whole thing works internally. + + +@menu +* GnuPG-1 and GnuPG-2:: Relationship between the two branches. +@end menu + +@node GnuPG-1 and GnuPG-2 +@subsection Relationship between the two branches. + +Here is a little picture showing how the components work together: + +@image{gnupg-card-architecture, 10cm} + +@noindent +Lets try to explain it: + +TO BE DONE. + + diff --git a/doc/examples/README b/doc/examples/README new file mode 100644 index 0000000..3444822 --- /dev/null +++ b/doc/examples/README @@ -0,0 +1,9 @@ +Files in this directory: + + +scd-event A handler script used with scdaemon + +trustlist.txt A list of trustworthy root certificates + (Please check yourself whether you actually trust them) + +gpgconf.conf A sample configuration file for gpgconf. diff --git a/doc/examples/gpgconf.conf b/doc/examples/gpgconf.conf new file mode 100644 index 0000000..ec8685a --- /dev/null +++ b/doc/examples/gpgconf.conf @@ -0,0 +1,63 @@ +# gpgconf.conf - configuration for gpgconf +#---------------------------------------------------------------------- +# This file is read by gpgconf(1) to setup defaults for all or +# specified users and groups. It may be used to change the hardwired +# defaults in gpgconf and to enforce certain values for the various +# GnuPG related configuration files. +# +# Empty lines and comment lines, indicated by a hash mark as first non +# white space character, are ignored. The line is separated by white +# space into fields. The first field is used to match the user or +# group and must start at the first column, the file is processes +# sequential until a matching rule is found. A rule may contain +# several lines; continuation lines are indicated by a indenting them. +# +# Syntax of a line: +# <key>|WS <component> <option> ["["<flag>"]"] [<value>] +# +# Examples for the <key> field: +# foo - Matches the user "foo". +# foo: - Matches the user "foo". +# foo:staff - Matches the user "foo" or the group "staff". +# :staff - Matches the group "staff". +# * - Matches any user. +# All other variants are not defined and reserved for future use. +# +# <component> and <option> are as specified by gpgconf. +# <flag> may be one of: +# default - Delete the option so that the default is used. +# no-change - Mark the field as non changeable by gpgconf. +# change - Mark the field as changeable by gpgconf. +# +# Example file: +#========== +# :staff gpg-agent allow-mark-trusted [change] +# gpg-agent min-passphrase-len 6 +# +# * gpg-agent min-passphrase-len [no-change] 8 +# gpg-agent min-passphrase-nonalpha [no-change] 1 +# gpg-agent max-passphrase-days [no-change] 700 +# gpg-agent enable-passphrase-history [no-change] +# gpg-agent enforce-passphrase-constraints [default] +# gpg-agent enforce-passphrase-constraints [no-change] +# gpg-agent max-cache-ttl [no-change] 10800 +# gpg-agent max-cache-ttl-ssh [no-change] 10800 +# gpg-agent allow-mark-trusted [default] +# gpg-agent allow-mark-trusted [no-change] +# gpgsm enable-ocsp +#=========== +# All users in the group "staff" are allowed to change the value for +# --allow-mark-trusted; gpgconf's default is not to allow a change +# through its interface. When "gpgconf --apply-defaults" is used, +# "allow-mark-trusted" will get enabled and "min-passphrase-len" set +# to 6. All other users are not allowed to change +# "min-passphrase-len" and "allow-mark-trusted". When "gpgconf +# --apply-defaults" is used for them, "min-passphrase-len" is set to +# 8, "allow-mark-trusted" deleted from the config file and +# "enable-ocsp" is put into the config file of gpgsm. The latter may +# be changed by any user. +#------------------------------------------------------------------- + + + + diff --git a/doc/examples/pwpattern.list b/doc/examples/pwpattern.list new file mode 100644 index 0000000..251c2d4 --- /dev/null +++ b/doc/examples/pwpattern.list @@ -0,0 +1,48 @@ +# pwpattern.list -*- default-generic -*- +# +# This is an example for a pattern file as used by gpg-check-pattern. +# The file is line based with comment lines beginning on the *first* +# position with a '#'. Empty lines and lines with just spaces are +# ignored. The other lines may be verbatim patterns and match as they +# are (trailing spaces are ignored) or extended regular expressions +# indicated by a / in the first column and terminated by another / or +# end of line. All comparisons are case insensitive. + +# Reject the usual metavariables. Usual not required because +# gpg-agent can be used to reject all passphrases shorter than 8 +# charactes. +foo +bar +baz + +# As well as very common passwords. Note that gpg-agent can be used +# to reject them due to missing non-alpha characters. +password +passwort +passphrase +mantra +test +abc +egal + +# German number plates. +/^[A-Z]{1,3}[ ]*-[ ]*[A-Z]{1,2}[ ]*[0-9]+/ + +# Dates (very limited, only ISO dates). */ +/^[012][0-9][0-9][0-9]-[012][0-9]-[0123][0-9]$/ + +# Arbitrary strings +the quick brown fox jumps over the lazy dogs back +no-password +no password + +12345678 +123456789 +1234567890 +87654321 +987654321 +0987654321 +qwertyuiop +qwertzuiop +asdfghjkl +zxcvbnm diff --git a/doc/examples/scd-event b/doc/examples/scd-event new file mode 100755 index 0000000..938465f --- /dev/null +++ b/doc/examples/scd-event @@ -0,0 +1,102 @@ +#!/bin/sh +# Sample script for scdaemon event mechanism. + +#exec >>/tmp/scd-event.log + +PGM=scd-event + +reader_port= +old_code=0x0000 +new_code=0x0000 +status= + +tick='`' +prev= +while [ $# -gt 0 ]; do + arg="$1" + case $arg in + -*=*) optarg=$(echo "X$arg" | sed -e '1s/^X//' -e 's/[-_a-zA-Z0-9]*=//') + ;; + *) optarg= + ;; + esac + if [ -n "$prev" ]; then + eval "$prev=\$arg" + prev= + shift + continue + fi + case $arg in + --help|-h) + cat <<EOF +Usage: $PGM [options] +$PGM is called by scdaemon on card reader status changes + +Options: + --reader-port N Reports change for port N + --old-code 0xNNNN Previous status code + --old-code 0xNNNN Current status code + --status USABLE|ACTIVE|PRESENT|NOCARD + Human readable status code + +Environment: + +GNUPGHOME=DIR Set to the active homedir + +EOF + exit 0 + ;; + + --reader-port) + prev=reader_port + ;; + --reader-port=*) + reader_port="$optarg" + ;; + --old-code) + prev=old_code + ;; + --old-code=*) + old_code="$optarg" + ;; + --new-code) + prev=new_code + ;; + --new-code=*) + new_code="$optarg" + ;; + --status) + prev=status + ;; + --new-code=*) + status="$optarg" + ;; + + -*) + echo "$PGM: invalid option $tick$arg'" >&2 + exit 1 + ;; + + *) + break + ;; + esac + shift +done +if [ -n "$prev" ]; then + echo "$PGM: argument missing for option $tick$prev'" >&2 + exit 1 +fi + +cat <<EOF +======================== +port: $reader_port +old-code: $old_code +new-code: $new_code +status: $status +EOF + +if [ x$status = xUSABLE ]; then + gpg --batch --card-status 2>&1 +fi + diff --git a/doc/examples/trustlist.txt b/doc/examples/trustlist.txt new file mode 100644 index 0000000..4d57242 --- /dev/null +++ b/doc/examples/trustlist.txt @@ -0,0 +1,66 @@ +# This is the global list of trusted keys. Comment lines, like this +# one, as well as empty lines are ignored. Lines have a length limit +# but this is not serious limitation as the format of the entries is +# fixed and checked by gpg-agent. A non-comment line starts with +# optional white space, followed by the SHA-1 fingerpint in hex, +# optionally followed by a flag character which my either be 'P', 'S' +# or '*'. This file will be read by gpg-agent if no local trustlist +# is available or if the statement "include-default" is used in the +# local list. You should give the gpg-agent(s) a HUP after editing +# this file. + + +#Serial number: 32D18D +# Issuer: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde +# fÈur Telekommunikation und Post/C=DE +EA:8D:99:DD:36:AA:2D:07:1A:3C:7B:69:00:9E:51:B9:4A:2E:E7:60 S + +#Serial number: 00C48C8D +# Issuer: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde +# fÈur Telekommunikation und Post/C=DE +DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B S + +#Serial number: 01 +# Issuer: /CN=8R-CA 1:PN/O=Regulierungsbehörde für +# Telekommunikation und Post/C=DE +42:6A:F6:78:30:E9:CE:24:5B:EF:41:A2:C1:A8:51:DA:C5:0A:6D:F5 S + +#Serial number: 02 +# Issuer: /CN=9R-CA 1:PN/O=Regulierungsbehörde für +# Telekommunikation und Post/C=DE +75:9A:4A:CE:7C:DA:7E:89:1B:B2:72:4B:E3:76:EA:47:3A:96:97:24 S + +#Serial number: 2A +# Issuer: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE +31:C9:D2:E6:31:4D:0B:CC:2C:1A:45:00:A6:6B:97:98:27:18:8E:CD S + +#Serial number: 2D +# Issuer: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE +A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D S + +# S/N: 0139 +# Issuer: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE +44:7E:D4:E3:9A:D7:92:E2:07:FA:53:1A:2E:F5:B8:02:5B:47:57:B0 de + +# S/N: 013C +# Issuer: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE +AC:A7:BE:45:1F:A6:BF:09:F2:D1:3F:08:7B:BC:EB:7F:46:A2:CC:8A de + + +# S/N: 00B3963E0E6C2D65125853E970665402E5 +# Issuer: /CN=S-TRUST Qualified Root CA 2008-001:PN +# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE +C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA S + +# S/N: 00C4216083F35C54F67B09A80C3C55FE7D +# Issuer: /CN=S-TRUST Qualified Root CA 2008-002:PN +# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE +D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B S + + +#Serial number: 00 +# Issuer: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww. +# cacert.org/O=Root CA/EMail=support@cacert.org +13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33 S + + diff --git a/doc/glossary.texi b/doc/glossary.texi new file mode 100644 index 0000000..1c72e50 --- /dev/null +++ b/doc/glossary.texi @@ -0,0 +1,72 @@ +@c Copyright (C) 2004 Free Software Foundation, Inc. +@c This is part of the GnuPG manual. +@c For copying conditions, see the file gnupg.texi. + +@node Glossary +@unnumbered Glossary + + +@table @samp +@item ARL + The @emph{Authority Revocation List} is technical identical to a +@acronym{CRL} but used for @acronym{CA}s and not for end user +certificates. + +@item Chain model + Verification model for X.509 which uses the creation date of a +signature as the date the validation starts and in turn checks that each +certificate has been issued within the time frame, the issuing +certificate was valid. This allows the verification of signatures after +the CA's certificate expired. The validation test also required an +online check of the certificate status. The chain model is required by +the German signature law. See also @emph{Shell model}. + +@item CMS + The @emph{Cryptographic Message Standard} describes a message +format for encryption and digital signing. It is closely related to the +X.509 certificate format. @acronym{CMS} was formerly known under the +name @code{PKCS#7} and is described by @code{RFC3369}. + +@item CRL + The @emph{Certificate Revocation List} is a list containing +certificates revoked by the issuer. + +@item CSR + The @emph{Certificate Signing Request} is a message send to a CA to +ask them to issue a new certificate. The data format of such a signing +request is called PCKS#10. + +@item OpenPGP + A data format used to build a PKI and to exchange encrypted or +signed messages. In contrast to X.509, OpenPGP also includes the +message format but does not explicitly demand a specific PKI. However +any kind of PKI may be build upon the OpenPGP protocol. + +@item Keygrip + This term is used by GnuPG to describe a 20 byte hash value used +to identify a certain key without referencing to a concrete protocol. +It is used internally to access a private key. Usually it is shown and +entered as a 40 character hexadecimal formatted string. + +@item OCSP + The @emph{Online Certificate Status Protocol} is used as an +alternative to a @acronym{CRL}. It is described in @code{RFC 2560}. + +@item PSE + The @emph{Personal Security Environment} describes a database to +store private keys. This is either a smartcard or a collection of files +on a disk; the latter is often called a Soft-PSE. + + +@item Shell model +The standard model for validation of certificates under X.509. At the +time of the verification all certificates must be valid and not expired. +See also @emph{Chain mode}. + + +@item X.509 +Description of a PKI used with CMS. It is for example +defined by @code{RFC3280}. + + +@end table diff --git a/doc/gnupg-card-architecture.eps b/doc/gnupg-card-architecture.eps new file mode 100644 index 0000000..70f4536 --- /dev/null +++ b/doc/gnupg-card-architecture.eps @@ -0,0 +1,1003 @@ +%!PS-Adobe-3.0 EPSF-3.0 +%%Title: /home/wk/w/gnupg-stable/doc/gnupg-card-architecture.fig +%%Creator: fig2dev Version 3.2 Patchlevel 5d +%%CreationDate: Tue Mar 27 10:23:53 2012 +%%BoundingBox: 0 0 823 458 +%Magnification: 1.0000 +%%EndComments +% +% Copyright 2005 Werner Koch +% +% This file is part of GnuPG. +% +% GnuPG is free software; you can redistribute it and/or modify +% it under the terms of the GNU General Public License as published by +% the Free Software Foundation; either version 3 of the License, or +% (at your option) any later version. +% +% GnuPG is distributed in the hope that it will be useful, +% but WITHOUT ANY WARRANTY; without even the implied warranty of +% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +% GNU General Public License for more details. +% +% You should have received a copy of the GNU General Public License +% along with this program; if not, see <http://www.gnu.org/licenses/>. +% +% +%%BeginProlog +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/col-1 {0 setgray} bind def +/col0 {0.000 0.000 0.000 srgb} bind def +/col1 {0.000 0.000 1.000 srgb} bind def +/col2 {0.000 1.000 0.000 srgb} bind def +/col3 {0.000 1.000 1.000 srgb} bind def +/col4 {1.000 0.000 0.000 srgb} bind def +/col5 {1.000 0.000 1.000 srgb} bind def +/col6 {1.000 1.000 0.000 srgb} bind def +/col7 {1.000 1.000 1.000 srgb} bind def +/col8 {0.000 0.000 0.560 srgb} bind def +/col9 {0.000 0.000 0.690 srgb} bind def +/col10 {0.000 0.000 0.820 srgb} bind def +/col11 {0.530 0.810 1.000 srgb} bind def +/col12 {0.000 0.560 0.000 srgb} bind def +/col13 {0.000 0.690 0.000 srgb} bind def +/col14 {0.000 0.820 0.000 srgb} bind def +/col15 {0.000 0.560 0.560 srgb} bind def +/col16 {0.000 0.690 0.690 srgb} bind def +/col17 {0.000 0.820 0.820 srgb} bind def +/col18 {0.560 0.000 0.000 srgb} bind def +/col19 {0.690 0.000 0.000 srgb} bind def +/col20 {0.820 0.000 0.000 srgb} bind def +/col21 {0.560 0.000 0.560 srgb} bind def +/col22 {0.690 0.000 0.690 srgb} bind def +/col23 {0.820 0.000 0.820 srgb} bind def +/col24 {0.500 0.190 0.000 srgb} bind def +/col25 {0.630 0.250 0.000 srgb} bind def +/col26 {0.750 0.380 0.000 srgb} bind def +/col27 {1.000 0.500 0.500 srgb} bind def +/col28 {1.000 0.630 0.630 srgb} bind def +/col29 {1.000 0.750 0.750 srgb} bind def +/col30 {1.000 0.880 0.880 srgb} bind def +/col31 {1.000 0.840 0.000 srgb} bind def +/col32 {0.255 0.271 0.255 srgb} bind def +/col33 {0.502 0.502 0.502 srgb} bind def +/col34 {0.753 0.753 0.753 srgb} bind def +/col35 {0.776 0.718 0.592 srgb} bind def +/col36 {0.937 0.973 1.000 srgb} bind def +/col37 {0.863 0.796 0.651 srgb} bind def +/col38 {0.878 0.878 0.878 srgb} bind def +/col39 {0.557 0.561 0.557 srgb} bind def +/col40 {0.667 0.667 0.667 srgb} bind def +/col41 {0.333 0.333 0.333 srgb} bind def +/col42 {0.251 0.251 0.251 srgb} bind def +/col43 {0.525 0.510 0.525 srgb} bind def +/col44 {0.780 0.765 0.780 srgb} bind def +/col45 {0.906 0.890 0.906 srgb} bind def +/col46 {0.557 0.557 0.557 srgb} bind def +/col47 {0.267 0.267 0.267 srgb} bind def +/col48 {0.525 0.525 0.525 srgb} bind def +/col49 {0.780 0.780 0.780 srgb} bind def +/col50 {0.400 0.400 0.400 srgb} bind def +/col51 {0.886 0.886 0.933 srgb} bind def +/col52 {0.580 0.580 0.604 srgb} bind def +/col53 {0.859 0.859 0.859 srgb} bind def +/col54 {0.631 0.631 0.718 srgb} bind def +/col55 {0.612 0.000 0.000 srgb} bind def +/col56 {0.929 0.929 0.929 srgb} bind def +/col57 {0.525 0.675 1.000 srgb} bind def +/col58 {0.439 0.439 1.000 srgb} bind def +/col59 {0.745 0.745 0.745 srgb} bind def +/col60 {0.318 0.318 0.318 srgb} bind def +/col61 {0.000 0.000 0.286 srgb} bind def +/col62 {0.475 0.475 0.475 srgb} bind def +/col63 {0.188 0.204 0.188 srgb} bind def +/col64 {0.780 0.714 0.588 srgb} bind def +/col65 {0.843 0.843 0.843 srgb} bind def +/col66 {0.682 0.682 0.682 srgb} bind def +/col67 {0.522 0.502 0.490 srgb} bind def +/col68 {0.824 0.824 0.824 srgb} bind def +/col69 {0.227 0.227 0.227 srgb} bind def +/col70 {0.271 0.451 0.667 srgb} bind def +/col71 {0.000 0.000 0.000 srgb} bind def +/col72 {0.906 0.906 0.906 srgb} bind def +/col73 {0.969 0.969 0.969 srgb} bind def +/col74 {0.839 0.843 0.839 srgb} bind def +/col75 {0.482 0.475 0.647 srgb} bind def +/col76 {0.937 0.984 1.000 srgb} bind def +/col77 {0.620 0.620 0.620 srgb} bind def +/col78 {0.443 0.459 0.443 srgb} bind def +/col79 {0.451 0.459 0.549 srgb} bind def +/col80 {0.255 0.255 0.255 srgb} bind def +/col81 {0.388 0.365 0.808 srgb} bind def +/col82 {0.337 0.318 0.318 srgb} bind def +/col83 {0.867 0.616 0.576 srgb} bind def +/col84 {0.945 0.925 0.878 srgb} bind def +/col85 {0.765 0.765 0.765 srgb} bind def +/col86 {0.886 0.784 0.659 srgb} bind def +/col87 {0.882 0.882 0.882 srgb} bind def +/col88 {0.855 0.478 0.102 srgb} bind def +/col89 {0.945 0.894 0.102 srgb} bind def +/col90 {0.533 0.490 0.761 srgb} bind def +/col91 {0.839 0.839 0.839 srgb} bind def +/col92 {0.549 0.549 0.647 srgb} bind def +/col93 {0.290 0.290 0.290 srgb} bind def +/col94 {0.549 0.420 0.420 srgb} bind def +/col95 {0.353 0.353 0.353 srgb} bind def +/col96 {0.388 0.388 0.388 srgb} bind def +/col97 {0.718 0.608 0.451 srgb} bind def +/col98 {0.255 0.576 1.000 srgb} bind def +/col99 {0.749 0.439 0.231 srgb} bind def +/col100 {0.859 0.467 0.000 srgb} bind def +/col101 {0.855 0.722 0.000 srgb} bind def +/col102 {0.000 0.392 0.000 srgb} bind def +/col103 {0.353 0.420 0.231 srgb} bind def +/col104 {0.827 0.827 0.827 srgb} bind def +/col105 {0.557 0.557 0.643 srgb} bind def +/col106 {0.953 0.725 0.365 srgb} bind def +/col107 {0.537 0.600 0.420 srgb} bind def +/col108 {0.392 0.392 0.392 srgb} bind def +/col109 {0.718 0.902 1.000 srgb} bind def +/col110 {0.525 0.753 0.925 srgb} bind def +/col111 {0.741 0.741 0.741 srgb} bind def +/col112 {0.827 0.584 0.322 srgb} bind def +/col113 {0.596 0.824 0.996 srgb} bind def +/col114 {0.549 0.612 0.420 srgb} bind def +/col115 {0.969 0.420 0.000 srgb} bind def +/col116 {0.353 0.420 0.224 srgb} bind def +/col117 {0.549 0.612 0.420 srgb} bind def +/col118 {0.549 0.612 0.482 srgb} bind def +/col119 {0.094 0.290 0.094 srgb} bind def +/col120 {0.678 0.678 0.678 srgb} bind def +/col121 {0.969 0.741 0.353 srgb} bind def +/col122 {0.388 0.420 0.612 srgb} bind def +/col123 {0.871 0.000 0.000 srgb} bind def +/col124 {0.678 0.678 0.678 srgb} bind def +/col125 {0.969 0.741 0.353 srgb} bind def +/col126 {0.678 0.678 0.678 srgb} bind def +/col127 {0.969 0.741 0.353 srgb} bind def +/col128 {0.388 0.420 0.612 srgb} bind def +/col129 {0.322 0.420 0.161 srgb} bind def +/col130 {0.580 0.580 0.580 srgb} bind def +/col131 {0.000 0.388 0.000 srgb} bind def +/col132 {0.000 0.388 0.290 srgb} bind def +/col133 {0.482 0.518 0.290 srgb} bind def +/col134 {0.906 0.741 0.482 srgb} bind def +/col135 {0.647 0.710 0.776 srgb} bind def +/col136 {0.420 0.420 0.580 srgb} bind def +/col137 {0.518 0.420 0.420 srgb} bind def +/col138 {0.322 0.612 0.290 srgb} bind def +/col139 {0.839 0.906 0.906 srgb} bind def +/col140 {0.322 0.388 0.388 srgb} bind def +/col141 {0.094 0.420 0.290 srgb} bind def +/col142 {0.612 0.647 0.710 srgb} bind def +/col143 {1.000 0.580 0.000 srgb} bind def +/col144 {1.000 0.580 0.000 srgb} bind def +/col145 {0.000 0.388 0.290 srgb} bind def +/col146 {0.482 0.518 0.290 srgb} bind def +/col147 {0.388 0.451 0.482 srgb} bind def +/col148 {0.906 0.741 0.482 srgb} bind def +/col149 {0.094 0.290 0.094 srgb} bind def +/col150 {0.969 0.741 0.353 srgb} bind def +/col151 {0.871 0.871 0.871 srgb} bind def +/col152 {0.953 0.933 0.827 srgb} bind def +/col153 {0.961 0.682 0.365 srgb} bind def +/col154 {0.584 0.808 0.600 srgb} bind def +/col155 {0.710 0.082 0.490 srgb} bind def +/col156 {0.933 0.933 0.933 srgb} bind def +/col157 {0.518 0.518 0.518 srgb} bind def +/col158 {0.482 0.482 0.482 srgb} bind def +/col159 {0.000 0.353 0.000 srgb} bind def +/col160 {0.906 0.451 0.451 srgb} bind def +/col161 {1.000 0.796 0.192 srgb} bind def +/col162 {0.161 0.475 0.290 srgb} bind def +/col163 {0.871 0.157 0.129 srgb} bind def +/col164 {0.129 0.349 0.776 srgb} bind def +/col165 {0.973 0.973 0.973 srgb} bind def +/col166 {0.902 0.902 0.902 srgb} bind def +/col167 {0.129 0.518 0.353 srgb} bind def +/col168 {1.000 0.580 0.031 srgb} bind def +/col169 {0.000 0.439 0.000 srgb} bind def +/col170 {0.816 0.000 0.000 srgb} bind def +/col171 {0.996 0.839 0.000 srgb} bind def +/col172 {0.847 0.125 0.063 srgb} bind def +/col173 {0.000 0.204 0.518 srgb} bind def +/col174 {0.839 0.125 0.063 srgb} bind def +/col175 {0.220 0.565 0.000 srgb} bind def +/col176 {0.729 0.000 0.000 srgb} bind def +/col177 {0.000 0.200 0.502 srgb} bind def +/col178 {0.000 0.655 0.741 srgb} bind def +/col179 {1.000 0.773 0.000 srgb} bind def +/col180 {0.031 0.482 0.816 srgb} bind def +/col181 {0.984 0.757 0.000 srgb} bind def +/col182 {0.518 0.000 0.161 srgb} bind def +/col183 {0.027 0.224 0.612 srgb} bind def +/col184 {0.000 0.388 0.741 srgb} bind def +/col185 {0.224 0.675 0.875 srgb} bind def +/col186 {0.259 0.753 0.878 srgb} bind def +/col187 {0.192 0.808 1.000 srgb} bind def +/col188 {1.000 0.871 0.000 srgb} bind def +/col189 {0.031 0.353 0.000 srgb} bind def +/col190 {1.000 0.129 0.000 srgb} bind def +/col191 {0.969 0.369 0.031 srgb} bind def +/col192 {0.937 0.482 0.031 srgb} bind def +/col193 {1.000 0.510 0.000 srgb} bind def +/col194 {0.000 0.490 0.000 srgb} bind def +/col195 {0.000 0.000 0.745 srgb} bind def +/col196 {0.459 0.459 0.459 srgb} bind def +/col197 {0.953 0.953 0.953 srgb} bind def +/col198 {0.843 0.827 0.843 srgb} bind def +/col199 {0.682 0.667 0.682 srgb} bind def +/col200 {0.761 0.761 0.761 srgb} bind def +/col201 {0.188 0.188 0.188 srgb} bind def +/col202 {0.318 0.333 0.318 srgb} bind def +/col203 {0.969 0.953 0.969 srgb} bind def +/col204 {0.443 0.443 0.443 srgb} bind def + +end + +/cp {closepath} bind def +/ef {eofill} bind def +/gr {grestore} bind def +/gs {gsave} bind def +/sa {save} bind def +/rs {restore} bind def +/l {lineto} bind def +/m {moveto} bind def +/rm {rmoveto} bind def +/n {newpath} bind def +/s {stroke} bind def +/sh {show} bind def +/slc {setlinecap} bind def +/slj {setlinejoin} bind def +/slw {setlinewidth} bind def +/srgb {setrgbcolor} bind def +/rot {rotate} bind def +/sc {scale} bind def +/sd {setdash} bind def +/ff {findfont} bind def +/sf {setfont} bind def +/scf {scalefont} bind def +/sw {stringwidth} bind def +/tr {translate} bind def +/tnt {dup dup currentrgbcolor + 4 -2 roll dup 1 exch sub 3 -1 roll mul add + 4 -2 roll dup 1 exch sub 3 -1 roll mul add + 4 -2 roll dup 1 exch sub 3 -1 roll mul add srgb} + bind def +/shd {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul + 4 -2 roll mul srgb} bind def +/reencdict 12 dict def /ReEncode { reencdict begin +/newcodesandnames exch def /newfontname exch def /basefontname exch def +/basefontdict basefontname findfont def /newfont basefontdict maxlength dict def +basefontdict { exch dup /FID ne { dup /Encoding eq +{ exch dup length array copy newfont 3 1 roll put } +{ exch newfont 3 1 roll put } ifelse } { pop pop } ifelse } forall +newfont /FontName newfontname put newcodesandnames aload pop +128 1 255 { newfont /Encoding get exch /.notdef put } for +newcodesandnames length 2 idiv { newfont /Encoding get 3 1 roll put } repeat +newfontname newfont definefont pop end } def +/isovec [ +8#055 /minus 8#200 /grave 8#201 /acute 8#202 /circumflex 8#203 /tilde +8#204 /macron 8#205 /breve 8#206 /dotaccent 8#207 /dieresis +8#210 /ring 8#211 /cedilla 8#212 /hungarumlaut 8#213 /ogonek 8#214 /caron +8#220 /dotlessi 8#230 /oe 8#231 /OE +8#240 /space 8#241 /exclamdown 8#242 /cent 8#243 /sterling +8#244 /currency 8#245 /yen 8#246 /brokenbar 8#247 /section 8#250 /dieresis +8#251 /copyright 8#252 /ordfeminine 8#253 /guillemotleft 8#254 /logicalnot +8#255 /hyphen 8#256 /registered 8#257 /macron 8#260 /degree 8#261 /plusminus +8#262 /twosuperior 8#263 /threesuperior 8#264 /acute 8#265 /mu 8#266 /paragraph +8#267 /periodcentered 8#270 /cedilla 8#271 /onesuperior 8#272 /ordmasculine +8#273 /guillemotright 8#274 /onequarter 8#275 /onehalf +8#276 /threequarters 8#277 /questiondown 8#300 /Agrave 8#301 /Aacute +8#302 /Acircumflex 8#303 /Atilde 8#304 /Adieresis 8#305 /Aring +8#306 /AE 8#307 /Ccedilla 8#310 /Egrave 8#311 /Eacute +8#312 /Ecircumflex 8#313 /Edieresis 8#314 /Igrave 8#315 /Iacute +8#316 /Icircumflex 8#317 /Idieresis 8#320 /Eth 8#321 /Ntilde 8#322 /Ograve +8#323 /Oacute 8#324 /Ocircumflex 8#325 /Otilde 8#326 /Odieresis 8#327 /multiply +8#330 /Oslash 8#331 /Ugrave 8#332 /Uacute 8#333 /Ucircumflex +8#334 /Udieresis 8#335 /Yacute 8#336 /Thorn 8#337 /germandbls 8#340 /agrave +8#341 /aacute 8#342 /acircumflex 8#343 /atilde 8#344 /adieresis 8#345 /aring +8#346 /ae 8#347 /ccedilla 8#350 /egrave 8#351 /eacute +8#352 /ecircumflex 8#353 /edieresis 8#354 /igrave 8#355 /iacute +8#356 /icircumflex 8#357 /idieresis 8#360 /eth 8#361 /ntilde 8#362 /ograve +8#363 /oacute 8#364 /ocircumflex 8#365 /otilde 8#366 /odieresis 8#367 /divide +8#370 /oslash 8#371 /ugrave 8#372 /uacute 8#373 /ucircumflex +8#374 /udieresis 8#375 /yacute 8#376 /thorn 8#377 /ydieresis] def +/Helvetica-Bold /Helvetica-Bold-iso isovec ReEncode +/Helvetica /Helvetica-iso isovec ReEncode +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +/pageheader { +save +newpath 0 458 moveto 0 0 lineto 823 0 lineto 823 458 lineto closepath clip newpath +-8.3 472.6 translate +1 -1 scale +$F2psBegin +10 setmiterlimit +0 slj 0 slc + 0.06299 0.06299 sc +} bind def +/pagefooter { +$F2psEnd +restore +} bind def +%%EndProlog +pageheader +% +% Fig objects follow +% +% +% here starts figure with depth 60 +% Polyline +0 slj +0 slc +15.000 slw +n 9393 2072 m 9318 2072 9318 5664 75 arcto 4 {pop} repeat + 9318 5739 13062 5739 75 arcto 4 {pop} repeat + 13137 5739 13137 2147 75 arcto 4 {pop} repeat + 13137 2072 9393 2072 75 arcto 4 {pop} repeat + cp gs col6 1.00 shd ef gr gs col0 s gr +% Polyline +n 10849 5901 m 10774 5901 10774 6285 75 arcto 4 {pop} repeat + 10774 6360 11616 6360 75 arcto 4 {pop} repeat + 11691 6360 11691 5976 75 arcto 4 {pop} repeat + 11691 5901 10849 5901 75 arcto 4 {pop} repeat + cp gs col6 1.00 shd ef gr gs col0 s gr +% Polyline +n 228 2072 m 153 2072 153 5664 75 arcto 4 {pop} repeat + 153 5739 3897 5739 75 arcto 4 {pop} repeat + 3972 5739 3972 2147 75 arcto 4 {pop} repeat + 3972 2072 228 2072 75 arcto 4 {pop} repeat + cp gs col6 1.00 shd ef gr gs col0 s gr +% Polyline +n 4810 2072 m 4735 2072 4735 5664 75 arcto 4 {pop} repeat + 4735 5739 8479 5739 75 arcto 4 {pop} repeat + 8554 5739 8554 2147 75 arcto 4 {pop} repeat + 8554 2072 4810 2072 75 arcto 4 {pop} repeat + cp gs col6 1.00 shd ef gr gs col0 s gr +% Polyline +n 6643 423 m 6568 423 6568 1264 75 arcto 4 {pop} repeat + 6568 1339 8479 1339 75 arcto 4 {pop} repeat + 8554 1339 8554 498 75 arcto 4 {pop} repeat + 8554 423 6643 423 75 arcto 4 {pop} repeat + cp gs col6 1.00 shd ef gr gs col0 s gr +% Polyline +n 10768 6991 m 10693 6991 10693 7405 75 arcto 4 {pop} repeat + 10693 7480 11656 7480 75 arcto 4 {pop} repeat + 11731 7480 11731 7066 75 arcto 4 {pop} repeat + 11731 6991 10768 6991 75 arcto 4 {pop} repeat + cp gs col6 1.00 shd ef gr gs col0 s gr +% here ends figure; +% +% here starts figure with depth 50 +% Polyline +0 slj +0 slc +7.500 slw +n 9546 3936 m 9471 3936 9471 4319 75 arcto 4 {pop} repeat + 9471 4394 10465 4394 75 arcto 4 {pop} repeat + 10540 4394 10540 4011 75 arcto 4 {pop} repeat + 10540 3936 9546 3936 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +n 9546 5158 m 9471 5158 9471 5541 75 arcto 4 {pop} repeat + 9471 5616 10312 5616 75 arcto 4 {pop} repeat + 10387 5616 10387 5233 75 arcto 4 {pop} repeat + 10387 5158 9546 5158 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +n 9546 4547 m 9471 4547 9471 4930 75 arcto 4 {pop} repeat + 9471 5005 12909 5005 75 arcto 4 {pop} repeat + 12984 5005 12984 4622 75 arcto 4 {pop} repeat + 12984 4547 9546 4547 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +n 12142 5158 m 12067 5158 12067 5541 75 arcto 4 {pop} repeat + 12067 5616 12909 5616 75 arcto 4 {pop} repeat + 12984 5616 12984 5233 75 arcto 4 {pop} repeat + 12984 5158 12142 5158 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +n 10859 5168 m 10784 5168 10784 5552 75 arcto 4 {pop} repeat + 10784 5627 11626 5627 75 arcto 4 {pop} repeat + 11701 5627 11701 5243 75 arcto 4 {pop} repeat + 11701 5168 10859 5168 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +n 10768 3936 m 10693 3936 10693 4319 75 arcto 4 {pop} repeat + 10693 4394 11687 4394 75 arcto 4 {pop} repeat + 11762 4394 11762 4011 75 arcto 4 {pop} repeat + 11762 3936 10768 3936 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +n 11990 3936 m 11915 3936 11915 4319 75 arcto 4 {pop} repeat + 11915 4394 12909 4394 75 arcto 4 {pop} repeat + 12984 4394 12984 4011 75 arcto 4 {pop} repeat + 12984 3936 11990 3936 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline + [15 45] 45 sd +n 9318 3753 m + 13137 3753 l gs col0 s gr [] 0 sd +% Polyline +15.000 slw +n 11755 5739 m 11770 5739 l gs col0 s gr +% Polyline + [90] 0 sd +n 10693 5739 m 10693 6502 l 11762 6502 l + 11762 5739 l gs col0 s gr [] 0 sd +% Polyline +7.500 slw +n 381 3936 m 306 3936 306 4319 75 arcto 4 {pop} repeat + 306 4394 1300 4394 75 arcto 4 {pop} repeat + 1375 4394 1375 4011 75 arcto 4 {pop} repeat + 1375 3936 381 3936 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +n 381 5158 m 306 5158 306 5541 75 arcto 4 {pop} repeat + 306 5616 1147 5616 75 arcto 4 {pop} repeat + 1222 5616 1222 5233 75 arcto 4 {pop} repeat + 1222 5158 381 5158 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +n 381 4547 m 306 4547 306 4930 75 arcto 4 {pop} repeat + 306 5005 3744 5005 75 arcto 4 {pop} repeat + 3819 5005 3819 4622 75 arcto 4 {pop} repeat + 3819 4547 381 4547 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +n 2977 5158 m 2902 5158 2902 5541 75 arcto 4 {pop} repeat + 2902 5616 3744 5616 75 arcto 4 {pop} repeat + 3819 5616 3819 5233 75 arcto 4 {pop} repeat + 3819 5158 2977 5158 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +n 1694 5168 m 1619 5168 1619 5552 75 arcto 4 {pop} repeat + 1619 5627 2461 5627 75 arcto 4 {pop} repeat + 2536 5627 2536 5243 75 arcto 4 {pop} repeat + 2536 5168 1694 5168 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +n 2214 3753 m 2139 3753 2139 4136 75 arcto 4 {pop} repeat + 2139 4211 3133 4211 75 arcto 4 {pop} repeat + 3208 4211 3208 3828 75 arcto 4 {pop} repeat + 3208 3753 2214 3753 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +15.000 slw +n 2590 5739 m 2605 5739 l gs col0 s gr +% Polyline +7.500 slw +gs clippath +1498 4113 m 1386 4132 l 1393 4172 l 1504 4153 l 1504 4153 l 1421 4147 l 1498 4113 l cp +eoclip +n 2139 4028 m + 1405 4150 l gs col0 s gr gr + +% arrowhead +n 1498 4113 m 1421 4147 l 1504 4153 l 1498 4113 l cp gs 0.00 setgray ef gr col0 s +% Polyline + [15 45] 45 sd +n 153 3753 m 1833 3753 l 1833 4364 l + 3972 4364 l gs col0 s gr [] 0 sd +% Polyline +n 4963 4058 m 4888 4058 4888 5358 75 arcto 4 {pop} repeat + 4888 5433 5271 5433 75 arcto 4 {pop} repeat + 5346 5433 5346 4133 75 arcto 4 {pop} repeat + 5346 4058 4963 4058 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +n 4963 2378 m 4888 2378 4888 3678 75 arcto 4 {pop} repeat + 4888 3753 5271 3753 75 arcto 4 {pop} repeat + 5346 3753 5346 2453 75 arcto 4 {pop} repeat + 5346 2378 4963 2378 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +n 6032 3447 m 5957 3447 5957 4136 75 arcto 4 {pop} repeat + 5957 4211 7104 4211 75 arcto 4 {pop} repeat + 7179 4211 7179 3522 75 arcto 4 {pop} repeat + 7179 3447 6032 3447 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +n 7191 4883 m 7199 4883 l gs col0 s gr +% Polyline +n 7191 4883 m 7199 4883 l gs col0 s gr +% Polyline +n 6796 4517 m 6721 4517 6721 4900 75 arcto 4 {pop} repeat + 6721 4975 7257 4975 75 arcto 4 {pop} repeat + 7332 4975 7332 4592 75 arcto 4 {pop} repeat + 7332 4517 6796 4517 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +gs clippath +6934 4479 m 7028 4542 l 7050 4508 l 6957 4445 l 6957 4445 l 7014 4508 l 6934 4479 l cp +6660 4248 m 6566 4185 l 6544 4219 l 6637 4282 l 6637 4282 l 6581 4220 l 6660 4248 l cp +eoclip +n 6568 4211 m + 7027 4517 l gs col0 s gr gr + +% arrowhead +n 6660 4248 m 6581 4220 l 6637 4282 l 6660 4248 l cp gs 0.00 setgray ef gr col0 s +% arrowhead +n 6934 4479 m 7014 4508 l 6957 4445 l 6934 4479 l cp gs 0.00 setgray ef gr col0 s +% Polyline +gs clippath +6179 4445 m 6086 4508 l 6108 4542 l 6202 4479 l 6202 4479 l 6123 4508 l 6179 4445 l cp +6498 4282 m 6591 4219 l 6569 4185 l 6475 4248 l 6475 4248 l 6555 4220 l 6498 4282 l cp +eoclip +n 6568 4211 m + 6110 4517 l gs col0 s gr gr + +% arrowhead +n 6498 4282 m 6555 4220 l 6475 4248 l 6498 4282 l cp gs 0.00 setgray ef gr col0 s +% arrowhead +n 6179 4445 m 6123 4508 l 6202 4479 l 6179 4445 l cp gs 0.00 setgray ef gr col0 s +% Polyline +n 5880 4517 m 5805 4517 5805 4900 75 arcto 4 {pop} repeat + 5805 4975 6341 4975 75 arcto 4 {pop} repeat + 6416 4975 6416 4592 75 arcto 4 {pop} repeat + 6416 4517 5880 4517 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +n 7713 3600 m 7638 3600 7638 3983 75 arcto 4 {pop} repeat + 7638 4058 8326 4058 75 arcto 4 {pop} repeat + 8401 4058 8401 3675 75 arcto 4 {pop} repeat + 8401 3600 7713 3600 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline +n 7634 3814 m 7642 3814 l gs col0 s gr +% Polyline +n 9546 2225 m 9471 2225 9471 3525 75 arcto 4 {pop} repeat + 9471 3600 9854 3600 75 arcto 4 {pop} repeat + 9929 3600 9929 2300 75 arcto 4 {pop} repeat + 9929 2225 9546 2225 75 arcto 4 {pop} repeat + cp gs col0 s gr +% Polyline + [60] 0 sd +gs clippath +11083 351 m 11196 351 l 11196 310 l 11083 310 l 11083 310 l 11165 331 l 11083 351 l cp +eoclip +n 10632 331 m + 11181 331 l gs col1 s gr gr + [] 0 sd +% arrowhead +n 11083 351 m 11165 331 l 11083 310 l 11083 351 l cp gs col1 1.00 shd ef gr col1 s +% Polyline +15.000 slw +gs clippath +10986 677 m 11196 677 l 11196 596 l 10986 596 l 10986 596 l 11149 637 l 10986 677 l cp +eoclip +n 10632 637 m + 11181 637 l gs col1 s gr gr + +% arrowhead +n 10986 677 m 11149 637 l 10986 596 l 10986 677 l cp gs col1 1.00 shd ef gr col1 s +% Polyline +7.500 slw +gs clippath +11083 962 m 11196 962 l 11196 921 l 11083 921 l 11083 921 l 11165 942 l 11083 962 l cp +eoclip +n 10632 942 m + 11181 942 l gs col0 s gr gr + +% arrowhead +n 11083 962 m 11165 942 l 11083 921 l 11083 962 l cp gs 0.00 setgray ef gr col0 s +% Polyline +n 6919 6197 m 6904 6197 6904 7170 15 arcto 4 {pop} repeat + 6904 7185 8457 7185 15 arcto 4 {pop} repeat + 8472 7185 8472 6212 15 arcto 4 {pop} repeat + 8472 6197 6919 6197 15 arcto 4 {pop} repeat + cp gs col7 1.00 shd ef gr gs col-1 s gr +% Polyline +gs clippath +5873 3698 m 5953 3778 l 5982 3749 l 5902 3669 l 5902 3669 l 5946 3742 l 5873 3698 l cp +eoclip +n 5346 3142 m + 5957 3753 l gs col0 s gr gr + +% arrowhead +n 5873 3698 m 5946 3742 l 5902 3669 l 5873 3698 l cp gs 0.00 setgray ef gr col0 s +% Polyline +gs clippath +5912 3994 m 5982 3906 l 5950 3880 l 5880 3968 l 5880 3968 l 5947 3918 l 5912 3994 l cp +eoclip +n 5346 4669 m + 5957 3905 l gs col0 s gr gr + +% arrowhead +n 5912 3994 m 5947 3918 l 5880 3968 l 5912 3994 l cp gs 0.00 setgray ef gr col0 s +% Polyline +gs clippath +7540 3834 m 7653 3834 l 7653 3793 l 7540 3793 l 7540 3793 l 7622 3814 l 7540 3834 l cp +7276 3793 m 7164 3793 l 7164 3834 l 7276 3834 l 7276 3834 l 7195 3814 l 7276 3793 l cp +eoclip +n 7179 3814 m + 7638 3814 l gs col0 s gr gr + +% arrowhead +n 7276 3793 m 7195 3814 l 7276 3834 l 7276 3793 l cp gs 0.00 setgray ef gr col0 s +% arrowhead +n 7540 3834 m 7622 3814 l 7540 3793 l 7540 3834 l cp gs 0.00 setgray ef gr col0 s +% Polyline +2 slj +15.000 slw +gs clippath +7694 1441 m 7524 1318 l 7476 1384 l 7646 1507 l 7646 1507 l 7539 1379 l 7694 1441 l cp +eoclip +n 8022 3600 m 8022 3599 l 8023 3597 l 8024 3592 l 8026 3585 l 8028 3575 l + 8031 3562 l 8035 3545 l 8039 3525 l 8045 3501 l 8051 3474 l + 8057 3444 l 8064 3410 l 8072 3374 l 8079 3336 l 8087 3295 l + 8095 3252 l 8102 3208 l 8109 3163 l 8116 3117 l 8123 3069 l + 8129 3021 l 8134 2972 l 8139 2921 l 8143 2870 l 8145 2818 l + 8147 2765 l 8148 2710 l 8147 2654 l 8145 2596 l 8142 2537 l + 8136 2476 l 8129 2414 l 8120 2351 l 8109 2288 l 8096 2225 l + 8079 2156 l 8060 2091 l 8039 2029 l 8017 1971 l 7995 1917 l + 7971 1868 l 7948 1822 l 7923 1780 l 7899 1740 l 7874 1704 l + 7848 1670 l 7823 1638 l 7797 1608 l 7772 1580 l 7746 1553 l + 7720 1528 l 7695 1505 l 7671 1483 l 7647 1463 l 7625 1445 l + 7605 1428 l 7586 1413 l 7569 1400 l 7554 1389 l 7542 1380 l + 7532 1373 l 7524 1368 l + 7513 1360 l gs col1 s gr gr + +% arrowhead +0 slj +n 7694 1441 m 7539 1379 l 7646 1507 l 7694 1441 l cp gs col1 1.00 shd ef gr col1 s +% Polyline +2 slj +gs clippath +9472 3096 m 9513 2890 l 9433 2874 l 9393 3080 l 9393 3080 l 9465 2929 l 9472 3096 l cp +eoclip +n 7332 4730 m 7333 4730 l 7335 4731 l 7339 4732 l 7346 4733 l 7355 4735 l + 7367 4738 l 7382 4741 l 7401 4745 l 7423 4750 l 7449 4754 l + 7477 4760 l 7509 4765 l 7543 4771 l 7580 4776 l 7619 4782 l + 7660 4787 l 7702 4791 l 7746 4795 l 7791 4798 l 7837 4800 l + 7884 4801 l 7931 4800 l 7979 4798 l 8028 4794 l 8078 4789 l + 8128 4781 l 8179 4771 l 8231 4758 l 8284 4742 l 8338 4724 l + 8393 4702 l 8449 4676 l 8506 4646 l 8564 4612 l 8622 4575 l + 8680 4532 l 8737 4486 l 8790 4439 l 8840 4389 l 8888 4337 l + 8932 4284 l 8975 4231 l 9014 4176 l 9050 4122 l 9084 4068 l + 9116 4013 l 9145 3959 l 9172 3904 l 9198 3850 l 9221 3796 l + 9244 3741 l 9264 3687 l 9284 3633 l 9302 3579 l 9319 3526 l + 9335 3473 l 9350 3420 l 9365 3369 l 9378 3319 l 9390 3270 l + 9402 3223 l 9412 3178 l 9422 3136 l 9431 3097 l 9438 3061 l + 9445 3028 l 9451 3000 l 9456 2975 l 9460 2953 l 9464 2936 l + 9466 2922 l 9468 2912 l + 9471 2897 l gs col1 s gr gr + +% arrowhead +0 slj +n 9472 3096 m 9465 2929 l 9393 3080 l col1 s +% Polyline +2 slj +gs clippath +4726 4612 m 4867 4768 l 4928 4713 l 4786 4558 l 4786 4558 l 4866 4706 l 4726 4612 l cp +eoclip +n 3238 3997 m 3239 3997 l 3242 3997 l 3247 3998 l 3255 3999 l 3266 4000 l + 3281 4002 l 3300 4004 l 3322 4007 l 3347 4011 l 3375 4015 l + 3406 4019 l 3439 4024 l 3474 4029 l 3511 4035 l 3549 4042 l + 3589 4049 l 3629 4057 l 3671 4066 l 3713 4075 l 3757 4086 l + 3802 4097 l 3848 4110 l 3896 4124 l 3946 4139 l 3997 4156 l + 4051 4175 l 4105 4196 l 4161 4218 l 4216 4242 l 4274 4269 l + 4329 4296 l 4381 4323 l 4428 4349 l 4472 4375 l 4513 4401 l + 4550 4426 l 4585 4450 l 4617 4473 l 4647 4497 l 4675 4520 l + 4701 4542 l 4726 4564 l 4749 4585 l 4770 4606 l 4790 4626 l + 4809 4644 l 4825 4661 l 4840 4677 l 4853 4691 l 4863 4702 l + 4872 4712 l 4878 4719 l + 4888 4730 l gs col1 s gr gr + +% arrowhead +0 slj +n 4726 4612 m 4866 4706 l 4786 4558 l 4726 4612 l cp gs col1 1.00 shd ef gr col1 s +% Polyline +2 slj +gs clippath +11276 6815 m 11140 6976 l 11202 7028 l 11338 6868 l 11338 6868 l 11202 6966 l 11276 6815 l cp +eoclip +n 11243 6502 m 11244 6504 l 11247 6510 l 11252 6518 l 11259 6530 l 11267 6546 l + 11276 6563 l 11284 6583 l 11291 6604 l 11298 6627 l 11303 6652 l + 11306 6681 l 11307 6713 l 11304 6747 l 11299 6777 l 11292 6805 l + 11283 6831 l 11273 6854 l 11263 6876 l 11252 6895 l 11241 6913 l + 11229 6930 l 11218 6946 l 11207 6959 l 11198 6971 l + 11181 6991 l gs col1 s gr gr + +% arrowhead +0 slj +n 11276 6815 m 11202 6966 l 11338 6868 l 11276 6815 l cp gs col1 1.00 shd ef gr col1 s +% Polyline +2 slj +7.500 slw + [60] 0 sd +gs clippath +8590 6891 m 8487 6844 l 8470 6881 l 8573 6928 l 8573 6928 l 8508 6876 l 8590 6891 l cp +eoclip +n 10693 7235 m 10692 7235 l 10690 7235 l 10685 7235 l 10679 7236 l 10669 7236 l + 10656 7236 l 10640 7237 l 10621 7238 l 10598 7238 l 10572 7239 l + 10544 7240 l 10512 7241 l 10478 7241 l 10442 7242 l 10404 7242 l + 10365 7243 l 10324 7243 l 10281 7242 l 10238 7242 l 10194 7241 l + 10148 7240 l 10101 7238 l 10052 7236 l 10003 7233 l 9951 7230 l + 9898 7226 l 9842 7221 l 9785 7216 l 9725 7209 l 9664 7202 l + 9600 7194 l 9536 7184 l 9471 7174 l 9403 7162 l 9337 7150 l + 9274 7137 l 9215 7124 l 9159 7110 l 9106 7097 l 9056 7084 l + 9010 7071 l 8966 7058 l 8925 7045 l 8885 7032 l 8848 7019 l + 8812 7006 l 8778 6993 l 8746 6981 l 8715 6968 l 8685 6956 l + 8657 6944 l 8631 6933 l 8607 6922 l 8585 6912 l 8565 6903 l + 8548 6895 l 8533 6888 l 8521 6883 l 8511 6878 l 8504 6874 l + + 8493 6869 l gs col1 s gr gr + [] 0 sd +% arrowhead +0 slj +n 8590 6891 m 8508 6876 l 8573 6928 l 8590 6891 l cp gs col1 1.00 shd ef gr col1 s +% Polyline +2 slj + [60] 0 sd +gs clippath +8591 6548 m 8479 6541 l 8476 6582 l 8589 6589 l 8589 6589 l 8509 6564 l 8591 6548 l cp +eoclip +n 9898 5647 m 9898 5648 l 9898 5651 l 9898 5655 l 9897 5662 l 9897 5672 l + 9896 5685 l 9895 5701 l 9893 5720 l 9891 5742 l 9888 5766 l + 9885 5793 l 9881 5821 l 9876 5851 l 9870 5882 l 9863 5913 l + 9854 5946 l 9845 5978 l 9833 6011 l 9820 6044 l 9805 6077 l + 9788 6111 l 9768 6145 l 9746 6179 l 9719 6213 l 9690 6247 l + 9656 6281 l 9619 6315 l 9577 6348 l 9532 6380 l 9487 6407 l + 9440 6432 l 9393 6455 l 9346 6475 l 9299 6492 l 9252 6507 l + 9206 6520 l 9161 6530 l 9116 6540 l 9072 6547 l 9028 6553 l + 8984 6558 l 8941 6562 l 8899 6565 l 8857 6567 l 8816 6569 l + 8776 6570 l 8737 6570 l 8700 6570 l 8666 6569 l 8633 6569 l + 8604 6568 l 8578 6567 l 8556 6566 l 8537 6565 l 8522 6565 l + 8510 6564 l + 8493 6563 l gs col1 s gr gr + [] 0 sd +% arrowhead +0 slj +n 8591 6548 m 8509 6564 l 8589 6589 l 8591 6548 l cp gs col1 1.00 shd ef gr col1 s +% Polyline +2 slj + [60] 0 sd +gs clippath +8591 6735 m 8479 6725 l 8476 6765 l 8588 6775 l 8588 6775 l 8509 6748 l 8591 6735 l cp +eoclip +n 12465 5647 m 12465 5648 l 12466 5649 l 12466 5651 l 12468 5655 l 12470 5661 l + 12472 5668 l 12475 5678 l 12478 5689 l 12482 5703 l 12486 5719 l + 12491 5737 l 12495 5757 l 12500 5779 l 12504 5803 l 12508 5828 l + 12512 5855 l 12514 5882 l 12516 5911 l 12517 5941 l 12516 5971 l + 12514 6002 l 12510 6033 l 12504 6065 l 12496 6096 l 12486 6128 l + 12473 6160 l 12457 6192 l 12437 6224 l 12414 6256 l 12388 6287 l + 12356 6319 l 12321 6351 l 12280 6383 l 12234 6414 l 12181 6446 l + 12123 6477 l 12058 6508 l 11986 6539 l 11908 6568 l 11823 6597 l + 11731 6624 l 11659 6643 l 11584 6661 l 11507 6678 l 11428 6693 l + 11349 6707 l 11269 6721 l 11189 6732 l 11108 6743 l 11027 6753 l + 10947 6762 l 10866 6769 l 10786 6776 l 10706 6782 l 10626 6787 l + 10547 6791 l 10468 6795 l 10388 6798 l 10310 6800 l 10231 6801 l + 10152 6803 l 10074 6803 l 9996 6803 l 9918 6803 l 9841 6802 l + 9764 6801 l 9688 6800 l 9612 6798 l 9537 6796 l 9463 6794 l + 9391 6792 l 9320 6789 l 9250 6787 l 9182 6784 l 9117 6781 l + 9053 6778 l 8993 6775 l 8935 6772 l 8880 6769 l 8829 6767 l + 8781 6764 l 8737 6762 l 8697 6759 l 8661 6757 l 8628 6755 l + 8600 6754 l 8575 6752 l 8554 6751 l 8537 6750 l 8523 6749 l + 8512 6748 l 8504 6748 l + 8493 6747 l gs col1 s gr gr + [] 0 sd +% arrowhead +0 slj +n 8591 6735 m 8509 6748 l 8588 6775 l 8591 6735 l cp gs col1 1.00 shd ef gr col1 s +% Polyline +2 slj + [60] 0 sd +gs clippath +6745 6644 m 6858 6644 l 6858 6603 l 6745 6603 l 6745 6603 l 6827 6624 l 6745 6644 l cp +eoclip +n 2077 5647 m 2077 5648 l 2077 5650 l 2076 5653 l 2076 5657 l 2075 5663 l + 2075 5670 l 2074 5679 l 2074 5690 l 2074 5702 l 2074 5716 l + 2074 5732 l 2075 5750 l 2076 5768 l 2078 5788 l 2081 5810 l + 2084 5832 l 2089 5855 l 2095 5880 l 2103 5904 l 2111 5929 l + 2122 5955 l 2134 5981 l 2149 6007 l 2166 6034 l 2185 6060 l + 2207 6087 l 2232 6113 l 2260 6140 l 2291 6166 l 2327 6193 l + 2367 6219 l 2411 6246 l 2460 6273 l 2515 6299 l 2575 6326 l + 2641 6352 l 2714 6379 l 2793 6405 l 2879 6430 l 2972 6455 l + 3071 6479 l 3177 6502 l 3258 6518 l 3341 6533 l 3425 6547 l + 3511 6560 l 3598 6572 l 3685 6584 l 3772 6594 l 3860 6604 l + 3947 6612 l 4034 6620 l 4120 6627 l 4206 6634 l 4292 6640 l + 4377 6645 l 4462 6649 l 4546 6653 l 4630 6656 l 4714 6659 l + 4797 6661 l 4880 6663 l 4963 6664 l 5045 6665 l 5127 6666 l + 5208 6666 l 5289 6666 l 5370 6666 l 5450 6665 l 5530 6665 l + 5608 6663 l 5686 6662 l 5763 6661 l 5838 6659 l 5912 6657 l + 5985 6656 l 6056 6654 l 6124 6652 l 6191 6649 l 6255 6647 l + 6316 6645 l 6375 6643 l 6430 6641 l 6483 6639 l 6531 6637 l + 6576 6636 l 6618 6634 l 6655 6632 l 6689 6631 l 6719 6630 l + 6746 6628 l 6768 6627 l 6787 6627 l 6803 6626 l 6816 6625 l + 6825 6625 l 6833 6624 l + 6843 6624 l gs col1 s gr gr + [] 0 sd +% arrowhead +0 slj +n 6745 6644 m 6827 6624 l 6745 6603 l 6745 6644 l cp gs col1 1.00 shd ef gr col1 s +% Polyline +2 slj + [60] 0 sd +gs clippath +6748 6778 m 6860 6765 l 6855 6725 l 6743 6737 l 6743 6737 l 6827 6749 l 6748 6778 l cp +eoclip +n 733 5647 m 733 5649 l 734 5651 l 735 5654 l 736 5659 l 737 5665 l + 740 5674 l 743 5684 l 746 5696 l 750 5711 l 756 5727 l + 762 5746 l 769 5766 l 777 5788 l 786 5813 l 797 5838 l + 808 5866 l 821 5894 l 836 5924 l 852 5955 l 869 5987 l + 888 6019 l 909 6052 l 931 6085 l 956 6119 l 983 6152 l + 1012 6186 l 1043 6220 l 1077 6254 l 1114 6287 l 1154 6321 l + 1197 6354 l 1244 6387 l 1295 6420 l 1349 6453 l 1409 6486 l + 1473 6518 l 1543 6550 l 1618 6582 l 1699 6613 l 1786 6644 l + 1880 6674 l 1980 6703 l 2087 6731 l 2200 6758 l 2319 6784 l + 2444 6808 l 2538 6824 l 2633 6839 l 2730 6853 l 2828 6865 l + 2927 6877 l 3025 6887 l 3124 6896 l 3222 6905 l 3320 6912 l + 3418 6918 l 3515 6923 l 3611 6927 l 3707 6931 l 3801 6934 l + 3896 6935 l 3989 6937 l 4082 6937 l 4174 6937 l 4266 6936 l + 4357 6934 l 4447 6933 l 4537 6930 l 4627 6927 l 4716 6924 l + 4805 6920 l 4893 6915 l 4980 6911 l 5067 6906 l 5153 6901 l + 5239 6895 l 5324 6889 l 5408 6883 l 5491 6877 l 5573 6870 l + 5654 6864 l 5733 6857 l 5811 6851 l 5888 6844 l 5962 6837 l + 6034 6830 l 6104 6824 l 6171 6817 l 6236 6811 l 6298 6805 l + 6357 6799 l 6413 6793 l 6465 6788 l 6514 6783 l 6560 6778 l + 6602 6774 l 6640 6770 l 6674 6766 l 6705 6762 l 6732 6759 l + 6756 6757 l 6776 6755 l 6794 6753 l 6808 6751 l 6819 6750 l + 6828 6749 l 6834 6748 l + 6843 6747 l gs col1 s gr gr + [] 0 sd +% arrowhead +0 slj +n 6748 6778 m 6827 6749 l 6743 6737 l 6748 6778 l cp gs col1 1.00 shd ef gr col1 s +% Polyline +2 slj + [60] 0 sd +gs clippath +6745 6522 m 6858 6522 l 6858 6481 l 6745 6481 l 6745 6481 l 6827 6502 l 6745 6522 l cp +eoclip +n 3361 5647 m 3361 5648 l 3361 5650 l 3360 5653 l 3360 5657 l 3359 5663 l + 3359 5670 l 3358 5678 l 3358 5689 l 3357 5700 l 3357 5714 l + 3358 5728 l 3359 5744 l 3360 5762 l 3363 5780 l 3366 5799 l + 3370 5819 l 3375 5840 l 3382 5861 l 3390 5882 l 3400 5904 l + 3412 5926 l 3425 5949 l 3441 5971 l 3460 5994 l 3481 6017 l + 3506 6040 l 3533 6063 l 3565 6086 l 3600 6109 l 3640 6133 l + 3685 6156 l 3735 6180 l 3790 6204 l 3851 6227 l 3918 6251 l + 3991 6274 l 4070 6297 l 4155 6319 l 4226 6336 l 4299 6352 l + 4374 6366 l 4450 6380 l 4526 6393 l 4603 6405 l 4680 6416 l + 4756 6426 l 4832 6436 l 4908 6444 l 4983 6452 l 5058 6459 l + 5133 6465 l 5207 6470 l 5280 6475 l 5353 6480 l 5426 6484 l + 5499 6488 l 5571 6491 l 5643 6493 l 5714 6496 l 5785 6498 l + 5855 6499 l 5925 6501 l 5993 6502 l 6061 6503 l 6127 6504 l + 6192 6504 l 6255 6505 l 6315 6505 l 6374 6505 l 6430 6505 l + 6482 6505 l 6532 6505 l 6578 6505 l 6621 6504 l 6660 6504 l + 6695 6504 l 6725 6503 l 6752 6503 l 6775 6503 l 6794 6503 l + 6809 6502 l 6821 6502 l 6830 6502 l + 6843 6502 l gs col1 s gr gr + [] 0 sd +% arrowhead +0 slj +n 6745 6522 m 6827 6502 l 6745 6481 l 6745 6522 l cp gs col1 1.00 shd ef gr col1 s +/Helvetica-iso ff 165.00 scf sf +9623 4242 m +gs 1 -1 sc (OpenPGP) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +9776 4853 m +gs 1 -1 sc (APDU and ISO-7816 access code) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +9623 5464 m +gs 1 -1 sc (CCID) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +12220 5464 m +gs 1 -1 sc (CT-API) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +10957 5464 m +gs 1 -1 sc (PC/SC) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +10998 4242 m +gs 1 -1 sc (NKS) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +12067 4242 m +gs 1 -1 sc (PKCS#15) col0 sh gr +/Helvetica-Bold-iso ff 225.00 scf sf +10540 2989 m +gs 1 -1 sc (SCDaemon) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +10896 6176 m +gs 1 -1 sc (wrapper) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +458 4242 m +gs 1 -1 sc (OpenPGP) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +611 4853 m +gs 1 -1 sc (APDU and ISO-7816 access code) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +458 5464 m +gs 1 -1 sc (CCID) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +3055 5464 m +gs 1 -1 sc (CT-API) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +1792 5464 m +gs 1 -1 sc (PC/SC) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +2291 4058 m +gs 1 -1 sc (Gluecode) col0 sh gr +/Helvetica-Bold-iso ff 225.00 scf sf +1375 2989 m +gs 1 -1 sc (gpg 1.4) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +5194 5128 m +gs 1 -1 sc 90.0 rot (Assuan) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +5194 3447 m +gs 1 -1 sc 90.0 rot (ssh-agent) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +6110 3753 m +gs 1 -1 sc (Private Key) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +6110 4058 m +gs 1 -1 sc (Operations) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +6874 4822 m +gs 1 -1 sc (Card) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +5957 4822 m +gs 1 -1 sc (Disk) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +7790 3905 m +gs 1 -1 sc (Cache) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +9776 3294 m +gs 1 -1 sc 90.0 rot (Assuan) col0 sh gr +/Helvetica-Bold-iso ff 225.00 scf sf +7027 881 m +gs 1 -1 sc (pinentry) col0 sh gr +/Helvetica-iso ff 150.00 scf sf +6874 1187 m +gs 1 -1 sc (\(GTK+, Qt, Curses\)) col0 sh gr +/Helvetica-iso ff 150.00 scf sf +11365 392 m +gs 1 -1 sc (Alternative access paths) col0 sh gr +/Helvetica-iso ff 150.00 scf sf +11365 698 m +gs 1 -1 sc (IPC \(pipe or socket\)) col0 sh gr +/Helvetica-iso ff 150.00 scf sf +11365 1003 m +gs 1 -1 sc (Internal data flow) col0 sh gr +/Helvetica-Bold-iso ff 225.00 scf sf +5957 2989 m +gs 1 -1 sc (gpg-agent) col0 sh gr +/Helvetica-iso ff 165.00 scf sf +10998 7297 m +gs 1 -1 sc (pcsd) col0 sh gr +% Polyline +n 7084 6526 m 7069 6526 7069 6731 15 arcto 4 {pop} repeat + 7069 6746 7292 6746 15 arcto 4 {pop} repeat + 7307 6746 7307 6541 15 arcto 4 {pop} repeat + 7307 6526 7084 6526 15 arcto 4 {pop} repeat + cp gs col31 1.00 shd ef gr gs col0 s gr +% Polyline +n 7234 6691 m + 7307 6691 l gs col0 s gr +% Polyline +n 7069 6636 m + 7143 6636 l gs 0.00 setgray ef gr gs col0 s gr +% Polyline +n 7069 6581 m + 7143 6581 l gs col0 s gr +% Polyline +n 7069 6691 m + 7143 6691 l gs col0 s gr +% Polyline +n 7143 6526 m + 7143 6746 l gs col0 s gr +% Polyline +n 7307 6581 m 7234 6581 l + 7234 6746 l gs col0 s gr +% Polyline +n 7234 6636 m + 7307 6636 l gs col0 s gr +% here ends figure; +pagefooter +showpage +%%Trailer +%EOF diff --git a/doc/gnupg-card-architecture.fig b/doc/gnupg-card-architecture.fig new file mode 100644 index 0000000..0efa362 --- /dev/null +++ b/doc/gnupg-card-architecture.fig @@ -0,0 +1,419 @@ +#FIG 3.2 Produced by xfig version 3.2.5-alpha5 +# Copyright 2005 Werner Koch +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. +# +Landscape +Center +Metric +A4 +100.00 +Single +-2 +1200 2 +0 32 #414541 +0 33 #808080 +0 34 #c0c0c0 +0 35 #c6b797 +0 36 #eff8ff +0 37 #dccba6 +0 38 #e0e0e0 +0 39 #8e8f8e +0 40 #aaaaaa +0 41 #555555 +0 42 #404040 +0 43 #868286 +0 44 #c7c3c7 +0 45 #e7e3e7 +0 46 #8e8e8e +0 47 #444444 +0 48 #868686 +0 49 #c7c7c7 +0 50 #666666 +0 51 #e2e2ee +0 52 #94949a +0 53 #dbdbdb +0 54 #a1a1b7 +0 55 #9c0000 +0 56 #ededed +0 57 #86acff +0 58 #7070ff +0 59 #bebebe +0 60 #515151 +0 61 #000049 +0 62 #797979 +0 63 #303430 +0 64 #c7b696 +0 65 #d7d7d7 +0 66 #aeaeae +0 67 #85807d +0 68 #d2d2d2 +0 69 #3a3a3a +0 70 #4573aa +0 71 #000000 +0 72 #e7e7e7 +0 73 #f7f7f7 +0 74 #d6d7d6 +0 75 #7b79a5 +0 76 #effbff +0 77 #9e9e9e +0 78 #717571 +0 79 #73758c +0 80 #414141 +0 81 #635dce +0 82 #565151 +0 83 #dd9d93 +0 84 #f1ece0 +0 85 #c3c3c3 +0 86 #e2c8a8 +0 87 #e1e1e1 +0 88 #da7a1a +0 89 #f1e41a +0 90 #887dc2 +0 91 #d6d6d6 +0 92 #8c8ca5 +0 93 #4a4a4a +0 94 #8c6b6b +0 95 #5a5a5a +0 96 #636363 +0 97 #b79b73 +0 98 #4193ff +0 99 #bf703b +0 100 #db7700 +0 101 #dab800 +0 102 #006400 +0 103 #5a6b3b +0 104 #d3d3d3 +0 105 #8e8ea4 +0 106 #f3b95d +0 107 #89996b +0 108 #646464 +0 109 #b7e6ff +0 110 #86c0ec +0 111 #bdbdbd +0 112 #d39552 +0 113 #98d2fe +0 114 #8c9c6b +0 115 #f76b00 +0 116 #5a6b39 +0 117 #8c9c6b +0 118 #8c9c7b +0 119 #184a18 +0 120 #adadad +0 121 #f7bd5a +0 122 #636b9c +0 123 #de0000 +0 124 #adadad +0 125 #f7bd5a +0 126 #adadad +0 127 #f7bd5a +0 128 #636b9c +0 129 #526b29 +0 130 #949494 +0 131 #006300 +0 132 #00634a +0 133 #7b844a +0 134 #e7bd7b +0 135 #a5b5c6 +0 136 #6b6b94 +0 137 #846b6b +0 138 #529c4a +0 139 #d6e7e7 +0 140 #526363 +0 141 #186b4a +0 142 #9ca5b5 +0 143 #ff9400 +0 144 #ff9400 +0 145 #00634a +0 146 #7b844a +0 147 #63737b +0 148 #e7bd7b +0 149 #184a18 +0 150 #f7bd5a +0 151 #dedede +0 152 #f3eed3 +0 153 #f5ae5d +0 154 #95ce99 +0 155 #b5157d +0 156 #eeeeee +0 157 #848484 +0 158 #7b7b7b +0 159 #005a00 +0 160 #e77373 +0 161 #ffcb31 +0 162 #29794a +0 163 #de2821 +0 164 #2159c6 +0 165 #f8f8f8 +0 166 #e6e6e6 +0 167 #21845a +0 168 #ff9408 +0 169 #007000 +0 170 #d00000 +0 171 #fed600 +0 172 #d82010 +0 173 #003484 +0 174 #d62010 +0 175 #389000 +0 176 #ba0000 +0 177 #003380 +0 178 #00a7bd +0 179 #ffc500 +0 180 #087bd0 +0 181 #fbc100 +0 182 #840029 +0 183 #07399c +0 184 #0063bd +0 185 #39acdf +0 186 #42c0e0 +0 187 #31ceff +0 188 #ffde00 +0 189 #085a00 +0 190 #ff2100 +0 191 #f75e08 +0 192 #ef7b08 +0 193 #ff8200 +0 194 #007d00 +0 195 #0000be +0 196 #757575 +0 197 #f3f3f3 +0 198 #d7d3d7 +0 199 #aeaaae +0 200 #c2c2c2 +0 201 #303030 +0 202 #515551 +0 203 #f7f3f7 +0 204 #717171 +6 9270 1980 13230 6570 +6 9471 3906 13014 5677 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 10540 4394 10540 3936 9471 3936 9471 4394 10540 4394 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 10387 5616 10387 5158 9471 5158 9471 5616 10387 5616 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 12984 5005 12984 4547 9471 4547 9471 5005 12984 5005 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 12984 5616 12984 5158 12067 5158 12067 5616 12984 5616 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 11701 5627 11701 5168 10784 5168 10784 5627 11701 5627 +4 0 0 50 -1 16 11 0.0000 4 173 835 9623 4242 OpenPGP\001 +4 0 0 50 -1 16 11 0.0000 4 132 2770 9776 4853 APDU and ISO-7816 access code\001 +4 0 0 50 -1 16 11 0.0000 4 132 448 9623 5464 CCID\001 +4 0 0 50 -1 16 11 0.0000 4 132 601 12220 5464 CT-API\001 +4 0 0 50 -1 16 11 0.0000 4 132 560 10957 5464 PC/SC\001 +-6 +6 10693 3906 13014 4394 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 11762 4394 11762 3936 10693 3936 10693 4394 11762 4394 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 12984 4394 12984 3936 11915 3936 11915 4394 12984 4394 +4 0 0 50 -1 16 11 0.0000 4 132 377 10998 4242 NKS\001 +4 0 0 50 -1 16 11 0.0000 4 132 804 12067 4242 PKCS#15\001 +-6 +2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5 + 13137 2072 9318 2072 9318 5739 13137 5739 13137 2072 +2 1 2 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2 + 9318 3753 13137 3753 +2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5 + 11691 6360 10774 6360 10774 5901 11691 5901 11691 6360 +2 1 2 2 0 7 50 -1 -1 4.500 0 0 -1 0 0 1 + 11762 5739 +2 1 1 2 0 7 50 -1 -1 6.000 0 0 -1 0 0 4 + 10693 5739 10693 6502 11762 6502 11762 5739 +4 0 0 50 -1 18 15 0.0000 4 183 1293 10540 2989 SCDaemon\001 +4 0 0 50 -1 16 11 0.0000 4 133 662 10896 6176 wrapper\001 +-6 +6 90 1980 4050 5760 +6 306 3906 3849 5677 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 1375 4394 1375 3936 306 3936 306 4394 1375 4394 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 1222 5616 1222 5158 306 5158 306 5616 1222 5616 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 3819 5005 3819 4547 306 4547 306 5005 3819 5005 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 3819 5616 3819 5158 2902 5158 2902 5616 3819 5616 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 2536 5627 2536 5168 1619 5168 1619 5627 2536 5627 +4 0 0 50 -1 16 11 0.0000 4 173 835 458 4242 OpenPGP\001 +4 0 0 50 -1 16 11 0.0000 4 132 2770 611 4853 APDU and ISO-7816 access code\001 +4 0 0 50 -1 16 11 0.0000 4 132 448 458 5464 CCID\001 +4 0 0 50 -1 16 11 0.0000 4 132 601 3055 5464 CT-API\001 +4 0 0 50 -1 16 11 0.0000 4 132 560 1792 5464 PC/SC\001 +-6 +6 2139 3753 3208 4211 +2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5 + 3208 4211 3208 3753 2139 3753 2139 4211 3208 4211 +4 0 0 50 -1 16 11 0.0000 4 132 784 2291 4058 Gluecode\001 +-6 +2 1 2 2 0 7 50 -1 -1 4.500 0 0 -1 0 0 1 + 2597 5739 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2 + 1 1 1.00 40.73 81.47 + 2139 4028 1405 4150 +2 1 2 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 4 + 153 3753 1833 3753 1833 4364 3972 4364 +2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5 + 3972 2072 153 2072 153 5739 3972 5739 3972 2072 +4 0 0 50 -1 18 15 0.0000 4 224 866 1375 2989 gpg 1.4\001 +-6 +6 4888 4058 5346 5433 +2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5 + 5346 5433 5346 4058 4888 4058 4888 5433 5346 5433 +4 0 0 50 -1 16 11 1.5708 4 132 611 5194 5128 Assuan\001 +-6 +6 4680 1980 8640 5760 +2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5 + 5346 3753 5346 2378 4888 2378 4888 3753 5346 3753 +2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5 + 8554 5739 4735 5739 4735 2072 8554 2072 8554 5739 +4 0 0 50 -1 16 11 1.5708 4 173 804 5194 3447 ssh-agent\001 +-6 +6 5805 3447 7332 4975 +6 5957 3447 7179 4211 +2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5 + 7179 4211 7179 3447 5957 3447 5957 4211 7179 4211 +4 0 0 50 -1 16 11 0.0000 4 173 937 6110 3753 Private Key\001 +4 0 0 50 -1 16 11 0.0000 4 173 896 6110 4058 Operations\001 +-6 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1 + 7195 4883 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1 + 7195 4883 +2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5 + 7332 4975 7332 4517 6721 4517 6721 4975 7332 4975 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2 + 1 1 1.00 40.73 81.47 + 1 1 1.00 40.73 81.47 + 6568 4211 7027 4517 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2 + 1 1 1.00 40.73 81.47 + 1 1 1.00 40.73 81.47 + 6568 4211 6110 4517 +2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5 + 6416 4975 6416 4517 5805 4517 5805 4975 6416 4975 +4 0 0 50 -1 16 11 0.0000 4 132 397 6874 4822 Card\001 +4 0 0 50 -1 16 11 0.0000 4 132 356 5957 4822 Disk\001 +-6 +6 7638 3600 8401 4058 +2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5 + 8401 4058 8401 3600 7638 3600 7638 4058 8401 4058 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1 + 7638 3814 +4 0 0 50 -1 16 11 0.0000 4 132 530 7790 3905 Cache\001 +-6 +6 9471 2225 9929 3600 +2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5 + 9929 3600 9929 2225 9471 2225 9471 3600 9929 3600 +4 0 0 50 -1 16 11 1.5708 4 132 611 9776 3294 Assuan\001 +-6 +6 6480 360 8640 1440 +2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5 + 8554 1339 6568 1339 6568 423 8554 423 8554 1339 +4 0 0 50 -1 18 15 0.0000 4 234 967 7027 881 pinentry\001 +4 0 0 50 -1 16 10 0.0000 4 153 1375 6874 1187 (GTK+, Qt, Curses)\001 +-6 +6 10570 270 13137 1003 +2 1 1 1 1 2 50 -1 -1 4.000 0 0 -1 1 0 2 + 1 1 1.00 40.73 81.47 + 10632 331 11181 331 +2 1 0 2 1 2 50 -1 -1 6.000 0 0 -1 1 0 2 + 1 1 2.00 81.47 162.94 + 10632 637 11181 637 +2 1 0 1 0 2 50 -1 -1 4.000 0 0 -1 1 0 2 + 1 1 1.00 40.73 81.47 + 10632 942 11181 942 +4 0 0 50 -1 16 10 0.0000 4 163 1762 11365 392 Alternative access paths\001 +4 0 0 50 -1 16 10 0.0000 4 163 1426 11365 698 IPC (pipe or socket)\001 +4 0 0 50 -1 16 10 0.0000 4 122 1232 11365 1003 Internal data flow\001 +-6 +# Smartcard ID-1 +6 6840 6120 8550 7200 +6 7069 6526 7307 6746 +2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2 + 7234 6691 7307 6691 +2 1 0 1 0 0 48 -1 20 0.000 0 0 -1 0 0 2 + 7069 6636 7143 6636 +2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2 + 7069 6581 7143 6581 +2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2 + 7069 6691 7143 6691 +2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2 + 7143 6526 7143 6746 +2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 3 + 7307 6581 7234 6581 7234 6746 +2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2 + 7234 6636 7307 6636 +2 4 0 1 0 31 49 -1 20 0.000 0 0 1 0 0 5 + 7069 6526 7307 6526 7307 6746 7069 6746 7069 6526 +-6 +2 4 0 1 -1 7 50 -1 20 0.000 0 0 1 0 0 5 + 8472 7185 6904 7185 6904 6197 8472 6197 8472 7185 +-6 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2 + 1 1 1.00 40.73 81.47 + 5346 3142 5957 3753 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2 + 1 1 1.00 40.73 81.47 + 5346 4669 5957 3905 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2 + 1 1 1.00 40.73 81.47 + 1 1 1.00 40.73 81.47 + 7179 3814 7638 3814 +2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5 + 11731 7480 10693 7480 10693 6991 11731 6991 11731 7480 +3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3 + 1 1 2.00 81.47 162.94 + 8022 3600 8096 2225 7513 1360 + 0.000 -1.000 0.000 +3 2 0 2 1 2 50 -1 -1 0.000 0 1 0 3 + 0 0 2.00 81.47 162.94 + 7332 4730 8737 4486 9471 2897 + 0.000 -1.000 0.000 +3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3 + 1 1 2.00 81.47 162.94 + 3238 3997 4216 4242 4888 4730 + 0.000 -1.000 0.000 +3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3 + 1 1 2.00 81.47 162.94 + 11243 6502 11304 6747 11181 6991 + 0.000 -1.000 0.000 +3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3 + 1 1 1.00 40.73 81.47 + 10693 7235 9471 7174 8493 6869 + 0.000 -1.000 0.000 +3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3 + 1 1 1.00 40.73 81.47 + 9898 5647 9532 6380 8493 6563 + 0.000 -1.000 0.000 +3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3 + 1 1 1.00 40.73 81.47 + 12465 5647 11731 6624 8493 6747 + 0.000 -1.000 0.000 +3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3 + 1 1 1.00 40.73 81.47 + 2077 5647 3177 6502 6843 6624 + 0.000 -1.000 0.000 +3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3 + 1 1 1.00 40.73 81.47 + 733 5647 2444 6808 6843 6747 + 0.000 -1.000 0.000 +3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3 + 1 1 1.00 40.73 81.47 + 3361 5647 4155 6319 6843 6502 + 0.000 -1.000 0.000 +4 0 0 50 -1 18 15 0.0000 4 214 1191 5957 2989 gpg-agent\001 +4 0 0 50 -1 16 11 0.0000 4 173 387 10998 7297 pcsd\001 diff --git a/doc/gnupg-card-architecture.pdf b/doc/gnupg-card-architecture.pdf Binary files differnew file mode 100644 index 0000000..dac8c4c --- /dev/null +++ b/doc/gnupg-card-architecture.pdf diff --git a/doc/gnupg-card-architecture.png b/doc/gnupg-card-architecture.png Binary files differnew file mode 100644 index 0000000..860bbb9 --- /dev/null +++ b/doc/gnupg-card-architecture.png diff --git a/doc/gnupg-logo.eps b/doc/gnupg-logo.eps new file mode 100644 index 0000000..d428f23 --- /dev/null +++ b/doc/gnupg-logo.eps @@ -0,0 +1,2704 @@ +%!PS-Adobe-3.0 EPSF-3.0 +%%Creator: (ImageMagick) +%%Title: (gnupg-logo.eps) +%%CreationDate: (Thu Mar 8 17:48:33 2007) +%%BoundingBox: 0 0 118 38 +%%HiResBoundingBox: 0 0 118.11 38 +%%DocumentData: Clean7Bit +%%LanguageLevel: 1 +%%Pages: 1 +%%EndComments + +%%BeginDefaults +%%EndDefaults + +%%BeginProlog +% +% Display a color image. The image is displayed in color on +% Postscript viewers or printers that support color, otherwise +% it is displayed as grayscale. +% +/DirectClassPacket +{ + % + % Get a DirectClass packet. + % + % Parameters: + % red. + % green. + % blue. + % length: number of pixels minus one of this color (optional). + % + currentfile color_packet readhexstring pop pop + compression 0 eq + { + /number_pixels 3 def + } + { + currentfile byte readhexstring pop 0 get + /number_pixels exch 1 add 3 mul def + } ifelse + 0 3 number_pixels 1 sub + { + pixels exch color_packet putinterval + } for + pixels 0 number_pixels getinterval +} bind def + +/DirectClassImage +{ + % + % Display a DirectClass image. + % + systemdict /colorimage known + { + columns rows 8 + [ + columns 0 0 + rows neg 0 rows + ] + { DirectClassPacket } false 3 colorimage + } + { + % + % No colorimage operator; convert to grayscale. + % + columns rows 8 + [ + columns 0 0 + rows neg 0 rows + ] + { GrayDirectClassPacket } image + } ifelse +} bind def + +/GrayDirectClassPacket +{ + % + % Get a DirectClass packet; convert to grayscale. + % + % Parameters: + % red + % green + % blue + % length: number of pixels minus one of this color (optional). + % + currentfile color_packet readhexstring pop pop + color_packet 0 get 0.299 mul + color_packet 1 get 0.587 mul add + color_packet 2 get 0.114 mul add + cvi + /gray_packet exch def + compression 0 eq + { + /number_pixels 1 def + } + { + currentfile byte readhexstring pop 0 get + /number_pixels exch 1 add def + } ifelse + 0 1 number_pixels 1 sub + { + pixels exch gray_packet put + } for + pixels 0 number_pixels getinterval +} bind def + +/GrayPseudoClassPacket +{ + % + % Get a PseudoClass packet; convert to grayscale. + % + % Parameters: + % index: index into the colormap. + % length: number of pixels minus one of this color (optional). + % + currentfile byte readhexstring pop 0 get + /offset exch 3 mul def + /color_packet colormap offset 3 getinterval def + color_packet 0 get 0.299 mul + color_packet 1 get 0.587 mul add + color_packet 2 get 0.114 mul add + cvi + /gray_packet exch def + compression 0 eq + { + /number_pixels 1 def + } + { + currentfile byte readhexstring pop 0 get + /number_pixels exch 1 add def + } ifelse + 0 1 number_pixels 1 sub + { + pixels exch gray_packet put + } for + pixels 0 number_pixels getinterval +} bind def + +/PseudoClassPacket +{ + % + % Get a PseudoClass packet. + % + % Parameters: + % index: index into the colormap. + % length: number of pixels minus one of this color (optional). + % + currentfile byte readhexstring pop 0 get + /offset exch 3 mul def + /color_packet colormap offset 3 getinterval def + compression 0 eq + { + /number_pixels 3 def + } + { + currentfile byte readhexstring pop 0 get + /number_pixels exch 1 add 3 mul def + } ifelse + 0 3 number_pixels 1 sub + { + pixels exch color_packet putinterval + } for + pixels 0 number_pixels getinterval +} bind def + +/PseudoClassImage +{ + % + % Display a PseudoClass image. + % + % Parameters: + % class: 0-PseudoClass or 1-Grayscale. + % + currentfile buffer readline pop + token pop /class exch def pop + class 0 gt + { + currentfile buffer readline pop + token pop /depth exch def pop + /grays columns 8 add depth sub depth mul 8 idiv string def + columns rows depth + [ + columns 0 0 + rows neg 0 rows + ] + { currentfile grays readhexstring pop } image + } + { + % + % Parameters: + % colors: number of colors in the colormap. + % colormap: red, green, blue color packets. + % + currentfile buffer readline pop + token pop /colors exch def pop + /colors colors 3 mul def + /colormap colors string def + currentfile colormap readhexstring pop pop + systemdict /colorimage known + { + columns rows 8 + [ + columns 0 0 + rows neg 0 rows + ] + { PseudoClassPacket } false 3 colorimage + } + { + % + % No colorimage operator; convert to grayscale. + % + columns rows 8 + [ + columns 0 0 + rows neg 0 rows + ] + { GrayPseudoClassPacket } image + } ifelse + } ifelse +} bind def + +/DisplayImage +{ + % + % Display a DirectClass or PseudoClass image. + % + % Parameters: + % x & y translation. + % x & y scale. + % label pointsize. + % image label. + % image columns & rows. + % class: 0-DirectClass or 1-PseudoClass. + % compression: 0-none or 1-RunlengthEncoded. + % hex color packets. + % + gsave + /buffer 512 string def + /byte 1 string def + /color_packet 3 string def + /pixels 768 string def + + currentfile buffer readline pop + token pop /x exch def + token pop /y exch def pop + x y translate + currentfile buffer readline pop + token pop /x exch def + token pop /y exch def pop + currentfile buffer readline pop + token pop /pointsize exch def pop + /Times-Roman findfont pointsize scalefont setfont + x y scale + currentfile buffer readline pop + token pop /columns exch def + token pop /rows exch def pop + currentfile buffer readline pop + token pop /class exch def pop + currentfile buffer readline pop + token pop /compression exch def pop + class 0 gt { PseudoClassImage } { DirectClassImage } ifelse + grestore +} bind def +%%EndProlog +%%Page: 1 1 +%%PageBoundingBox: 0 0 118 38 +userdict begin +DisplayImage +0 0 +118.11 38.189 +12.000000 +300 97 +0 +0 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEFFBFE3F675C3EC33A7E30795DE008EDB008CDB +008DDB008FDC0092DD0093DD0093DD0093DD0093DD0091DC008FDC008DDB008CDB008EDB +0996DE38AAE47AC5EDC3E5F7FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEBF7FC91CFF031A6E30090DC008CDB008FDC0092DD0093DD0093DD +0093DD0092DD0091DC0090DC0090DC008FDC0090DC0091DC0091DD0092DD0093DD0093DD +0092DD008FDC008CDB0091DC35A8E397D2F1F0F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFEDF8FD81C8EE1B9DE0008CDB008FDC0093DD0093DD0093DD0091DD008FDC008DDB +008DDB0092DD0E99DF1B9EE126A3E22AA5E320A1E11A9EE00A97DE0091DC008DDB008DDB +008FDC0092DD0093DD0092DD008FDC008DDB229FE189CCEFF1F9FDFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +A1D7F2239FE1008CDB0090DC0093DD0093DD0092DD008EDC008DDB0C97DE37A9E474C3EC +A4D7F3C8E7F8E6F4FCF4FAFDFCFEFFFFFFFFFEFFFFFCFEFFEBF7FCCDEAF8A5D8F370C2EC +32A7E30895DE008DDB008FDC0093DD0093DD0090DC008CDB28A2E2ACDBF4FFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDEF1FB4CB2E6 +008EDB008FDC0093DD0093DD0092DD008DDB0091DC3FACE597D2F1DFF1FBFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFF7FBFEE7F4FCD5EDF9CBE9F8C4E5F7CFEAF8DDF1FAEEF8FD +EFF8FDD6EDF995D1F140ADE50593DD008FDC0093DD0093DD008FDC008EDC56B6E8E6F5FC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB1DEF51A9CE0008CDB +0093DD0093DD0093DD008EDB0493DD55B5E8C3E5F7FFFFFFFFFFFFFFFFFFFFFFFFF9FDFE +CDE9F89BD4F165BDEA38AAE41F9FE10D98DF0294DD0091DC008FDC0091DC0193DD0B97DE +1D9FE13AABE468BFEB8DCEF07AC5ED39A9E40A95DE0092DD0093DD0092DD008CDB229FE0 +BBE2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8ACDEF0090DC0090DC0093DD +0093DD0091DC008DDB44AEE6C7E7F8FFFFFFFFFFFFFFFFFFFFFFFFC9E7F871C2EC2AA3E2 +0192DD008DDB008DDB008FDC0090DC0091DC0092DD0092DD0093DD0092DD0092DD0091DD +0090DC008FDC008DDB008EDB0996DE23A2E2189DE00192DD0093DD0093DD0093DD008FDC +0592DD96D2F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF73C3EC008DDB0091DD0093DD0093DD +008EDB1198DF96D2F1FFFFFFFFFFFFFFFFFFF6FBFE9FD6F241ADE50092DD008CDB008FDC +0092DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0092DD0091DC0092DD0093DD0093DD0093DD0093DD0093DD +0091DC008EDC82CAEEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6CC0EB008BDB0092DD0093DD0093DD008CDB +34A7E3D3ECF9FFFFFFFFFFFFFFFFFFA4D8F22BA3E2008DDB008EDB0092DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0092DD008DDB7CC8EDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF78C6ED008DDB0092DD0093DD0093DD008CDB55B6E8 +F0F9FDFFFFFFFFFFFFC9E8F842ADE5008EDB008FDC0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0092DD008DDB89CDEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF9AD4F1008EDB0092DD0093DD0093DD008CDB61BCEAFCFEFF +FFFFFFFEFFFF87CBEF0894DD008DDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0092DD008FDCA6D9F3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFC4E6F70793DD0091DC0093DD0093DD008CDB5AB9E9FEFEFFFFFFFF +E6F5FC4BB1E7008CDB0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0090DC0D96DED2ECF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFF0F9FD28A3E2008EDB0093DD0093DD008DDB40AEE5F8FCFEFFFFFFD3ECF9 +29A2E2008CDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0092DD0090DC008FDC008DDB008DDB008DDB008DDB008FDC0091DC0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD008DDB33A8E4F7FBFEFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF68BFEB008BDB0093DD0093DD008FDC1D9EE1E6F4FCFFFFFFC8E8F8179ADF +008EDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC008CDB +0091DC1B9EE139ABE454B6E86AC0EB68BFEB52B6E837AAE4199DE00090DC008CDB0090DC +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD008CDB7EC8EEFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFC5E6F70191DC0092DD0093DD0092DD0190DCB8E1F6FFFFFFC9E9F81499DF008FDB +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC008EDC2EA6E380C8EE +C3E5F7F0F8FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEEF8FDBDE3F679C5ED29A3E2 +008EDB008FDC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0091DC0894DED2ECF9FFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FEFFFF3FAEE5008DDB0093DD0093DD008CDB65BEEAFFFFFFD9EFFA189BDF008EDC0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0091DD008DDB2FA5E3A7D9F3F9FDFEFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6FBFE +A0D6F229A3E2008CDB0092DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD008DDB4CB4E7FFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +B3DFF5008FDB0093DD0093DD0090DC189CE0ECF7FCF0F9FD2FA6E3008EDB0093DD0093DD +0093DD0093DD0093DD0093DD0093DD008FDC0693DD85CBEEF5FBFEFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFF2FAFD79C6ED0291DD0090DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0291DCC3E6F7FFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFEFF +3AACE5008EDB0093DD0093DD008CDB8DCFF0FFFFFF56B7E8008CDB0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008EDB1A9CE0BDE3F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFB3DFF51298DF008FDC0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008DDB4EB4E7FFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC8E7F8 +0191DC0092DD0093DD0090DC189DE0F9FCFEA2D8F3008DDB0093DD0093DD0093DD0093DD +0093DD0093DD0093DD008EDC1F9EE0D5EDF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFCDEAF8199CE0008FDC0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0493DDD1ECF9FFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF65BEEB +008CDB0093DD0093DD008CDB80C9EEEDF7FD1199DF0090DC0093DD0093DD0093DD0093DD +0093DD0093DD0090DC1398DFD1ECF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC3E6F70B95DD0091DC0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB78C6EDFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F8FD179DE0 +0090DC0093DD0092DD0594DEE4F3FB60BCEA008CDB0093DD0093DD0093DD0093DD0093DD +0093DD0092DD008FDCACDCF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FD7F2008EDB0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC29A5E3F9FCFE +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB4DFF5008FDC +0093DD0093DD008EDB49B2E7CBE9F80492DD0092DD0093DD0093DD0093DD0093DD0093DD +0093DD008DDB64BDEBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF51B5E8008DDB0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0091DCC8E8F8 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6AC0EB008CDB +0093DD0093DD008DDB8DCFF057B8E9008DDB0093DD0093DD0093DD0093DD0093DD0093DD +0091DC1199DFE7F5FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDBEFFA0B96DE0091DC0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB7FC9EE +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFF36AAE4008FDC +0093DD0093DD0694DD85CBEF0996DE0092DD0093DD0093DD0093DD0093DD0093DD0093DD +008CDB75C5ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF69BFEB008CDB0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008EDB46B0E7 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC +0093DD0091DC23A2E252B6E8008EDC0093DD0093DD0093DD0093DD0093DD0093DD0092DD +0895DDD9EFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD0EBF90493DD0092DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0090DC189DE0 +F1F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC6E7F70091DD0093DD +0093DD0091DC1FA0E1169CE00091DC0093DD0093DD0093DD0093DD0093DD0093DD008EDB +40AEE6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDFEFF2EA7E3008FDC0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0394DD +D2ECF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA5D9F3008EDB0093DD +0093DD0093DD0294DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008DDB +89CDEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF72C3EC008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC +B8E1F5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8CCFF0008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC +BAE2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA8DAF3008EDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008EDB +9FD6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF77C5ED008CDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0495DE +D4EDF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC8E8F80092DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008DDB +8CCFF0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6AC0EB008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC0C99DF +E4F3FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDBF0FB0797DE0092DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB +80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF +EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F4FC0E99DF0092DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB +80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF +EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEEF7FD139BDF0091DC +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB +80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF +EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB +80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF +EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB +80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF +EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB +80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF +EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB +80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF +EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB +80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF +EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB +80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF +EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB +80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF +EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB +80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF +EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB +80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF +EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB +80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF +EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB +80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF +EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB +80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6DC1EB008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF +F1F8FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1F8FD129BDF0091DC +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB +7FC9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFF7FBFEF4FAFDF4FAFEF4FAFEF4FAFE66BEEA008DDB0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC119BDF +E3F3FCF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFE +F4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFE +F4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEE3F3FC119BDF0091DC +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0087D9 +80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF58B8E91E9BDF1EA0E11EA0E11EA0E10D98DF0092DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0294DD +1C9FE11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E1 +1EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E1 +1EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11C9FE10294DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008EDB008FDC58B7E8 +E3F3FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F3FBB6E0F591D0F071C2EC +53B5E841AEE637AAE436AAE436A9E43FADE554B6E872C3EC91D0F0B5DFF5DDF0FAFCFDFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFEFEFFE0F2FBDDF0FADDF1FADDF1FADDF1FADDF1FADDF1FADDF1FADDF1FADDF1FA +DDF1FADDF1FADDF1FADDF1FADDF1FADDF0FAE5F4FBEEF8FDF6FBFEFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F3FBB7E0F593D0F071C2EC53B5E8 +41AEE536AAE436AAE436A9E43EADE553B6E870C2EC90D0F0B6DFF5DEF1FBFCFDFEFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF3DADE5008BDA0090DC0090DC0090DC0092DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC +0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC +0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC008EDB37A8E4B1DEF4FFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFEFFFFC7E7F780C8EE39AAE40E98DF008FDC008DDB008CDB +008DDB008EDB008FDC008FDC008FDC008EDB008DDB008CDB008DDB008FDC0A96DE2CA4E2 +62BCEAA2D7F2DAEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFDFEFF3FADE60993DD0997DE0997DE0997DE0997DE0997DE0997DE0997DE0997DE +0997DE0997DE0997DE0997DE0997DE0996DE0D99DF159BE023A1E13AABE467BEEAA2D6F2 +DBEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFC7E7F77FC7EE37A9E40F98DF008FDC008DDB008CDB008DDB +008EDB008FDC008FDC008FDC008EDC008DDB008CDB008DDB008FDC0A97DE2CA4E260BBEA +A4D7F3DAEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0092DD008EDB008DDB2EA5E3A1D6F2FCFEFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFF9FDFEA1D7F238A9E40091DC008CDB008FDC0091DC0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD008FDC +008DDB008DDB0895DE40ACE590CFF0EBF6FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF58B8E9008BDA0092DD0092DD0092DD0092DD0092DD0092DD0092DD0092DD +0092DD0092DD0092DD0092DD0092DD0092DD0091DC0091DC0090DC008FDC008DDB008DDB +0995DE4CB2E7B4DFF5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFF9FDFEA1D6F239A9E40091DC008CDB008FDC0091DC0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD008FDC008DDB +008DDB0996DE3FACE591D0F0ECF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0091DC008DDB0090DC3DABE4A1D7F2F8FCFEFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFAFDDF434A7E3008DDB008EDC0092DD0093DD0093DD0093DD0093DD0092DD0090DC +008EDB008DDB008CDB008DDB008DDB008CDB008DDB008EDB0090DC0092DD0093DD0093DD +0093DD0093DD0092DD008EDB0089D99DD6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF62BCEA008DDB0093DD0093DD0093DD0093DD0093DD0093DD0091DC008DDB +008DDB008DDB008DDB008DDB008DDB008EDB0090DC0092DD0093DD0093DD0093DD0093DD +0092DD008DDB008FDC4CB1E7D1ECF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +B0DDF535A7E3008DDB008EDC0092DD0093DD0093DD0093DD0093DD0092DD0090DC008EDB +008DDB008CDB008DDB008DDB008CDB008DDB008EDB0090DC0092DD0093DD0093DD0093DD +0093DD0092DD008EDC0089D9A8DAF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC +008DDB008DDB1A9CE061BAEAC0E4F7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF8FC +63BCEA008EDC008EDC0093DD0093DD0093DD0093DD0093DD0091DD008DDB0090DC22A1E1 +4BB3E76FC2EC86CCEF94D2F194D2F186CCEF6DC1EB4AB2E722A1E10092DD008CDB008FDC +0093DD0093DD0093DD0093DD008EDB9DD6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0091DC25A3E261BCEA +61BCEA61BCEA61BCEA61BCEA5BBAE944AFE621A1E10090DC008DDB0092DD0093DD0093DD +0093DD0093DD0093DD008CDB1097DEABDBF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFECF7FD63BBEA +008FDC008EDC0093DD0093DD0093DD0093DD0093DD0091DD008DDB0091DC22A1E14AB2E7 +6EC1EB87CCEF94D2F194D2F185CBEF6CC0EB4AB2E723A1E10092DD008CDB008FDC0093DD +0093DD0093DD0093DD008EDBA8DAF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0090DC008CDB008EDB1299DF +50B4E7A3D7F2ECF7FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD5EDF92BA4E2 +008CDB0092DD0093DD0093DD0093DD0093DD0092DD008DDB0C96DE63BCEABDE3F6F5FBFE +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6FBFEC7E7F780C8EE2BA4E2 +008FDC008EDB0092DD0093DD008EDB9ED6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB66BEEBFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4FAFDBDE3F655B6E80090DC0090DC0093DD +0093DD0093DD0093DD0093DD0090DC008FDCA0D7F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD6EEFA2DA4E2008BDB +0092DD0093DD0093DD0093DD0093DD0093DD008DDB0B96DE63BCE9BEE3F6F5FBFEFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6FBFEC8E7F782C9EE2CA4E2008FDC +008EDB0092DD0093DD008EDBA9DAF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0092DD008FDC008DDB008DDB0494DD2AA4E268BEEAA6D9F3E6F4FB +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFE9F6FC93D1F1FEFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC2E6F71A9BE0008EDB +0093DD0093DD0093DD0093DD0093DD0091DC008FDC5CB9E9D6EEFAFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FCFE +B1DEF549B0E60090DC008EDB008EDB9ED6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAEDCF41499DF008FDC +0093DD0093DD0093DD0093DD0093DD0090DC0894DDC6E7F8FFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC8E8F81A9BDF008EDB0093DD +0093DD0093DD0093DD0093DD0091DC008FDC5AB8E8D4ECF9FFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FCFEB1DEF5 +49B0E60090DC008EDB008EDBA9DAF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0091DC008FDC +008DDB008DDB008FDC0996DE2DA6E35FBAE99BD4F1D3ECF9F9FCFEFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFF4FAFD3AAAE440AEE6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD0ECF91399DF008EDC0093DD +0093DD0093DD0093DD0093DD008FDC0B95DE9ED5F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFB5DFF536A8E30087D99AD4F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC6E7F80F96DE +0091DC0093DD0093DD0093DD0093DD0093DD008EDB2CA6E3F6FBFEFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCEEBF9169ADF008EDB0093DD0093DD +0093DD0093DD0093DD0090DC0A95DE9FD6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFB7E0F537A8E40087D9A5D8F3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0092DD0091DC0090DC008FDC008EDB008DDB008DDB008EDB0394DD199DE035A9E4 +60BBE98ECEF0B8E1F6DCF0FAFCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFEEF8FD43AEE60087D951B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE3F3FB209FE1008EDB0093DD0093DD +0093DD0093DD0093DD008FDC1399DEC0E5F7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFF9FDFE84C9EEAADBF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF99D4F2 +008EDB0093DD0093DD0093DD0093DD0093DD0093DD008CDBA2D8F2FFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F3FB209FE1008EDB0093DD0093DD0093DD +0093DD0093DD0090DC0F97DEBBE2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFAFDFE85CAEEB3DFF5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0092DD0091DC008FDC008EDB008DDB008DDB008CDB008DDB008EDB +0090DC0495DD0E99DF1E9FE131A7E34AB2E76FC2EC91D0F0B0DDF4D3ECF9F0F8FDFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFE4F4FC36A8E3008CDB008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDFEFF48B1E7008CDB0093DD0093DD0093DD +0093DD0093DD0091DC0793DDBDE3F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEFF +2FA7E3008FDC0093DD0093DD0093DD0093DD0093DD008EDB3AACE5FEFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDFEFF4AB2E7008CDB0093DD0093DD0093DD0093DD +0093DD0091DC0692DDB9E2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0090DC +008EDB008CDB008EDC0294DD139BDF2CA5E342AFE659B8E969BFEB7CC7ED91D0F0ACDBF4 +C3E5F7D5EDF9E6F4FCF4FAFDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +CDEAF924A0E1008DDB0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8ECFF0008CDB0093DD0093DD0093DD0093DD +0093DD0093DD008DDB94D2F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FDFEE1F2FBC7E7F7BDE3F6BDE3F6 +C0E4F6D7EEF9F1F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +93D1F0008DDB0093DD0093DD0093DD0093DD0093DD0092DD0795DEDBF0FAFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8CCFF0008CDB0093DD0093DD0093DD0093DD0093DD +0093DD008DDB92D1F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0090DC008CDB0090DC1C9EE0 +4AB1E778C5EDAFDCF4D2EBF9EBF6FCFCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFADDCF4 +1398DF008EDB0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE0F2FB0F98DF0090DC0093DD0093DD0093DD0093DD +0093DD008DDB4CB3E7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEAF6FC9ED6F29ED6F29ED6F29ED6F29ED6F29ED6F29ED4F1D7EEFA +FFFFFFFFFFFFFFFFFFFFFFFFF4FBFEAEDCF45DB9E928A3E20B97DE0091DC008FDC008FDC +008FDC0695DE1A9DE044AFE691CFF0E0F2FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE7F5FC9ED5F29ED6F29ED6F2 +9ED6F29ED6F29ED6F29ED4F1B6E0F5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB9E1F69ED4F19ED6F29ED6F2 +9ED6F29ED6F29ED6F29ED4F2DEF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +D4EDF90594DD0092DD0093DD0093DD0093DD0093DD0093DD008EDCA9DBF3FFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFE4F3FB1099DF0090DC0093DD0093DD0093DD0093DD0093DD +008DDB49B2E7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0091DC008DDB0090DC2AA3E275C4ECBDE3F6F1F9FD +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFF7FC8EE0090DC +0090DC0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC1EB008CDB0093DD0093DD0093DD0093DD0093DD +0092DC0A95DDD8EEFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFDBF0FA0092DD008CDB008EDB008EDB008EDB008EDB0087D98FD0F0 +FFFFFFFFFFFFFFFFFFA1D7F32AA2E2008EDB008DDB0090DC0091DD0092DD0093DD0093DD +0093DD0092DD0091DC008EDB008CDB1198DF7FC8EEF7FCFEFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD1EBF9008FDC008CDB008EDB +008EDB008EDB008EDB0087D953B6E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF57B8E90087D9008EDB008EDB +008EDB008EDB008DDB008CDBC4E6F7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +F6FBFE1EA0E10090DC0093DD0093DD0093DD0093DD0093DD008CDB88CDEFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008CDB0093DD0093DD0093DD0093DD0093DD0091DC +0995DED6EDF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0091DC008CDB0D97DE60BAE9B8E0F5F9FCFEFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDDF1FA49B0E6008DDB0092DD +0093DD0093DD0093DD0093DD008ADA4DB3E7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFE1F3FB0D98DF0091DD0093DD0093DD0093DD0093DD0093DD +008CDB66BFEAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEEF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB93D2F1 +FFFFFFF6FBFE5DBAE9008DDB008FDC0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0091DC008BDB3BAAE4E1F2FBFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE8F5FC0F9ADF0091DC0093DD +0093DD0093DD0093DD008DDB71C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7BC7ED008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDEF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FEFFFF33A9E4008FDC0093DD0093DD0093DD0093DD0093DD008DDB72C3ECFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFE2F2FB0C97DE0091DC0093DD0093DD0093DD0093DD0093DD008DDB +65BEEBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0092DD008DDB0D96DE71C1ECDBEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA4D8F31A9BDF008DDB0093DD0093DD +0093DD0093DD008FDC008EDB1C9ADF6ABFEBFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF84CBEE008CDB0093DD0093DD0093DD0093DD0093DD0092DD +0492DDCEEAF8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB98D4F1 +FFFFFF50B4E7008BDA0092DD0093DD0093DD0093DD0092DD0092DD0092DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB2AA3E2E7F5FCFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEEF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF81C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFF37ABE4008FDC0093DD0093DD0093DD0093DD0093DD008DDB69BFEBFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFF84CBEF008CDB0093DD0093DD0093DD0093DD0093DD0092DD0393DD +CFEAF8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD +008FDC0091DC63BCEAD9EFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDDF1FB57B7E8008EDB0090DC0093DD0093DD0093DD +0090DC008DDB33A7E3A5D8F3F1F9FDACDCF4FDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFBFDFF2CA6E3008FDC0093DD0093DD0093DD0093DD0093DD008FDB +32A8E4FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDBA1D8F2 +83CAEE008BDA0093DD0093DD008FDC008DDB008EDB0091DC0093DD0091DC008EDB008DDB +0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD008BDA4EB4E7FFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FEFFFF33A9E4008FDC0093DD0093DD0093DD0093DD0093DD008CDB73C3ECFFFFFFFFFFFF +FFFFFFFFFFFFFEFEFF31A8E4008FDC0093DD0093DD0093DD0093DD0093DD008FDC2BA6E3 +FCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0092DD008CDB +2AA3E2B7E0F5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFF6FBFE8DCEEF1499DF008CDB0092DD0093DD0093DD0091DC008CDB +209EE097D2F1F9FCFEFFFFFFC6E7F756B7E9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFD4ECF90394DD0092DD0093DD0093DD0093DD0093DD0093DD008CDB +6EC1ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0092DD45B0E6 +0695DE0092DD0090DC008FDC31A7E37DC7EEADDCF4C6E7F7CDEAF8C5E6F7A7D9F368BEEB +189CE0008DDB0093DD0093DD0093DD0093DD0093DD0093DD0092DD008FDCBAE2F6FFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +F7FCFE21A1E20090DC0093DD0093DD0093DD0093DD0093DD008DDB8BCEEFFFFFFFFFFFFF +FFFFFFFFFFFFD3ECF90493DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0091DC008EDB66BDEA +F1F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFEFFFFA5D8F32CA3E2008DDB0091DC0093DD0093DD0092DD008CDB0B95DE78C5EC +ECF7FCFFFFFFFFFFFFF8FCFE2BA4E245B0E6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFF91D0F1008CDB0093DD0093DD0093DD0093DD0093DD0093DD008EDB +B0DDF5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD0091DC +0092DD008EDB1D9DE0ACDBF4FCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +E8F5FC65BDEA008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB52B6E8FFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +D9EFFA0695DD0092DD0093DD0093DD0093DD0093DD0093DD008EDBACDCF4FFFFFFFFFFFF +FFFFFFFFFFFF95D2F1008DDB0093DD0093DD0093DD0093DD0093DD0093DD008EDBACDCF4 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0090DC0793DD97D3F1FFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FDFE +ABDBF43BABE4008EDB008FDC0093DD0093DD0093DD008EDB0091DC54B5E7D2ECF9FFFFFF +FFFFFFFFFFFFFFFFFF79C7ED0087D951B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFF57B8E9008DDB0093DD0093DD0093DD0093DD0093DD0092DD0696DE +DBEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD0093DD +008FDC229FE1D8EFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF66BEEA008DDB0093DD0093DD0093DD0093DD0093DD0090DC189EE0F2F9FD +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +9AD4F1008DDB0093DD0093DD0093DD0093DD0093DD0092DD0896DEDDF1FBFFFFFFFFFFFF +FFFFFFFFFFFF56B7E8008DDB0093DD0093DD0093DD0093DD0093DD0092DD0796DEDAEFFA +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD008FDB1399DFB8E1F6FFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEAF6FC96D1F02FA5E3 +008EDB008EDC0093DD0093DD0092DD008DDB008EDB44AEE5BDE3F6FFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFA9DBF3008FDC008CDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFBFDFF2BA5E3008FDC0093DD0093DD0093DD0093DD0093DD0090DC1FA0E1 +F6FBFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD0092DC +0894DDC8E8F8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFEEF7FD189DE00090DC0093DD0093DD0093DD0093DD0092DD0495DED6EDFA +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +3BACE5008EDB0093DD0093DD0093DD0093DD0093DD008EDB3DADE5FFFFFFFFFFFFFFFFFF +FFFFFFFCFEFF2BA6E3008FDC0093DD0093DD0093DD0093DD0093DD0090DC23A2E2F9FCFE +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB008FDC169ADFC7E8F8FFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8FCFEBBE2F66BBFEB189CE0008DDB008FDC +0093DD0092DD0090DC008CDB0292DD47AFE6AEDCF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFCEEBF90F97DE0090DC008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFE6F4FC0D99DF0091DC0093DD0093DD0093DD0093DD0093DD008EDB42AFE6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD008DDB +61BCEAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFF6BC0EC008DDB0093DD0093DD0093DD0093DD0093DD0090DCC1E5F7 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB7E1F5 +0190DC0093DD0093DD0093DD0093DD0093DD0093DD008DDBA2D7F2FFFFFFFFFFFFFFFFFF +FFFFFFEAF6FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD008EDB3CACE5FFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008ADA1198DECAE9F8FFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEFF8FDB7E0F571C2EC28A2E20090DC008CDB0090DC0091DC008EDB +008DDB0091DC27A2E273C3ECCDE9F8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +E0F2FB219FE1008EDC0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFD0EBF80294DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB5CBAE9 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0092DD0292DD +CBE9F8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFA7DAF3008DDB0093DD0093DD0093DD0093DD0093DD008FDCBCE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2FAFD2BA4E2 +008FDC0093DD0093DD0093DD0093DD0093DD008EDC2BA5E3F5FBFEFFFFFFFFFFFFFFFFFF +FFFFFFCFEBF80193DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB58B9E8FFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF3DADE5038EDCB9E2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3FAFDD8EEFA +B1DDF479C5ED44AFE6169BE0008DDB0089DA008BDA008CDB008DDB0091DC1A9DE046B0E6 +89CCEFC5E6F7F7FCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9F6FC +31A6E3008DDB0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFC0E4F70090DC0093DD0093DD0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8FCFEF6FBFE +F6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF5FBFEFDFEFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0090DC27A4E2 +FAFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBEE4F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6FBFE4FB3E7008DDB +0093DD0093DD0093DD0093DD0093DD0090DC0592DDC2E5F7FFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFB8E1F5008EDC0093DD0093DD0093DD0093DD0093DD0093DD008CDB75C4ECFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FDFEF6FBFEF6FBFE +F6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF5FBFEFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF37AAE48FD0F0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFAFDFEDCF0FABEE3F6A7D9F38CCEEF72C3EC56B7E836A9E4159BE00091DC +008DDB008CDB0090DC0796DE199DE02EA6E347B0E674C3EC9BD4F1C6E6F7EFF8FDFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE6F5FC35A8E3 +008DDB0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFAEDCF4008EDB0093DD0093DD0093DD0093DD0093DD0093DD008CDB7FC9EE +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFADDCF4229DE0 +22A1E122A1E122A1E122A1E122A1E122A0E12FA7E3EBF6FCFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB51B5E8 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB62BDEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCEEAF83FADE5008DDB0093DD +0093DD0093DD0093DD0093DD0091DC008EDB95D3F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFAADCF4008EDC0093DD0093DD0093DD0093DD0093DD0093DD008CDB84CBEFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFADDDF4229DE022A1E1 +22A1E122A1E122A1E122A1E122A0E133A9E4EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFCFEFFADDCF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFCFEFFEFF8FDE3F3FBD4EDF9C4E6F7BAE1F6B5E0F5B2DEF5B6E0F5BAE2F6 +C5E6F7CCE9F8D7EEFAE4F4FBF1F9FDFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD8EEFA2BA3E2008DDB +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFA8D9F4008EDB0093DD0093DD0093DD0093DD0093DD0093DD008CDB82CAEE +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC2E5F7008EDC +008FDC0090DC0090DC0090DC0090DC008CDB23A2E2FAFDFEFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB63BDEA +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB5DBAE9F4FAFE +F4FAFEF4FAFEF4FAFEF2FAFDE9F5FCCBE9F89DD5F250B4E70794DD008EDC0093DD0093DD +0093DD0093DD0093DD008EDB0491DD98D4F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFF9ED6F2008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB8FD0F0FFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBBE2F6008CDB0090DC +0090DC0090DC0090DC0090DC008CDB23A2E2FAFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBFE4F61B9CE0008EDB0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF9CD5F2008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB94D2F1 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCAE8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC33A9E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB6FC2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0092DD0B98DE1EA0E1 +1EA0E11EA0E11EA0E11B9FE1109ADF0093DD008DDB008EDB0092DD0093DD0093DD0093DD +0093DD0090DC008CDB2BA3E2B8E1F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFF9ED6F2008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB8FD0F0FFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8FCFF00793DD008FDC0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFA7D9F4008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB88CDEF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0093DD0092DD0090DC +0090DC0090DC0090DC0090DC0091DC0092DD0093DD0093DD0093DD0093DD0091DC008EDB +008CDB1B9CE083CAEEF3FAFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFF9DD6F2008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB90D0F0FFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDEF1FB54B5E8008DDB0091DC0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFABDBF4008EDB0093DD0093DD0093DD0093DD0093DD0093DD008CDB80C9EE +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0093DD0092DD0090DC +0090DC0090DC0090DC0090DC008FDC008FDC008EDB008DDB008CDB008FDC0F98DF49B1E6 +97D2F1EBF6FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFA7DAF3008EDC0093DD0093DD0093DD0093DD0093DD0093DD008CDB89CDEFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFDFFFF98D3F1179BDF008CDB0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD0093DD008DDB78C5ED +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0092DD0D98DF22A1E1 +22A1E122A1E122A1E123A2E130A7E335A9E446B0E65EBAE981C8EEB3DEF5E3F3FBFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFB8E1F5008EDC0093DD0093DD0093DD0093DD0093DD0093DD008CDB7CC7EDFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFB7E0F53CABE5008DDB0090DC0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFCEEAF80293DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB65BEEB +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB5EBAEAF6FBFE +F6FBFEF6FBFEF6FBFEF6FBFEFEFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFCCEAF80193DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB65BEEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFF +BBE2F648B0E60090DC008EDC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFE2F2FB0B98DF0091DC0093DD0093DD0093DD0093DD0093DD008DDB4DB4E7 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB62BDEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFE7F5FC0E99DF0091DD0093DD0093DD0093DD0093DD0093DD008EDB47B1E7FFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFECF7FC9BD4F138A9E4 +0091DC008EDB0092DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFAFCFF26A3E20090DC0093DD0093DD0093DD0093DD0093DD008FDC2EA7E3 +FDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFAFDFE27A4E2008FDC0093DD0093DD0093DD0093DD0093DD008FDC2DA6E3FCFEFE +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFF8FDBAE1F568BEEB1A9CE0008DDB008EDC +0092DD0093DD0093DD0093DD0093DD0093DD0090DC008DDB0091DC0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFF50B5E8008DDB0093DD0093DD0093DD0093DD0093DD0091DC0F9ADF +E7F5FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF4DB4E7008EDB0093DD0093DD0093DD0093DD0093DD0091DC119BDFEAF6FD +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFDDF0FAA5D8F35DB9E91D9EE1008FDC008DDB0090DC0093DD0093DD +0093DD0093DD0093DD0092DD008DDB008EDB23A1E184CBEE79C6ED0090DC0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFF86CCEF008CDB0093DD0093DD0093DD0093DD0093DD0093DD0090DC +C2E5F7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF8ACDEF008CDB0093DD0093DD0093DD0093DD0093DD0093DD0090DCBEE4F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEFFE8F5FCC1E5F7 +96D2F168BEEB34A8E40996DE008EDB008DDB0090DC0093DD0093DD0093DD0093DD0093DD +0092DD008FDC008CDB0794DD4FB3E7A9DAF3F7FCFEF5FBFE34A8E40090DC0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFC8E8F80192DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB +83CAEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFC8E8F80191DC0093DD0093DD0093DD0093DD0093DD0093DD008DDB86CCEF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFCFEFFFAFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FAFDFEF3FAFDEBF7FCD9EFFAC5E6F7AEDCF494D1F175C4EC4CB3E72CA5E3119ADF0091DC +008DDB008DDB008FDC0092DD0093DD0093DD0093DD0093DD0092DD0091DC008EDC008CDB +0090DC2BA3E27CC7EDD5EDF9FFFFFFFFFFFFF7FCFE39ABE4008DDB0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFF6FBFE1FA0E10090DC0093DD0093DD0093DD0093DD0093DD008EDB +43B0E6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFF9FCFF25A3E2008FDC0093DD0093DD0093DD0093DD0093DD008EDB3BADE5 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFE3F3FBA7D9F372C2EC53B5E83CACE533A9E427A3E224A2E2 +1D9FE1149CE00B97DE0194DD008FDC008CDB008CDB008BDB008DDB008EDB0090DC0091DC +0091DC0091DC0090DC008FDC008EDC008DDB008CDB008DDB0091DC159BDF3EACE584CAEE +C4E6F7F8FCFEFFFFFFFFFFFFFFFFFFF1F9FD49B1E6008DDB0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF6FC2EC008CDB0093DD0093DD0093DD0093DD0093DD0092DD +0B97DEDEF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF81C9EE008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFF6EC2EC008CDB0093DD0093DD0093DD0093DD0093DD0092DD0896DE +DDF0FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2FAFDDAEFFAB6DFF592D0F075C4EC52B5E8 +36A9E428A4E21C9EE1129ADF0D98DF0A97DE0595DE0595DE0595DE0595DE0595DE0A97DE +0C98DF129BDF1D9FE12BA5E33BABE555B6E87CC7ED9DD5F2C3E5F7ECF6FCFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFE8F6FC41ADE5008CDB0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFCEEAF90392DC0092DD0093DD0093DD0093DD0093DD0093DD +008CDB82CBEEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7BC7ED008CDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFCFEAF80393DD0092DD0093DD0093DD0093DD0093DD0093DD008CDB +81CAEEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFDFEFFF5FBFEEFF8FDE6F4FCE0F2FBD6EEFAD5EDF9D5EDF9D5EDF9D5EDF9DFF1FB +E3F3FBEDF7FDF3FAFDFBFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFCAE8F826A1E1008DDB0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4AB3E7008DDB0093DD0093DD0093DD0093DD0093DD +0090DC1A9DE0EDF7FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD +0093DD0093DD0093DD008DDB71C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF67BEEB008DDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFF4AB3E7008DDB0093DD0093DD0093DD0093DD0093DD0090DC +199DE0EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFEFFFF91D0F00C95DE008EDC0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC1E5F70090DC0092DD0093DD0093DD0093DD0093DD +0093DD008CDB7DC8EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFECF7FD119BDF0091DC0093DD +0093DD0093DD0093DD008DDB60BBEAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFEFF36AAE5008FDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFC4E6F70191DC0092DD0093DD0093DD0093DD0093DD0093DD +008CDB78C6EDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +D0EBF945AEE5008DDB0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF59B9E9008CDB0093DD0093DD0093DD0093DD +0093DD0091DC0A95DECFEBF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5FAFE1EA0E10090DC0093DD +0093DD0093DD0093DD008FDC2FA7E3FEFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEAF80392DD0092DD0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5BBAE9008BDB0093DD0093DD0093DD0093DD0093DD +0091DD0994DDCEEAF8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE1F2FB72C2EC +0B95DE008DDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE3F3FB189CE0008FDC0093DD0093DD0093DD +0093DD0093DD008EDC2DA5E2EDF8FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3BACE5008EDC0093DD +0093DD0093DD0093DD0092DD0392DDC9E8F8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF52B6E8008EDB0093DD0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F3FB199CE00090DC0093DD0093DD0093DD0093DD +0093DD008EDC2BA4E2EDF8FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F4FB79C5ED1499DF008CDB +0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFADDCF4008FDB0092DD0093DD0093DD +0093DD0093DD0093DD008DDB44AFE6F1F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF65BEEB008CDB0093DD +0093DD0093DD0093DD0093DD008EDB43AFE6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF86CCEF008DDB0093DD0093DD0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAFDDF4008FDC0092DD0093DD0093DD0093DD +0093DD0093DD008DDB40ADE5EFF9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD +0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCAE8F866BDEA159ADF008CDB0091DC0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF86CCEF008DDB0092DD0093DD +0093DD0093DD0093DD0093DD008DDB37A9E4D8EEFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD1ECF90092DD +0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA3D8F3008DDB0093DD +0093DD0093DD0093DD0093DD0093DD008EDB64BCEAF5FBFDFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFEFF8FD6EC0EB008FDC0092DD0092DD0093DD0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF85CBEF008DDB0092DD0093DD0093DD +0093DD0093DD0093DD008DDB37A9E3D9EFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD5EEF90093DD0092DD +0093DD0093DD0093DD0093DD008FDC37AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFDEF1FB93D0F03EACE50192DD008DDB0091DC0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF71C3EC008CDB0092DD +0093DD0093DD0093DD0093DD0093DD008EDB159ADF98D3F1F7FCFEFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFEFF98D3F10091DC +0092DD0093DD0093DD0093DD0093DD008FDC33A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF8FD179DE00090DC +0093DD0093DD0093DD0093DD0093DD0093DD008DDB2FA5E39DD5F2DEF1FBF6FBFEFBFDFE +FAFDFEF0F9FDD2ECF988CCEF25A1E1008DDB0092DD0091DC0896DE0194DD0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF75C4ED008CDB0092DD0093DD +0093DD0093DD0093DD0093DD008EDB1599DF97D3F1F7FCFEFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFF9BD5F10091DD0092DD +0093DD0093DD0093DD0093DD008FDC33A9E4FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4FAFD +C6E6F787CBEF3EACE50C97DE008DDB008EDC0092DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF86CBEF008FDC +008FDC0093DD0093DD0093DD0093DD0093DD0090DC008EDB2BA4E28DCEF0D9EFFAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE2F3FB9AD3F138A9E40090DC0092DD +0093DD0093DD0093DD0093DD0093DD0090DC20A1E1F6FBFEFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8ECFF0008BDA +0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC008EDB0A97DE21A1E12AA5E3 +29A4E3199EE00394DD008DDB0090DC0093DD008FDC21A1E187CCEF0191DC0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF88CCEF008FDC008FDC +0093DD0093DD0093DD0093DD0093DD0090DC008EDB2CA4E28ECEF0DBEFFAFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE3F3FB99D3F138A9E40090DC0092DD0093DD +0093DD0093DD0093DD0093DD008FDC23A2E2F8FCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FCFEE6F4FCCDE9F8AEDCF484CAEE4DB3E71F9FE1 +0092DC008CDB008EDC0091DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAADBF4 +1C9CE0008CDB0092DD0093DD0093DD0093DD0093DD0093DD008FDC008DDB0996DE33A8E3 +5FBBEA84CBEE8FD0F08FD0F089CDEF6CC1EB3BABE50F98DF008DDB008FDC0093DD0093DD +0093DD0093DD0093DD0093DD0092DD008DDB008FDCD5EDF9FFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBEE3F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBFDFE47B1E6 +008BDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DD0090DC008FDC +0090DC0090DC0092DD0093DD0093DD008FDC0B95DDC8E8F8B7E1F6008EDB0093DD0093DD +0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAADBF41C9CE0 +008CDB0092DD0093DD0093DD0093DD0093DD0093DD008FDC008DDB0A96DE32A8E35DBAE9 +83CAEE8FD0F08FD0F08ACDEF6CC0EB3CABE51099DF008DDB008FDC0093DD0093DD0093DD +0093DD0093DD0093DD0092DD008EDB0090DCD6EEFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE1F2FBBAE1F68DCEF0 +6BC0EB58B8E94AB2E742AEE642AFE642AFE642AFE642AEE64AB2E751B5E856B8E861BCEA +61BCEA61BCEA57B8E94DB3E73BACE524A2E20E99DF0093DD008EDC008DDB008EDB0090DC +0092DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +E3F3FB5FBAE90291DC008DDB0091DD0093DD0093DD0093DD0093DD0093DD0092DD008FDC +008DDB008CDB008DDB008DDB008DDB008DDB008FDC0091DC0093DD0093DD0093DD0093DD +0093DD0091DC008EDB008CDB0494DD35A8E484CAEEE9F6FCFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFEEF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB6EC1EC +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFBEE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBAE2F6 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFF8FD +42AEE6008ADA0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB0E96DEB5E0F5FFFFFFA9DAF4008EDB0093DD0093DD +0093DD0093DD0092DD0A97DEDEF2FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF62BDEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB63BDEAFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F4FB +61BBE90191DC008DDB0091DD0093DD0093DD0093DD0093DD0093DD0092DD008FDC008DDB +008CDB008DDB008DDB008DDB008DDB008FDC0091DC0093DD0093DD0093DD0093DD0093DD +0091DC008EDB008CDB0393DD34A8E481C9EEE7F5FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCEEAF881C8EE3DACE50C97DE008FDC008DDB +008DDB008DDB008EDB008EDB008EDB008EDB008EDB008EDB008EDB008EDB008DDB008DDB +008DDB008DDB008DDB008EDB008EDC0090DC0091DC0092DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFC4E6F75BB7E90C97DE008CDB008DDB0090DC0092DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0091DC008FDC008DDB +008EDC1199DF4BB2E78DCDF0D1EBF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFE9F5FC0997DE008EDB0090DC0090DC0090DC0090DC008ADA58B8E9 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFB6E0F5008CDB0090DC0090DC0090DC0090DC0090DC008ADA9FD6F3 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +F5FBFE70C2EC0894DD008CDB0090DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD +0093DD0092DD008EDB008DDB3BAAE4CBE9F8FFFFFFFFFFFFA7D9F4008BDA0090DC0090DC +0090DC0090DC008FDC0092DCD3EDF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFF50B5E8008ADA0090DC0090DC0090DC0090DC0090DC008ADA4DB4E8FFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFC2E5F75AB7E80D97DE008DDB008EDB0090DC0092DD0093DD0093DD0093DD0093DD +0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0091DD008FDC008DDB008EDC +1199DF4AB1E78DCEEFD1EBF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFF1F9FDA6D9F339A9E4008CDB0086D90088DA008BDB008CDB008DDB +008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB +008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB +008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB +008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB +008DDB008DDB008DDB008DDB0086D947B1E7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFDDF1FA93D0F050B3E71B9DE00293DD008EDC008DDB008CDB +008CDB008DDB008DDB008DDB008CDB008CDB008DDB008EDB0091DC0D98DF35A8E36ABFEB +AFDCF4E5F4FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFD8EEFA26A2E222A0E122A1E122A1E122A1E122A1E1229DE05AB9E9 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFA1D7F3229CE022A1E122A1E122A1E122A1E122A1E1229CE08FD0F0 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFCFEAF965BCEA1B9DE00090DC008DDB008CDB008CDB008DDB008CDB008DDB +008EDC0B97DE44AEE5A6D8F3FBFDFEFFFFFFFFFFFFFFFFFFB4DFF5229DE022A1E122A1E1 +22A1E122A1E122A1E1219EE1BFE4F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFDFEFF4DB4E7229EE022A1E122A1E122A1E122A1E122A1E1229EE047B1E6FBFDFE +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFDFF1FB96D1F14EB3E71B9DE00293DD008EDC008DDB008CDB008CDB +008DDB008DDB008DDB008CDB008CDB008DDB008EDB0091DC0D97DE34A8E36BBFEBAEDCF4 +E5F4FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFBFDFFABDCF466BCEA60BBE968BFEB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB +6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB +6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB +6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB +6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB +6BC0EB6BC0EB6BC0EB6BC0EB6BBDEA9AD4F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F8FDD0EBF9B4DEF599D3F185CBEF +73C3EC6BC0EB6BC0EB6BC0EB70C2EC82CAEE93D1F0A8DAF3C5E6F7E3F2FBFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFBFEFEF5FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFE +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFF8FCFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF8FCFE +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFEEF8FDC5E6F7A0D6F285CBEF77C5ED6DC1EC80C9EE94D1F1 +B4DEF5DEF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEFFF6FBFEF6FBFEF6FBFE +F6FBFEF6FBFEF6FBFEF6FBFEFAFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFEFFFFF5FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF4FBFDFDFEFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F8FDD1EBF9B2DEF597D3F185CBEE72C3EC +6BC0EB6BC0EB6BC0EB70C2EC81C9EE92D0F0A9DAF3C4E6F7E2F2FBFFFFFFFFFFFFFFFFFF +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + +end +%%PageTrailer +%%Trailer +%%EOF diff --git a/doc/gnupg-logo.pdf b/doc/gnupg-logo.pdf Binary files differnew file mode 100644 index 0000000..84a3470 --- /dev/null +++ b/doc/gnupg-logo.pdf diff --git a/doc/gnupg-logo.png b/doc/gnupg-logo.png Binary files differnew file mode 100644 index 0000000..73cf00a --- /dev/null +++ b/doc/gnupg-logo.png diff --git a/doc/gnupg.info b/doc/gnupg.info new file mode 100644 index 0000000..bc2da62 --- /dev/null +++ b/doc/gnupg.info @@ -0,0 +1,178 @@ +This is /home/wk/w/gnupg-stable/doc/gnupg.info, produced by makeinfo +version 4.13 from /home/wk/w/gnupg-stable/doc/gnupg.texi. + +This is the `The GNU Privacy Guard Manual' (version 2.0.19, +March 2012). + + Copyright (C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software +Foundation, Inc. + + Permission is granted to copy, distribute and/or modify this + document under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 3 of the + License, or (at your option) any later version. The text of the + license can be found in the section entitled "Copying". + +INFO-DIR-SECTION GNU Utilities +START-INFO-DIR-ENTRY +* gpg2: (gnupg). OpenPGP encryption and signing tool. +* gpgsm: (gnupg). S/MIME encryption and signing tool. +* gpg-agent: (gnupg). The secret key daemon. +END-INFO-DIR-ENTRY + + +Indirect: +gnupg.info-1: 871 +gnupg.info-2: 299961 + +Tag Table: +(Indirect) +Node: Top871 +Node: Installation2489 +Node: Invoking GPG-AGENT5502 +Node: Agent Commands8324 +Node: Agent Options9734 +Ref: option --options9891 +Ref: option --homedir10160 +Ref: option --log-file14140 +Ref: option --allow-mark-trusted14474 +Ref: option --enable-ssh-support19677 +Node: Agent Configuration21742 +Node: Agent Signals27217 +Node: Agent Examples28523 +Node: Agent Protocol29337 +Node: Agent PKDECRYPT31364 +Node: Agent PKSIGN33073 +Node: Agent GENKEY35179 +Node: Agent IMPORT36439 +Node: Agent EXPORT36881 +Node: Agent ISTRUSTED37096 +Node: Agent GET_PASSPHRASE39474 +Node: Agent GET_CONFIRMATION41855 +Node: Agent HAVEKEY42522 +Node: Agent LEARN43152 +Node: Agent PASSWD43447 +Node: Agent UPDATESTARTUPTTY43751 +Node: Agent GETEVENTCOUNTER44229 +Node: Agent GETINFO45037 +Node: Agent OPTION45744 +Node: Invoking GPG46721 +Node: GPG Commands48087 +Node: General GPG Commands48918 +Node: Operational GPG Commands49549 +Ref: option --export-ownertrust61814 +Node: OpenPGP Key Management63613 +Node: GPG Options75675 +Node: GPG Configuration Options76899 +Node: GPG Key related Options106612 +Node: GPG Input and Output110195 +Node: OpenPGP Options115796 +Node: GPG Esoteric Options123517 +Ref: GPG Esoteric Options-Footnote-1145993 +Node: GPG Configuration146147 +Node: GPG Examples149430 +Node: Unattended Usage of GPG153764 +Node: Unattended GPG key generation154203 +Node: Invoking GPGSM163335 +Node: GPGSM Commands164204 +Node: General GPGSM Commands164642 +Node: Operational GPGSM Commands165330 +Node: Certificate Management167363 +Node: GPGSM Options171728 +Node: Configuration Options172302 +Node: Certificate Options174587 +Node: Input and Output178480 +Ref: option --p12-charset179062 +Node: CMS Options181309 +Node: Esoteric Options182331 +Node: GPGSM Configuration186703 +Node: GPGSM Examples192398 +Node: Unattended Usage192595 +Node: Automated signature checking193186 +Node: CSR and certificate creation194985 +Node: GPGSM Protocol200045 +Node: GPGSM ENCRYPT201210 +Node: GPGSM DECRYPT203878 +Node: GPGSM SIGN204711 +Node: GPGSM VERIFY206159 +Node: GPGSM GENKEY206674 +Node: GPGSM LISTKEYS207688 +Node: GPGSM EXPORT208613 +Node: GPGSM IMPORT209570 +Node: GPGSM DELETE210310 +Node: GPGSM GETINFO210813 +Node: Invoking SCDAEMON211463 +Node: Scdaemon Commands212137 +Node: Scdaemon Options213258 +Node: Card applications220966 +Node: OpenPGP Card221575 +Node: NKS Card222051 +Node: DINSIG Card222377 +Node: PKCS#15 Card222753 +Node: Geldkarte Card223023 +Node: Undefined Card223415 +Node: Scdaemon Configuration223829 +Node: Scdaemon Examples224866 +Node: Scdaemon Protocol225049 +Node: Scdaemon SERIALNO226545 +Node: Scdaemon LEARN227474 +Node: Scdaemon READCERT228330 +Node: Scdaemon READKEY228731 +Node: Scdaemon PKSIGN229017 +Node: Scdaemon PKDECRYPT229743 +Node: Scdaemon GETATTR230255 +Node: Scdaemon SETATTR230459 +Node: Scdaemon WRITEKEY230666 +Node: Scdaemon GENKEY231370 +Node: Scdaemon RANDOM231575 +Node: Scdaemon PASSWD231798 +Node: Scdaemon CHECKPIN232191 +Node: Scdaemon RESTART233196 +Node: Scdaemon APDU233731 +Node: Specify a User ID234707 +Ref: how-to-specify-a-user-id234865 +Node: Helper Tools239496 +Node: watchgnupg240335 +Ref: option watchgnupg --tcp241063 +Node: gpgv242394 +Node: addgnupghome245561 +Node: gpgconf246259 +Ref: gpgconf-Footnote-1248395 +Node: Invoking gpgconf248693 +Node: Format conventions251569 +Node: Listing components256895 +Node: Checking programs258986 +Node: Listing options261735 +Node: Changing options269225 +Node: Listing global options270926 +Node: Files used by gpgconf272696 +Node: applygnupgdefaults273046 +Node: gpgsm-gencert.sh273786 +Node: gpg-preset-passphrase274154 +Node: Invoking gpg-preset-passphrase275032 +Node: gpg-connect-agent276302 +Node: Invoking gpg-connect-agent277015 +Node: Controlling gpg-connect-agent279148 +Node: gpgparsemail285604 +Node: symcryptrun285925 +Node: Invoking symcryptrun286824 +Node: gpg-zip288612 +Node: Howtos290438 +Node: Howto Create a Server Cert290705 +Node: System Notes299961 +Node: W32 Notes302433 +Node: Debugging302854 +Node: Debugging Tools303683 +Node: kbxutil303963 +Ref: kbxutil-Footnote-1305532 +Node: Debugging Hints305628 +Node: Common Problems306230 +Node: Architecture Details311438 +Node: GnuPG-1 and GnuPG-2311689 +Node: Copying312013 +Node: Contributors349637 +Node: Glossary355870 +Node: Option Index358396 +Node: Index417494 + +End Tag Table diff --git a/doc/gnupg.info-1 b/doc/gnupg.info-1 new file mode 100644 index 0000000..4ae6e74 --- /dev/null +++ b/doc/gnupg.info-1 @@ -0,0 +1,7752 @@ +This is /home/wk/w/gnupg-stable/doc/gnupg.info, produced by makeinfo +version 4.13 from /home/wk/w/gnupg-stable/doc/gnupg.texi. + +This is the `The GNU Privacy Guard Manual' (version 2.0.19, +March 2012). + + Copyright (C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software +Foundation, Inc. + + Permission is granted to copy, distribute and/or modify this + document under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 3 of the + License, or (at your option) any later version. The text of the + license can be found in the section entitled "Copying". + +INFO-DIR-SECTION GNU Utilities +START-INFO-DIR-ENTRY +* gpg2: (gnupg). OpenPGP encryption and signing tool. +* gpgsm: (gnupg). S/MIME encryption and signing tool. +* gpg-agent: (gnupg). The secret key daemon. +END-INFO-DIR-ENTRY + + +File: gnupg.info, Node: Top, Next: Installation, Up: (dir) + +Using the GNU Privacy Guard +*************************** + +This is the `The GNU Privacy Guard Manual' (version 2.0.19, +March 2012). + + Copyright (C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software +Foundation, Inc. + + Permission is granted to copy, distribute and/or modify this + document under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 3 of the + License, or (at your option) any later version. The text of the + license can be found in the section entitled "Copying". + + This manual documents how to use the GNU Privacy Guard system as +well as the administration and the architecture. + +* Menu: + +* Installation:: A short installation guide. + +* Invoking GPG-AGENT:: How to launch the secret key daemon. +* Invoking GPG:: Using the OpenPGP protocol. +* Invoking GPGSM:: Using the S/MIME protocol. +* Invoking SCDAEMON:: How to handle Smartcards. +* Specify a User ID:: How to Specify a User Id. + +* Helper Tools:: Description of small helper tools + +* Howtos:: How to do certain things. +* System Notes:: Notes pertaining to certain OSes. +* Debugging:: How to solve problems + +* Copying:: GNU General Public License says + how you can copy and share GnuPG +* Contributors:: People who have contributed to GnuPG. + +* Glossary:: Short description of terms used. +* Option Index:: Index to command line options. +* Index:: Index of concepts and symbol names. + + +File: gnupg.info, Node: Installation, Next: Invoking GPG-AGENT, Prev: Top, Up: Top + +1 A short installation guide. +***************************** + +Unfortunately the installation guide has not been finished in time. +Instead of delaying the release of GnuPG 2.0 even further, I decided to +release without that guide. The chapter on gpg-agent and gpgsm do +include brief information on how to set up the whole thing. Please +watch the GnuPG website for updates of the documentation. In the +meantime you may search the GnuPG mailing list archives or ask on the +gnupg-users mailing listsfor advise on how to solve problems or how to +get that whole thing up and running. + + ** Building the software + + Building the software is decribed in the file `INSTALL'. Given that +you are already reading this documentation we can only give some extra +hints + + To comply with the rules on GNU systems you should have build time +configured `dirmngr' using: + + ./configure --sysconfdir=/etc --localstatedir=/var + + This is to make sure that system wide configuration files are +searched in the directory `/etc/gnupg' and variable data below `/var'; +the default would be to also install them below `/usr/local' where the +binaries get installed. If you selected to use the `--prefix=/' you +obviously don't need those option as they are the default then. + + ** Explain how to setup a root CA key as trusted + + Such questions may also help to write a proper installation guide. + + [to be written] + + XXX Tell how to setup the system, install certificates, how dirmngr +relates to GnuPG etc. + + ** Explain how to setup a root CA key as trusted + + X.509 is based on a hierarchical key infrastructure. At the root of +the tree a trusted anchor (root certificate) is required. There are +usually no other means of verifying whether this root certificate is +trustworthy than looking it up in a list. GnuPG uses a file +(`trustlist.txt') to keep track of all root certificates it knows +about. There are 3 ways to get certificates into this list: + + * Use the list which comes with GnuPG. However this list only + contains a few root certificates. Most installations will need + more. + + * Let `gpgsm' ask you whether you want to insert a new root + certificate. To enable this feature you need to set the option + `allow-mark-trusted' into `gpg-agent.conf'. In general it is not + a good idea to do it this way. Checking whether a root + certificate is really trustworthy requires decisions, which casual + users are not up to. Thus, by default this option is not enabled. + + * Manually maintain the list of trusted root certificates. For a + multi user installation this can be done once for all users on a + machine. Specific changes on a per-user base are also possible. + + XXX decribe how to maintain trustlist.txt and +/etc/gnupg/trustlist.txt. + + ** How to get the ssh support running + + XXX How to use the ssh support. + +1.1 Installation Overview +========================= + +XXXX + + +File: gnupg.info, Node: Invoking GPG-AGENT, Next: Invoking GPG, Prev: Installation, Up: Top + +2 Invoking GPG-AGENT +******************** + +`gpg-agent' is a daemon to manage secret (private) keys independently +from any protocol. It is used as a backend for `gpg' and `gpgsm' as +well as for a couple of other utilities. + +The usual way to run the agent is from the `~/.xsession' file: + + eval $(gpg-agent --daemon) + If you don't use an X server, you can also put this into your regular +startup file `~/.profile' or `.bash_profile'. It is best not to run +multiple instance of the `gpg-agent', so you should make sure that only +one is running: `gpg-agent' uses an environment variable to inform +clients about the communication parameters. You can write the content +of this environment variable to a file so that you can test for a +running agent. Here is an example using Bourne shell syntax: + + gpg-agent --daemon --enable-ssh-support \ + --write-env-file "${HOME}/.gpg-agent-info" + + This code should only be run once per user session to initially fire +up the agent. In the example the optional support for the included +Secure Shell agent is enabled and the information about the agent is +written to a file in the HOME directory. Note that by running +gpg-agent without arguments you may test whether an agent is already +running; however such a test may lead to a race condition, thus it is +not suggested. + +The second script needs to be run for each interactive session: + + if [ -f "${HOME}/.gpg-agent-info" ]; then + . "${HOME}/.gpg-agent-info" + export GPG_AGENT_INFO + export SSH_AUTH_SOCK + fi + +It reads the data out of the file and exports the variables. If you +don't use Secure Shell, you don't need the last two export statements. + +You should always add the following lines to your `.bashrc' or whatever +initialization file is used for all shell invocations: + + GPG_TTY=$(tty) + export GPG_TTY + +It is important that this environment variable always reflects the +output of the `tty' command. For W32 systems this option is not +required. + + Please make sure that a proper pinentry program has been installed +under the default filename (which is system dependant) or use the +option `pinentry-program' to specify the full name of that program. It +is often useful to install a symbolic link from the actual used +pinentry (e.g. `/usr/bin/pinentry-gtk') to the expected one (e.g. +`/usr/bin/pinentry'). + +*Note Option Index::,for an index to `GPG-AGENT''s commands and options. + +* Menu: + +* Agent Commands:: List of all commands. +* Agent Options:: List of all options. +* Agent Configuration:: Configuration files. +* Agent Signals:: Use of some signals. +* Agent Examples:: Some usage examples. +* Agent Protocol:: The protocol the agent uses. + + +File: gnupg.info, Node: Agent Commands, Next: Agent Options, Up: Invoking GPG-AGENT + +2.1 Commands +============ + +Commands are not distinguished from options except for the fact that +only one command is allowed. + +`--version' + Print the program version and licensing information. Note that + you cannot abbreviate this command. + +`--help' +`-h' + Print a usage message summarizing the most useful command-line + options. Note that you cannot abbreviate this command. + +`--dump-options' + Print a list of all available options and commands. Note that you + cannot abbreviate this command. + +`--server' + Run in server mode and wait for commands on the `stdin'. The + default mode is to create a socket and listen for commands there. + +`--daemon [COMMAND LINE]' + Start the gpg-agent as a daemon; that is, detach it from the + console and run it in the background. Because `gpg-agent' prints + out important information required for further use, a common way of + invoking gpg-agent is: `eval $(gpg-agent --daemon)' to setup the + environment variables. The option `--write-env-file' is another + way commonly used to do this. Yet another way is creating a new + process as a child of gpg-agent: `gpg-agent --daemon /bin/sh'. + This way you get a new shell with the environment setup properly; + if you exit from this shell, gpg-agent terminates as well. + + +File: gnupg.info, Node: Agent Options, Next: Agent Configuration, Prev: Agent Commands, Up: Invoking GPG-AGENT + +2.2 Option Summary +================== + +`--options FILE' + Reads configuration from FILE instead of from the default per-user + configuration file. The default configuration file is named + `gpg-agent.conf' and expected in the `.gnupg' directory directly + below the home directory of the user. + +`--homedir DIR' + Set the name of the home directory to DIR. If this option is not + used, the home directory defaults to `~/.gnupg'. It is only + recognized when given on the command line. It also overrides any + home directory stated through the environment variable `GNUPGHOME' + or (on W32 systems) by means of the Registry entry + HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR. + +`-v' + +`--verbose' + Outputs additional information while running. You can increase + the verbosity by giving several verbose commands to `gpgsm', such + as `-vv'. + +`-q' + +`--quiet' + Try to be as quiet as possible. + +`--batch' + Don't invoke a pinentry or do any other thing requiring human + interaction. + +`--faked-system-time EPOCH' + This option is only useful for testing; it sets the system time + back or forth to EPOCH which is the number of seconds elapsed + since the year 1970. + +`--debug-level LEVEL' + Select the debug level for investigating problems. LEVEL may be a + numeric value or a keyword: + + `none' + No debugging at all. A value of less than 1 may be used + instead of the keyword. + + `basic' + Some basic debug messages. A value between 1 and 2 may be + used instead of the keyword. + + `advanced' + More verbose debug messages. A value between 3 and 5 may be + used instead of the keyword. + + `expert' + Even more detailed messages. A value between 6 and 8 may be + used instead of the keyword. + + `guru' + All of the debug messages you can get. A value greater than 8 + may be used instead of the keyword. The creation of hash + tracing files is only enabled if the keyword is used. + + How these messages are mapped to the actual debugging flags is not + specified and may change with newer releases of this program. They + are however carefully selected to best aid in debugging. + +`--debug FLAGS' + This option is only useful for debugging and the behaviour may + change at any time without notice. FLAGS are bit encoded and may + be given in usual C-Syntax. The currently defined bits are: + + `0 (1)' + X.509 or OpenPGP protocol related data + + `1 (2)' + values of big number integers + + `2 (4)' + low level crypto operations + + `5 (32)' + memory allocation + + `6 (64)' + caching + + `7 (128)' + show memory statistics. + + `9 (512)' + write hashed data to files named `dbgmd-000*' + + `10 (1024)' + trace Assuan protocol + + `12 (4096)' + bypass all certificate validation + +`--debug-all' + Same as `--debug=0xffffffff' + +`--debug-wait N' + When running in server mode, wait N seconds before entering the + actual processing loop and print the pid. This gives time to + attach a debugger. + +`--no-detach' + Don't detach the process from the console. This is mainly useful + for debugging. + +`-s' +`--sh' +`-c' +`--csh' + Format the info output in daemon mode for use with the standard + Bourne shell or the C-shell respectively. The default is to guess + it based on the environment variable `SHELL' which is correct in + almost all cases. + +`--write-env-file FILE' + Often it is required to connect to the agent from a process not + being an inferior of `gpg-agent' and thus the environment variable + with the socket name is not available. To help setting up those + variables in other sessions, this option may be used to write the + information into FILE. If FILE is not specified the default name + `${HOME}/.gpg-agent-info' will be used. The format is suitable to + be evaluated by a Bourne shell like in this simple example: + + eval $(cat FILE) + eval $(cut -d= -f 1 < FILE | xargs echo export) + +`--no-grab' + Tell the pinentry not to grab the keyboard and mouse. This option + should in general not be used to avoid X-sniffing attacks. + +`--log-file FILE' + Append all logging output to FILE. This is very helpful in seeing + what the agent actually does. If neither a log file nor a log file + descriptor has been set on a Windows platform, the Registry entry + `HKCU\Software\GNU\GnuPG:DefaultLogFile', if set, is used to + specify the logging output. + +`--allow-mark-trusted' + Allow clients to mark keys as trusted, i.e. put them into the + `trustlist.txt' file. This is by default not allowed to make it + harder for users to inadvertently accept Root-CA keys. + +`--ignore-cache-for-signing' + This option will let `gpg-agent' bypass the passphrase cache for + all signing operation. Note that there is also a per-session + option to control this behaviour but this command line option + takes precedence. + +`--default-cache-ttl N' + Set the time a cache entry is valid to N seconds. The default is + 600 seconds. + +`--default-cache-ttl-ssh N' + Set the time a cache entry used for SSH keys is valid to N + seconds. The default is 1800 seconds. + +`--max-cache-ttl N' + Set the maximum time a cache entry is valid to N seconds. After + this time a cache entry will be expired even if it has been + accessed recently. The default is 2 hours (7200 seconds). + +`--max-cache-ttl-ssh N' + Set the maximum time a cache entry used for SSH keys is valid to N + seconds. After this time a cache entry will be expired even if it + has been accessed recently. The default is 2 hours (7200 seconds). + +`--enforce-passphrase-constraints' + Enforce the passphrase constraints by not allowing the user to + bypass them using the "Take it anyway" button. + +`--min-passphrase-len N' + Set the minimal length of a passphrase. When entering a new + passphrase shorter than this value a warning will be displayed. + Defaults to 8. + +`--min-passphrase-nonalpha N' + Set the minimal number of digits or special characters required in + a passphrase. When entering a new passphrase with less than this + number of digits or special characters a warning will be + displayed. Defaults to 1. + +`--check-passphrase-pattern FILE' + Check the passphrase against the pattern given in FILE. When + entering a new passphrase matching one of these pattern a warning + will be displayed. FILE should be an absolute filename. The + default is not to use any pattern file. + + Security note: It is known that checking a passphrase against a + list of pattern or even against a complete dictionary is not very + effective to enforce good passphrases. Users will soon figure up + ways to bypass such a policy. A better policy is to educate users + on good security behavior and optionally to run a passphrase + cracker regularly on all users passphrases to catch the very + simple ones. + +`--max-passphrase-days N' + Ask the user to change the passphrase if N days have passed since + the last change. With `--enforce-passphrase-constraints' set the + user may not bypass this check. + +`--enable-passphrase-history' + This option does nothing yet. + +`--pinentry-program FILENAME' + Use program FILENAME as the PIN entry. The default is installation + dependent. + +`--pinentry-touch-file FILENAME' + By default the filename of the socket gpg-agent is listening for + requests is passed to Pinentry, so that it can touch that file + before exiting (it does this only in curses mode). This option + changes the file passed to Pinentry to FILENAME. The special name + `/dev/null' may be used to completely disable this feature. Note + that Pinentry will not create that file, it will only change the + modification and access time. + +`--scdaemon-program FILENAME' + Use program FILENAME as the Smartcard daemon. The default is + installation dependent and can be shown with the `gpgconf' command. + +`--disable-scdaemon' + Do not make use of the scdaemon tool. This option has the effect + of disabling the ability to do smartcard operations. Note, that + enabling this option at runtime does not kill an already forked + scdaemon. + +`--use-standard-socket' +`--no-use-standard-socket' + By enabling this option `gpg-agent' will listen on the socket + named `S.gpg-agent', located in the home directory, and not create + a random socket below a temporary directory. Tools connecting to + `gpg-agent' should first try to connect to the socket given in + environment variable GPG_AGENT_INFO and then fall back to this + socket. This option may not be used if the home directory is + mounted on a remote file system which does not support special + files like fifos or sockets. Note, that `--use-standard-socket' + is the default on Windows systems. The default may be changed at + build time. It is possible to test at runtime whether the agent + has been configured for use with the standard socket by issuing + the command `gpg-agent --use-standard-socket-p' which returns + success if the standard socket option has been enabled. + +`--display STRING' +`--ttyname STRING' +`--ttytype STRING' +`--lc-ctype STRING' +`--lc-messages STRING' +`--xauthority STRING' + These options are used with the server mode to pass localization + information. + +`--keep-tty' +`--keep-display' + Ignore requests to change the current `tty' or X window system's + `DISPLAY' variable respectively. This is useful to lock the + pinentry to pop up at the `tty' or display you started the agent. + +`--enable-ssh-support' + Enable the OpenSSH Agent protocol. + + In this mode of operation, the agent does not only implement the + gpg-agent protocol, but also the agent protocol used by OpenSSH + (through a separate socket). Consequently, it should be possible + to use the gpg-agent as a drop-in replacement for the well known + ssh-agent. + + SSH Keys, which are to be used through the agent, need to be added + to the gpg-agent initially through the ssh-add utility. When a + key is added, ssh-add will ask for the password of the provided + key file and send the unprotected key material to the agent; this + causes the gpg-agent to ask for a passphrase, which is to be used + for encrypting the newly received key and storing it in a + gpg-agent specific directory. + + Once a key has been added to the gpg-agent this way, the gpg-agent + will be ready to use the key. + + Note: in case the gpg-agent receives a signature request, the user + might need to be prompted for a passphrase, which is necessary for + decrypting the stored key. Since the ssh-agent protocol does not + contain a mechanism for telling the agent on which + display/terminal it is running, gpg-agent's ssh-support will use + the TTY or X display where gpg-agent has been started. To switch + this display to the current one, the following command may be used: + + gpg-connect-agent updatestartuptty /bye + + Although all GnuPG components try to start the gpg-agent as + needed, this is not possible for the ssh support because ssh does + not know about it. Thus if no GnuPG tool which accesses the agent + has been run, there is no guarantee that ssh is abale to use + gpg-agent for authentication. To fix this you may start gpg-agent + if needed using this simple command: + + gpg-connect-agent /bye + + Adding the `--verbose' shows the progress of starting the agent. + + + All the long options may also be given in the configuration file +after stripping off the two leading dashes. + + +File: gnupg.info, Node: Agent Configuration, Next: Agent Signals, Prev: Agent Options, Up: Invoking GPG-AGENT + +2.3 Configuration +================= + +There are a few configuration files needed for the operation of the +agent. By default they may all be found in the current home directory +(*note option --homedir::). + +`gpg-agent.conf' + This is the standard configuration file read by `gpg-agent' on + startup. It may contain any valid long option; the leading two + dashes may not be entered and the option may not be abbreviated. + This file is also read after a `SIGHUP' however only a few + options will actually have an effect. This default name may be + changed on the command line (*note option --options::). You + should backup this file. + +`trustlist.txt' + This is the list of trusted keys. You should backup this file. + + Comment lines, indicated by a leading hash mark, as well as empty + lines are ignored. To mark a key as trusted you need to enter its + fingerprint followed by a space and a capital letter `S'. Colons + may optionally be used to separate the bytes of a fingerprint; + this allows to cut and paste the fingerprint from a key listing + output. If the line is prefixed with a `!' the key is + explicitly marked as not trusted. + + Here is an example where two keys are marked as ultimately trusted + and one as not trusted: + + # CN=Wurzel ZS 3,O=Intevation GmbH,C=DE + A6935DD34EF3087973C706FC311AA2CCF733765B S + + # CN=PCA-1-Verwaltung-02/O=PKI-1-Verwaltung/C=DE + DC:BD:69:25:48:BD:BB:7E:31:6E:BB:80:D3:00:80:35:D4:F8:A6:CD S + + # CN=Root-CA/O=Schlapphuete/L=Pullach/C=DE + !14:56:98:D3:FE:9C:CA:5A:31:6E:BC:81:D3:11:4E:00:90:A3:44:C2 S + + Before entering a key into this file, you need to ensure its + authenticity. How to do this depends on your organisation; your + administrator might have already entered those keys which are + deemed trustworthy enough into this file. Places where to look + for the fingerprint of a root certificate are letters received + from the CA or the website of the CA (after making 100% sure that + this is indeed the website of that CA). You may want to consider + allowing interactive updates of this file by using the *Note + option --allow-mark-trusted::. This is however not as secure as + maintaining this file manually. It is even advisable to change + the permissions to read-only so that this file can't be changed + inadvertently. + + As a special feature a line `include-default' will include a global + list of trusted certificates (e.g. `/etc/gnupg/trustlist.txt'). + This global list is also used if the local list is not available. + + It is possible to add further flags after the `S' for use by the + caller: + + `relax' + Relax checking of some root certificate requirements. As of + now this flag allows the use of root certificates with a + missing basicConstraints attribute (despite that it is a MUST + for CA certificates) and disables CRL checking for the root + certificate. + + `cm' + If validation of a certificate finally issued by a CA with + this flag set fails, try again using the chain validation + model. + + +`sshcontrol' + This file is used when support for the secure shell agent protocol + has been enabled (*note option --enable-ssh-support::). Only keys + present in this file are used in the SSH protocol. You should + backup this file. + + The `ssh-add' tool may be used to add new entries to this file; + you may also add them manually. Comment lines, indicated by a + leading hash mark, as well as empty lines are ignored. An entry + starts with optional whitespace, followed by the keygrip of the + key given as 40 hex digits, optionally followed by the caching TTL + in seconds and another optional field for arbitrary flags. A + non-zero TTL overrides the global default as set by + `--default-cache-ttl-ssh'. + + The only flag support is `confirm'. If this flag is found for a + key, each use of the key will pop up a pinentry to confirm the use + of that key. The flag is automatically set if a new key was + loaded into `gpg-agent' using the option `-c' of the `ssh-add' + command. + + The keygrip may be prefixed with a `!' to disable an entry entry. + + The following example lists exactly one key. Note that keys + available through a OpenPGP smartcard in the active smartcard + reader are implicitly added to this list; i.e. there is no need to + list them. + + # Key added on: 2011-07-20 20:38:46 + # Fingerprint: 5e:8d:c4:ad:e7:af:6e:27:8a:d6:13:e4:79:ad:0b:81 + 34B62F25E277CF13D3C6BCEBFD3F85D08F0A864B 0 confirm + +`private-keys-v1.d/' + This is the directory where gpg-agent stores the private keys. + Each key is stored in a file with the name made up of the + keygrip and the suffix `key'. You should backup all files in + this directory and take great care to keep this backup closed + away. + + + Note that on larger installations, it is useful to put predefined +files into the directory `/etc/skel/.gnupg/' so that newly created +users start up with a working configuration. For existing users the a +small helper script is provided to create these files (*note +addgnupghome::). + + +File: gnupg.info, Node: Agent Signals, Next: Agent Examples, Prev: Agent Configuration, Up: Invoking GPG-AGENT + +2.4 Use of some signals. +======================== + +A running `gpg-agent' may be controlled by signals, i.e. using the +`kill' command to send a signal to the process. + + Here is a list of supported signals: + +`SIGHUP' + This signal flushes all cached passphrases and if the program has + been started with a configuration file, the configuration file is + read again. Only certain options are honored: `quiet', `verbose', + `debug', `debug-all', `debug-level', `no-grab', + `pinentry-program', `default-cache-ttl', `max-cache-ttl', + `ignore-cache-for-signing', `allow-mark-trusted' and + `disable-scdaemon'. `scdaemon-program' is also supported but due + to the current implementation, which calls the scdaemon only once, + it is not of much use unless you manually kill the scdaemon. + +`SIGTERM' + Shuts down the process but waits until all current requests are + fulfilled. If the process has received 3 of these signals and + requests are still pending, a shutdown is forced. + +`SIGINT' + Shuts down the process immediately. + +`SIGUSR1' + Dump internal information to the log file. + +`SIGUSR2' + This signal is used for internal purposes. + + + +File: gnupg.info, Node: Agent Examples, Next: Agent Protocol, Prev: Agent Signals, Up: Invoking GPG-AGENT + +2.5 Examples +============ + +The usual way to invoke `gpg-agent' is + + $ eval $(gpg-agent --daemon) + + An alternative way is by replacing `ssh-agent' with `gpg-agent'. If +for example `ssh-agent' is started as part of the Xsession +initialization, you may simply replace `ssh-agent' by a script like: + + #!/bin/sh + + exec /usr/local/bin/gpg-agent --enable-ssh-support --daemon \ + --write-env-file ${HOME}/.gpg-agent-info "$@" + +and add something like (for Bourne shells) + + if [ -f "${HOME}/.gpg-agent-info" ]; then + . "${HOME}/.gpg-agent-info" + export GPG_AGENT_INFO + export SSH_AUTH_SOCK + fi + +to your shell initialization file (e.g. `~/.bashrc'). + + +File: gnupg.info, Node: Agent Protocol, Prev: Agent Examples, Up: Invoking GPG-AGENT + +2.6 Agent's Assuan Protocol +=========================== + +Note: this section does only document the protocol, which is used by +GnuPG components; it does not deal with the ssh-agent protocol. + + The `gpg-agent' should be started by the login shell and set an +environment variable to tell clients about the socket to be used. +Clients should deny to access an agent with a socket name which does +not match its own configuration. An application may choose to start an +instance of the gpgagent if it does not figure that any has been +started; it should not do this if a gpgagent is running but not usable. +Because `gpg-agent' can only be used in background mode, no special +command line option is required to activate the use of the protocol. + + To identify a key we use a thing called keygrip which is the SHA-1 +hash of an canonical encoded S-Expression of the public key as used in +Libgcrypt. For the purpose of this interface the keygrip is given as a +hex string. The advantage of using this and not the hash of a +certificate is that it will be possible to use the same keypair for +different protocols, thereby saving space on the token used to keep the +secret keys. + +* Menu: + +* Agent PKDECRYPT:: Decrypting a session key +* Agent PKSIGN:: Signing a Hash +* Agent GENKEY:: Generating a Key +* Agent IMPORT:: Importing a Secret Key +* Agent EXPORT:: Exporting a Secret Key +* Agent ISTRUSTED:: Importing a Root Certificate +* Agent GET_PASSPHRASE:: Ask for a passphrase +* Agent GET_CONFIRMATION:: Ask for confirmation +* Agent HAVEKEY:: Check whether a key is available +* Agent LEARN:: Register a smartcard +* Agent PASSWD:: Change a Passphrase +* Agent UPDATESTARTUPTTY:: Change the Standard Display +* Agent GETEVENTCOUNTER:: Get the Event Counters +* Agent GETINFO:: Return information about the process +* Agent OPTION:: Set options for the session + + +File: gnupg.info, Node: Agent PKDECRYPT, Next: Agent PKSIGN, Up: Agent Protocol + +2.6.1 Decrypting a session key +------------------------------ + +The client asks the server to decrypt a session key. The encrypted +session key should have all information needed to select the +appropriate secret key or to delegate it to a smartcard. + + SETKEY <keyGrip> + + Tell the server about the key to be used for decryption. If this is +not used, `gpg-agent' may try to figure out the key by trying to +decrypt the message with each key available. + + PKDECRYPT + + The agent checks whether this command is allowed and then does an +INQUIRY to get the ciphertext the client should then send the cipher +text. + + S: INQUIRE CIPHERTEXT + C: D (xxxxxx + C: D xxxx) + C: END + + Please note that the server may send status info lines while reading +the data lines from the client. The data send is a SPKI like S-Exp with +this structure: + + (enc-val + (<algo> + (<param_name1> <mpi>) + ... + (<param_namen> <mpi>))) + + Where algo is a string with the name of the algorithm; see the +libgcrypt documentation for a list of valid algorithms. The number and +names of the parameters depend on the algorithm. The agent does return +an error if there is an inconsistency. + + If the decryption was successful the decrypted data is returned by +means of "D" lines. + + Here is an example session: + + C: PKDECRYPT + S: INQUIRE CIPHERTEXT + C: D (enc-val elg (a 349324324) + C: D (b 3F444677CA))) + C: END + S: # session key follows + S: D (value 1234567890ABCDEF0) + S: OK descryption successful + + +File: gnupg.info, Node: Agent PKSIGN, Next: Agent GENKEY, Prev: Agent PKDECRYPT, Up: Agent Protocol + +2.6.2 Signing a Hash +-------------------- + +The client ask the agent to sign a given hash value. A default key +will be chosen if no key has been set. To set a key a client first +uses: + + SIGKEY <keyGrip> + + This can be used multiple times to create multiple signature, the +list of keys is reset with the next PKSIGN command or a RESET. The +server test whether the key is a valid key to sign something and +responds with okay. + + SETHASH --hash=<name>|<algo> <hexstring> + + The client can use this command to tell the server about the data +<hexstring> (which usually is a hash) to be signed. <algo> is the +decimal encoded hash algorithm number as used by Libgcrypt. Either +<algo> or -hash=<name> must be given. Valid names for <name> are: + +`sha1' + +`sha256' + +`rmd160' + +`md5' + +`tls-md5sha1' + +The actual signing is done using + + PKSIGN <options> + + Options are not yet defined, but my later be used to choose among +different algorithms. The agent does then some checks, asks for the +passphrase and as a result the server returns the signature as an SPKI +like S-expression in "D" lines: + + (sig-val + (<algo> + (<param_name1> <mpi>) + ... + (<param_namen> <mpi>))) + + The operation is affected by the option + + OPTION use-cache-for-signing=0|1 + + The default of `1' uses the cache. Setting this option to `0' will +lead `gpg-agent' to ignore the passphrase cache. Note, that there is +also a global command line option for `gpg-agent' to globally disable +the caching. + + Here is an example session: + + C: SIGKEY <keyGrip> + S: OK key available + C: SIGKEY <keyGrip> + S: OK key available + C: PKSIGN + S: # I did ask the user whether he really wants to sign + S: # I did ask the user for the passphrase + S: INQUIRE HASHVAL + C: D ABCDEF012345678901234 + C: END + S: # signature follows + S: D (sig-val rsa (s 45435453654612121212)) + S: OK + + +File: gnupg.info, Node: Agent GENKEY, Next: Agent IMPORT, Prev: Agent PKSIGN, Up: Agent Protocol + +2.6.3 Generating a Key +---------------------- + +This is used to create a new keypair and store the secret key inside the +active PSE -- which is in most cases a Soft-PSE. An not yet defined +option allows to choose the storage location. To get the secret key out +of the PSE, a special export tool has to be used. + + GENKEY + + Invokes the key generation process and the server will then inquire +on the generation parameters, like: + + S: INQUIRE KEYPARM + C: D (genkey (rsa (nbits 1024))) + C: END + + The format of the key parameters which depends on the algorithm is of +the form: + + (genkey + (algo + (parameter_name_1 ....) + .... + (parameter_name_n ....))) + + If everything succeeds, the server returns the *public key* in a SPKI +like S-Expression like this: + + (public-key + (rsa + (n <mpi>) + (e <mpi>))) + + Here is an example session: + + C: GENKEY + S: INQUIRE KEYPARM + C: D (genkey (rsa (nbits 1024))) + C: END + S: D (public-key + S: D (rsa (n 326487324683264) (e 10001))) + S OK key created + + +File: gnupg.info, Node: Agent IMPORT, Next: Agent EXPORT, Prev: Agent GENKEY, Up: Agent Protocol + +2.6.4 Importing a Secret Key +---------------------------- + +This operation is not yet supported by GpgAgent. Specialized tools are +to be used for this. + + There is no actual need because we can expect that secret keys +created by a 3rd party are stored on a smartcard. If we have generated +the key ourself, we do not need to import it. + + +File: gnupg.info, Node: Agent EXPORT, Next: Agent ISTRUSTED, Prev: Agent IMPORT, Up: Agent Protocol + +2.6.5 Export a Secret Key +------------------------- + +Not implemented. + + Should be done by an extra tool. + + +File: gnupg.info, Node: Agent ISTRUSTED, Next: Agent GET_PASSPHRASE, Prev: Agent EXPORT, Up: Agent Protocol + +2.6.6 Importing a Root Certificate +---------------------------------- + +Actually we do not import a Root Cert but provide a way to validate any +piece of data by storing its Hash along with a description and an +identifier in the PSE. Here is the interface description: + + ISTRUSTED <fingerprint> + + Check whether the OpenPGP primary key or the X.509 certificate with +the given fingerprint is an ultimately trusted key or a trusted Root CA +certificate. The fingerprint should be given as a hexstring (without +any blanks or colons or whatever in between) and may be left padded with +00 in case of an MD5 fingerprint. GPGAgent will answer with: + + OK + + The key is in the table of trusted keys. + + ERR 304 (Not Trusted) + + The key is not in this table. + + Gpg needs the entire list of trusted keys to maintain the web of +trust; the following command is therefore quite helpful: + + LISTTRUSTED + + GpgAgent returns a list of trusted keys line by line: + + S: D 000000001234454556565656677878AF2F1ECCFF P + S: D 340387563485634856435645634856438576457A P + S: D FEDC6532453745367FD83474357495743757435D S + S: OK + + The first item on a line is the hexified fingerprint where MD5 +fingerprints are `00' padded to the left and the second item is a flag +to indicate the type of key (so that gpg is able to only take care of +PGP keys). P = OpenPGP, S = S/MIME. A client should ignore the rest +of the line, so that we can extend the format in the future. + + Finally a client should be able to mark a key as trusted: + + MARKTRUSTED FINGERPRINT "P"|"S" + + The server will then pop up a window to ask the user whether she +really trusts this key. For this it will probably ask for a text to be +displayed like this: + + S: INQUIRE TRUSTDESC + C: D Do you trust the key with the fingerprint @FPR@ + C: D bla fasel blurb. + C: END + S: OK + + Known sequences with the pattern @foo@ are replaced according to this +table: + +`@FPR16@' + Format the fingerprint according to gpg rules for a v3 keys. + +`@FPR20@' + Format the fingerprint according to gpg rules for a v4 keys. + +`@FPR@' + Choose an appropriate format to format the fingerprint. + +`@@' + Replaced by a single `@' + + +File: gnupg.info, Node: Agent GET_PASSPHRASE, Next: Agent GET_CONFIRMATION, Prev: Agent ISTRUSTED, Up: Agent Protocol + +2.6.7 Ask for a passphrase +-------------------------- + +This function is usually used to ask for a passphrase to be used for +conventional encryption, but may also be used by programs which need +special handling of passphrases. This command uses a syntax which helps +clients to use the agent with minimum effort. + + GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]] [--qualitybar] CACHE_ID [ERROR_MESSAGE PROMPT DESCRIPTION] + + CACHE_ID is expected to be a string used to identify a cached +passphrase. Use a `X' to bypass the cache. With no other arguments +the agent returns a cached passphrase or an error. By convention +either the hexified fingerprint of the key shall be used for CACHE_ID +or an arbitrary string prefixed with the name of the calling +application and a colon: Like `gpg:somestring'. + + ERROR_MESSAGE is either a single `X' for no error message or a +string to be shown as an error message like (e.g. "invalid +passphrase"). Blanks must be percent escaped or replaced by `+''. + + PROMPT is either a single `X' for a default prompt or the text to be +shown as the prompt. Blanks must be percent escaped or replaced by `+'. + + DESCRIPTION is a text shown above the entry field. Blanks must be +percent escaped or replaced by `+'. + + The agent either returns with an error or with a OK followed by the +hex encoded passphrase. Note that the length of the strings is +implicitly limited by the maximum length of a command. If the option +`--data' is used, the passphrase is not returned on the OK line but by +regular data lines; this is the preferred method. + + If the option `--check' is used, the standard passphrase constraints +checks are applied. A check is not done if the passphrase has been +found in the cache. + + If the option `--no-ask' is used and the passphrase is not in the +cache the user will not be asked to enter a passphrase but the error +code `GPG_ERR_NO_DATA' is returned. + + If the option `--qualitybar' is used and a minimum passphrase length +has been configured, a visual indication of the entered passphrase +quality is shown. + + CLEAR_PASSPHRASE CACHE_ID + + may be used to invalidate the cache entry for a passphrase. The +function returns with OK even when there is no cached passphrase. + + +File: gnupg.info, Node: Agent GET_CONFIRMATION, Next: Agent HAVEKEY, Prev: Agent GET_PASSPHRASE, Up: Agent Protocol + +2.6.8 Ask for confirmation +-------------------------- + +This command may be used to ask for a simple confirmation by presenting +a text and 2 buttons: Okay and Cancel. + + GET_CONFIRMATION DESCRIPTION + + DESCRIPTIONis displayed along with a Okay and Cancel button. Blanks +must be percent escaped or replaced by `+'. A `X' may be used to +display confirmation dialog with a default text. + + The agent either returns with an error or with a OK. Note, that the +length of DESCRIPTION is implicitly limited by the maximum length of a +command. + + +File: gnupg.info, Node: Agent HAVEKEY, Next: Agent LEARN, Prev: Agent GET_CONFIRMATION, Up: Agent Protocol + +2.6.9 Check whether a key is available +-------------------------------------- + +This can be used to see whether a secret key is available. It does not +return any information on whether the key is somehow protected. + + HAVEKEY KEYGRIPS + + The agent answers either with OK or `No_Secret_Key' (208). The +caller may want to check for other error codes as well. More than one +keygrip may be given. In this case the command returns success if at +least one of the keygrips corresponds to an available secret key. + + +File: gnupg.info, Node: Agent LEARN, Next: Agent PASSWD, Prev: Agent HAVEKEY, Up: Agent Protocol + +2.6.10 Register a smartcard +--------------------------- + + LEARN [--send] + + This command is used to register a smartcard. With the -send option +given the certificates are send back. + + +File: gnupg.info, Node: Agent PASSWD, Next: Agent UPDATESTARTUPTTY, Prev: Agent LEARN, Up: Agent Protocol + +2.6.11 Change a Passphrase +-------------------------- + + PASSWD KEYGRIP + + This command is used to interactively change the passphrase of the +key identified by the hex string KEYGRIP. + + +File: gnupg.info, Node: Agent UPDATESTARTUPTTY, Next: Agent GETEVENTCOUNTER, Prev: Agent PASSWD, Up: Agent Protocol + +2.6.12 Change the standard display +---------------------------------- + + UPDATESTARTUPTTY + + Set the startup TTY and X-DISPLAY variables to the values of this +session. This command is useful to direct future pinentry invocations +to another screen. It is only required because there is no way in the +ssh-agent protocol to convey this information. + + +File: gnupg.info, Node: Agent GETEVENTCOUNTER, Next: Agent GETINFO, Prev: Agent UPDATESTARTUPTTY, Up: Agent Protocol + +2.6.13 Get the Event Counters +----------------------------- + + GETEVENTCOUNTER + + This function return one status line with the current values of the +event counters. The event counters are useful to avoid polling by +delaying a poll until something has changed. The values are decimal +numbers in the range `0' to `UINT_MAX' and wrapping around to 0. The +actual values should not be relied upon; they shall only be used to +detect a change. + + The currently defined counters are are: +`ANY' + Incremented with any change of any of the other counters. + +`KEY' + Incremented for added or removed private keys. + +`CARD' + Incremented for changes of the card readers stati. + + +File: gnupg.info, Node: Agent GETINFO, Next: Agent OPTION, Prev: Agent GETEVENTCOUNTER, Up: Agent Protocol + +2.6.14 Return information about the process +------------------------------------------- + +This is a multipurpose function to return a variety of information. + + GETINFO WHAT + + The value of WHAT specifies the kind of information returned: +`version' + Return the version of the program. + +`pid' + Return the process id of the process. + +`socket_name' + Return the name of the socket used to connect the agent. + +`ssh_socket_name' + Return the name of the socket used for SSH connections. If SSH + support has not been enabled the error `GPG_ERR_NO_DATA' will be + returned. + + +File: gnupg.info, Node: Agent OPTION, Prev: Agent GETINFO, Up: Agent Protocol + +2.6.15 Set options for the session +---------------------------------- + +Here is a list of session options which are not yet described with +other commands. The general syntax for an Assuan option is: + + OPTION KEY=VALUE + +Supported KEYs are: + +`agent-awareness' + This may be used to tell gpg-agent of which gpg-agent version the + client is aware of. gpg-agent uses this information to enable + features which might break older clients. + +`putenv' + Change the session's environment to be used for the Pinentry. + Valid values are: + + `NAME' + Delete envvar NAME + + `NAME=' + Set envvar NAME to the empty string + + `NAME=VALUE' + Set envvar NAME to the string VALUE. + +`use-cache-for-signing' + See Assuan command `PKSIGN'. + +`allow-pinentry-notify' + This does not need any value. It is used to enable the + PINENTRY_LAUNCHED inquiry. + + + +File: gnupg.info, Node: Invoking GPG, Next: Invoking GPGSM, Prev: Invoking GPG-AGENT, Up: Top + +3 Invoking GPG +************** + +`gpg2' is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a +tool to provide digital encryption and signing services using the +OpenPGP standard. `gpg2' features complete key management and all bells +and whistles you can expect from a decent OpenPGP implementation. + + In contrast to the standalone version `gpg', which is more suited +for server and embedded platforms, this version is commonly installed +under the name `gpg2' and more targeted to the desktop as it requires +several other modules to be installed. The standalone version will be +kept maintained and it is possible to install both versions on the same +system. If you need to use different configuration files, you should +make use of something like `gpg.conf-2' instead of just `gpg.conf'. + + Documentation for the old standard `gpg' is available as a man page +and at *note GnuPG 1: (gpg)Top. + + *Note Option Index::, for an index to `gpg2''s commands and options. + +* Menu: + +* GPG Commands:: List of all commands. +* GPG Options:: List of all options. +* GPG Configuration:: Configuration files. +* GPG Examples:: Some usage examples. + +Developer information: +* Unattended Usage of GPG:: Using `gpg' from other programs. + + +File: gnupg.info, Node: GPG Commands, Next: GPG Options, Up: Invoking GPG + +3.1 Commands +============ + +Commands are not distinguished from options except for the fact that +only one command is allowed. + + `gpg2' may be run with no commands, in which case it will perform a +reasonable action depending on the type of file it is given as input +(an encrypted message is decrypted, a signature is verified, a file +containing keys is listed). + + Please remember that option as well as command parsing stops as soon +as a non-option is encountered, you can explicitly stop parsing by +using the special option `--'. + +* Menu: + +* General GPG Commands:: Commands not specific to the functionality. +* Operational GPG Commands:: Commands to select the type of operation. +* OpenPGP Key Management:: How to manage your keys. + + +File: gnupg.info, Node: General GPG Commands, Next: Operational GPG Commands, Up: GPG Commands + +3.1.1 Commands not specific to the function +------------------------------------------- + +`--version' + Print the program version and licensing information. Note that you + cannot abbreviate this command. + +`--help' +`-h' + Print a usage message summarizing the most useful command line + options. Note that you cannot abbreviate this command. + +`--warranty' + Print warranty information. + +`--dump-options' + Print a list of all available options and commands. Note that you + cannot abbreviate this command. + + +File: gnupg.info, Node: Operational GPG Commands, Next: OpenPGP Key Management, Prev: General GPG Commands, Up: GPG Commands + +3.1.2 Commands to select the type of operation +---------------------------------------------- + +`--sign' +`-s' + Make a signature. This command may be combined with `--encrypt' + (for a signed and encrypted message), `--symmetric' (for a signed + and symmetrically encrypted message), or `--encrypt' and + `--symmetric' together (for a signed message that may be decrypted + via a secret key or a passphrase). The key to be used for signing + is chosen by default or can be set with the `--local-user' and + `--default-key' options. + +`--clearsign' + Make a clear text signature. The content in a clear text + signature is readable without any special software. OpenPGP + software is only needed to verify the signature. Clear text + signatures may modify end-of-line whitespace for platform + independence and are not intended to be reversible. The key to be + used for signing is chosen by default or can be set with the + `--local-user' and `--default-key' options. + +`--detach-sign' +`-b' + Make a detached signature. + +`--encrypt' +`-e' + Encrypt data. This option may be combined with `--sign' (for a + signed and encrypted message), `--symmetric' (for a message that + may be decrypted via a secret key or a passphrase), or `--sign' + and `--symmetric' together (for a signed message that may be + decrypted via a secret key or a passphrase). + +`--symmetric' +`-c' + Encrypt with a symmetric cipher using a passphrase. The default + symmetric cipher used is CAST5, but may be chosen with the + `--cipher-algo' option. This option may be combined with `--sign' + (for a signed and symmetrically encrypted message), `--encrypt' + (for a message that may be decrypted via a secret key or a + passphrase), or `--sign' and `--encrypt' together (for a signed + message that may be decrypted via a secret key or a passphrase). + +`--store' + Store only (make a simple RFC1991 literal data packet). + +`--decrypt' +`-d' + Decrypt the file given on the command line (or STDIN if no file is + specified) and write it to STDOUT (or the file specified with + `--output'). If the decrypted file is signed, the signature is also + verified. This command differs from the default operation, as it + never writes to the filename which is included in the file and it + rejects files which don't begin with an encrypted message. + +`--verify' + Assume that the first argument is a signed file or a detached + signature and verify it without generating any output. With no + arguments, the signature packet is read from STDIN. If only a + sigfile is given, it may be a complete signature or a detached + signature, in which case the signed stuff is expected in a file + without the ".sig" or ".asc" extension. With more than 1 + argument, the first should be a detached signature and the + remaining files are the signed stuff. To read the signed stuff + from STDIN, use `-' as the second filename. For security reasons + a detached signature cannot read the signed material from STDIN + without denoting it in the above way. + +`--multifile' + This modifies certain other commands to accept multiple files for + processing on the command line or read from STDIN with each + filename on a separate line. This allows for many files to be + processed at once. `--multifile' may currently be used along with + `--verify', `--encrypt', and `--decrypt'. Note that `--multifile + --verify' may not be used with detached signatures. + +`--verify-files' + Identical to `--multifile --verify'. + +`--encrypt-files' + Identical to `--multifile --encrypt'. + +`--decrypt-files' + Identical to `--multifile --decrypt'. + +`--list-keys' +`-k' +`--list-public-keys' + List all keys from the public keyrings, or just the keys given on + the command line. + + Avoid using the output of this command in scripts or other + programs as it is likely to change as GnuPG changes. See + `--with-colons' for a machine-parseable key listing command that + is appropriate for use in scripts and other programs. + +`--list-secret-keys' +`-K' + List all keys from the secret keyrings, or just the ones given on + the command line. A `#' after the letters `sec' means that the + secret key is not usable (for example, if it was created via + `--export-secret-subkeys'). + +`--list-sigs' + Same as `--list-keys', but the signatures are listed too. This + command has the same effect as using `--list-keys' with + `--with-sig-list'. + + For each signature listed, there are several flags in between the + "sig" tag and keyid. These flags give additional information about + each signature. From left to right, they are the numbers 1-3 for + certificate check level (see `--ask-cert-level'), "L" for a local + or non-exportable signature (see `--lsign-key'), "R" for a + nonRevocable signature (see the `--edit-key' command "nrsign"), + "P" for a signature that contains a policy URL (see + `--cert-policy-url'), "N" for a signature that contains a notation + (see `--cert-notation'), "X" for an eXpired signature (see + `--ask-cert-expire'), and the numbers 1-9 or "T" for 10 and above + to indicate trust signature levels (see the `--edit-key' command + "tsign"). + +`--check-sigs' + Same as `--list-sigs', but the signatures are verified. Note that + for performance reasons the revocation status of a signing key is + not shown. This command has the same effect as using + `--list-keys' with `--with-sig-check'. + + The status of the verification is indicated by a flag directly + following the "sig" tag (and thus before the flags described above + for `--list-sigs'). A "!" indicates that the signature has been + successfully verified, a "-" denotes a bad signature and a "%" is + used if an error occurred while checking the signature (e.g. a non + supported algorithm). + +`--locate-keys' + Locate the keys given as arguments. This command basically uses + the same algorithm as used when locating keys for encryption or + signing and may thus be used to see what keys `gpg2' might use. In + particular external methods as defined by `--auto-key-locate' may + be used to locate a key. Only public keys are listed. + +`--fingerprint' + List all keys (or the specified ones) along with their + fingerprints. This is the same output as `--list-keys' but with + the additional output of a line with the fingerprint. May also be + combined with `--list-sigs' or `--check-sigs'. If this command is + given twice, the fingerprints of all secondary keys are listed too. + +`--list-packets' + List only the sequence of packets. This is mainly useful for + debugging. + +`--card-edit' + Present a menu to work with a smartcard. The subcommand "help" + provides an overview on available commands. For a detailed + description, please see the Card HOWTO at + http://www.gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO . + +`--card-status' + Show the content of the smart card. + +`--change-pin' + Present a menu to allow changing the PIN of a smartcard. This + functionality is also available as the subcommand "passwd" with the + `--card-edit' command. + +`--delete-key `name'' + Remove key from the public keyring. In batch mode either `--yes' is + required or the key must be specified by fingerprint. This is a + safeguard against accidental deletion of multiple keys. + +`--delete-secret-key `name'' + Remove key from the secret and public keyring. In batch mode the + key must be specified by fingerprint. + +`--delete-secret-and-public-key `name'' + Same as `--delete-key', but if a secret key exists, it will be + removed first. In batch mode the key must be specified by + fingerprint. + +`--export' + Either export all keys from all keyrings (default keyrings and + those registered via option `--keyring'), or if at least one name + is given, those of the given name. The new keyring is written to + STDOUT or to the file given with option `--output'. Use together + with `--armor' to mail those keys. + +`--send-keys `key IDs'' + Similar to `--export' but sends the keys to a keyserver. + Fingerprints may be used instead of key IDs. Option `--keyserver' + must be used to give the name of this keyserver. Don't send your + complete keyring to a keyserver -- select only those keys which + are new or changed by you. If no key IDs are given, `gpg' does + nothing. + +`--export-secret-keys' +`--export-secret-subkeys' + Same as `--export', but exports the secret keys instead. This is + normally not very useful and a security risk. The second form of + the command has the special property to render the secret part of + the primary key useless; this is a GNU extension to OpenPGP and + other implementations can not be expected to successfully import + such a key. See the option `--simple-sk-checksum' if you want to + import such an exported key with an older OpenPGP implementation. + +`--import' +`--fast-import' + Import/merge keys. This adds the given keys to the keyring. The + fast version is currently just a synonym. + + There are a few other options which control how this command works. + Most notable here is the `--import-options merge-only' option + which does not insert new keys but does only the merging of new + signatures, user-IDs and subkeys. + +`--recv-keys `key IDs'' + Import the keys with the given key IDs from a keyserver. Option + `--keyserver' must be used to give the name of this keyserver. + +`--refresh-keys' + Request updates from a keyserver for keys that already exist on the + local keyring. This is useful for updating a key with the latest + signatures, user IDs, etc. Calling this with no arguments will + refresh the entire keyring. Option `--keyserver' must be used to + give the name of the keyserver for all keys that do not have + preferred keyservers set (see `--keyserver-options + honor-keyserver-url'). + +`--search-keys `names'' + Search the keyserver for the given names. Multiple names given + here will be joined together to create the search string for the + keyserver. Option `--keyserver' must be used to give the name of + this keyserver. Keyservers that support different search methods + allow using the syntax specified in "How to specify a user ID" + below. Note that different keyserver types support different + search methods. Currently only LDAP supports them all. + +`--fetch-keys `URIs'' + Retrieve keys located at the specified URIs. Note that different + installations of GnuPG may support different protocols (HTTP, FTP, + LDAP, etc.) + +`--update-trustdb' + Do trust database maintenance. This command iterates over all keys + and builds the Web of Trust. This is an interactive command + because it may have to ask for the "ownertrust" values for keys. + The user has to give an estimation of how far she trusts the owner + of the displayed key to correctly certify (sign) other keys. GnuPG + only asks for the ownertrust value if it has not yet been assigned + to a key. Using the `--edit-key' menu, the assigned value can be + changed at any time. + +`--check-trustdb' + Do trust database maintenance without user interaction. From time + to time the trust database must be updated so that expired keys or + signatures and the resulting changes in the Web of Trust can be + tracked. Normally, GnuPG will calculate when this is required and + do it automatically unless `--no-auto-check-trustdb' is set. This + command can be used to force a trust database check at any time. + The processing is identical to that of `--update-trustdb' but it + skips keys with a not yet defined "ownertrust". + + For use with cron jobs, this command can be used together with + `--batch' in which case the trust database check is done only if a + check is needed. To force a run even in batch mode add the option + `--yes'. + +`--export-ownertrust' + Send the ownertrust values to STDOUT. This is useful for backup + purposes as these values are the only ones which can't be + re-created from a corrupted trustdb. Example: + gpg2 --export-ownertrust > otrust.txt + +`--import-ownertrust' + Update the trustdb with the ownertrust values stored in `files' (or + STDIN if not given); existing values will be overwritten. In case + of a severely damaged trustdb and if you have a recent backup of + the ownertrust values (e.g. in the file `otrust.txt', you may + re-create the trustdb using these commands: + cd ~/.gnupg + rm trustdb.gpg + gpg2 --import-ownertrust < otrust.txt + +`--rebuild-keydb-caches' + When updating from version 1.0.6 to 1.0.7 this command should be + used to create signature caches in the keyring. It might be handy + in other situations too. + +`--print-md `algo'' +`--print-mds' + Print message digest of algorithm ALGO for all given files or + STDIN. With the second form (or a deprecated "*" as algo) digests + for all available algorithms are printed. + +`--gen-random `0|1|2' `count'' + Emit COUNT random bytes of the given quality level 0, 1 or 2. If + COUNT is not given or zero, an endless sequence of random bytes + will be emitted. If used with `--armor' the output will be base64 + encoded. PLEASE, don't use this command unless you know what you + are doing; it may remove precious entropy from the system! + +`--gen-prime `mode' `bits'' + Use the source, Luke :-). The output format is still subject to + change. + +`--enarmor' + +`--dearmor' + Pack or unpack an arbitrary input into/from an OpenPGP ASCII armor. + This is a GnuPG extension to OpenPGP and in general not very + useful. + + + +File: gnupg.info, Node: OpenPGP Key Management, Prev: Operational GPG Commands, Up: GPG Commands + +3.1.3 How to manage your keys +----------------------------- + +This section explains the main commands for key management + +`--gen-key' + Generate a new key pair. This command is normally only used + interactively. + + There is an experimental feature which allows you to create keys in + batch mode. See the file `doc/DETAILS' in the source distribution + on how to use this. + +`--gen-revoke `name'' + Generate a revocation certificate for the complete key. To revoke + a subkey or a signature, use the `--edit' command. + +`--desig-revoke `name'' + Generate a designated revocation certificate for a key. This + allows a user (with the permission of the keyholder) to revoke + someone else's key. + +`--edit-key' + Present a menu which enables you to do most of the key management + related tasks. It expects the specification of a key on the + command line. + + uid `n' + Toggle selection of user ID or photographic user ID with + index `n'. Use `*' to select all and `0' to deselect all. + + key `n' + Toggle selection of subkey with index `n'. Use `*' to + select all and `0' to deselect all. + + sign + Make a signature on key of user `name' If the key is not yet + signed by the default user (or the users given with -u), the + program displays the information of the key again, together + with its fingerprint and asks whether it should be signed. + This question is repeated for all users specified with -u. + + lsign + Same as "sign" but the signature is marked as non-exportable + and will therefore never be used by others. This may be + used to make keys valid only in the local environment. + + nrsign + Same as "sign" but the signature is marked as non-revocable + and can therefore never be revoked. + + tsign + Make a trust signature. This is a signature that combines the + notions of certification (like a regular signature), and + trust (like the "trust" command). It is generally only + useful in distinct communities or groups. + + Note that "l" (for local / non-exportable), "nr" (for + non-revocable, and "t" (for trust) may be freely mixed and + prefixed to "sign" to create a signature of any type desired. + + delsig + Delete a signature. Note that it is not possible to retract a + signature, once it has been send to the public (i.e. to a + keyserver). In that case you better use `revsig'. + + revsig + Revoke a signature. For every signature which has been + generated by one of the secret keys, GnuPG asks whether a + revocation certificate should be generated. + + check + Check the signatures on all selected user IDs. + + adduid + Create an additional user ID. + + addphoto + Create a photographic user ID. This will prompt for a JPEG + file that will be embedded into the user ID. Note that a + very large JPEG will make for a very large key. Also note + that some programs will display your JPEG unchanged + (GnuPG), and some programs will scale it to fit in a dialog + box (PGP). + + showphoto + Display the selected photographic user ID. + + deluid + Delete a user ID or photographic user ID. Note that it is not + possible to retract a user id, once it has been send to the + public (i.e. to a keyserver). In that case you better use + `revuid'. + + revuid + Revoke a user ID or photographic user ID. + + primary + Flag the current user id as the primary one, removes the + primary user id flag from all other user ids and sets the + timestamp of all affected self-signatures one second ahead. + Note that setting a photo user ID as primary makes it + primary over other photo user IDs, and setting a regular + user ID as primary makes it primary over other regular user + IDs. + + keyserver + Set a preferred keyserver for the specified user ID(s). This + allows other users to know where you prefer they get your + key from. See `--keyserver-options honor-keyserver-url' for + more on how this works. Setting a value of "none" removes + an existing preferred keyserver. + + notation + Set a name=value notation for the specified user ID(s). See + `--cert-notation' for more on how this works. Setting a value + of "none" removes all notations, setting a notation + prefixed with a minus sign (-) removes that notation, and + setting a notation name (without the =value) prefixed with + a minus sign removes all notations with that name. + + pref + List preferences from the selected user ID. This shows the + actual preferences, without including any implied + preferences. + + showpref + More verbose preferences listing for the selected user ID. + This shows the preferences in effect by including the + implied preferences of 3DES (cipher), SHA-1 (digest), and + Uncompressed (compression) if they are not already included + in the preference list. In addition, the preferred + keyserver and signature notations (if any) are shown. + + setpref `string' + Set the list of user ID preferences to `string' for all (or + just the selected) user IDs. Calling setpref with no + arguments sets the preference list to the default (either + built-in or set via `--default-preference-list'), and + calling setpref with "none" as the argument sets an empty + preference list. Use `gpg2 --version' to get a list of + available algorithms. Note that while you can change the + preferences on an attribute user ID (aka "photo ID"), GnuPG + does not select keys via attribute user IDs so these + preferences will not be used by GnuPG. + + When setting preferences, you should list the algorithms in + the order which you'd like to see them used by someone else + when encrypting a message to your key. If you don't + include 3DES, it will be automatically added at the end. + Note that there are many factors that go into choosing an + algorithm (for example, your key may not be the only + recipient), and so the remote OpenPGP application being used + to send to you may or may not follow your exact chosen + order for a given message. It will, however, only choose + an algorithm that is present on the preference list of + every recipient key. See also the INTEROPERABILITY WITH + OTHER OPENPGP PROGRAMS section below. + + addkey + Add a subkey to this key. + + addcardkey + Generate a subkey on a card and add it to this key. + + keytocard + Transfer the selected secret subkey (or the primary key if no + subkey has been selected) to a smartcard. The secret key in + the keyring will be replaced by a stub if the key could be + stored successfully on the card and you use the save + command later. Only certain key types may be transferred to + the card. A sub menu allows you to select on what card to + store the key. Note that it is not possible to get that key + back from the card - if the card gets broken your secret + key will be lost unless you have a backup somewhere. + + bkuptocard `file' + Restore the given file to a card. This command may be used to + restore a backup key (as generated during card + initialization) to a new card. In almost all cases this + will be the encryption key. You should use this command + only with the corresponding public key and make sure that the + file given as argument is indeed the backup to restore. You + should then select 2 to restore as encryption key. You + will first be asked to enter the passphrase of the backup + key and then for the Admin PIN of the card. + + delkey + Remove a subkey (secondart key). Note that it is not possible + to retract a subkey, once it has been send to the public + (i.e. to a keyserver). In that case you better use + `revkey'. + + revkey + Revoke a subkey. + + expire + Change the key or subkey expiration time. If a subkey is + selected, the expiration time of this subkey will be + changed. With no selection, the key expiration of the + primary key is changed. + + trust + Change the owner trust value for the key. This updates the + trust-db immediately and no save is required. + + disable + enable + Disable or enable an entire key. A disabled key can not + normally be used for encryption. + + addrevoker + Add a designated revoker to the key. This takes one optional + argument: "sensitive". If a designated revoker is marked as + sensitive, it will not be exported by default (see + export-options). + + passwd + Change the passphrase of the secret key. + + toggle + Toggle between public and secret key listing. + + clean + Compact (by removing all signatures except the selfsig) any + user ID that is no longer usable (e.g. revoked, or + expired). Then, remove any signatures that are not usable + by the trust calculations. Specifically, this removes any + signature that does not validate, any signature that is + superseded by a later signature, revoked signatures, and + signatures issued by keys that are not present on the keyring. + + minimize + Make the key as small as possible. This removes all + signatures from each user ID except for the most recent + self-signature. + + cross-certify + Add cross-certification signatures to signing subkeys that + may not currently have them. Cross-certification signatures + protect against a subtle attack against signing subkeys. See + `--require-cross-certification'. All new keys generated have + this signature by default, so this option is only useful to + bring older keys up to date. + + save + Save all changes to the key rings and quit. + + quit + Quit the program without updating the key rings. + + The listing shows you the key with its secondary keys and all user + ids. The primary user id is indicated by a dot, and selected keys + or user ids are indicated by an asterisk. The trust value is + displayed with the primary key: the first is the assigned owner + trust and the second is the calculated trust value. Letters are + used for the values: + + - + No ownertrust assigned / not yet calculated. + + e + Trust calculation has failed; probably due to an expired + key. + + q + Not enough information for calculation. + + n + Never trust this key. + + m + Marginally trusted. + + f + Fully trusted. + + u + Ultimately trusted. + + +`--sign-key `name'' + Signs a public key with your secret key. This is a shortcut + version of the subcommand "sign" from `--edit'. + +`--lsign-key `name'' + Signs a public key with your secret key but marks it as + non-exportable. This is a shortcut version of the subcommand + "lsign" from `--edit-key'. + +`--passwd USER_ID' + Change the passphrase of the secret key belonging to the + certificate specified as USER_ID. This is a shortcut for the + sub-command `passwd' of the edit key menu. + + + +File: gnupg.info, Node: GPG Options, Next: GPG Configuration, Prev: GPG Commands, Up: Invoking GPG + +3.2 Option Summary +================== + +`gpg2' features a bunch of options to control the exact behaviour and +to change the default configuration. + +* Menu: + +* GPG Configuration Options:: How to change the configuration. +* GPG Key related Options:: Key related options. +* GPG Input and Output:: Input and Output. +* OpenPGP Options:: OpenPGP protocol specific options. +* GPG Esoteric Options:: Doing things one usually don't want to do. + + Long options can be put in an options file (default +"~/.gnupg/gpg.conf"). Short option names will not work - for example, +"armor" is a valid option for the options file, while "a" is not. Do not +write the 2 dashes, but simply the name of the option and any required +arguments. Lines with a hash ('#') as the first non-white-space +character are ignored. Commands may be put in this file too, but that is +not generally useful as the command will execute automatically with +every execution of gpg. + + Please remember that option parsing stops as soon as a non-option is +encountered, you can explicitly stop parsing by using the special option +`--'. + + +File: gnupg.info, Node: GPG Configuration Options, Next: GPG Key related Options, Up: GPG Options + +3.2.1 How to change the configuration +------------------------------------- + +These options are used to change the configuration and are usually found +in the option file. + +`--default-key NAME' + Use NAME as the default key to sign with. If this option is not + used, the default key is the first key found in the secret keyring. + Note that `-u' or `--local-user' overrides this option. + +`--default-recipient NAME' + Use NAME as default recipient if option `--recipient' is not used + and don't ask if this is a valid one. NAME must be non-empty. + +`--default-recipient-self' + Use the default key as default recipient if option `--recipient' + is not used and don't ask if this is a valid one. The default key + is the first one from the secret keyring or the one set with + `--default-key'. + +`--no-default-recipient' + Reset `--default-recipient' and `--default-recipient-self'. + +`-v, --verbose' + Give more information during processing. If used twice, the input + data is listed in detail. + +`--no-verbose' + Reset verbose level to 0. + +`-q, --quiet' + Try to be as quiet as possible. + +`--batch' +`--no-batch' + Use batch mode. Never ask, do not allow interactive commands. + `--no-batch' disables this option. Note that even with a filename + given on the command line, gpg might still need to read from STDIN + (in particular if gpg figures that the input is a detached + signature and no data file has been specified). Thus if you do + not want to feed data via STDIN, you should connect STDIN to + `/dev/null'. + +`--no-tty' + Make sure that the TTY (terminal) is never used for any output. + This option is needed in some cases because GnuPG sometimes prints + warnings to the TTY even if `--batch' is used. + +`--yes' + Assume "yes" on most questions. + +`--no' + Assume "no" on most questions. + +`--list-options `parameters'' + This is a space or comma delimited string that gives options used + when listing keys and signatures (that is, `--list-keys', + `--list-sigs', `--list-public-keys', `--list-secret-keys', and the + `--edit-key' functions). Options can be prepended with a `no-' + (after the two dashes) to give the opposite meaning. The options + are: + + show-photos + Causes `--list-keys', `--list-sigs', `--list-public-keys', + and `--list-secret-keys' to display any photo IDs attached + to the key. Defaults to no. See also `--photo-viewer'. + Does not work with `--with-colons': see `--attribute-fd' + for the appropriate way to get photo data for scripts and + other frontends. + + show-policy-urls + Show policy URLs in the `--list-sigs' or `--check-sigs' + listings. Defaults to no. + + show-notations + show-std-notations + show-user-notations + Show all, IETF standard, or user-defined signature notations + in the `--list-sigs' or `--check-sigs' listings. Defaults + to no. + + show-keyserver-urls + Show any preferred keyserver URL in the `--list-sigs' or + `--check-sigs' listings. Defaults to no. + + show-uid-validity + Display the calculated validity of user IDs during key + listings. Defaults to no. + + show-unusable-uids + Show revoked and expired user IDs in key listings. Defaults + to no. + + show-unusable-subkeys + Show revoked and expired subkeys in key listings. Defaults to + no. + + show-keyring + Display the keyring name at the head of key listings to show + which keyring a given key resides on. Defaults to no. + + show-sig-expire + Show signature expiration dates (if any) during `--list-sigs' + or `--check-sigs' listings. Defaults to no. + + show-sig-subpackets + Include signature subpackets in the key listing. This option + can take an optional argument list of the subpackets to + list. If no argument is passed, list all subpackets. + Defaults to no. This option is only meaningful when using + `--with-colons' along with `--list-sigs' or `--check-sigs'. + + +`--verify-options `parameters'' + This is a space or comma delimited string that gives options used + when verifying signatures. Options can be prepended with a `no-' + to give the opposite meaning. The options are: + + show-photos + Display any photo IDs present on the key that issued the + signature. Defaults to no. See also `--photo-viewer'. + + show-policy-urls + Show policy URLs in the signature being verified. Defaults to + no. + + show-notations + show-std-notations + show-user-notations + Show all, IETF standard, or user-defined signature notations + in the signature being verified. Defaults to IETF standard. + + show-keyserver-urls + Show any preferred keyserver URL in the signature being + verified. Defaults to no. + + show-uid-validity + Display the calculated validity of the user IDs on the key + that issued the signature. Defaults to no. + + show-unusable-uids + Show revoked and expired user IDs during signature + verification. Defaults to no. + + show-primary-uid-only + Show only the primary user ID during signature verification. + That is all the AKA lines as well as photo Ids are not + shown with the signature verification status. + + pka-lookups + Enable PKA lookups to verify sender addresses. Note that PKA + is based on DNS, and so enabling this option may disclose + information on when and what signatures are verified or to + whom data is encrypted. This is similar to the "web bug" + described for the auto-key-retrieve feature. + + pka-trust-increase + Raise the trust in a signature to full if the signature + passes PKA validation. This option is only meaningful if + pka-lookups is set. + +`--enable-dsa2' +`--disable-dsa2' + Enable hash truncation for all DSA keys even for old DSA Keys up to + 1024 bit. This is also the default with `--openpgp'. Note that + older versions of GnuPG also required this flag to allow the + generation of DSA larger than 1024 bit. + +`--photo-viewer `string'' + This is the command line that should be run to view a photo ID. + "%i" will be expanded to a filename containing the photo. "%I" + does the same, except the file will not be deleted once the viewer + exits. Other flags are "%k" for the key ID, "%K" for the long key + ID, "%f" for the key fingerprint, "%t" for the extension of the + image type (e.g. "jpg"), "%T" for the MIME type of the image (e.g. + "image/jpeg"), "%v" for the single-character calculated validity + of the image being viewed (e.g. "f"), "%V" for the calculated + validity as a string (e.g. "full"), and "%%" for an actual + percent sign. If neither %i or %I are present, then the photo will + be supplied to the viewer on standard input. + + The default viewer is "xloadimage -fork -quiet -title 'KeyID 0x%k' + STDIN". Note that if your image viewer program is not secure, then + executing it from GnuPG does not make it secure. + +`--exec-path `string'' + Sets a list of directories to search for photo viewers and + keyserver helpers. If not provided, keyserver helpers use the + compiled-in default directory, and photo viewers use the $PATH + environment variable. Note, that on W32 system this value is + ignored when searching for keyserver helpers. + +`--keyring `file'' + Add `file' to the current list of keyrings. If `file' begins with + a tilde and a slash, these are replaced by the $HOME directory. If + the filename does not contain a slash, it is assumed to be in the + GnuPG home directory ("~/.gnupg" if `--homedir' or $GNUPGHOME is + not used). + + Note that this adds a keyring to the current list. If the intent + is to use the specified keyring alone, use `--keyring' along with + `--no-default-keyring'. + +`--secret-keyring `file'' + Same as `--keyring' but for the secret keyrings. + +`--primary-keyring `file'' + Designate `file' as the primary public keyring. This means that + newly imported keys (via `--import' or keyserver `--recv-from') + will go to this keyring. + +`--trustdb-name `file'' + Use `file' instead of the default trustdb. If `file' begins with a + tilde and a slash, these are replaced by the $HOME directory. If + the filename does not contain a slash, it is assumed to be in the + GnuPG home directory (`~/.gnupg' if `--homedir' or $GNUPGHOME is + not used). + +`--homedir DIR' + Set the name of the home directory to DIR. If this option is not + used, the home directory defaults to `~/.gnupg'. It is only + recognized when given on the command line. It also overrides any + home directory stated through the environment variable `GNUPGHOME' + or (on W32 systems) by means of the Registry entry + HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR. + +`--display-charset `name'' + Set the name of the native character set. This is used to convert + some informational strings like user IDs to the proper UTF-8 + encoding. Note that this has nothing to do with the character set + of data to be encrypted or signed; GnuPG does not recode + user-supplied data. If this option is not used, the default + character set is determined from the current locale. A verbosity + level of 3 shows the chosen set. Valid values for `name' are: + + iso-8859-1 + This is the Latin 1 set. + + iso-8859-2 + The Latin 2 set. + + iso-8859-15 + This is currently an alias for the Latin 1 set. + + koi8-r + The usual Russian set (rfc1489). + + utf-8 + Bypass all translations and assume that the OS uses native + UTF-8 encoding. + +`--utf8-strings' +`--no-utf8-strings' + Assume that command line arguments are given as UTF8 strings. The + default (`--no-utf8-strings') is to assume that arguments are + encoded in the character set as specified by `--display-charset'. + These options affect all following arguments. Both options may be + used multiple times. + +`--options `file'' + Read options from `file' and do not try to read them from the + default options file in the homedir (see `--homedir'). This option + is ignored if used in an options file. + +`--no-options' + Shortcut for `--options /dev/null'. This option is detected before + an attempt to open an option file. Using this option will also + prevent the creation of a `~/.gnupg' homedir. + +`-z `n'' +`--compress-level `n'' +`--bzip2-compress-level `n'' + Set compression level to `n' for the ZIP and ZLIB compression + algorithms. The default is to use the default compression level of + zlib (normally 6). `--bzip2-compress-level' sets the compression + level for the BZIP2 compression algorithm (defaulting to 6 as + well). This is a different option from `--compress-level' since + BZIP2 uses a significant amount of memory for each additional + compression level. `-z' sets both. A value of 0 for `n' disables + compression. + +`--bzip2-decompress-lowmem' + Use a different decompression method for BZIP2 compressed files. + This alternate method uses a bit more than half the memory, but + also runs at half the speed. This is useful under extreme low + memory circumstances when the file was originally compressed at a + high `--bzip2-compress-level'. + +`--mangle-dos-filenames' +`--no-mangle-dos-filenames' + Older version of Windows cannot handle filenames with more than one + dot. `--mangle-dos-filenames' causes GnuPG to replace (rather than + add to) the extension of an output filename to avoid this problem. + This option is off by default and has no effect on non-Windows + platforms. + +`--ask-cert-level' +`--no-ask-cert-level' + When making a key signature, prompt for a certification level. If + this option is not specified, the certification level used is set + via `--default-cert-level'. See `--default-cert-level' for + information on the specific levels and how they are used. + `--no-ask-cert-level' disables this option. This option defaults + to no. + +`--default-cert-level `n'' + The default to use for the check level when signing a key. + + 0 means you make no particular claim as to how carefully you + verified the key. + + 1 means you believe the key is owned by the person who claims to + own it but you could not, or did not verify the key at all. This is + useful for a "persona" verification, where you sign the key of a + pseudonymous user. + + 2 means you did casual verification of the key. For example, this + could mean that you verified the key fingerprint and checked the + user ID on the key against a photo ID. + + 3 means you did extensive verification of the key. For example, + this could mean that you verified the key fingerprint with the + owner of the key in person, and that you checked, by means of a + hard to forge document with a photo ID (such as a passport) that + the name of the key owner matches the name in the user ID on the + key, and finally that you verified (by exchange of email) that the + email address on the key belongs to the key owner. + + Note that the examples given above for levels 2 and 3 are just + that: examples. In the end, it is up to you to decide just what + "casual" and "extensive" mean to you. + + This option defaults to 0 (no particular claim). + +`--min-cert-level' + When building the trust database, treat any signatures with a + certification level below this as invalid. Defaults to 2, which + disregards level 1 signatures. Note that level 0 "no particular + claim" signatures are always accepted. + +`--trusted-key `long key ID'' + Assume that the specified key (which must be given as a full 8 + byte key ID) is as trustworthy as one of your own secret keys. + This option is useful if you don't want to keep your secret keys + (or one of them) online but still want to be able to check the + validity of a given recipient's or signator's key. + +`--trust-model `pgp|classic|direct|always|auto'' + Set what trust model GnuPG should follow. The models are: + + pgp + This is the Web of Trust combined with trust signatures as + used in PGP 5.x and later. This is the default trust model + when creating a new trust database. + + classic + This is the standard Web of Trust as used in PGP 2.x and + earlier. + + direct + Key validity is set directly by the user and not calculated + via the Web of Trust. + + always + Skip key validation and assume that used keys are always fully + trusted. You generally won't use this unless you are using + some external validation scheme. This option also + suppresses the "[uncertain]" tag printed with signature + checks when there is no evidence that the user ID is bound + to the key. + + auto + Select the trust model depending on whatever the internal + trust database says. This is the default model if such a + database already exists. + +`--auto-key-locate `parameters'' +`--no-auto-key-locate' + GnuPG can automatically locate and retrieve keys as needed using + this option. This happens when encrypting to an email address (in + the "user@example.com" form), and there are no user@example.com + keys on the local keyring. This option takes any number of the + following mechanisms, in the order they are to be tried: + + cert + Locate a key using DNS CERT, as specified in rfc4398. + + pka + Locate a key using DNS PKA. + + ldap + Using DNS Service Discovery, check the domain in question for + any LDAP keyservers to use. If this fails, attempt to + locate the key using the PGP Universal method of checking + `ldap://keys.(thedomain)'. + + keyserver + Locate a key using whatever keyserver is defined using the + `--keyserver' option. + + keyserver-URL + In addition, a keyserver URL as used in the `--keyserver' + option may be used here to query that particular keyserver. + + local + Locate the key using the local keyrings. This mechanism + allows to select the order a local key lookup is done. + Thus using `--auto-key-locate local' is identical to + `--no-auto-key-locate'. + + nodefault + This flag disables the standard local key lookup, done before + any of the mechanisms defined by the `--auto-key-locate' + are tried. The position of this mechanism in the list does + not matter. It is not required if `local' is also used. + + +`--keyid-format `short|0xshort|long|0xlong'' + Select how to display key IDs. "short" is the traditional + 8-character key ID. "long" is the more accurate (but less + convenient) 16-character key ID. Add an "0x" to either to include + an "0x" at the beginning of the key ID, as in 0x99242560. Note + that this option is ignored if the option -with-colons is used. + +`--keyserver `name'' + Use `name' as your keyserver. This is the server that + `--recv-keys', `--send-keys', and `--search-keys' will communicate + with to receive keys from, send keys to, and search for keys on. + The format of the `name' is a URI: + `scheme:[//]keyservername[:port]' The scheme is the type of + keyserver: "hkp" for the HTTP (or compatible) keyservers, "ldap" + for the LDAP keyservers, or "mailto" for the Graff email + keyserver. Note that your particular installation of GnuPG may + have other keyserver types available as well. Keyserver schemes + are case-insensitive. After the keyserver name, optional keyserver + configuration options may be provided. These are the same as the + global `--keyserver-options' from below, but apply only to this + particular keyserver. + + Most keyservers synchronize with each other, so there is generally + no need to send keys to more than one server. The keyserver + `hkp://keys.gnupg.net' uses round robin DNS to give a different + keyserver each time you use it. + +`--keyserver-options `name=value1 '' + This is a space or comma delimited string that gives options for + the keyserver. Options can be prefixed with a `no-' to give the + opposite meaning. Valid import-options or export-options may be + used here as well to apply to importing (`--recv-key') or exporting + (`--send-key') a key from a keyserver. While not all options are + available for all keyserver types, some common options are: + + include-revoked + When searching for a key with `--search-keys', include keys + that are marked on the keyserver as revoked. Note that not + all keyservers differentiate between revoked and unrevoked + keys, and for such keyservers this option is meaningless. + Note also that most keyservers do not have cryptographic + verification of key revocations, and so turning this option + off may result in skipping keys that are incorrectly marked + as revoked. + + include-disabled + When searching for a key with `--search-keys', include keys + that are marked on the keyserver as disabled. Note that + this option is not used with HKP keyservers. + + auto-key-retrieve + This option enables the automatic retrieving of keys from a + keyserver when verifying signatures made by keys that are + not on the local keyring. + + Note that this option makes a "web bug" like behavior + possible. Keyserver operators can see which keys you + request, so by sending you a message signed by a brand new + key (which you naturally will not have on your local + keyring), the operator can tell both your IP address and + the time when you verified the signature. + + honor-keyserver-url + When using `--refresh-keys', if the key in question has a + preferred keyserver URL, then use that preferred keyserver + to refresh the key from. In addition, if auto-key-retrieve + is set, and the signature being verified has a preferred + keyserver URL, then use that preferred keyserver to fetch + the key from. Defaults to yes. + + honor-pka-record + If auto-key-retrieve is set, and the signature being verified + has a PKA record, then use the PKA information to fetch the + key. Defaults to yes. + + include-subkeys + When receiving a key, include subkeys as potential targets. + Note that this option is not used with HKP keyservers, as + they do not support retrieving keys by subkey id. + + use-temp-files + On most Unix-like platforms, GnuPG communicates with the + keyserver helper program via pipes, which is the most + efficient method. This option forces GnuPG to use temporary + files to communicate. On some platforms (such as Win32 and + RISC OS), this option is always enabled. + + keep-temp-files + If using `use-temp-files', do not delete the temp files after + using them. This option is useful to learn the keyserver + communication protocol by reading the temporary files. + + verbose + Tell the keyserver helper program to be more verbose. This + option can be repeated multiple times to increase the + verbosity level. + + timeout + Tell the keyserver helper program how long (in seconds) to + try and perform a keyserver action before giving up. Note + that performing multiple actions at the same time uses this + timeout value per action. For example, when retrieving + multiple keys via `--recv-keys', the timeout applies + separately to each key retrieval, and not to the + `--recv-keys' command as a whole. Defaults to 30 seconds. + + http-proxy=`value' + Set the proxy to use for HTTP and HKP keyservers. This + overrides the "http_proxy" environment variable, if any. + + max-cert-size + When retrieving a key via DNS CERT, only accept keys up to + this size. Defaults to 16384 bytes. + + debug + Turn on debug output in the keyserver helper program. Note + that the details of debug output depends on which keyserver + helper program is being used, and in turn, on any libraries + that the keyserver helper program uses internally (libcurl, + openldap, etc). + + check-cert + Enable certificate checking if the keyserver presents one + (for hkps or ldaps). Defaults to on. + + ca-cert-file + Provide a certificate store to override the system default. + Only necessary if check-cert is enabled, and the keyserver + is using a certificate that is not present in a system + default certificate list. + + Note that depending on the SSL library that the keyserver + helper is built with, this may actually be a directory or a + file. + +`--completes-needed `n'' + Number of completely trusted users to introduce a new key signer + (defaults to 1). + +`--marginals-needed `n'' + Number of marginally trusted users to introduce a new key signer + (defaults to 3) + +`--max-cert-depth `n'' + Maximum depth of a certification chain (default is 5). + +`--simple-sk-checksum' + Secret keys are integrity protected by using a SHA-1 checksum. This + method is part of the upcoming enhanced OpenPGP specification but + GnuPG already uses it as a countermeasure against certain attacks. + Old applications don't understand this new format, so this option + may be used to switch back to the old behaviour. Using this option + bears a security risk. Note that using this option only takes + effect when the secret key is encrypted - the simplest way to make + this happen is to change the passphrase on the key (even changing + it to the same value is acceptable). + +`--no-sig-cache' + Do not cache the verification status of key signatures. Caching + gives a much better performance in key listings. However, if you + suspect that your public keyring is not save against write + modifications, you can use this option to disable the caching. It + probably does not make sense to disable it because all kind of + damage can be done if someone else has write access to your public + keyring. + +`--no-sig-create-check' + GnuPG normally verifies each signature right after creation to + protect against bugs and hardware malfunctions which could leak + out bits from the secret key. This extra verification needs some + time (about 115% for DSA keys), and so this option can be used to + disable it. However, due to the fact that the signature creation + needs manual interaction, this performance penalty does not matter + in most settings. + +`--auto-check-trustdb' +`--no-auto-check-trustdb' + If GnuPG feels that its information about the Web of Trust has to + be updated, it automatically runs the `--check-trustdb' command + internally. This may be a time consuming process. + `--no-auto-check-trustdb' disables this option. + +`--use-agent' +`--no-use-agent' + This is dummy option. `gpg2' always requires the agent. + +`--gpg-agent-info' + This is dummy option. It has no effect when used with `gpg2'. + +`--lock-once' + Lock the databases the first time a lock is requested and do not + release the lock until the process terminates. + +`--lock-multiple' + Release the locks every time a lock is no longer needed. Use this + to override a previous `--lock-once' from a config file. + +`--lock-never' + Disable locking entirely. This option should be used only in very + special environments, where it can be assured that only one process + is accessing those files. A bootable floppy with a stand-alone + encryption system will probably use this. Improper usage of this + option may lead to data and key corruption. + +`--exit-on-status-write-error' + This option will cause write errors on the status FD to immediately + terminate the process. That should in fact be the default but it + never worked this way and thus we need an option to enable this, + so that the change won't break applications which close their end + of a status fd connected pipe too early. Using this option along + with `--enable-progress-filter' may be used to cleanly cancel long + running gpg operations. + +`--limit-card-insert-tries `n'' + With `n' greater than 0 the number of prompts asking to insert a + smartcard gets limited to N-1. Thus with a value of 1 gpg won't at + all ask to insert a card if none has been inserted at startup. This + option is useful in the configuration file in case an application + does not know about the smartcard support and waits ad infinitum + for an inserted card. + +`--no-random-seed-file' + GnuPG uses a file to store its internal random pool over + invocations. This makes random generation faster; however + sometimes write operations are not desired. This option can be + used to achieve that with the cost of slower random generation. + +`--no-greeting' + Suppress the initial copyright message. + +`--no-secmem-warning' + Suppress the warning about "using insecure memory". + +`--no-permission-warning' + Suppress the warning about unsafe file and home directory + (`--homedir') permissions. Note that the permission checks that + GnuPG performs are not intended to be authoritative, but rather + they simply warn about certain common permission problems. Do not + assume that the lack of a warning means that your system is secure. + + Note that the warning for unsafe `--homedir' permissions cannot be + suppressed in the gpg.conf file, as this would allow an attacker to + place an unsafe gpg.conf file in place, and use this file to + suppress warnings about itself. The `--homedir' permissions + warning may only be suppressed on the command line. + +`--no-mdc-warning' + Suppress the warning about missing MDC integrity protection. + +`--require-secmem' +`--no-require-secmem' + Refuse to run if GnuPG cannot get secure memory. Defaults to no + (i.e. run, but give a warning). + +`--require-cross-certification' +`--no-require-cross-certification' + When verifying a signature made from a subkey, ensure that the + cross certification "back signature" on the subkey is present and + valid. This protects against a subtle attack against subkeys that + can sign. Defaults to `--require-cross-certification' for `gpg2'. + +`--expert' +`--no-expert' + Allow the user to do certain nonsensical or "silly" things like + signing an expired or revoked key, or certain potentially + incompatible things like generating unusual key types. This also + disables certain warning messages about potentially incompatible + actions. As the name implies, this option is for experts only. If + you don't fully understand the implications of what it allows you + to do, leave this off. `--no-expert' disables this option. + + + +File: gnupg.info, Node: GPG Key related Options, Next: GPG Input and Output, Prev: GPG Configuration Options, Up: GPG Options + +3.2.2 Key related options +------------------------- + +`--recipient NAME' +`-r' + Encrypt for user id NAME. If this option or `--hidden-recipient' + is not specified, GnuPG asks for the user-id unless + `--default-recipient' is given. + +`--hidden-recipient NAME' +`-R' + Encrypt for user ID NAME, but hide the key ID of this user's key. + This option helps to hide the receiver of the message and is a + limited countermeasure against traffic analysis. If this option or + `--recipient' is not specified, GnuPG asks for the user ID unless + `--default-recipient' is given. + +`--encrypt-to `name'' + Same as `--recipient' but this one is intended for use in the + options file and may be used with your own user-id as an + "encrypt-to-self". These keys are only used when there are other + recipients given either by use of `--recipient' or by the asked + user id. No trust checking is performed for these user ids and + even disabled keys can be used. + +`--hidden-encrypt-to `name'' + Same as `--hidden-recipient' but this one is intended for use in + the options file and may be used with your own user-id as a hidden + "encrypt-to-self". These keys are only used when there are other + recipients given either by use of `--recipient' or by the asked + user id. No trust checking is performed for these user ids and + even disabled keys can be used. + +`--no-encrypt-to' + Disable the use of all `--encrypt-to' and `--hidden-encrypt-to' + keys. + +`--group `name=value1 '' + Sets up a named group, which is similar to aliases in email + programs. Any time the group name is a recipient (`-r' or + `--recipient'), it will be expanded to the values specified. + Multiple groups with the same name are automatically merged into a + single group. + + The values are `key IDs' or fingerprints, but any key description + is accepted. Note that a value with spaces in it will be treated as + two different values. Note also there is only one level of + expansion -- you cannot make an group that points to another + group. When used from the command line, it may be necessary to + quote the argument to this option to prevent the shell from + treating it as multiple arguments. + +`--ungroup `name'' + Remove a given entry from the `--group' list. + +`--no-groups' + Remove all entries from the `--group' list. + +`--local-user NAME' +`-u' + Use NAME as the key to sign with. Note that this option overrides + `--default-key'. + +`--try-all-secrets' + Don't look at the key ID as stored in the message but try all + secret keys in turn to find the right decryption key. This option + forces the behaviour as used by anonymous recipients (created by + using `--throw-keyids' or `--hidden-recipient') and might come + handy in case where an encrypted message contains a bogus key ID. + +`--skip-hidden-recipients' +`--no-skip-hidden-recipients' + During decryption skip all anonymous recipients. This option + helps in the case that people use the hidden recipients feature to + hide there own encrypt-to key from others. If oneself has many + secret keys this may lead to a major annoyance because all keys + are tried in turn to decrypt soemthing which was not really + intended for it. The drawback of this option is that it is + currently not possible to decrypt a message which includes real + anonymous recipients. + + + +File: gnupg.info, Node: GPG Input and Output, Next: OpenPGP Options, Prev: GPG Key related Options, Up: GPG Options + +3.2.3 Input and Output +---------------------- + +`--armor' +`-a' + Create ASCII armored output. The default is to create the binary + OpenPGP format. + +`--no-armor' + Assume the input data is not in ASCII armored format. + +`--output FILE' +`-o FILE' + Write output to FILE. + +`--max-output `n'' + This option sets a limit on the number of bytes that will be + generated when processing a file. Since OpenPGP supports various + levels of compression, it is possible that the plaintext of a + given message may be significantly larger than the original + OpenPGP message. While GnuPG works properly with such messages, + there is often a desire to set a maximum file size that will be + generated before processing is forced to stop by the OS limits. + Defaults to 0, which means "no limit". + +`--import-options `parameters'' + This is a space or comma delimited string that gives options for + importing keys. Options can be prepended with a `no-' to give the + opposite meaning. The options are: + + import-local-sigs + Allow importing key signatures marked as "local". This is not + generally useful unless a shared keyring scheme is being + used. Defaults to no. + + repair-pks-subkey-bug + During import, attempt to repair the damage caused by the PKS + keyserver bug (pre version 0.9.6) that mangles keys with + multiple subkeys. Note that this cannot completely repair + the damaged key as some crucial data is removed by the + keyserver, but it does at least give you back one subkey. + Defaults to no for regular `--import' and to yes for + keyserver `--recv-keys'. + + merge-only + During import, allow key updates to existing keys, but do not + allow any new keys to be imported. Defaults to no. + + import-clean + After import, compact (remove all signatures except the + self-signature) any user IDs from the new key that are not + usable. Then, remove any signatures from the new key that + are not usable. This includes signatures that were issued + by keys that are not present on the keyring. This option is + the same as running the `--edit-key' command "clean" after + import. Defaults to no. + + import-minimal + Import the smallest key possible. This removes all signatures + except the most recent self-signature on each user ID. This + option is the same as running the `--edit-key' command + "minimize" after import. Defaults to no. + +`--export-options `parameters'' + This is a space or comma delimited string that gives options for + exporting keys. Options can be prepended with a `no-' to give the + opposite meaning. The options are: + + export-local-sigs + Allow exporting key signatures marked as "local". This is not + generally useful unless a shared keyring scheme is being + used. Defaults to no. + + export-attributes + Include attribute user IDs (photo IDs) while exporting. This + is useful to export keys if they are going to be used by an + OpenPGP program that does not accept attribute user IDs. + Defaults to yes. + + export-sensitive-revkeys + Include designated revoker information that was marked as + "sensitive". Defaults to no. + + export-reset-subkey-passwd + When using the `--export-secret-subkeys' command, this option + resets the passphrases for all exported subkeys to empty. + This is useful when the exported subkey is to be used on an + unattended machine where a passphrase doesn't necessarily + make sense. Defaults to no. + + export-clean + Compact (remove all signatures from) user IDs on the key being + exported if the user IDs are not usable. Also, do not export + any signatures that are not usable. This includes + signatures that were issued by keys that are not present on + the keyring. This option is the same as running the + `--edit-key' command "clean" before export except that the + local copy of the key is not modified. Defaults to no. + + export-minimal + Export the smallest key possible. This removes all signatures + except the most recent self-signature on each user ID. This + option is the same as running the `--edit-key' command + "minimize" before export except that the local copy of the + key is not modified. Defaults to no. + +`--with-colons' + Print key listings delimited by colons. Note that the output will + be encoded in UTF-8 regardless of any `--display-charset' setting. + This format is useful when GnuPG is called from scripts and other + programs as it is easily machine parsed. The details of this + format are documented in the file `doc/DETAILS', which is included + in the GnuPG source distribution. + +`--fixed-list-mode' + Do not merge primary user ID and primary key in `--with-colon' + listing mode and print all timestamps as seconds since 1970-01-01. + Since GnuPG 2.0.10, this mode is always used and thus this option + is obsolete; it does not harm to use it though. + +`--with-fingerprint' + Same as the command `--fingerprint' but changes only the format of + the output and may be used together with another command. + + + +File: gnupg.info, Node: OpenPGP Options, Next: GPG Esoteric Options, Prev: GPG Input and Output, Up: GPG Options + +3.2.4 OpenPGP protocol specific options. +---------------------------------------- + +`-t, --textmode' +`--no-textmode' + Treat input files as text and store them in the OpenPGP canonical + text form with standard "CRLF" line endings. This also sets the + necessary flags to inform the recipient that the encrypted or + signed data is text and may need its line endings converted back + to whatever the local system uses. This option is useful when + communicating between two platforms that have different line + ending conventions (UNIX-like to Mac, Mac to Windows, etc). + `--no-textmode' disables this option, and is the default. + +`--force-v3-sigs' +`--no-force-v3-sigs' + OpenPGP states that an implementation should generate v4 signatures + but PGP versions 5 through 7 only recognize v4 signatures on key + material. This option forces v3 signatures for signatures on data. + Note that this option implies `--no-ask-sig-expire', and unsets + `--sig-policy-url', `--sig-notation', and `--sig-keyserver-url', + as these features cannot be used with v3 signatures. + `--no-force-v3-sigs' disables this option. Defaults to no. + +`--force-v4-certs' +`--no-force-v4-certs' + Always use v4 key signatures even on v3 keys. This option also + changes the default hash algorithm for v3 RSA keys from MD5 to + SHA-1. `--no-force-v4-certs' disables this option. + +`--force-mdc' + Force the use of encryption with a modification detection code. + This is always used with the newer ciphers (those with a blocksize + greater than 64 bits), or if all of the recipient keys indicate + MDC support in their feature flags. + +`--disable-mdc' + Disable the use of the modification detection code. Note that by + using this option, the encrypted message becomes vulnerable to a + message modification attack. + +`--personal-cipher-preferences `string'' + Set the list of personal cipher preferences to `string'. Use + `gpg2 --version' to get a list of available algorithms, and use + `none' to set no preference at all. This allows the user to + safely override the algorithm chosen by the recipient key + preferences, as GPG will only select an algorithm that is usable by + all recipients. The most highly ranked cipher in this list is also + used for the `--symmetric' encryption command. + +`--personal-digest-preferences `string'' + Set the list of personal digest preferences to `string'. Use + `gpg2 --version' to get a list of available algorithms, and use + `none' to set no preference at all. This allows the user to + safely override the algorithm chosen by the recipient key + preferences, as GPG will only select an algorithm that is usable by + all recipients. The most highly ranked digest algorithm in this + list is also used when signing without encryption (e.g. + `--clearsign' or `--sign'). + +`--personal-compress-preferences `string'' + Set the list of personal compression preferences to `string'. Use + `gpg2 --version' to get a list of available algorithms, and use + `none' to set no preference at all. This allows the user to + safely override the algorithm chosen by the recipient key + preferences, as GPG will only select an algorithm that is usable + by all recipients. The most highly ranked compression algorithm + in this list is also used when there are no recipient keys to + consider (e.g. `--symmetric'). + +`--s2k-cipher-algo `name'' + Use `name' as the cipher algorithm used to protect secret keys. + The default cipher is CAST5. This cipher is also used for + conventional encryption if `--personal-cipher-preferences' and + `--cipher-algo' is not given. + +`--s2k-digest-algo `name'' + Use `name' as the digest algorithm used to mangle the passphrases. + The default algorithm is SHA-1. + +`--s2k-mode `n'' + Selects how passphrases are mangled. If `n' is 0 a plain + passphrase (which is not recommended) will be used, a 1 adds a + salt to the passphrase and a 3 (the default) iterates the whole + process a number of times (see -s2k-count). Unless `--rfc1991' is + used, this mode is also used for conventional encryption. + +`--s2k-count `n'' + Specify how many times the passphrase mangling is repeated. This + value may range between 1024 and 65011712 inclusive. The default + is inquired from gpg-agent. Note that not all values in the + 1024-65011712 range are legal and if an illegal value is selected, + GnuPG will round up to the nearest legal value. This option is + only meaningful if `--s2k-mode' is 3. + + +3.2.5 Compliance options +------------------------ + +These options control what GnuPG is compliant to. Only one of these +options may be active at a time. Note that the default setting of this +is nearly always the correct one. See the INTEROPERABILITY WITH OTHER +OPENPGP PROGRAMS section below before using one of these options. + +`--gnupg' + Use standard GnuPG behavior. This is essentially OpenPGP behavior + (see `--openpgp'), but with some additional workarounds for common + compatibility problems in different versions of PGP. This is the + default option, so it is not generally needed, but it may be + useful to override a different compliance option in the gpg.conf + file. + +`--openpgp' + Reset all packet, cipher and digest options to strict OpenPGP + behavior. Use this option to reset all previous options like + `--s2k-*', `--cipher-algo', `--digest-algo' and `--compress-algo' + to OpenPGP compliant values. All PGP workarounds are disabled. + +`--rfc4880' + Reset all packet, cipher and digest options to strict RFC-4880 + behavior. Note that this is currently the same thing as + `--openpgp'. + +`--rfc2440' + Reset all packet, cipher and digest options to strict RFC-2440 + behavior. + +`--rfc1991' + Try to be more RFC-1991 (PGP 2.x) compliant. + +`--pgp2' + Set up all options to be as PGP 2.x compliant as possible, and + warn if an action is taken (e.g. encrypting to a non-RSA key) that + will create a message that PGP 2.x will not be able to handle. + Note that `PGP 2.x' here means `MIT PGP 2.6.2'. There are other + versions of PGP 2.x available, but the MIT release is a good + common baseline. + + This option implies `--rfc1991 --disable-mdc --no-force-v4-certs + --escape-from-lines --force-v3-sigs --cipher-algo IDEA + --digest-algo MD5 --compress-algo ZIP'. It also disables + `--textmode' when encrypting. + +`--pgp6' + Set up all options to be as PGP 6 compliant as possible. This + restricts you to the ciphers IDEA (if the IDEA plugin is + installed), 3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160, + and the compression algorithms none and ZIP. This also disables + -throw-keyids, and making signatures with signing subkeys as PGP 6 + does not understand signatures made by signing subkeys. + + This option implies `--disable-mdc --escape-from-lines + --force-v3-sigs'. + +`--pgp7' + Set up all options to be as PGP 7 compliant as possible. This is + identical to `--pgp6' except that MDCs are not disabled, and the + list of allowable ciphers is expanded to add AES128, AES192, + AES256, and TWOFISH. + +`--pgp8' + Set up all options to be as PGP 8 compliant as possible. PGP 8 is + a lot closer to the OpenPGP standard than previous versions of + PGP, so all this does is disable `--throw-keyids' and set + `--escape-from-lines'. All algorithms are allowed except for the + SHA224, SHA384, and SHA512 digests. + + + +File: gnupg.info, Node: GPG Esoteric Options, Prev: OpenPGP Options, Up: GPG Options + +3.2.6 Doing things one usually doesn't want to do. +-------------------------------------------------- + +`-n' +`--dry-run' + Don't make any changes (this is not completely implemented). + +`--list-only' + Changes the behaviour of some commands. This is like `--dry-run' + but different in some cases. The semantic of this command may be + extended in the future. Currently it only skips the actual + decryption pass and therefore enables a fast listing of the + encryption keys. + +`-i' +`--interactive' + Prompt before overwriting any files. + +`--debug-level LEVEL' + Select the debug level for investigating problems. LEVEL may be a + numeric value or by a keyword: + + `none' + No debugging at all. A value of less than 1 may be used + instead of the keyword. + + `basic' + Some basic debug messages. A value between 1 and 2 may be + used instead of the keyword. + + `advanced' + More verbose debug messages. A value between 3 and 5 may be + used instead of the keyword. + + `expert' + Even more detailed messages. A value between 6 and 8 may be + used instead of the keyword. + + `guru' + All of the debug messages you can get. A value greater than 8 + may be used instead of the keyword. The creation of hash + tracing files is only enabled if the keyword is used. + + How these messages are mapped to the actual debugging flags is not + specified and may change with newer releases of this program. They + are however carefully selected to best aid in debugging. + +`--debug FLAGS' + Set debugging flags. All flags are or-ed and FLAGS may be given in + C syntax (e.g. 0x0042). + +`--debug-all' + Set all useful debugging flags. + +`--faked-system-time EPOCH' + This option is only useful for testing; it sets the system time + back or forth to EPOCH which is the number of seconds elapsed + since the year 1970. Alternatively EPOCH may be given as a full + ISO time string (e.g. "20070924T154812"). + +`--enable-progress-filter' + Enable certain PROGRESS status outputs. This option allows + frontends to display a progress indicator while gpg is processing + larger files. There is a slight performance overhead using it. + +`--status-fd `n'' + Write special status strings to the file descriptor `n'. See the + file DETAILS in the documentation for a listing of them. + +`--status-file `file'' + Same as `--status-fd', except the status data is written to file + `file'. + +`--logger-fd `n'' + Write log output to file descriptor `n' and not to STDERR. + +`--log-file `file'' +`--logger-file `file'' + Same as `--logger-fd', except the logger data is written to file + `file'. Note that `--log-file' is only implemented for GnuPG-2. + +`--attribute-fd `n'' + Write attribute subpackets to the file descriptor `n'. This is most + useful for use with `--status-fd', since the status messages are + needed to separate out the various subpackets from the stream + delivered to the file descriptor. + +`--attribute-file `file'' + Same as `--attribute-fd', except the attribute data is written to + file `file'. + +`--comment `string'' +`--no-comments' + Use `string' as a comment string in clear text signatures and ASCII + armored messages or keys (see `--armor'). The default behavior is + not to use a comment string. `--comment' may be repeated multiple + times to get multiple comment strings. `--no-comments' removes all + comments. It is a good idea to keep the length of a single comment + below 60 characters to avoid problems with mail programs wrapping + such lines. Note that comment lines, like all other header lines, + are not protected by the signature. + +`--emit-version' +`--no-emit-version' + Force inclusion of the version string in ASCII armored output. + `--no-emit-version' disables this option. + +`--sig-notation `name=value'' +`--cert-notation `name=value'' +`-N, --set-notation `name=value'' + Put the name value pair into the signature as notation data. + `name' must consist only of printable characters or spaces, and + must contain a '@' character in the form keyname@domain.example.com + (substituting the appropriate keyname and domain name, of course). + This is to help prevent pollution of the IETF reserved notation + namespace. The `--expert' flag overrides the '@' check. `value' + may be any printable string; it will be encoded in UTF8, so you + should check that your `--display-charset' is set correctly. If + you prefix `name' with an exclamation mark (!), the notation data + will be flagged as critical (rfc2440:5.2.3.15). `--sig-notation' + sets a notation for data signatures. `--cert-notation' sets a + notation for key signatures (certifications). `--set-notation' + sets both. + + There are special codes that may be used in notation names. "%k" + will be expanded into the key ID of the key being signed, "%K" + into the long key ID of the key being signed, "%f" into the + fingerprint of the key being signed, "%s" into the key ID of the + key making the signature, "%S" into the long key ID of the key + making the signature, "%g" into the fingerprint of the key making + the signature (which might be a subkey), "%p" into the fingerprint + of the primary key of the key making the signature, "%c" into the + signature count from the OpenPGP smartcard, and "%%" results in a + single "%". %k, %K, and %f are only meaningful when making a key + signature (certification), and %c is only meaningful when using + the OpenPGP smartcard. + +`--sig-policy-url `string'' +`--cert-policy-url `string'' +`--set-policy-url `string'' + Use `string' as a Policy URL for signatures (rfc2440:5.2.3.19). If + you prefix it with an exclamation mark (!), the policy URL packet + will be flagged as critical. `--sig-policy-url' sets a policy url + for data signatures. `--cert-policy-url' sets a policy url for key + signatures (certifications). `--set-policy-url' sets both. + + The same %-expandos used for notation data are available here as + well. + +`--sig-keyserver-url `string'' + Use `string' as a preferred keyserver URL for data signatures. If + you prefix it with an exclamation mark (!), the keyserver URL + packet will be flagged as critical. + + The same %-expandos used for notation data are available here as + well. + +`--set-filename `string'' + Use `string' as the filename which is stored inside messages. + This overrides the default, which is to use the actual filename of + the file being encrypted. + +`--for-your-eyes-only' +`--no-for-your-eyes-only' + Set the `for your eyes only' flag in the message. This causes + GnuPG to refuse to save the file unless the `--output' option is + given, and PGP to use a "secure viewer" with a claimed + Tempest-resistant font to display the message. This option + overrides `--set-filename'. `--no-for-your-eyes-only' disables + this option. + +`--use-embedded-filename' +`--no-use-embedded-filename' + Try to create a file with a name as embedded in the data. This can + be a dangerous option as it allows to overwrite files. Defaults to + no. + +`--cipher-algo `name'' + Use `name' as cipher algorithm. Running the program with the + command `--version' yields a list of supported algorithms. If this + is not used the cipher algorithm is selected from the preferences + stored with the key. In general, you do not want to use this + option as it allows you to violate the OpenPGP standard. + `--personal-cipher-preferences' is the safe way to accomplish the + same thing. + +`--digest-algo `name'' + Use `name' as the message digest algorithm. Running the program + with the command `--version' yields a list of supported + algorithms. In general, you do not want to use this option as it + allows you to violate the OpenPGP standard. + `--personal-digest-preferences' is the safe way to accomplish the + same thing. + +`--compress-algo `name'' + Use compression algorithm `name'. "zlib" is RFC-1950 ZLIB + compression. "zip" is RFC-1951 ZIP compression which is used by + PGP. "bzip2" is a more modern compression scheme that can + compress some things better than zip or zlib, but at the cost of + more memory used during compression and decompression. + "uncompressed" or "none" disables compression. If this option is + not used, the default behavior is to examine the recipient key + preferences to see which algorithms the recipient supports. If all + else fails, ZIP is used for maximum compatibility. + + ZLIB may give better compression results than ZIP, as the + compression window size is not limited to 8k. BZIP2 may give even + better compression results than that, but will use a significantly + larger amount of memory while compressing and decompressing. This + may be significant in low memory situations. Note, however, that + PGP (all versions) only supports ZIP compression. Using any + algorithm other than ZIP or "none" will make the message + unreadable with PGP. In general, you do not want to use this + option as it allows you to violate the OpenPGP standard. + `--personal-compress-preferences' is the safe way to accomplish + the same thing. + +`--cert-digest-algo `name'' + Use `name' as the message digest algorithm used when signing a + key. Running the program with the command `--version' yields a + list of supported algorithms. Be aware that if you choose an + algorithm that GnuPG supports but other OpenPGP implementations do + not, then some users will not be able to use the key signatures + you make, or quite possibly your entire key. + +`--disable-cipher-algo `name'' + Never allow the use of `name' as cipher algorithm. The given name + will not be checked so that a later loaded algorithm will still + get disabled. + +`--disable-pubkey-algo `name'' + Never allow the use of `name' as public key algorithm. The given + name will not be checked so that a later loaded algorithm will + still get disabled. + +`--throw-keyids' +`--no-throw-keyids' + Do not put the recipient key IDs into encrypted messages. This + helps to hide the receivers of the message and is a limited + countermeasure against traffic analysis.(1) On the receiving + side, it may slow down the decryption process because all + available secret keys must be tried. `--no-throw-keyids' disables + this option. This option is essentially the same as using + `--hidden-recipient' for all recipients. + +`--not-dash-escaped' + This option changes the behavior of cleartext signatures so that + they can be used for patch files. You should not send such an + armored file via email because all spaces and line endings are + hashed too. You can not use this option for data which has 5 + dashes at the beginning of a line, patch files don't have this. A + special armor header line tells GnuPG about this cleartext + signature option. + +`--escape-from-lines' +`--no-escape-from-lines' + Because some mailers change lines starting with "From " to ">From + " it is good to handle such lines in a special way when creating + cleartext signatures to prevent the mail system from breaking the + signature. Note that all other PGP versions do it this way too. + Enabled by default. `--no-escape-from-lines' disables this option. + +`--passphrase-repeat `n'' + Specify how many times `gpg2' will request a new passphrase be + repeated. This is useful for helping memorize a passphrase. + Defaults to 1 repetition. + +`--passphrase-fd `n'' + Read the passphrase from file descriptor `n'. Only the first line + will be read from file descriptor `n'. If you use 0 for `n', the + passphrase will be read from STDIN. This can only be used if only + one passphrase is supplied. Note that this passphrase is only + used if the option `--batch' has also been given. This is + different from `gpg'. + +`--passphrase-file `file'' + Read the passphrase from file `file'. Only the first line will be + read from file `file'. This can only be used if only one + passphrase is supplied. Obviously, a passphrase stored in a file is + of questionable security if other users can read this file. Don't + use this option if you can avoid it. Note that this passphrase is + only used if the option `--batch' has also been given. This is + different from `gpg'. + +`--passphrase `string'' + Use `string' as the passphrase. This can only be used if only one + passphrase is supplied. Obviously, this is of very questionable + security on a multi-user system. Don't use this option if you can + avoid it. Note that this passphrase is only used if the option + `--batch' has also been given. This is different from `gpg'. + +`--command-fd `n'' + This is a replacement for the deprecated shared-memory IPC mode. + If this option is enabled, user input on questions is not expected + from the TTY but from the given file descriptor. It should be used + together with `--status-fd'. See the file doc/DETAILS in the source + distribution for details on how to use it. + +`--command-file `file'' + Same as `--command-fd', except the commands are read out of file + `file' + +`--allow-non-selfsigned-uid' +`--no-allow-non-selfsigned-uid' + Allow the import and use of keys with user IDs which are not + self-signed. This is not recommended, as a non self-signed user ID + is trivial to forge. `--no-allow-non-selfsigned-uid' disables. + +`--allow-freeform-uid' + Disable all checks on the form of the user ID while generating a + new one. This option should only be used in very special + environments as it does not ensure the de-facto standard format of + user IDs. + +`--ignore-time-conflict' + GnuPG normally checks that the timestamps associated with keys and + signatures have plausible values. However, sometimes a signature + seems to be older than the key due to clock problems. This option + makes these checks just a warning. See also `--ignore-valid-from' + for timestamp issues on subkeys. + +`--ignore-valid-from' + GnuPG normally does not select and use subkeys created in the + future. This option allows the use of such keys and thus exhibits + the pre-1.0.7 behaviour. You should not use this option unless + there is some clock problem. See also `--ignore-time-conflict' for + timestamp issues with signatures. + +`--ignore-crc-error' + The ASCII armor used by OpenPGP is protected by a CRC checksum + against transmission errors. Occasionally the CRC gets mangled + somewhere on the transmission channel but the actual content + (which is protected by the OpenPGP protocol anyway) is still okay. + This option allows GnuPG to ignore CRC errors. + +`--ignore-mdc-error' + This option changes a MDC integrity protection failure into a + warning. This can be useful if a message is partially corrupt, + but it is necessary to get as much data as possible out of the + corrupt message. However, be aware that a MDC protection failure + may also mean that the message was tampered with intentionally by + an attacker. + +`--no-default-keyring' + Do not add the default keyrings to the list of keyrings. Note that + GnuPG will not operate without any keyrings, so if you use this + option and do not provide alternate keyrings via `--keyring' or + `--secret-keyring', then GnuPG will still use the default public or + secret keyrings. + +`--skip-verify' + Skip the signature verification step. This may be used to make the + decryption faster if the signature verification is not needed. + +`--with-key-data' + Print key listings delimited by colons (like `--with-colons') and + print the public key data. + +`--fast-list-mode' + Changes the output of the list commands to work faster; this is + achieved by leaving some parts empty. Some applications don't need + the user ID and the trust information given in the listings. By + using this options they can get a faster listing. The exact + behaviour of this option may change in future versions. If you + are missing some information, don't use this option. + +`--no-literal' + This is not for normal use. Use the source to see for what it + might be useful. + +`--set-filesize' + This is not for normal use. Use the source to see for what it + might be useful. + +`--show-session-key' + Display the session key used for one message. See + `--override-session-key' for the counterpart of this option. + + We think that Key Escrow is a Bad Thing; however the user should + have the freedom to decide whether to go to prison or to reveal + the content of one specific message without compromising all + messages ever encrypted for one secret key. DON'T USE IT UNLESS + YOU ARE REALLY FORCED TO DO SO. + +`--override-session-key `string'' + Don't use the public key but the session key `string'. The format + of this string is the same as the one printed by + `--show-session-key'. This option is normally not used but comes + handy in case someone forces you to reveal the content of an + encrypted message; using this option you can do this without + handing out the secret key. + +`--ask-sig-expire' +`--no-ask-sig-expire' + When making a data signature, prompt for an expiration time. If + this option is not specified, the expiration time set via + `--default-sig-expire' is used. `--no-ask-sig-expire' disables + this option. + +`--default-sig-expire' + The default expiration time to use for signature expiration. Valid + values are "0" for no expiration, a number followed by the letter d + (for days), w (for weeks), m (for months), or y (for years) (for + example "2m" for two months, or "5y" for five years), or an + absolute date in the form YYYY-MM-DD. Defaults to "0". + +`--ask-cert-expire' +`--no-ask-cert-expire' + When making a key signature, prompt for an expiration time. If this + option is not specified, the expiration time set via + `--default-cert-expire' is used. `--no-ask-cert-expire' disables + this option. + +`--default-cert-expire' + The default expiration time to use for key signature expiration. + Valid values are "0" for no expiration, a number followed by the + letter d (for days), w (for weeks), m (for months), or y (for + years) (for example "2m" for two months, or "5y" for five years), + or an absolute date in the form YYYY-MM-DD. Defaults to "0". + +`--allow-secret-key-import' + This is an obsolete option and is not used anywhere. + +`--allow-multiple-messages' + +`--no-allow-multiple-messages' + Allow processing of multiple OpenPGP messages contained in a + single file or stream. Some programs that call GPG are not + prepared to deal with multiple messages being processed together, + so this option defaults to no. Note that versions of GPG prior to + 1.4.7 always allowed multiple messages. + + Warning: Do not use this option unless you need it as a temporary + workaround! + +`--enable-special-filenames' + This options enables a mode in which filenames of the form `-&n', + where n is a non-negative decimal number, refer to the file + descriptor n and not to a file with that name. + +`--no-expensive-trust-checks' + Experimental use only. + +`--preserve-permissions' + Don't change the permissions of a secret keyring back to user + read/write only. Use this option only if you really know what you + are doing. + +`--default-preference-list `string'' + Set the list of default preferences to `string'. This preference + list is used for new keys and becomes the default for "setpref" in + the edit menu. + +`--default-keyserver-url `name'' + Set the default keyserver URL to `name'. This keyserver will be + used as the keyserver URL when writing a new self-signature on a + key, which includes key generation and changing preferences. + +`--list-config' + Display various internal configuration parameters of GnuPG. This + option is intended for external programs that call GnuPG to + perform tasks, and is thus not generally useful. See the file + `doc/DETAILS' in the source distribution for the details of which + configuration items may be listed. `--list-config' is only usable + with `--with-colons' set. + +`--gpgconf-list' + This command is similar to `--list-config' but in general only + internally used by the `gpgconf' tool. + +`--gpgconf-test' + This is more or less dummy action. However it parses the + configuration file and returns with failure if the configuration + file would prevent `gpg' from startup. Thus it may be used to run + a syntax check on the configuration file. + + +3.2.7 Deprecated options +------------------------ + +`--show-photos' +`--no-show-photos' + Causes `--list-keys', `--list-sigs', `--list-public-keys', + `--list-secret-keys', and verifying a signature to also display + the photo ID attached to the key, if any. See also + `--photo-viewer'. These options are deprecated. Use + `--list-options [no-]show-photos' and/or `--verify-options + [no-]show-photos' instead. + +`--show-keyring' + Display the keyring name at the head of key listings to show which + keyring a given key resides on. This option is deprecated: use + `--list-options [no-]show-keyring' instead. + +`--always-trust' + Identical to `--trust-model always'. This option is deprecated. + +`--show-notation' +`--no-show-notation' + Show signature notations in the `--list-sigs' or `--check-sigs' + listings as well as when verifying a signature with a notation in + it. These options are deprecated. Use `--list-options + [no-]show-notation' and/or `--verify-options [no-]show-notation' + instead. + +`--show-policy-url' +`--no-show-policy-url' + Show policy URLs in the `--list-sigs' or `--check-sigs' listings + as well as when verifying a signature with a policy URL in it. + These options are deprecated. Use `--list-options + [no-]show-policy-url' and/or `--verify-options + [no-]show-policy-url' instead. + + + ---------- Footnotes ---------- + + (1) Using a little social engineering anyone who is able to decrypt +the message can check whether one of the other recipients is the one he +suspects. + + +File: gnupg.info, Node: GPG Configuration, Next: GPG Examples, Prev: GPG Options, Up: Invoking GPG + +3.3 Configuration files +======================= + +There are a few configuration files to control certain aspects of +`gpg2''s operation. Unless noted, they are expected in the current home +directory (*note option --homedir::). + +`gpg.conf' + This is the standard configuration file read by `gpg2' on + startup. It may contain any valid long option; the leading two + dashes may not be entered and the option may not be abbreviated. + This default name may be changed on the command line (*note + option --options::). You should backup this file. + + + Note that on larger installations, it is useful to put predefined +files into the directory `/etc/skel/.gnupg/' so that newly created users +start up with a working configuration. For existing users the a small +helper script is provided to create these files (*note addgnupghome::). + + For internal purposes `gpg2' creates and maintains a few other +files; They all live in in the current home directory (*note option +--homedir::). Only the `gpg2' may modify these files. + +`~/.gnupg/secring.gpg' + The secret keyring. You should backup this file. + +`~/.gnupg/secring.gpg.lock' + The lock file for the secret keyring. + +`~/.gnupg/pubring.gpg' + The public keyring. You should backup this file. + +`~/.gnupg/pubring.gpg.lock' + The lock file for the public keyring. + +`~/.gnupg/trustdb.gpg' + The trust database. There is no need to backup this file; it is + better to backup the ownertrust values (*note option + --export-ownertrust::). + +`~/.gnupg/trustdb.gpg.lock' + The lock file for the trust database. + +`~/.gnupg/random_seed' + A file used to preserve the state of the internal random pool. + +`/usr[/local]/share/gnupg/options.skel' + The skeleton options file. + +`/usr[/local]/lib/gnupg/' + Default location for extensions. + + + Operation is further controlled by a few environment variables: + +HOME + Used to locate the default home directory. + +GNUPGHOME + If set directory used instead of "~/.gnupg". + +GPG_AGENT_INFO + Used to locate the gpg-agent. The value consists of 3 colon + delimited fields: The first is the path to the Unix Domain + Socket, the second the PID of the gpg-agent and the protocol + version which should be set to 1. When starting the gpg-agent as + described in its documentation, this variable is set to the correct + value. The option `--gpg-agent-info' can be used to override it. + +PINENTRY_USER_DATA + This value is passed via gpg-agent to pinentry. It is useful to + convey extra information to a custom pinentry. + +COLUMNS +LINES + Used to size some displays to the full size of the screen. + +LANGUAGE + Apart from its use by GNU, it is used in the W32 version to + override the language selection done through the Registry. If + used and set to a valid and available language name (LANGID), + the file with the translation is loaded from + + `GPGDIR/gnupg.nls/LANGID.mo'. Here GPGDIR is the directory out + of which the gpg binary has been loaded. If it can't be loaded + the Registry is tried and as last resort the native Windows + locale system is used. + + + +File: gnupg.info, Node: GPG Examples, Next: Unattended Usage of GPG, Prev: GPG Configuration, Up: Invoking GPG + +3.4 Examples +============ + +gpg -se -r `Bob' `file' + sign and encrypt for user Bob + +gpg -clearsign `file' + make a clear text signature + +gpg -sb `file' + make a detached signature + +gpg -u 0x12345678 -sb `file' + make a detached signature with the key 0x12345678 + +gpg -list-keys `user_ID' + show keys + +gpg -fingerprint `user_ID' + show fingerprint + +gpg -verify `pgpfile' +gpg -verify `sigfile' + Verify the signature of the file but do not output the data. The + second form is used for detached signatures, where `sigfile' is + the detached signature (either ASCII armored or binary) and are + the signed data; if this is not given, the name of the file + holding the signed data is constructed by cutting off the + extension (".asc" or ".sig") of `sigfile' or by asking the user + for the filename. + +RETURN VALUE +************ + +The program returns 0 if everything was fine, 1 if at least a signature +was bad, and other error codes for fatal errors. + +WARNINGS +******** + +Use a *good* password for your user account and a *good* passphrase to +protect your secret key. This passphrase is the weakest part of the +whole system. Programs to do dictionary attacks on your secret keyring +are very easy to write and so you should protect your "~/.gnupg/" +directory very well. + + Keep in mind that, if this program is used over a network (telnet), +it is *very* easy to spy out your passphrase! + + If you are going to verify detached signatures, make sure that the +program knows about it; either give both filenames on the command line +or use `-' to specify STDIN. + +INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS +******************************************** + +GnuPG tries to be a very flexible implementation of the OpenPGP +standard. In particular, GnuPG implements many of the optional parts of +the standard, such as the SHA-512 hash, and the ZLIB and BZIP2 +compression algorithms. It is important to be aware that not all +OpenPGP programs implement these optional algorithms and that by +forcing their use via the `--cipher-algo', `--digest-algo', +`--cert-digest-algo', or `--compress-algo' options in GnuPG, it is +possible to create a perfectly valid OpenPGP message, but one that +cannot be read by the intended recipient. + + There are dozens of variations of OpenPGP programs available, and +each supports a slightly different subset of these optional algorithms. +For example, until recently, no (unhacked) version of PGP supported the +BLOWFISH cipher algorithm. A message using BLOWFISH simply could not be +read by a PGP user. By default, GnuPG uses the standard OpenPGP +preferences system that will always do the right thing and create +messages that are usable by all recipients, regardless of which OpenPGP +program they use. Only override this safe default if you really know +what you are doing. + + If you absolutely must override the safe default, or if the +preferences on a given key are invalid for some reason, you are far +better off using the `--pgp6', `--pgp7', or `--pgp8' options. These +options are safe as they do not force any particular algorithms in +violation of OpenPGP, but rather reduce the available algorithms to a +"PGP-safe" list. + +BUGS +**** + +On older systems this program should be installed as setuid(root). This +is necessary to lock memory pages. Locking memory pages prevents the +operating system from writing memory pages (which may contain +passphrases or other sensitive material) to disk. If you get no warning +message about insecure memory your operating system supports locking +without being root. The program drops root privileges as soon as locked +memory is allocated. + + Note also that some systems (especially laptops) have the ability to +"suspend to disk" (also known as "safe sleep" or "hibernate"). This +writes all memory to disk before going into a low power or even powered +off mode. Unless measures are taken in the operating system to protect +the saved memory, passphrases or other sensitive material may be +recoverable from it later. + + Before you report a bug you should first search the mailing list +archives for similar problems and second check whether such a bug has +already been reported to our bug tracker at http://bugs.gnupg.org . + + +File: gnupg.info, Node: Unattended Usage of GPG, Prev: GPG Examples, Up: Invoking GPG + +3.5 Unattended Usage +==================== + +`gpg' is often used as a backend engine by other software. To help +with this a machine interface has been defined to have an unambiguous +way to do this. The options `--status-fd' and `--batch' are almost +always required for this. + +* Menu: + +* Unattended GPG key generation:: Unattended key generation + + +File: gnupg.info, Node: Unattended GPG key generation, Up: Unattended Usage of GPG + +3.6 Unattended key generation +============================= + +The command `--gen-key' may be used along with the option `--batch' for +unattended key generation. The parameters are either read from stdin +or given as a file on the command line. The format of the parameter +file is as follows: + + * Text only, line length is limited to about 1000 characters. + + * UTF-8 encoding must be used to specify non-ASCII characters. + + * Empty lines are ignored. + + * Leading and trailing while space is ignored. + + * A hash sign as the first non white space character indicates a + comment line. + + * Control statements are indicated by a leading percent sign, the + arguments are separated by white space from the keyword. + + * Parameters are specified by a keyword, followed by a colon. + Arguments are separated by white space. + + * The first parameter must be `Key-Type'; control statements may be + placed anywhere. + + * The order of the parameters does not matter except for `Key-Type' + which must be the first parameter. The parameters are only used + for the generated keyblock (primary and subkeys); parameters + from previous sets are not used. Some syntactically checks may + be performed. + + * Key generation takes place when either the end of the parameter + file is reached, the next `Key-Type' parameter is encountered or + at the control statement `%commit' is encountered. + +Control statements: + +%echo TEXT + Print TEXT as diagnostic. + +%dry-run + Suppress actual key generation (useful for syntax checking). + +%commit + Perform the key generation. Note that an implicit commit is done + at the next Key-Type parameter. + +%pubring FILENAME +%secring FILENAME + Do not write the key to the default or commandline given keyring + but to FILENAME. This must be given before the first commit to + take place, duplicate specification of the same filename is + ignored, the last filename before a commit is used. The filename + is used until a new filename is used (at commit points) and all + keys are written to that file. If a new filename is given, this + file is created (and overwrites an existing one). For GnuPG + versions prior to 2.1, both control statements must be given. For + GnuPG 2.1 and later `%secring' is a no-op. + +%ask-passphrase +%no-ask-passphrase + Enable (or disable) a mode where the command `passphrase' is + ignored and instead the usual passphrase dialog is used. This does + not make sense for batch key generation; however the unattended key + generation feature is also used by GUIs and this feature + relinquishes the GUI from implementing its own passphrase entry + code. These are global control statements and affect all future + key genrations. + +%no-protection + Since GnuPG version 2.1 it is not anymore possible to specify a + passphrase for unattended key generation. The passphrase command + is simply ignored and `%ask-passpharse' is thus implicitly enabled. + Using this option allows the creation of keys without any + passphrase protection. This option is mainly intended for + regression tests. + +%transient-key + If given the keys are created using a faster and a somewhat less + secure random number generator. This option may be used for keys + which are only used for a short time and do not require full + cryptographic strength. It takes only effect if used together with + the control statement `%no-protection'. + + +General Parameters: + +Key-Type: ALGO + Starts a new parameter block by giving the type of the primary + key. The algorithm must be capable of signing. This is a required + parameter. ALGO may either be an OpenPGP algorithm number or a + string with the algorithm name. The special value `default' may + be used for ALGO to create the default key type; in this case a + `Key-Usage' shall not be given and `default' also be used for + `Subkey-Type'. + +Key-Length: NBITS + The requested length of the generated key in bits. The default is + returned by running the command `gpg2 --gpgconf-list'. + +Key-Grip: HEXSTRING + This is optional and used to generate a CSR or certificate for an + already existing key. Key-Length will be ignored when given. + +Key-Usage: USAGE-LIST + Space or comma delimited list of key usages. Allowed values are + `encrypt', `sign', and `auth'. This is used to generate the key + flags. Please make sure that the algorithm is capable of this + usage. Note that OpenPGP requires that all primary keys are + capable of certification, so no matter what usage is given here, + the `cert' flag will be on. If no `Key-Usage' is specified and + the `Key-Type' is not `default', all allowed usages for that + particular algorithm are used; if it is not given but `default' is + used the usage will be `sign'. + +Subkey-Type: ALGO + This generates a secondary key (subkey). Currently only one subkey + can be handled. See also `Key-Type' above. + +Subkey-Length: NBITS + Length of the secondary key (subkey) in bits. The default is + returned by running the command `gpg2 --gpgconf-list'". + +Subkey-Usage: USAGE-LIST + Key usage lists for a subkey; similar to `Key-Usage'. + +Passphrase: STRING + If you want to specify a passphrase for the secret key, enter it + here. Default is not to use any passphrase. + +Name-Real: NAME +Name-Comment: COMMENT +Name-Email: EMAIL + The three parts of a user name. Remember to use UTF-8 encoding + here. If you don't give any of them, no user ID is created. + +Expire-Date: ISO-DATE|(NUMBER[d|w|m|y]) + Set the expiration date for the key (and the subkey). It may + either be entered in ISO date format (2000-08-15) or as number of + days, weeks, month or years. The special notation "seconds=N" is + also allowed to directly give an Epoch value. Without a letter + days are assumed. Note that there is no check done on the + overflow of the type used by OpenPGP for timestamps. Thus you + better make sure that the given value make sense. Although + OpenPGP works with time intervals, GnuPG uses an absolute value + internally and thus the last year we can represent is 2105. + +Ceation-Date: ISO-DATE + Set the creation date of the key as stored in the key information + and which is also part of the fingerprint calculation. Either a + date like "1986-04-26" or a full timestamp like "19860426T042640" + may be used. The time is considered to be UTC. If it is not + given the current time is used. + +Preferences: STRING + Set the cipher, hash, and compression preference values for this + key. This expects the same type of string as the sub-command + `setpref' in the `--edit-key' menu. + +Revoker: ALGO:FPR [sensitive] + Add a designated revoker to the generated key. Algo is the public + key algorithm of the designated revoker (i.e. RSA=1, DSA=17, etc.) + FPR is the fingerprint of the designated revoker. The optional + `sensitive' flag marks the designated revoker as sensitive + information. Only v4 keys may be designated revokers. + +Keyserver: STRING + This is an optional parameter that specifies the preferred + keyserver URL for the key. + +Handle: STRING + This is an optional parameter only used with the status lines + KEY_CREATED and KEY_NOT_CREATED. STRING may be up to 100 + characters and should not contain spaces. It is useful for batch + key generation to associate a key parameter block with a status + line. + + +Here is an example on how to create a key: + $ cat >foo <<EOF + %echo Generating a basic OpenPGP key + Key-Type: DSA + Key-Length: 1024 + Subkey-Type: ELG-E + Subkey-Length: 1024 + Name-Real: Joe Tester + Name-Comment: with stupid passphrase + Name-Email: joe@foo.bar + Expire-Date: 0 + Passphrase: abc + %pubring foo.pub + %secring foo.sec + # Do a commit here, so that we can later print "done" :-) + %commit + %echo done + EOF + $ gpg2 --batch --gen-key foo + [...] + $ gpg2 --no-default-keyring --secret-keyring ./foo.sec \ + --keyring ./foo.pub --list-secret-keys + /home/wk/work/gnupg-stable/scratch/foo.sec + ------------------------------------------ + sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <joe@foo.bar> + ssb 1024g/8F70E2C0 2000-03-09 + +If you want to create a key with the default algorithms you would use +these parameters: + %echo Generating a default key + Key-Type: default + Subkey-Type: default + Name-Real: Joe Tester + Name-Comment: with stupid passphrase + Name-Email: joe@foo.bar + Expire-Date: 0 + Passphrase: abc + %pubring foo.pub + %secring foo.sec + # Do a commit here, so that we can later print "done" :-) + %commit + %echo done + + +File: gnupg.info, Node: Invoking GPGSM, Next: Invoking SCDAEMON, Prev: Invoking GPG, Up: Top + +4 Invoking GPGSM +**************** + +`gpgsm' is a tool similar to `gpg' to provide digital encryption and +signing services on X.509 certificates and the CMS protocol. It is +mainly used as a backend for S/MIME mail processing. `gpgsm' includes +a full featured certificate management and complies with all rules +defined for the German Sphinx project. + + *Note Option Index::, for an index to `GPGSM''s commands and options. + +* Menu: + +* GPGSM Commands:: List of all commands. +* GPGSM Options:: List of all options. +* GPGSM Configuration:: Configuration files. +* GPGSM Examples:: Some usage examples. + +Developer information: +* Unattended Usage:: Using `gpgsm' from other programs. +* GPGSM Protocol:: The protocol the server mode uses. + + +File: gnupg.info, Node: GPGSM Commands, Next: GPGSM Options, Up: Invoking GPGSM + +4.1 Commands +============ + +Commands are not distinguished from options except for the fact that +only one command is allowed. + +* Menu: + +* General GPGSM Commands:: Commands not specific to the functionality. +* Operational GPGSM Commands:: Commands to select the type of operation. +* Certificate Management:: How to manage certificates. + + +File: gnupg.info, Node: General GPGSM Commands, Next: Operational GPGSM Commands, Up: GPGSM Commands + +4.1.1 Commands not specific to the function +------------------------------------------- + +`--version' + Print the program version and licensing information. Note that you + cannot abbreviate this command. + +`--help, -h' + Print a usage message summarizing the most useful command-line + options. Note that you cannot abbreviate this command. + +`--warranty' + Print warranty information. Note that you cannot abbreviate this + command. + +`--dump-options' + Print a list of all available options and commands. Note that you + cannot abbreviate this command. + + +File: gnupg.info, Node: Operational GPGSM Commands, Next: Certificate Management, Prev: General GPGSM Commands, Up: GPGSM Commands + +4.1.2 Commands to select the type of operation +---------------------------------------------- + +`--encrypt' + Perform an encryption. The keys the data is encrypted too must be + set using the option `--recipient'. + +`--decrypt' + Perform a decryption; the type of input is automatically + determined. It may either be in binary form or PEM encoded; + automatic determination of base-64 encoding is not done. + +`--sign' + Create a digital signature. The key used is either the fist one + found in the keybox or those set with the `--local-user' option. + +`--verify' + Check a signature file for validity. Depending on the arguments a + detached signature may also be checked. + +`--server' + Run in server mode and wait for commands on the `stdin'. + +`--call-dirmngr COMMAND [ARGS]' + Behave as a Dirmngr client issuing the request COMMAND with the + optional list of ARGS. The output of the Dirmngr is printed + stdout. Please note that file names given as arguments should + have an absolute file name (i.e. commencing with `/' because they + are passed verbatim to the Dirmngr and the working directory of the + Dirmngr might not be the same as the one of this client. + Currently it is not possible to pass data via stdin to the + Dirmngr. COMMAND should not contain spaces. + + This is command is required for certain maintaining tasks of the + dirmngr where a dirmngr must be able to call back to `gpgsm'. See + the Dirmngr manual for details. + +`--call-protect-tool ARGUMENTS' + Certain maintenance operations are done by an external program call + `gpg-protect-tool'; this is usually not installed in a directory + listed in the PATH variable. This command provides a simple + wrapper to access this tool. ARGUMENTS are passed verbatim to + this command; use `--help' to get a list of supported operations. + + + +File: gnupg.info, Node: Certificate Management, Prev: Operational GPGSM Commands, Up: GPGSM Commands + +4.1.3 How to manage the certificates and keys +--------------------------------------------- + +`--gen-key' + -This command allows the creation of a certificate signing + request. It -is commonly used along with the `--output' option to + save the -created CSR into a file. If used with the `--batch' a + parameter -file is used to create the CSR. + +`--list-keys' +`-k' + List all available certificates stored in the local key database. + Note that the displayed data might be reformatted for better human + readability and illegal characters are replaced by safe + substitutes. + +`--list-secret-keys' +`-K' + List all available certificates for which a corresponding a secret + key is available. + +`--list-external-keys PATTERN' + List certificates matching PATTERN using an external server. This + utilizes the `dirmngr' service. + +`--list-chain' + Same as `--list-keys' but also prints all keys making up the chain. + +`--dump-cert' +`--dump-keys' + List all available certificates stored in the local key database + using a format useful mainly for debugging. + +`--dump-chain' + Same as `--dump-keys' but also prints all keys making up the chain. + +`--dump-secret-keys' + List all available certificates for which a corresponding a secret + key is available using a format useful mainly for debugging. + +`--dump-external-keys PATTERN' + List certificates matching PATTERN using an external server. This + utilizes the `dirmngr' service. It uses a format useful mainly + for debugging. + +`--keydb-clear-some-cert-flags' + This is a debugging aid to reset certain flags in the key database + which are used to cache certain certificate stati. It is + especially useful if a bad CRL or a weird running OCSP responder + did accidentally revoke certificate. There is no security issue + with this command because `gpgsm' always make sure that the + validity of a certificate is checked right before it is used. + +`--delete-keys PATTERN' + Delete the keys matching PATTERN. Note that there is no command + to delete the secret part of the key directly. In case you need + to do this, you should run the command `gpgsm --dump-secret-keys + KEYID' before you delete the key, copy the string of hex-digits in + the "keygrip" line and delete the file consisting of these + hex-digits and the suffix `.key' from the `private-keys-v1.d' + directory below our GnuPG home directory (usually `~/.gnupg'). + +`--export [PATTERN]' + Export all certificates stored in the Keybox or those specified by + the optional PATTERN. Those pattern consist of a list of user ids + (*note how-to-specify-a-user-id::). When used along with the + `--armor' option a few informational lines are prepended before + each block. There is one limitation: As there is no commonly + agreed upon way to pack more than one certificate into an ASN.1 + structure, the binary export (i.e. without using `armor') works + only for the export of one certificate. Thus it is required to + specify a PATTERN which yields exactly one certificate. Ephemeral + certificate are only exported if all PATTERN are given as + fingerprints or keygrips. + +`--export-secret-key-p12 KEY-ID' + Export the private key and the certificate identified by KEY-ID in + a PKCS#12 format. When using along with the `--armor' option a few + informational lines are prepended to the output. Note, that the + PKCS#12 format is not very secure and this command is only + provided if there is no other way to exchange the private key. + (*note option --p12-charset::) + +`--import [FILES]' + Import the certificates from the PEM or binary encoded files as + well as from signed-only messages. This command may also be used + to import a secret key from a PKCS#12 file. + +`--learn-card' + Read information about the private keys from the smartcard and + import the certificates from there. This command utilizes the + `gpg-agent' and in turn the `scdaemon'. + +`--passwd USER_ID' + Change the passphrase of the private key belonging to the + certificate specified as USER_ID. Note, that changing the + passphrase/PIN of a smartcard is not yet supported. + + + +File: gnupg.info, Node: GPGSM Options, Next: GPGSM Configuration, Prev: GPGSM Commands, Up: Invoking GPGSM + +4.2 Option Summary +================== + +`GPGSM' features a bunch of options to control the exact behaviour and +to change the default configuration. + +* Menu: + +* Configuration Options:: How to change the configuration. +* Certificate Options:: Certificate related options. +* Input and Output:: Input and Output. +* CMS Options:: How to change how the CMS is created. +* Esoteric Options:: Doing things one usually do not want to do. + + +File: gnupg.info, Node: Configuration Options, Next: Certificate Options, Up: GPGSM Options + +4.2.1 How to change the configuration +------------------------------------- + +These options are used to change the configuration and are usually found +in the option file. + +`--options FILE' + Reads configuration from FILE instead of from the default per-user + configuration file. The default configuration file is named + `gpgsm.conf' and expected in the `.gnupg' directory directly below + the home directory of the user. + +`--homedir DIR' + Set the name of the home directory to DIR. If this option is not + used, the home directory defaults to `~/.gnupg'. It is only + recognized when given on the command line. It also overrides any + home directory stated through the environment variable `GNUPGHOME' + or (on W32 systems) by means of the Registry entry + HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR. + +`-v' + +`--verbose' + Outputs additional information while running. You can increase + the verbosity by giving several verbose commands to `gpgsm', such + as `-vv'. + +`--policy-file FILENAME' + Change the default name of the policy file to FILENAME. + +`--agent-program FILE' + Specify an agent program to be used for secret key operations. The + default value is the `/usr/local/bin/gpg-agent'. This is only used + as a fallback when the environment variable `GPG_AGENT_INFO' is not + set or a running agent cannot be connected. + +`--dirmngr-program FILE' + Specify a dirmngr program to be used for CRL checks. The default + value is `/usr/sbin/dirmngr'. This is only used as a fallback + when the environment variable `DIRMNGR_INFO' is not set or a + running dirmngr cannot be connected. + +`--prefer-system-dirmngr' + If a system wide `dirmngr' is running in daemon mode, first try to + connect to this one. Fallback to a pipe based server if this does + not work. Under Windows this option is ignored because the system + dirmngr is always used. + +`--disable-dirmngr' + Entirely disable the use of the Dirmngr. + +`--no-secmem-warning' + Do not print a warning when the so called "secure memory" cannot + be used. + +`--log-file FILE' + When running in server mode, append all logging output to FILE. + + + +File: gnupg.info, Node: Certificate Options, Next: Input and Output, Prev: Configuration Options, Up: GPGSM Options + +4.2.2 Certificate related options +--------------------------------- + +`--enable-policy-checks' +`--disable-policy-checks' + By default policy checks are enabled. These options may be used to + change it. + +`--enable-crl-checks' +`--disable-crl-checks' + By default the CRL checks are enabled and the DirMngr is used to + check for revoked certificates. The disable option is most useful + with an off-line network connection to suppress this check. + +`--enable-trusted-cert-crl-check' +`--disable-trusted-cert-crl-check' + By default the CRL for trusted root certificates are checked like + for any other certificates. This allows a CA to revoke its own + certificates voluntary without the need of putting all ever issued + certificates into a CRL. The disable option may be used to switch + this extra check off. Due to the caching done by the Dirmngr, + there will not be any noticeable performance gain. Note, that + this also disables possible OCSP checks for trusted root + certificates. A more specific way of disabling this check is by + adding the "relax" keyword to the root CA line of the + `trustlist.txt' + +`--force-crl-refresh' + Tell the dirmngr to reload the CRL for each request. For better + performance, the dirmngr will actually optimize this by suppressing + the loading for short time intervals (e.g. 30 minutes). This option + is useful to make sure that a fresh CRL is available for + certificates hold in the keybox. The suggested way of doing this + is by using it along with the option `--with-validation' for a key + listing command. This option should not be used in a + configuration file. + +`--enable-ocsp' +`--disable-ocsp' + By default OCSP checks are disabled. The enable option may be + used to enable OCSP checks via Dirmngr. If CRL checks are also + enabled, CRLs will be used as a fallback if for some reason an + OCSP request will not succeed. Note, that you have to allow OCSP + requests in Dirmngr's configuration too (option `--allow-ocsp') + and configure Dirmngr properly. If you do not do so you will get + the error code `Not supported'. + +`--auto-issuer-key-retrieve' + If a required certificate is missing while validating the chain of + certificates, try to load that certificate from an external + location. This usually means that Dirmngr is employed to search + for the certificate. Note that this option makes a "web bug" like + behavior possible. LDAP server operators can see which keys you + request, so by sending you a message signed by a brand new key + (which you naturally will not have on your local keybox), the + operator can tell both your IP address and the time when you + verified the signature. + +`--validation-model NAME' + This option changes the default validation model. The only + possible values are "shell" (which is the default), "chain" which + forces the use of the chain model and "steed" for a new simplified + model. The chain model is also used if an option in the + `trustlist.txt' or an attribute of the certificate requests it. + However the standard model (shell) is in that case always tried + first. + +`--ignore-cert-extension OID' + Add OID to the list of ignored certificate extensions. The OID is + expected to be in dotted decimal form, like `2.5.29.3'. This + option may be used more than once. Critical flagged certificate + extensions matching one of the OIDs in the list are treated as if + they are actually handled and thus the certificate will not be + rejected due to an unknown critical extension. Use this option + with care because extensions are usually flagged as critical for a + reason. + + + +File: gnupg.info, Node: Input and Output, Next: CMS Options, Prev: Certificate Options, Up: GPGSM Options + +4.2.3 Input and Output +---------------------- + +`--armor' +`-a' + Create PEM encoded output. Default is binary output. + +`--base64' + Create Base-64 encoded output; i.e. PEM without the header lines. + +`--assume-armor' + Assume the input data is PEM encoded. Default is to autodetect the + encoding but this is may fail. + +`--assume-base64' + Assume the input data is plain base-64 encoded. + +`--assume-binary' + Assume the input data is binary encoded. + +`--p12-charset NAME' + `gpgsm' uses the UTF-8 encoding when encoding passphrases for + PKCS#12 files. This option may be used to force the passphrase to + be encoded in the specified encoding NAME. This is useful if the + application used to import the key uses a different encoding and + thus will not be able to import a file generated by `gpgsm'. + Commonly used values for NAME are `Latin1' and `CP850'. Note that + `gpgsm' itself automagically imports any file with a passphrase + encoded to the most commonly used encodings. + +`--default-key USER_ID' + Use USER_ID as the standard key for signing. This key is used if + no other key has been defined as a signing key. Note, that the + first `--local-users' option also sets this key if it has not yet + been set; however `--default-key' always overrides this. + +`--local-user USER_ID' + +`-u USER_ID' + Set the user(s) to be used for signing. The default is the first + secret key found in the database. + +`--recipient NAME' +`-r' + Encrypt to the user id NAME. There are several ways a user id may + be given (*note how-to-specify-a-user-id::). + +`--output FILE' +`-o FILE' + Write output to FILE. The default is to write it to stdout. + +`--with-key-data' + Displays extra information with the `--list-keys' commands. + Especially a line tagged `grp' is printed which tells you the + keygrip of a key. This string is for example used as the file + name of the secret key. + +`--with-validation' + When doing a key listing, do a full validation check for each key + and print the result. This is usually a slow operation because it + requires a CRL lookup and other operations. + + When used along with -import, a validation of the certificate to + import is done and only imported if it succeeds the test. Note + that this does not affect an already available certificate in the + DB. This option is therefore useful to simply verify a + certificate. + +`--with-md5-fingerprint' + For standard key listings, also print the MD5 fingerprint of the + certificate. + +`--with-keygrip' + Include the keygrip in standard key listings. Note that the + keygrip is always listed in -with-colons mode. + + + +File: gnupg.info, Node: CMS Options, Next: Esoteric Options, Prev: Input and Output, Up: GPGSM Options + +4.2.4 How to change how the CMS is created. +------------------------------------------- + +`--include-certs N' + Using N of -2 includes all certificate except for the root cert, + -1 includes all certs, 0 does not include any certs, 1 includes + only the signers cert and all other positive values include up to N + certificates starting with the signer cert. The default is -2. + +`--cipher-algo OID' + Use the cipher algorithm with the ASN.1 object identifier OID for + encryption. For convenience the strings `3DES', `AES' and + `AES256' may be used instead of their OIDs. The default is `3DES' + (1.2.840.113549.3.7). + +`--digest-algo `name'' + Use `name' as the message digest algorithm. Usually this + algorithm is deduced from the respective signing certificate. This + option forces the use of the given algorithm and may lead to severe + interoperability problems. + + + +File: gnupg.info, Node: Esoteric Options, Prev: CMS Options, Up: GPGSM Options + +4.2.5 Doing things one usually do not want to do. +------------------------------------------------- + +`--extra-digest-algo NAME' + Sometimes signatures are broken in that they announce a different + digest algorithm than actually used. `gpgsm' uses a one-pass data + processing model and thus needs to rely on the announced digest + algorithms to properly hash the data. As a workaround this option + may be used to tell gpg to also hash the data using the algorithm + NAME; this slows processing down a little bit but allows to verify + such broken signatures. If `gpgsm' prints an error like "digest + algo 8 has not been enabled" you may want to try this option, with + `SHA256' for NAME. + +`--faked-system-time EPOCH' + This option is only useful for testing; it sets the system time + back or forth to EPOCH which is the number of seconds elapsed + since the year 1970. Alternatively EPOCH may be given as a full + ISO time string (e.g. "20070924T154812"). + +`--with-ephemeral-keys' + Include ephemeral flagged keys in the output of key listings. Note + that they are included anyway if the key specification for a + listing is given as fingerprint or keygrip. + +`--debug-level LEVEL' + Select the debug level for investigating problems. LEVEL may be a + numeric value or by a keyword: + + `none' + No debugging at all. A value of less than 1 may be used + instead of the keyword. + + `basic' + Some basic debug messages. A value between 1 and 2 may be + used instead of the keyword. + + `advanced' + More verbose debug messages. A value between 3 and 5 may be + used instead of the keyword. + + `expert' + Even more detailed messages. A value between 6 and 8 may be + used instead of the keyword. + + `guru' + All of the debug messages you can get. A value greater than 8 + may be used instead of the keyword. The creation of hash + tracing files is only enabled if the keyword is used. + + How these messages are mapped to the actual debugging flags is not + specified and may change with newer releases of this program. They + are however carefully selected to best aid in debugging. + +`--debug FLAGS' + This option is only useful for debugging and the behaviour may + change at any time without notice; using `--debug-levels' is the + preferred method to select the debug verbosity. FLAGS are bit + encoded and may be given in usual C-Syntax. The currently defined + bits are: + + `0 (1)' + X.509 or OpenPGP protocol related data + + `1 (2)' + values of big number integers + + `2 (4)' + low level crypto operations + + `5 (32)' + memory allocation + + `6 (64)' + caching + + `7 (128)' + show memory statistics. + + `9 (512)' + write hashed data to files named `dbgmd-000*' + + `10 (1024)' + trace Assuan protocol + + Note, that all flags set using this option may get overridden by + `--debug-level'. + +`--debug-all' + Same as `--debug=0xffffffff' + +`--debug-allow-core-dump' + Usually `gpgsm' tries to avoid dumping core by well written code + and by disabling core dumps for security reasons. However, bugs + are pretty durable beasts and to squash them it is sometimes + useful to have a core dump. This option enables core dumps unless + the Bad Thing happened before the option parsing. + +`--debug-no-chain-validation' + This is actually not a debugging option but only useful as such. + It lets `gpgsm' bypass all certificate chain validation checks. + +`--debug-ignore-expiration' + This is actually not a debugging option but only useful as such. + It lets `gpgsm' ignore all notAfter dates, this is used by the + regression tests. + +`--fixed-passphrase STRING' + Supply the passphrase STRING to the gpg-protect-tool. This option + is only useful for the regression tests included with this package + and may be revised or removed at any time without notice. + +`--no-common-certs-import' + Suppress the import of common certificates on keybox creation. + + + All the long options may also be given in the configuration file +after stripping off the two leading dashes. + + +File: gnupg.info, Node: GPGSM Configuration, Next: GPGSM Examples, Prev: GPGSM Options, Up: Invoking GPGSM + +4.3 Configuration files +======================= + +There are a few configuration files to control certain aspects of +`gpgsm''s operation. Unless noted, they are expected in the current +home directory (*note option --homedir::). + +`gpgsm.conf' + This is the standard configuration file read by `gpgsm' on + startup. It may contain any valid long option; the leading two + dashes may not be entered and the option may not be abbreviated. + This default name may be changed on the command line (*note option + --options::). You should backup this file. + +`policies.txt' + This is a list of allowed CA policies. This file should list the + object identifiers of the policies line by line. Empty lines and + lines starting with a hash mark are ignored. Policies missing in + this file and not marked as critical in the certificate will print + only a warning; certificates with policies marked as critical and + not listed in this file will fail the signature verification. You + should backup this file. + + For example, to allow only the policy 2.289.9.9, the file should + look like this: + + # Allowed policies + 2.289.9.9 + +`qualified.txt' + This is the list of root certificates used for qualified + certificates. They are defined as certificates capable of + creating legally binding signatures in the same way as handwritten + signatures are. Comments start with a hash mark and empty lines + are ignored. Lines do have a length limit but this is not a + serious limitation as the format of the entries is fixed and + checked by gpgsm: A non-comment line starts with optional + whitespace, followed by exactly 40 hex character, white space and + a lowercased 2 letter country code. Additional data delimited with + by a white space is current ignored but might late be used for + other purposes. + + Note that even if a certificate is listed in this file, this does + not mean that the certificate is trusted; in general the + certificates listed in this file need to be listed also in + `trustlist.txt'. + + This is a global file an installed in the data directory (e.g. + `/usr/share/gnupg/qualified.txt'). GnuPG installs a suitable file + with root certificates as used in Germany. As new Root-CA + certificates may be issued over time, these entries may need to be + updated; new distributions of this software should come with an + updated list but it is still the responsibility of the + Administrator to check that this list is correct. + + Everytime `gpgsm' uses a certificate for signing or verification + this file will be consulted to check whether the certificate under + question has ultimately been issued by one of these CAs. If this + is the case the user will be informed that the verified signature + represents a legally binding ("qualified") signature. When + creating a signature using such a certificate an extra prompt will + be issued to let the user confirm that such a legally binding + signature shall really be created. + + Because this software has not yet been approved for use with such + certificates, appropriate notices will be shown to indicate this + fact. + +`help.txt' + This is plain text file with a few help entries used with + `pinentry' as well as a large list of help items for `gpg' and + `gpgsm'. The standard file has English help texts; to install + localized versions use filenames like `help.LL.txt' with LL + denoting the locale. GnuPG comes with a set of predefined help + files in the data directory (e.g. `/usr/share/gnupg/help.de.txt') + and allows overriding of any help item by help files stored in the + system configuration directory (e.g. `/etc/gnupg/help.de.txt'). + For a reference of the help file's syntax, please see the installed + `help.txt' file. + +`com-certs.pem' + This file is a collection of common certificates used to populated + a newly created `pubring.kbx'. An administrator may replace this + file with a custom one. The format is a concatenation of PEM + encoded X.509 certificates. This global file is installed in the + data directory (e.g. `/usr/share/gnupg/com-certs.pem'). + + + Note that on larger installations, it is useful to put predefined +files into the directory `/etc/skel/.gnupg/' so that newly created users +start up with a working configuration. For existing users a small +helper script is provided to create these files (*note addgnupghome::). + + For internal purposes gpgsm creates and maintains a few other files; +they all live in in the current home directory (*note option +--homedir::). Only `gpgsm' may modify these files. + +`pubring.kbx' + This a database file storing the certificates as well as meta + information. For debugging purposes the tool `kbxutil' may be + used to show the internal structure of this file. You should + backup this file. + +`random_seed' + This content of this file is used to maintain the internal state + of the random number generator across invocations. The same file + is used by other programs of this software too. + +`S.gpg-agent' + If this file exists and the environment variable `GPG_AGENT_INFO' + is not set, `gpgsm' will first try to connect to this socket for + accessing `gpg-agent' before starting a new `gpg-agent' instance. + Under Windows this socket (which in reality be a plain file + describing a regular TCP listening port) is the standard way of + connecting the `gpg-agent'. + + + +File: gnupg.info, Node: GPGSM Examples, Next: Unattended Usage, Prev: GPGSM Configuration, Up: Invoking GPGSM + +4.4 Examples +============ + + $ gpgsm -er goo@bar.net <plaintext >ciphertext + + +File: gnupg.info, Node: Unattended Usage, Next: GPGSM Protocol, Prev: GPGSM Examples, Up: Invoking GPGSM + +4.5 Unattended Usage +==================== + +`gpgsm' is often used as a backend engine by other software. To help +with this a machine interface has been defined to have an unambiguous +way to do this. This is most likely used with the `--server' command +but may also be used in the standard operation mode by using the +`--status-fd' option. + +* Menu: + +* Automated signature checking:: Automated signature checking. +* CSR and certificate creation:: CSR and certificate creation. + + +File: gnupg.info, Node: Automated signature checking, Up: Unattended Usage + +4.6 Automated signature checking +================================ + +It is very important to understand the semantics used with signature +verification. Checking a signature is not as simple as it may sound and +so the operation is a bit complicated. In most cases it is required to +look at several status lines. Here is a table of all cases a signed +message may have: + +The signature is valid + This does mean that the signature has been successfully verified, + the certificates are all sane. However there are two subcases with + important information: One of the certificates may have expired + or a signature of a message itself as expired. It is a sound + practise to consider such a signature still as valid but + additional information should be displayed. Depending on the + subcase `gpgsm' will issue these status codes: + signature valid and nothing did expire + `GOODSIG', `VALIDSIG', `TRUST_FULLY' + + signature valid but at least one certificate has expired + `EXPKEYSIG', `VALIDSIG', `TRUST_FULLY' + + signature valid but expired + `EXPSIG', `VALIDSIG', `TRUST_FULLY' Note, that this case is + currently not implemented. + +The signature is invalid + This means that the signature verification failed (this is an + indication of af a transfer error, a program error or tampering + with the message). `gpgsm' issues one of these status codes + sequences: + ``BADSIG'' + + ``GOODSIG', `VALIDSIG' `TRUST_NEVER'' + +Error verifying a signature + For some reason the signature could not be verified, i.e. it + cannot be decided whether the signature is valid or invalid. A + common reason for this is a missing certificate. + + + +File: gnupg.info, Node: CSR and certificate creation, Up: Unattended Usage + +4.7 CSR and certificate creation +================================ + +*Please notice*: The immediate creation of certificates is only +supported by GnuPG version 2.1 or later. With a 2.0 version you may +only create a CSR. + +The command `--gen-key' may be used along with the option `--batch' to +either create a certificate signing request (CSR) or an X.509 +certificate. The is controlled by a parameter file; the format of this +file is as follows: + + * Text only, line length is limited to about 1000 characters. + + * UTF-8 encoding must be used to specify non-ASCII characters. + + * Empty lines are ignored. + + * Leading and trailing while space is ignored. + + * A hash sign as the first non white space character indicates a + comment line. + + * Control statements are indicated by a leading percent sign, the + arguments are separated by white space from the keyword. + + * Parameters are specified by a keyword, followed by a colon. + Arguments are separated by white space. + + * The first parameter must be `Key-Type', control statements may be + placed anywhere. + + * The order of the parameters does not matter except for `Key-Type' + which must be the first parameter. The parameters are only used + for the generated CSR/certificate; parameters from previous sets + are not used. Some syntactically checks may be performed. + + * Key generation takes place when either the end of the parameter + file is reached, the next `Key-Type' parameter is encountered or + at the control statement `%commit' is encountered. + +Control statements: + +%echo TEXT + Print TEXT as diagnostic. + +%dry-run + Suppress actual key generation (useful for syntax checking). + +%commit + Perform the key generation. Note that an implicit commit is done + at the next Key-Type parameter. + + +General Parameters: + +Key-Type: ALGO + Starts a new parameter block by giving the type of the primary + key. The algorithm must be capable of signing. This is a required + parameter. The only supported value for ALGO is `rsa'. + +Key-Length: NBITS + The requested length of a generated key in bits. Defaults to 2048. + +Key-Grip: HEXSTRING + This is optional and used to generate a CSR or certificatet for an + already existing key. Key-Length will be ignored when given. + +Key-Usage: USAGE-LIST + Space or comma delimited list of key usage, allowed values are + `encrypt', `sign' and `cert'. This is used to generate the + keyUsage extension. Please make sure that the algorithm is + capable of this usage. Default is to allow encrypt and sign. + +Name-DN: SUBJECT-NAME + This is the Distinguished Name (DN) of the subject in RFC-2253 + format. + +Name-Email: STRING + This is an email address for the altSubjectName. This parameter is + optional but may occur several times to add several email + addresses to a certificate. + +Name-DNS: STRING + The is an DNS name for the altSubjectName. This parameter is + optional but may occur several times to add several DNS names to a + certificate. + +Name-URI: STRING + This is an URI for the altSubjectName. This parameter is optional + but may occur several times to add several URIs to a certificate. + +Additional parameters used to create a certificate (in contrast to a +certificate signing request): + +Serial: SN + If this parameter is given an X.509 certificate will be generated. + SN is expected to be a hex string representing an unsigned integer + of arbitary length. The special value `random' can be used to + create a 64 bit random serial number. + +Issuer-DN: ISSUER-NAME + This is the DN name of the issuer in rfc2253 format. If it is not + set it will default to the subject DN and a special GnuPG + extension will be included in the certificate to mark it as a + standalone certificate. + +Creation-Date: ISO-DATE +Not-Before: ISO-DATE + Set the notBefore date of the certificate. Either a date like + `1986-04-26' or `1986-04-26 12:00' or a standard ISO timestamp + like `19860426T042640' may be used. The time is considered to be + UTC. If it is not given the current date is used. + +Expire-Date: ISO-DATE +Not-After: ISO-DATE + Set the notAfter date of the certificate. Either a date like + `2063-04-05' or `2063-04-05 17:00' or a standard ISO timestamp + like `20630405T170000' may be used. The time is considered to be + UTC. If it is not given a default value in the not too far future + is used. + +Signing-Key: KEYGRIP + This gives the keygrip of the key used to sign the certificate. + If it is not given a self-signed certificate will be created. For + compatibility with future versions, it is suggested to prefix the + keygrip with a `&'. + +Hash-Algo: HASH-ALGO + Use HASH-ALGO for this CSR or certificate. The supported hash + algorithms are: `sha1', `sha256', `sha384' and `sha512'; they may + also be specified with uppercase letters. The default is `sha1'. + + + +File: gnupg.info, Node: GPGSM Protocol, Prev: Unattended Usage, Up: Invoking GPGSM + +4.8 The Protocol the Server Mode Uses. +====================================== + +Description of the protocol used to access `GPGSM'. `GPGSM' does +implement the Assuan protocol and in addition provides a regular +command line interface which exhibits a full client to this protocol +(but uses internal linking). To start `gpgsm' as a server the command +line the option `--server' must be used. Additional options are +provided to select the communication method (i.e. the name of the +socket). + + We assume that the connection has already been established; see the +Assuan manual for details. + +* Menu: + +* GPGSM ENCRYPT:: Encrypting a message. +* GPGSM DECRYPT:: Decrypting a message. +* GPGSM SIGN:: Signing a message. +* GPGSM VERIFY:: Verifying a message. +* GPGSM GENKEY:: Generating a key. +* GPGSM LISTKEYS:: List available keys. +* GPGSM EXPORT:: Export certificates. +* GPGSM IMPORT:: Import certificates. +* GPGSM DELETE:: Delete certificates. +* GPGSM GETINFO:: Information about the process + + +File: gnupg.info, Node: GPGSM ENCRYPT, Next: GPGSM DECRYPT, Up: GPGSM Protocol + +4.8.1 Encrypting a Message +-------------------------- + +Before encryption can be done the recipient must be set using the +command: + + RECIPIENT USERID + + Set the recipient for the encryption. USERID should be the internal +representation of the key; the server may accept any other way of +specification. If this is a valid and trusted recipient the server +does respond with OK, otherwise the return is an ERR with the reason why +the recipient cannot be used, the encryption will then not be done for +this recipient. If the policy is not to encrypt at all if not all +recipients are valid, the client has to take care of this. All +`RECIPIENT' commands are cumulative until a `RESET' or an successful +`ENCRYPT' command. + + INPUT FD[=N] [--armor|--base64|--binary] + + Set the file descriptor for the message to be encrypted to N. +Obviously the pipe must be open at that point, the server establishes +its own end. If the server returns an error the client should consider +this session failed. If N is not given, this commands uses the last +file descriptor passed to the application. *Note the assuan_sendfd +function: (assuan)fun-assuan_sendfd, on how to do descriptor passing. + + The `--armor' option may be used to advice the server that the input +data is in PEM format, `--base64' advices that a raw base-64 encoding +is used, `--binary' advices of raw binary input (BER). If none of +these options is used, the server tries to figure out the used +encoding, but this may not always be correct. + + OUTPUT FD[=N] [--armor|--base64] + + Set the file descriptor to be used for the output (i.e. the encrypted +message). Obviously the pipe must be open at that point, the server +establishes its own end. If the server returns an error he client +should consider this session failed. + + The option armor encodes the output in PEM format, the `--base64' +option applies just a base 64 encoding. No option creates binary +output (BER). + + The actual encryption is done using the command + + ENCRYPT + + It takes the plaintext from the `INPUT' command, writes to the +ciphertext to the file descriptor set with the `OUTPUT' command, take +the recipients from all the recipients set so far. If this command +fails the clients should try to delete all output currently done or +otherwise mark it as invalid. `GPGSM' does ensure that there will not +be any security problem with leftover data on the output in this case. + + This command should in general not fail, as all necessary checks have +been done while setting the recipients. The input and output pipes are +closed. + + +File: gnupg.info, Node: GPGSM DECRYPT, Next: GPGSM SIGN, Prev: GPGSM ENCRYPT, Up: GPGSM Protocol + +4.8.2 Decrypting a message +-------------------------- + +Input and output FDs are set the same way as in encryption, but `INPUT' +refers to the ciphertext and output to the plaintext. There is no need +to set recipients. `GPGSM' automatically strips any S/MIME headers +from the input, so it is valid to pass an entire MIME part to the INPUT +pipe. + + The encryption is done by using the command + + DECRYPT + + It performs the decrypt operation after doing some check on the +internal state. (e.g. that all needed data has been set). Because it +utilizes the GPG-Agent for the session key decryption, there is no need +to ask the client for a protecting passphrase - GpgAgent takes care of +this by requesting this from the user. + + +File: gnupg.info, Node: GPGSM SIGN, Next: GPGSM VERIFY, Prev: GPGSM DECRYPT, Up: GPGSM Protocol + +4.8.3 Signing a Message +----------------------- + +Signing is usually done with these commands: + + INPUT FD[=N] [--armor|--base64|--binary] + + This tells `GPGSM' to read the data to sign from file descriptor N. + + OUTPUT FD[=M] [--armor|--base64] + + Write the output to file descriptor M. If a detached signature is +requested, only the signature is written. + + SIGN [--detached] + + Sign the data set with the INPUT command and write it to the sink +set by OUTPUT. With `--detached', a detached signature is created +(surprise). + + The key used for signing is the default one or the one specified in +the configuration file. To get finer control over the keys, it is +possible to use the command + + SIGNER USERID + + to the signer's key. USERID should be the internal representation +of the key; the server may accept any other way of specification. If +this is a valid and trusted recipient the server does respond with OK, +otherwise the return is an ERR with the reason why the key cannot be +used, the signature will then not be created using this key. If the +policy is not to sign at all if not all keys are valid, the client has +to take care of this. All `SIGNER' commands are cumulative until a +`RESET' is done. Note that a `SIGN' does not reset this list of +signers which is in contrats to the `RECIPIENT' command. + + +File: gnupg.info, Node: GPGSM VERIFY, Next: GPGSM GENKEY, Prev: GPGSM SIGN, Up: GPGSM Protocol + +4.8.4 Verifying a Message +------------------------- + +To verify a mesage the command: + + VERIFY + + is used. It does a verify operation on the message send to the input +FD. The result is written out using status lines. If an output FD was +given, the signed text will be written to that. If the signature is a +detached one, the server will inquire about the signed material and the +client must provide it. + + +File: gnupg.info, Node: GPGSM GENKEY, Next: GPGSM LISTKEYS, Prev: GPGSM VERIFY, Up: GPGSM Protocol + +4.8.5 Generating a Key +---------------------- + +This is used to generate a new keypair, store the secret part in the +PSE and the public key in the key database. We will probably add +optional commands to allow the client to select whether a hardware +token is used to store the key. Configuration options to `GPGSM' can +be used to restrict the use of this command. + + GENKEY + + `GPGSM' checks whether this command is allowed and then does an +INQUIRY to get the key parameters, the client should then send the key +parameters in the native format: + + S: INQUIRE KEY_PARAM native + C: D foo:fgfgfg + C: D bar + C: END + + Please note that the server may send Status info lines while reading +the data lines from the client. After this the key generation takes +place and the server eventually does send an ERR or OK response. +Status lines may be issued as a progress indicator. + + +File: gnupg.info, Node: GPGSM LISTKEYS, Next: GPGSM EXPORT, Prev: GPGSM GENKEY, Up: GPGSM Protocol + +4.8.6 List available keys +------------------------- + +To list the keys in the internal database or using an external key +provider, the command: + + LISTKEYS PATTERN + + is used. To allow multiple patterns (which are ORed during the +search) quoting is required: Spaces are to be translated into "+" or +into "%20"; in turn this requires that the usual escape quoting rules +are done. + + LISTSECRETKEYS PATTERN + + Lists only the keys where a secret key is available. + + The list commands commands are affected by the option + + OPTION list-mode=MODE + + where mode may be: +`0' + Use default (which is usually the same as 1). + +`1' + List only the internal keys. + +`2' + List only the external keys. + +`3' + List internal and external keys. + + Note that options are valid for the entire session. + + +File: gnupg.info, Node: GPGSM EXPORT, Next: GPGSM IMPORT, Prev: GPGSM LISTKEYS, Up: GPGSM Protocol + +4.8.7 Export certificates +------------------------- + +To export certificate from the internal key database the command: + + EXPORT [--data [--armor] [--base64]] [--] PATTERN + + is used. To allow multiple patterns (which are ORed) quoting is +required: Spaces are to be translated into "+" or into "%20"; in turn +this requires that the usual escape quoting rules are done. + + If the `--data' option has not been given, the format of the output +depends on what was set with the OUTPUT command. When using PEM +encoding a few informational lines are prepended. + + If the `--data' has been given, a target set via OUTPUT is ignored +and the data is returned inline using standard `D'-lines. This avoids +the need for an extra file descriptor. In this case the options +`--armor' and `--base64' may be used in the same way as with the OUTPUT +command. + + +File: gnupg.info, Node: GPGSM IMPORT, Next: GPGSM DELETE, Prev: GPGSM EXPORT, Up: GPGSM Protocol + +4.8.8 Import certificates +------------------------- + +To import certificates into the internal key database, the command + + IMPORT [--re-import] + + is used. The data is expected on the file descriptor set with the +`INPUT' command. Certain checks are performed on the certificate. +Note that the code will also handle PKCS#12 files and import private +keys; a helper program is used for that. + + With the option `--re-import' the input data is expected to a be a +linefeed separated list of fingerprints. The command will re-import +the corresponding certificates; that is they are made permanent by +removing their ephemeral flag. + + +File: gnupg.info, Node: GPGSM DELETE, Next: GPGSM GETINFO, Prev: GPGSM IMPORT, Up: GPGSM Protocol + +4.8.9 Delete certificates +------------------------- + +To delete a certificate the command + + DELKEYS PATTERN + + is used. To allow multiple patterns (which are ORed) quoting is +required: Spaces are to be translated into "+" or into "%20"; in turn +this requires that the usual escape quoting rules are done. + + The certificates must be specified unambiguously otherwise an error +is returned. + + +File: gnupg.info, Node: GPGSM GETINFO, Prev: GPGSM DELETE, Up: GPGSM Protocol + +4.8.10 Return information about the process +------------------------------------------- + +This is a multipurpose function to return a variety of information. + + GETINFO WHAT + + The value of WHAT specifies the kind of information returned: +`version' + Return the version of the program. + +`pid' + Return the process id of the process. + +`agent-check' + Return success if the agent is running. + +`cmd_has_option CMD OPT' + Return success if the command CMD implements the option OPT. The + leading two dashes usually used with OPT shall not be given. + + +File: gnupg.info, Node: Invoking SCDAEMON, Next: Specify a User ID, Prev: Invoking GPGSM, Up: Top + +5 Invoking the SCDAEMON +*********************** + +The `scdaemon' is a daemon to manage smartcards. It is usually invoked +by `gpg-agent' and in general not used directly. + + *Note Option Index::, for an index to `scdaemon''s commands and +options. + +* Menu: + +* Scdaemon Commands:: List of all commands. +* Scdaemon Options:: List of all options. +* Card applications:: Description of card applications. +* Scdaemon Configuration:: Configuration files. +* Scdaemon Examples:: Some usage examples. +* Scdaemon Protocol:: The protocol the daemon uses. + + +File: gnupg.info, Node: Scdaemon Commands, Next: Scdaemon Options, Up: Invoking SCDAEMON + +5.1 Commands +============ + +Commands are not distinguished from options except for the fact that +only one command is allowed. + +`--version' + Print the program version and licensing information. Not that you + can abbreviate this command. + +`--help, -h' + Print a usage message summarizing the most useful command-line + options. Not that you can abbreviate this command. + +`--dump-options' + Print a list of all available options and commands. Not that you + can abbreviate this command. + +`--server' + Run in server mode and wait for commands on the `stdin'. This is + default mode is to create a socket and listen for commands there. + +`--multi-server' + Run in server mode and wait for commands on the `stdin' as well as + on an additional Unix Domain socket. The server command `GETINFO' + may be used to get the name of that extra socket. + +`--daemon' + Run the program in the background. This option is required to + prevent it from being accidentally running in the background. + + + +File: gnupg.info, Node: Scdaemon Options, Next: Card applications, Prev: Scdaemon Commands, Up: Invoking SCDAEMON + +5.2 Option Summary +================== + +`--options FILE' + Reads configuration from FILE instead of from the default per-user + configuration file. The default configuration file is named + `scdaemon.conf' and expected in the `.gnupg' directory directly + below the home directory of the user. + +`--homedir DIR' + Set the name of the home directory to DIR. If this option is not + used, the home directory defaults to `~/.gnupg'. It is only + recognized when given on the command line. It also overrides any + home directory stated through the environment variable `GNUPGHOME' + or (on W32 systems) by means of the Registry entry + HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR. + +`-v' + +`--verbose' + Outputs additional information while running. You can increase + the verbosity by giving several verbose commands to `gpgsm', such + as `-vv'. + +`--debug-level LEVEL' + Select the debug level for investigating problems. LEVEL may be a + numeric value or a keyword: + + `none' + No debugging at all. A value of less than 1 may be used + instead of the keyword. + + `basic' + Some basic debug messages. A value between 1 and 2 may be + used instead of the keyword. + + `advanced' + More verbose debug messages. A value between 3 and 5 may be + used instead of the keyword. + + `expert' + Even more detailed messages. A value between 6 and 8 may be + used instead of the keyword. + + `guru' + All of the debug messages you can get. A value greater than 8 + may be used instead of the keyword. The creation of hash + tracing files is only enabled if the keyword is used. + + How these messages are mapped to the actual debugging flags is not + specified and may change with newer releases of this program. They + are however carefully selected to best aid in debugging. + + Note: All debugging options are subject to change and thus + should not be used by any application program. As the name + says, they are only used as helpers to debug problems. + +`--debug FLAGS' + This option is only useful for debugging and the behaviour may + change at any time without notice. FLAGS are bit encoded and may + be given in usual C-Syntax. The currently defined bits are: + + `0 (1)' + command I/O + + `1 (2)' + values of big number integers + + `2 (4)' + low level crypto operations + + `5 (32)' + memory allocation + + `6 (64)' + caching + + `7 (128)' + show memory statistics. + + `9 (512)' + write hashed data to files named `dbgmd-000*' + + `10 (1024)' + trace Assuan protocol. See also option + `--debug-assuan-log-cats'. + + `11 (2048)' + trace APDU I/O to the card. This may reveal sensitive data. + + `12 (4096)' + trace some card reader related function calls. + +`--debug-all' + Same as `--debug=0xffffffff' + +`--debug-wait N' + When running in server mode, wait N seconds before entering the + actual processing loop and print the pid. This gives time to + attach a debugger. + +`--debug-ccid-driver' + Enable debug output from the included CCID driver for smartcards. + Using this option twice will also enable some tracing of the T=1 + protocol. Note that this option may reveal sensitive data. + +`--debug-disable-ticker' + This option disables all ticker functions like checking for card + insertions. + +`--debug-allow-core-dump' + For security reasons we won't create a core dump when the process + aborts. For debugging purposes it is sometimes better to allow + core dump. This options enables it and also changes the working + directory to `/tmp' when running in `--server' mode. + +`--debug-log-tid' + This option appends a thread ID to the PID in the log output. + +`--debug-assuan-log-cats CATS' + Changes the active Libassuan logging categories to CATS. The + value for CATS is an unsigned integer given in usual C-Syntax. A + value of of 0 switches to a default category. If this option is + not used the categories are taken from the environment variable + `ASSUAN_DEBUG'. Note that this option has only an effect if the + Assuan debug flag has also been with the option `--debug'. For a + list of categories see the Libassuan manual. + +`--no-detach' + Don't detach the process from the console. This is mainly useful + for debugging. + +`--log-file FILE' + Append all logging output to FILE. This is very helpful in seeing + what the agent actually does. + +`--pcsc-driver LIBRARY' + Use LIBRARY to access the smartcard reader. The current default + is `libpcsclite.so'. Instead of using this option you might also + want to install a symbolic link to the default file name (e.g. + from `libpcsclite.so.1'). + +`--ctapi-driver LIBRARY' + Use LIBRARY to access the smartcard reader. The current default + is `libtowitoko.so'. Note that the use of this interface is + deprecated; it may be removed in future releases. + +`--disable-ccid' + Disable the integrated support for CCID compliant readers. This + allows to fall back to one of the other drivers even if the + internal CCID driver can handle the reader. Note, that CCID + support is only available if libusb was available at build time. + +`--reader-port NUMBER_OR_STRING' + This option may be used to specify the port of the card terminal. + A value of 0 refers to the first serial device; add 32768 to + access USB devices. The default is 32768 (first USB device). + PC/SC or CCID readers might need a string here; run the program in + verbose mode to get a list of available readers. The default is + then the first reader found. + + To get a list of available CCID readers you may use this command: + echo scd getinfo reader_list | gpg-connect-agent --decode | awk '/^D/ {print $2}' + +`--card-timeout N' + If N is not 0 and no client is actively using the card, the card + will be powered down after N seconds. Powering down the card + avoids a potential risk of damaging a card when used with certain + cheap readers. This also allows non Scdaemon aware applications to + access the card. The disadvantage of using a card timeout is that + accessing the card takes longer and that the user needs to enter + the PIN again after the next power up. + + Note that with the current version of Scdaemon the card is powered + down immediately at the next timer tick for any value of N other + than 0. + +`--disable-keypad' + Even if a card reader features a keypad, do not try to use it. + +`--deny-admin' + This option disables the use of admin class commands for card + applications where this is supported. Currently we support it for + the OpenPGP card. This commands is useful to inhibit accidental + access to admin class command which could ultimately lock the card + through wrong PIN numbers. Note that GnuPG versions older than + 2.0.11 featured an `--allow-admin' command which was required to + use such admin commands. This option has no more effect today + because the default is now to allow admin commands. + +`--disable-application NAME' + This option disables the use of the card application named NAME. + This is mainly useful for debugging or if a application with lower + priority should be used by default. + + + All the long options may also be given in the configuration file +after stripping off the two leading dashes. + + +File: gnupg.info, Node: Card applications, Next: Scdaemon Configuration, Prev: Scdaemon Options, Up: Invoking SCDAEMON + +5.3 Description of card applications +==================================== + +`scdaemon' supports the card applications as described below. + +* Menu: + +* OpenPGP Card:: The OpenPGP card application +* NKS Card:: The Telesec NetKey card application +* DINSIG Card:: The DINSIG card application +* PKCS#15 Card:: The PKCS#15 card application +* Geldkarte Card:: The Geldkarte application +* Undefined Card:: The Undefined stub application + + +File: gnupg.info, Node: OpenPGP Card, Next: NKS Card, Up: Card applications + +5.3.1 The OpenPGP card application "openpgp" +-------------------------------------------- + +This application is currently only used by `gpg' but may in future also +be useful with `gpgsm'. Version 1 and version 2 of the card is +supported. + + The specifications for these cards are available at +`http://g10code.com/docs/openpgp-card-1.0.pdf' and +`http://g10code.com/docs/openpgp-card-2.0.pdf'. + + +File: gnupg.info, Node: NKS Card, Next: DINSIG Card, Prev: OpenPGP Card, Up: Card applications + +5.3.2 The Telesec NetKey card "nks" +----------------------------------- + +This is the main application of the Telesec cards as available in +Germany. It is a superset of the German DINSIG card. The card is used +by `gpgsm'. + + +File: gnupg.info, Node: DINSIG Card, Next: PKCS#15 Card, Prev: NKS Card, Up: Card applications + +5.3.3 The DINSIG card application "dinsig" +------------------------------------------ + +This is an application as described in the German draft standard _DIN V +66291-1_. It is intended to be used by cards supporting the German +signature law and its bylaws (SigG and SigV). + + +File: gnupg.info, Node: PKCS#15 Card, Next: Geldkarte Card, Prev: DINSIG Card, Up: Card applications + +5.3.4 The PKCS#15 card application "p15" +---------------------------------------- + +This is common framework for smart card applications. It is used by +`gpgsm'. + + +File: gnupg.info, Node: Geldkarte Card, Next: Undefined Card, Prev: PKCS#15 Card, Up: Card applications + +5.3.5 The Geldkarte card application "geldkarte" +------------------------------------------------ + +This is a simple application to display information of a German +Geldkarte. The Geldkarte is a small amount debit card application which +comes with almost all German banking cards. + + +File: gnupg.info, Node: Undefined Card, Prev: Geldkarte Card, Up: Card applications + +5.3.6 The Undefined card application "undefined" +------------------------------------------------ + +This is a stub application to allow the use of the APDU command even if +no supported application is found on the card. This application is not +used automatically but must be explicitly requested using the SERIALNO +command. + + +File: gnupg.info, Node: Scdaemon Configuration, Next: Scdaemon Examples, Prev: Card applications, Up: Invoking SCDAEMON + +5.4 Configuration files +======================= + +There are a few configuration files to control certain aspects of +`scdaemons''s operation. Unless noted, they are expected in the current +home directory (*note option --homedir::). + +`scdaemon.conf' + This is the standard configuration file read by `scdaemon' on + startup. It may contain any valid long option; the leading two + dashes may not be entered and the option may not be abbreviated. + This default name may be changed on the command line (*note option + --options::). + +`scd-event' + If this file is present and executable, it will be called on veyer + card reader's status changed. An example of this script is + provided with the distribution + +`reader_N.status' + This file is created by `sdaemon' to let other applications now + about reader status changes. Its use is now deprecated in favor of + `scd-event'. + + + +File: gnupg.info, Node: Scdaemon Examples, Next: Scdaemon Protocol, Prev: Scdaemon Configuration, Up: Invoking SCDAEMON + +5.5 Examples +============ + + $ scdaemon --server -v + + +File: gnupg.info, Node: Scdaemon Protocol, Prev: Scdaemon Examples, Up: Invoking SCDAEMON + +5.6 Scdaemon's Assuan Protocol +============================== + +The SC-Daemon should be started by the system to provide access to +external tokens. Using Smartcards on a multi-user system does not make +much sense expect for system services, but in this case no regular user +accounts are hosted on the machine. + + A client connects to the SC-Daemon by connecting to the socket named +`/var/run/scdaemon/socket', configuration information is read from +/ETC/SCDAEMON.CONF + + Each connection acts as one session, SC-Daemon takes care of +synchronizing access to a token between sessions. + +* Menu: + +* Scdaemon SERIALNO:: Return the serial number. +* Scdaemon LEARN:: Read all useful information from the card. +* Scdaemon READCERT:: Return a certificate. +* Scdaemon READKEY:: Return a public key. +* Scdaemon PKSIGN:: Signing data with a Smartcard. +* Scdaemon PKDECRYPT:: Decrypting data with a Smartcard. +* Scdaemon GETATTR:: Read an attribute's value. +* Scdaemon SETATTR:: Update an attribute's value. +* Scdaemon WRITEKEY:: Write a key to a card. +* Scdaemon GENKEY:: Generate a new key on-card. +* Scdaemon RANDOM:: Return random bytes generate on-card. +* Scdaemon PASSWD:: Change PINs. +* Scdaemon CHECKPIN:: Perform a VERIFY operation. +* Scdaemon RESTART:: Restart connection +* Scdaemon APDU:: Send a verbatim APDU to the card + + +File: gnupg.info, Node: Scdaemon SERIALNO, Next: Scdaemon LEARN, Up: Scdaemon Protocol + +5.6.1 Return the serial number +------------------------------ + +This command should be used to check for the presence of a card. It is +special in that it can be used to reset the card. Most other commands +will return an error when a card change has been detected and the use of +this function is therefore required. + + Background: We want to keep the client clear of handling card changes +between operations; i.e. the client can assume that all operations are +done on the same card unless he call this function. + + SERIALNO + + Return the serial number of the card using a status response like: + + S SERIALNO D27600000000000000000000 0 + + The trailing 0 should be ignored for now, it is reserved for a future +extension. The serial number is the hex encoded value identified by +the `0x5A' tag in the GDO file (FIX=0x2F02). + + +File: gnupg.info, Node: Scdaemon LEARN, Next: Scdaemon READCERT, Prev: Scdaemon SERIALNO, Up: Scdaemon Protocol + +5.6.2 Read all useful information from the card +----------------------------------------------- + + LEARN [--force] + + Learn all useful information of the currently inserted card. When +used without the force options, the command might do an INQUIRE like +this: + + INQUIRE KNOWNCARDP <hexstring_with_serialNumber> <timestamp> + + The client should just send an `END' if the processing should go on +or a `CANCEL' to force the function to terminate with a cancel error +message. The response of this command is a list of status lines +formatted as this: + + S KEYPAIRINFO HEXSTRING_WITH_KEYGRIP HEXSTRING_WITH_ID + + If there is no certificate yet stored on the card a single "X" is +returned in HEXSTRING_WITH_KEYGRIP. + + +File: gnupg.info, Node: Scdaemon READCERT, Next: Scdaemon READKEY, Prev: Scdaemon LEARN, Up: Scdaemon Protocol + +5.6.3 Return a certificate +-------------------------- + + READCERT HEXIFIED_CERTID|KEYID + + This function is used to read a certificate identified by +HEXIFIED_CERTID from the card. With OpenPGP cards the keyid +`OpenPGP.3' may be used to rad the certificate of version 2 cards. + + +File: gnupg.info, Node: Scdaemon READKEY, Next: Scdaemon PKSIGN, Prev: Scdaemon READCERT, Up: Scdaemon Protocol + +5.6.4 Return a public key +------------------------- + + READKEY HEXIFIED_CERTID + + Return the public key for the given cert or key ID as an standard +S-Expression. + + +File: gnupg.info, Node: Scdaemon PKSIGN, Next: Scdaemon PKDECRYPT, Prev: Scdaemon READKEY, Up: Scdaemon Protocol + +5.6.5 Signing data with a Smartcard +----------------------------------- + +To sign some data the caller should use the command + + SETDATA HEXSTRING + + to tell `scdaemon' about the data to be signed. The data must be +given in hex notation. The actual signing is done using the command + + PKSIGN KEYID + + where KEYID is the hexified ID of the key to be used. The key id +may have been retrieved using the command `LEARN'. If another hash +algorithm than SHA-1 is used, that algorithm may be given like: + + PKSIGN --hash=ALGONAME KEYID + + With ALGONAME are one of `sha1', `rmd160' or `md5'. + + +File: gnupg.info, Node: Scdaemon PKDECRYPT, Next: Scdaemon GETATTR, Prev: Scdaemon PKSIGN, Up: Scdaemon Protocol + +5.6.6 Decrypting data with a Smartcard +-------------------------------------- + +To decrypt some data the caller should use the command + + SETDATA HEXSTRING + + to tell `scdaemon' about the data to be decrypted. The data must be +given in hex notation. The actual decryption is then done using the +command + + PKDECRYPT KEYID + + where KEYID is the hexified ID of the key to be used. + + +File: gnupg.info, Node: Scdaemon GETATTR, Next: Scdaemon SETATTR, Prev: Scdaemon PKDECRYPT, Up: Scdaemon Protocol + +5.6.7 Read an attribute's value. +-------------------------------- + +TO BE WRITTEN. + + +File: gnupg.info, Node: Scdaemon SETATTR, Next: Scdaemon WRITEKEY, Prev: Scdaemon GETATTR, Up: Scdaemon Protocol + +5.6.8 Update an attribute's value. +---------------------------------- + +TO BE WRITTEN. + + +File: gnupg.info, Node: Scdaemon WRITEKEY, Next: Scdaemon GENKEY, Prev: Scdaemon SETATTR, Up: Scdaemon Protocol + +5.6.9 Write a key to a card. +---------------------------- + + WRITEKEY [--force] KEYID + + This command is used to store a secret key on a smartcard. The +allowed keyids depend on the currently selected smartcard application. +The actual keydata is requested using the inquiry `KEYDATA' and need to +be provided without any protection. With `--force' set an existing key +under this KEYID will get overwritten. The key data is expected to be +the usual canonical encoded S-expression. + + A PIN will be requested in most cases. This however depends on the +actual card application. + + +File: gnupg.info, Node: Scdaemon GENKEY, Next: Scdaemon RANDOM, Prev: Scdaemon WRITEKEY, Up: Scdaemon Protocol + +5.6.10 Generate a new key on-card. +---------------------------------- + +TO BE WRITTEN. + + +File: gnupg.info, Node: Scdaemon RANDOM, Next: Scdaemon PASSWD, Prev: Scdaemon GENKEY, Up: Scdaemon Protocol + +5.6.11 Return random bytes generate on-card. +-------------------------------------------- + +TO BE WRITTEN. + + +File: gnupg.info, Node: Scdaemon PASSWD, Next: Scdaemon CHECKPIN, Prev: Scdaemon RANDOM, Up: Scdaemon Protocol + +5.6.12 Change PINs. +------------------- + + PASSWD [--reset] [--nullpin] CHVNO + + Change the PIN or reset the retry counter of the card holder +verification vector number CHVNO. The option `--nullpin' is used to +initialize the PIN of TCOS cards (6 byte NullPIN only). + + +File: gnupg.info, Node: Scdaemon CHECKPIN, Next: Scdaemon RESTART, Prev: Scdaemon PASSWD, Up: Scdaemon Protocol + +5.6.13 Perform a VERIFY operation. +---------------------------------- + + CHECKPIN IDSTR + + Perform a VERIFY operation without doing anything else. This may be +used to initialize a the PIN cache earlier to long lasting operations. +Its use is highly application dependent: + +*OpenPGP* + Perform a simple verify operation for CHV1 and CHV2, so that + further operations won't ask for CHV2 and it is possible to do a + cheap check on the PIN: If there is something wrong with the PIN + entry system, only the regular CHV will get blocked and not the + dangerous CHV3. IDSTR is the usual card's serial number in hex + notation; an optional fingerprint part will get ignored. + + There is however a special mode if IDSTR is suffixed with the + literal string `[CHV3]': In this case the Admin PIN is checked if + and only if the retry counter is still at 3. + + + +File: gnupg.info, Node: Scdaemon RESTART, Next: Scdaemon APDU, Prev: Scdaemon CHECKPIN, Up: Scdaemon Protocol + +5.6.14 Perform a RESTART operation. +----------------------------------- + + RESTART + + Restart the current connection; this is a kind of warm reset. It +deletes the context used by this connection but does not actually reset +the card. + + This is used by gpg-agent to reuse a primary pipe connection and may +be used by clients to backup from a conflict in the serial command; +i.e. to select another application. + + +File: gnupg.info, Node: Scdaemon APDU, Prev: Scdaemon RESTART, Up: Scdaemon Protocol + +5.6.15 Send a verbatim APDU to the card. +---------------------------------------- + + APDU [--atr] [--more] [--exlen[=N]] [HEXSTRING] + + Send an APDU to the current reader. This command bypasses the high +level functions and sends the data directly to the card. HEXSTRING is +expected to be a proper APDU. If HEXSTRING is not given no commands +are send to the card; However the command will implicitly check whether +the card is ready for use. + + Using the option `--atr' returns the ATR of the card as a status +message before any data like this: + S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1 + + Using the option `--more' handles the card status word MORE_DATA +(61xx) and concatenate all responses to one block. + + Using the option `--exlen' the returned APDU may use extended length +up to N bytes. If N is not given a default value is used (currently +4096). + + +File: gnupg.info, Node: Specify a User ID, Next: Helper Tools, Prev: Invoking SCDAEMON, Up: Top + +6 How to Specify a User Id +************************** + +There are different ways to specify a user ID to GnuPG. Some of them +are only valid for `gpg' others are only good for `gpgsm'. Here is the +entire list of ways to specify a key: + + * By key Id. This format is deduced from the length of the string + and its content or `0x' prefix. The key Id of an X.509 certificate + are the low 64 bits of its SHA-1 fingerprint. The use of key Ids + is just a shortcut, for all automated processing the fingerprint + should be used. + + When using `gpg' an exclamation mark (!) may be appended to force + using the specified primary or secondary key and not to try and + calculate which primary or secondary key to use. + + The last four lines of the example give the key ID in their long + form as internally used by the OpenPGP protocol. You can see the + long key ID using the option `--with-colons'. + + 234567C4 + 0F34E556E + 01347A56A + 0xAB123456 + + 234AABBCC34567C4 + 0F323456784E56EAB + 01AB3FED1347A5612 + 0x234AABBCC34567C4 + + * By fingerprint. This format is deduced from the length of the + string and its content or the `0x' prefix. Note, that only the 20 + byte version fingerprint is available with `gpgsm' (i.e. the SHA-1 + hash of the certificate). + + When using `gpg' an exclamation mark (!) may be appended to force + using the specified primary or secondary key and not to try and + calculate which primary or secondary key to use. + + The best way to specify a key Id is by using the fingerprint. This + avoids any ambiguities in case that there are duplicated key IDs. + + 1234343434343434C434343434343434 + 123434343434343C3434343434343734349A3434 + 0E12343434343434343434EAB3484343434343434 + 0xE12343434343434343434EAB3484343434343434 + + (`gpgsm' also accepts colons between each pair of hexadecimal + digits because this is the de-facto standard on how to present + X.509 fingerprints.) + + * By exact match on OpenPGP user ID. This is denoted by a leading + equal sign. It does not make sense for X.509 certificates. + + =Heinrich Heine <heinrichh@uni-duesseldorf.de> + + * By exact match on an email address. This is indicated by + enclosing the email address in the usual way with left and right + angles. + + <heinrichh@uni-duesseldorf.de> + + * By word match. All words must match exactly (not case sensitive) + but can appear in any order in the user ID or a subjects name. + Words are any sequences of letters, digits, the underscore and all + characters with bit 7 set. + + +Heinrich Heine duesseldorf + + * By exact match on the subject's DN. This is indicated by a + leading slash, directly followed by the RFC-2253 encoded DN of the + subject. Note that you can't use the string printed by "gpgsm + -list-keys" because that one as been reordered and modified for + better readability; use -with-colons to print the raw (but standard + escaped) RFC-2253 string + + /CN=Heinrich Heine,O=Poets,L=Paris,C=FR + + * By exact match on the issuer's DN. This is indicated by a leading + hash mark, directly followed by a slash and then directly followed + by the rfc2253 encoded DN of the issuer. This should return the + Root cert of the issuer. See note above. + + #/CN=Root Cert,O=Poets,L=Paris,C=FR + + * By exact match on serial number and issuer's DN. This is + indicated by a hash mark, followed by the hexadecimal + representation of the serial number, then followed by a slash and + the RFC-2253 encoded DN of the issuer. See note above. + + #4F03/CN=Root Cert,O=Poets,L=Paris,C=FR + + * By keygrip This is indicated by an ampersand followed by the 40 + hex digits of a keygrip. `gpgsm' prints the keygrip when using + the command `--dump-cert'. It does not yet work for OpenPGP keys. + + &D75F22C3F86E355877348498CDC92BD21010A480 + + * By substring match. This is the default mode but applications may + want to explicitly indicate this by putting the asterisk in front. + Match is not case sensitive. + + Heine + *Heine + + + Please note that we have reused the hash mark identifier which was +used in old GnuPG versions to indicate the so called local-id. It is +not anymore used and there should be no conflict when used with X.509 +stuff. + + Using the RFC-2253 format of DNs has the drawback that it is not +possible to map them back to the original encoding, however we don't +have to do this because our key database stores this encoding as meta +data. + + +File: gnupg.info, Node: Helper Tools, Next: Howtos, Prev: Specify a User ID, Up: Top + +7 Helper Tools +************** + +GnuPG comes with a couple of smaller tools: + +* Menu: + +* watchgnupg:: Read logs from a socket. +* gpgv:: Verify OpenPGP signatures. +* addgnupghome:: Create .gnupg home directories. +* gpgconf:: Modify .gnupg home directories. +* applygnupgdefaults:: Run gpgconf for all users. +* gpgsm-gencert.sh:: Generate an X.509 certificate request. +* gpg-preset-passphrase:: Put a passphrase into the cache. +* gpg-connect-agent:: Communicate with a running agent. +* gpgparsemail:: Parse a mail message into an annotated format +* symcryptrun:: Call a simple symmetric encryption tool. +* gpg-zip:: Encrypt or sign files into an archive. + + +File: gnupg.info, Node: watchgnupg, Next: gpgv, Up: Helper Tools + +7.1 Read logs from a socket +=========================== + +Most of the main utilities are able to write their log files to a Unix +Domain socket if configured that way. `watchgnupg' is a simple +listener for such a socket. It ameliorates the output with a time stamp +and makes sure that long lines are not interspersed with log output from +other utilities. This tool is not available for Windows. + +`watchgnupg' is commonly invoked as + + watchgnupg --force ~/.gnupg/S.log + +This starts it on the current terminal for listening on the socket +`~/.gnupg/S.log'. + +`watchgnupg' understands these options: + +`--force' + Delete an already existing socket file. + +`--tcp N' + Instead of reading from a local socket, listen for connects on TCP + port N. + +`--verbose' + Enable extra informational output. + +`--version' + Print version of the program and exit. + +`--help' + Display a brief help page and exit. + + + +Examples +******** + + $ watchgnupg --force /home/foo/.gnupg/S.log + + This waits for connections on the local socket +`/home/foo/.gnupg/S.log' and shows all log entries. To make this work +the option `log-file' needs to be used with all modules which logs are +to be shown. The value for that option must be given with a special +prefix (e.g. in the conf file): + + log-file socket:///home/foo/.gnupg/S.log + + For debugging purposes it is also possible to do remote logging. +Take care if you use this feature because the information is send in the +clear over the network. Use this syntax in the conf files: + + log-file tcp://192.168.1.1:4711 + + You may use any port and not just 4711 as shown above; only IP +addresses are supported (v4 and v6) and no host names. You need to +start `watchgnupg' with the `tcp' option. Note that under Windows the +registry entry HKCU\SOFTWARE\GNU\GNUPG:DEFAULTLOGFILE can be used to +change the default log output from `stderr' to whatever is given by +that entry. However the only useful entry is a TCP name for remote +debugging. + + +File: gnupg.info, Node: gpgv, Next: addgnupghome, Prev: watchgnupg, Up: Helper Tools + +7.2 Verify OpenPGP signatures +============================= + + `gpgv2' is an OpenPGP signature verification tool. + + This program is actually a stripped-down version of `gpg' which is +only able to check signatures. It is somewhat smaller than the +fully-blown `gpg' and uses a different (and simpler) way to check that +the public keys used to make the signature are valid. There are no +configuration files and only a few options are implemented. + + `gpgv2' assumes that all keys in the keyring are trustworthy. By +default it uses a keyring named `trustedkeys.gpg' which is assumed to +be in the home directory as defined by GnuPG or set by an option or an +environment variable. An option may be used to specify another keyring +or even multiple keyrings. + + + + `gpgv2' recognizes these options: + +`--verbose' +`-v' + Gives more information during processing. If used twice, the input + data is listed in detail. + +`--quiet' +`-q' + Try to be as quiet as possible. + +`--keyring FILE' + Add FILE to the list of keyrings. If FILE begins with a tilde and + a slash, these are replaced by the HOME directory. If the filename + does not contain a slash, it is assumed to be in the + home-directory ("~/.gnupg" if -homedir is not used). + +`--status-fd N' + Write special status strings to the file descriptor N. See the + file DETAILS in the documentation for a listing of them. + +`--logger-fd `n'' + Write log output to file descriptor `n' and not to stderr. + +`--ignore-time-conflict' + GnuPG normally checks that the timestamps associated with keys and + signatures have plausible values. However, sometimes a signature + seems to be older than the key due to clock problems. This option + turns these checks into warnings. + +`--homedir DIR' + Set the name of the home directory to DIR. If this option is not + used, the home directory defaults to `~/.gnupg'. It is only + recognized when given on the command line. It also overrides any + home directory stated through the environment variable `GNUPGHOME' + or (on W32 systems) by means of the Registry entry + HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR. + + + The program returns 0 if everything is fine, 1 if at least one +signature was bad, and other error codes for fatal errors. + +7.2.1 Examples +-------------- + +gpgv2 `pgpfile' +gpgv2 `sigfile' [`datafile'] + Verify the signature of the file. The second form is used for + detached signatures, where `sigfile' is the detached signature + (either ASCII-armored or binary) and `datafile' contains the + signed data; if `datafile' is "-" the signed data is expected on + `stdin'; if `datafile' is not given the name of the file holding + the signed data is constructed by cutting off the extension + (".asc", ".sig" or ".sign") from `sigfile'. + + +7.2.2 Environment +----------------- + +HOME + Used to locate the default home directory. + +GNUPGHOME + If set directory used instead of "~/.gnupg". + + +7.2.3 FILES +----------- + +~/.gnupg/trustedkeys.gpg + The default keyring with the allowed keys. + + + `gpg2'(1) + + +File: gnupg.info, Node: addgnupghome, Next: gpgconf, Prev: gpgv, Up: Helper Tools + +7.3 Create .gnupg home directories. +=================================== + +If GnuPG is installed on a system with existing user accounts, it is +sometimes required to populate the GnuPG home directory with existing +files. Especially a `trustlist.txt' and a keybox with some initial +certificates are often desired. This scripts help to do this by +copying all files from `/etc/skel/.gnupg' to the home directories of +the accounts given on the command line. It takes care not to overwrite +existing GnuPG home directories. + +`addgnupghome' is invoked by root as: + + addgnupghome account1 account2 ... accountn + + +File: gnupg.info, Node: gpgconf, Next: applygnupgdefaults, Prev: addgnupghome, Up: Helper Tools + +7.4 Modify .gnupg home directories. +=================================== + +The `gpgconf' is a utility to automatically and reasonable safely query +and modify configuration files in the `.gnupg' home directory. It is +designed not to be invoked manually by the user, but automatically by +graphical user interfaces (GUI).(1) + + `gpgconf' provides access to the configuration of one or more +components of the GnuPG system. These components correspond more or +less to the programs that exist in the GnuPG framework, like GnuPG, +GPGSM, DirMngr, etc. But this is not a strict one-to-one relationship. +Not all configuration options are available through `gpgconf'. +`gpgconf' provides a generic and abstract method to access the most +important configuration options that can feasibly be controlled via +such a mechanism. + + `gpgconf' can be used to gather and change the options available in +each component, and can also provide their default values. `gpgconf' +will give detailed type information that can be used to restrict the +user's input without making an attempt to commit the changes. + + `gpgconf' provides the backend of a configuration editor. The +configuration editor would usually be a graphical user interface +program, that allows to display the current options, their default +values, and allows the user to make changes to the options. These +changes can then be made active with `gpgconf' again. Such a program +that uses `gpgconf' in this way will be called GUI throughout this +section. + +* Menu: + +* Invoking gpgconf:: List of all commands and options. +* Format conventions:: Formatting conventions relevant for all commands. +* Listing components:: List all gpgconf components. +* Checking programs:: Check all programs know to gpgconf. +* Listing options:: List all options of a component. +* Changing options:: Changing options of a component. +* Listing global options:: List all global options. +* Files used by gpgconf:: What files are used by gpgconf. + + ---------- Footnotes ---------- + + (1) Please note that currently no locking is done, so concurrent +access should be avoided. There are some precautions to avoid +corruption with concurrent usage, but results may be inconsistent and +some changes may get lost. The stateless design makes it difficult to +provide more guarantees. + + +File: gnupg.info, Node: Invoking gpgconf, Next: Format conventions, Up: gpgconf + +7.4.1 Invoking gpgconf +---------------------- + +One of the following commands must be given: + +`--list-components' + List all components. This is the default command used if none is + specified. + +`--check-programs' + List all available backend programs and test whether they are + runnable. + +`--list-options COMPONENT' + List all options of the component COMPONENT. + +`--change-options COMPONENT' + Change the options of the component COMPONENT. + +`--check-options COMPONENT' + Check the options for the component COMPONENT. + +`--apply-defaults' + Update all configuration files with values taken from the global + configuration file (usually `/etc/gnupg/gpgconf.conf'). + +`--list-dirs' + Lists the directories used by `gpgconf'. One directory is listed + per line, and each line consists of a colon-separated list where + the first field names the directory type (for example `sysconfdir') + and the second field contains the percent-escaped directory. + Although they are not directories, the socket file names used by + `gpg-agent' and `dirmngr' are printed as well. Note that the + socket file names and the `homedir' lines are the default names + and they may be overridden by command line switches. + +`--list-config [FILENAME]' + List the global configuration file in a colon separated format. If + FILENAME is given, check that file instead. + +`--check-config [FILENAME]' + Run a syntax check on the global configuration file. If FILENAME + is given, check that file instead. + +`--reload [COMPONENT]' + Reload all or the given component. This is basically the same as + sending a SIGHUP to the component. Components which don't support + reloading are ignored. + +`--kill [COMPONENT]' + Kill the given component. Components which support killing are + gpg-agent and scdaemon. Components which don't support reloading + are ignored. Note that as of now reload and kill have the same + effect for scdaemon. + + + The following options may be used: + +`-v' +`--verbose' + Outputs additional information while running. Specifically, this + extends numerical field values by human-readable descriptions. + +`-n' +`--dry-run' + Do not actually change anything. This is currently only + implemented for `--change-options' and can be used for testing + purposes. + +`-r' +`--runtime' + Only used together with `--change-options'. If one of the + modified options can be changed in a running daemon process, signal + the running daemon to ask it to reparse its configuration file + after changing. + + This means that the changes will take effect at run-time, as far as + this is possible. Otherwise, they will take effect at the next + start of the respective backend programs. + + + +File: gnupg.info, Node: Format conventions, Next: Listing components, Prev: Invoking gpgconf, Up: gpgconf + +7.4.2 Format conventions +------------------------ + +Some lines in the output of `gpgconf' contain a list of colon-separated +fields. The following conventions apply: + + * The GUI program is required to strip off trailing newline and/or + carriage return characters from the output. + + * `gpgconf' will never leave out fields. If a certain version + provides a certain field, this field will always be present in all + `gpgconf' versions from that time on. + + * Future versions of `gpgconf' might append fields to the list. New + fields will always be separated from the previously last field by + a colon separator. The GUI should be prepared to parse the last + field it knows about up until a colon or end of line. + + * Not all fields are defined under all conditions. You are required + to ignore the content of undefined fields. + + There are several standard types for the content of a field: + +verbatim + Some fields contain strings that are not escaped in any way. Such + fields are described to be used _verbatim_. These fields will + never contain a colon character (for obvious reasons). No + de-escaping or other formatting is required to use the field + content. This is for easy parsing of the output, when it is known + that the content can never contain any special characters. + +percent-escaped + Some fields contain strings that are described to be + _percent-escaped_. Such strings need to be de-escaped before + their content can be presented to the user. A percent-escaped + string is de-escaped by replacing all occurrences of `%XY' by the + byte that has the hexadecimal value `XY'. `X' and `Y' are from + the set `0-9a-f'. + +localised + Some fields contain strings that are described to be _localised_. + Such strings are translated to the active language and formatted in + the active character set. + +unsigned number + Some fields contain an _unsigned number_. This number will always + fit into a 32-bit unsigned integer variable. The number may be + followed by a space, followed by a human readable description of + that value (if the verbose option is used). You should ignore + everything in the field that follows the number. + +signed number + Some fields contain a _signed number_. This number will always + fit into a 32-bit signed integer variable. The number may be + followed by a space, followed by a human readable description of + that value (if the verbose option is used). You should ignore + everything in the field that follows the number. + +boolean value + Some fields contain a _boolean value_. This is a number with + either the value 0 or 1. The number may be followed by a space, + followed by a human readable description of that value (if the + verbose option is used). You should ignore everything in the + field that follows the number; checking just the first character + is sufficient in this case. + +option + Some fields contain an _option_ argument. The format of an option + argument depends on the type of the option and on some flags: + + no argument + The simplest case is that the option does not take an + argument at all (TYPE `0'). Then the option argument is an + unsigned number that specifies how often the option occurs. + If the `list' flag is not set, then the only valid number is + `1'. Options that do not take an argument never have the + `default' or `optional arg' flag set. + + number + If the option takes a number argument (ALT-TYPE is `2' or + `3'), and it can only occur once (`list' flag is not set), + then the option argument is either empty (only allowed if the + argument is optional), or it is a number. A number is a + string that begins with an optional minus character, followed + by one or more digits. The number must fit into an integer + variable (unsigned or signed, depending on ALT-TYPE). + + number list + If the option takes a number argument and it can occur more + than once, then the option argument is either empty, or it is + a comma-separated list of numbers as described above. + + string + If the option takes a string argument (ALT-TYPE is 1), and it + can only occur once (`list' flag is not set) then the option + argument is either empty (only allowed if the argument is + optional), or it starts with a double quote character (`"') + followed by a percent-escaped string that is the argument + value. Note that there is only a leading double quote + character, no trailing one. The double quote character is + only needed to be able to differentiate between no value and + the empty string as value. + + string list + If the option takes a number argument and it can occur more + than once, then the option argument is either empty, or it is + a comma-separated list of string arguments as described above. + + The active language and character set are currently determined from +the locale environment of the `gpgconf' program. + + +File: gnupg.info, Node: Listing components, Next: Checking programs, Prev: Format conventions, Up: gpgconf + +7.4.3 Listing components +------------------------ + +The command `--list-components' will list all components that can be +configured with `gpgconf'. Usually, one component will correspond to +one GnuPG-related program and contain the options of that programs +configuration file that can be modified using `gpgconf'. However, this +is not necessarily the case. A component might also be a group of +selected options from several programs, or contain entirely virtual +options that have a special effect rather than changing exactly one +option in one configuration file. + + A component is a set of configuration options that semantically +belong together. Furthermore, several changes to a component can be +made in an atomic way with a single operation. The GUI could for +example provide a menu with one entry for each component, or a window +with one tabulator sheet per component. + + The command argument `--list-components' lists all available +components, one per line. The format of each line is: + + `NAME:DESCRIPTION:PGMNAME:' + +NAME + This field contains a name tag of the component. The name tag is + used to specify the component in all communication with `gpgconf'. + The name tag is to be used _verbatim_. It is thus not in any + escaped format. + +DESCRIPTION + The _string_ in this field contains a human-readable description + of the component. It can be displayed to the user of the GUI for + informational purposes. It is _percent-escaped_ and _localized_. + +PGMNAME + The _string_ in this field contains the absolute name of the + program's file. It can be used to unambiguously invoke that + program. It is _percent-escaped_. + + Example: + $ gpgconf --list-components + gpg:GPG for OpenPGP:/usr/local/bin/gpg2: + gpg-agent:GPG Agent:/usr/local/bin/gpg-agent: + scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon: + gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm: + dirmngr:Directory Manager:/usr/local/bin/dirmngr: + + +File: gnupg.info, Node: Checking programs, Next: Listing options, Prev: Listing components, Up: gpgconf + +7.4.4 Checking programs +----------------------- + +The command `--check-programs' is similar to `--list-components' but +works on backend programs and not on components. It runs each program +to test whether it is installed and runnable. This also includes a +syntax check of all config file options of the program. + + The command argument `--check-programs' lists all available +programs, one per line. The format of each line is: + + `NAME:DESCRIPTION:PGMNAME:AVAIL:OKAY:CFGFILE:LINE:ERROR:' + +NAME + This field contains a name tag of the program which is identical + to the name of the component. The name tag is to be used + _verbatim_. It is thus not in any escaped format. This field may + be empty to indicate a continuation of error descriptions for the + last name. The description and pgmname fields are then also empty. + +DESCRIPTION + The _string_ in this field contains a human-readable description + of the component. It can be displayed to the user of the GUI for + informational purposes. It is _percent-escaped_ and _localized_. + +PGMNAME + The _string_ in this field contains the absolute name of the + program's file. It can be used to unambiguously invoke that + program. It is _percent-escaped_. + +AVAIL + The _boolean value_ in this field indicates whether the program is + installed and runnable. + +OKAY + The _boolean value_ in this field indicates whether the program's + config file is syntactically okay. + +CFGFILE + If an error occurred in the configuration file (as indicated by a + false value in the field `okay'), this field has the name of the + failing configuration file. It is _percent-escaped_. + +LINE + If an error occurred in the configuration file, this field has the + line number of the failing statement in the configuration file. + It is an _unsigned number_. + +ERROR + If an error occurred in the configuration file, this field has the + error text of the failing statement in the configuration file. It + is _percent-escaped_ and _localized_. + + +In the following example the `dirmngr' is not runnable and the +configuration file of `scdaemon' is not okay. + + $ gpgconf --check-programs + gpg:GPG for OpenPGP:/usr/local/bin/gpg2:1:1: + gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:1:1: + scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:1:0: + gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:1:1: + dirmngr:Directory Manager:/usr/local/bin/dirmngr:0:0: + +The command `--check-options COMPONENT' will verify the configuration +file in the same manner as `--check-programs', but only for the +component COMPONENT. + + +File: gnupg.info, Node: Listing options, Next: Changing options, Prev: Checking programs, Up: gpgconf + +7.4.5 Listing options +--------------------- + +Every component contains one or more options. Options may be gathered +into option groups to allow the GUI to give visual hints to the user +about which options are related. + + The command argument `--list-options COMPONENT' lists all options +(and the groups they belong to) in the component COMPONENT, one per +line. COMPONENT must be the string in the field NAME in the output of +the `--list-components' command. + + There is one line for each option and each group. First come all +options that are not in any group. Then comes a line describing a +group. Then come all options that belong into each group. Then comes +the next group and so on. There does not need to be any group (and in +this case the output will stop after the last non-grouped option). + + The format of each line is: + +`NAME:FLAGS:LEVEL:DESCRIPTION:TYPE:ALT-TYPE:ARGNAME:DEFAULT:ARGDEF:VALUE' + +NAME + This field contains a name tag for the group or option. The name + tag is used to specify the group or option in all communication + with `gpgconf'. The name tag is to be used _verbatim_. It is + thus not in any escaped format. + +FLAGS + The flags field contains an _unsigned number_. Its value is the + OR-wise combination of the following flag values: + + `group (1)' + If this flag is set, this is a line describing a group and + not an option. + + The following flag values are only defined for options (that is, if + the `group' flag is not used). + + `optional arg (2)' + If this flag is set, the argument is optional. This is never + set for TYPE `0' (none) options. + + `list (4)' + If this flag is set, the option can be given multiple times. + + `runtime (8)' + If this flag is set, the option can be changed at runtime. + + `default (16)' + If this flag is set, a default value is available. + + `default desc (32)' + If this flag is set, a (runtime) default is available. This + and the `default' flag are mutually exclusive. + + `no arg desc (64)' + If this flag is set, and the `optional arg' flag is set, then + the option has a special meaning if no argument is given. + + `no change (128)' + If this flag is set, gpgconf ignores requests to change the + value. GUI frontends should grey out this option. Note, + that manual changes of the configuration files are still + possible. + +LEVEL + This field is defined for options and for groups. It contains an + _unsigned number_ that specifies the expert level under which this + group or option should be displayed. The following expert levels + are defined for options (they have analogous meaning for groups): + + `basic (0)' + This option should always be offered to the user. + + `advanced (1)' + This option may be offered to advanced users. + + `expert (2)' + This option should only be offered to expert users. + + `invisible (3)' + This option should normally never be displayed, not even to + expert users. + + `internal (4)' + This option is for internal use only. Ignore it. + + The level of a group will always be the lowest level of all + options it contains. + +DESCRIPTION + This field is defined for options and groups. The _string_ in + this field contains a human-readable description of the option or + group. It can be displayed to the user of the GUI for + informational purposes. It is _percent-escaped_ and _localized_. + +TYPE + This field is only defined for options. It contains an _unsigned + number_ that specifies the type of the option's argument, if any. + The following types are defined: + + Basic types: + + `none (0)' + No argument allowed. + + `string (1)' + An _unformatted string_. + + `int32 (2)' + A _signed number_. + + `uint32 (3)' + An _unsigned number_. + + Complex types: + + `pathname (32)' + A _string_ that describes the pathname of a file. The file + does not necessarily need to exist. + + `ldap server (33)' + A _string_ that describes an LDAP server in the format: + + `HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN' + + `key fingerprint (34)' + A _string_ with a 40 digit fingerprint specifying a + certificate. + + `pub key (35)' + A _string_ that describes a certificate by user ID, key ID or + fingerprint. + + `sec key (36)' + A _string_ that describes a certificate with a key by user ID, + key ID or fingerprint. + + `alias list (37)' + A _string_ that describes an alias list, like the one used + with gpg's group option. The list consists of a key, an + equal sign and space separated values. + + More types will be added in the future. Please see the ALT-TYPE + field for information on how to cope with unknown types. + +ALT-TYPE + This field is identical to TYPE, except that only the types `0' to + `31' are allowed. The GUI is expected to present the user the + option in the format specified by TYPE. But if the argument type + TYPE is not supported by the GUI, it can still display the option + in the more generic basic type ALT-TYPE. The GUI must support all + the defined basic types to be able to display all options. More + basic types may be added in future versions. If the GUI + encounters a basic type it doesn't support, it should report an + error and abort the operation. + +ARGNAME + This field is only defined for options with an argument type TYPE + that is not `0'. In this case it may contain a _percent-escaped_ + and _localised string_ that gives a short name for the argument. + The field may also be empty, though, in which case a short name is + not known. + +DEFAULT + This field is defined only for options for which the `default' or + `default desc' flag is set. If the `default' flag is set, its + format is that of an _option argument_ (*Note Format + conventions::, for details). If the default value is empty, then + no default is known. Otherwise, the value specifies the default + value for this option. If the `default desc' flag is set, the + field is either empty or contains a description of the effect if + the option is not given. + +ARGDEF + This field is defined only for options for which the `optional + arg' flag is set. If the `no arg desc' flag is not set, its + format is that of an _option argument_ (*Note Format + conventions::, for details). If the default value is empty, then + no default is known. Otherwise, the value specifies the default + argument for this option. If the `no arg desc' flag is set, the + field is either empty or contains a description of the effect of + this option if no argument is given. + +VALUE + This field is defined only for options. Its format is that of an + _option argument_. If it is empty, then the option is not + explicitly set in the current configuration, and the default + applies (if any). Otherwise, it contains the current value of the + option. Note that this field is also meaningful if the option + itself does not take a real argument (in this case, it contains + the number of times the option appears). + + +File: gnupg.info, Node: Changing options, Next: Listing global options, Prev: Listing options, Up: gpgconf + +7.4.6 Changing options +---------------------- + +The command `--change-options COMPONENT' will attempt to change the +options of the component COMPONENT to the specified values. COMPONENT +must be the string in the field NAME in the output of the +`--list-components' command. You have to provide the options that +shall be changed in the following format on standard input: + + `NAME:FLAGS:NEW-VALUE' + +NAME + This is the name of the option to change. NAME must be the string + in the field NAME in the output of the `--list-options' command. + +FLAGS + The flags field contains an _unsigned number_. Its value is the + OR-wise combination of the following flag values: + + `default (16)' + If this flag is set, the option is deleted and the default + value is used instead (if applicable). + +NEW-VALUE + The new value for the option. This field is only defined if the + `default' flag is not set. The format is that of an _option + argument_. If it is empty (or the field is omitted), the default + argument is used (only allowed if the argument is optional for this + option). Otherwise, the option will be set to the specified value. + +The output of the command is the same as that of `--check-options' for +the modified configuration file. + + Examples: + + To set the force option, which is of basic type `none (0)': + + $ echo 'force:0:1' | gpgconf --change-options dirmngr + + To delete the force option: + + $ echo 'force:16:' | gpgconf --change-options dirmngr + + The `--runtime' option can influence when the changes take effect. + + +File: gnupg.info, Node: Listing global options, Next: Files used by gpgconf, Prev: Changing options, Up: gpgconf + +7.4.7 Listing global options +---------------------------- + +Sometimes it is useful for applications to look at the global options +file `gpgconf.conf'. The colon separated listing format is record +oriented and uses the first field to identify the record type: + +`k' + This describes a key record to start the definition of a new + ruleset for a user/group. The format of a key record is: + + `k:USER:GROUP:' + + USER + This is the user field of the key. It is percent escaped. + See the definition of the gpgconf.conf format for details. + + GROUP + This is the group field of the key. It is percent escaped. + +`r' + This describes a rule record. All rule records up to the next key + record make up a rule set for that key. The format of a rule + record is: + + `r:::COMPONENT:OPTION:FLAGS:VALUE:' + + COMPONENT + This is the component part of a rule. It is a plain string. + + OPTION + This is the option part of a rule. It is a plain string. + + FLAG + This is the flags part of a rule. There may be only one flag + per rule but by using the same component and option, several + flags may be assigned to an option. It is a plain string. + + VALUE + This is the optional value for the option. It is a percent + escaped string with a single quotation mark to indicate a + string. The quotation mark is only required to distinguish + between no value specified and an empty string. + + +Unknown record types should be ignored. Note that there is +intentionally no feature to change the global option file through +`gpgconf'. + + +File: gnupg.info, Node: Files used by gpgconf, Prev: Listing global options, Up: gpgconf + +7.4.8 Files used by gpgconf +--------------------------- + +`/etc/gnupg/gpgconf.conf' + If this file exists, it is processed as a global configuration + file. A commented example can be found in the `examples' + directory of the distribution. + + +File: gnupg.info, Node: applygnupgdefaults, Next: gpgsm-gencert.sh, Prev: gpgconf, Up: Helper Tools + +7.5 Run gpgconf for all users. +============================== + +This script is a wrapper around `gpgconf' to run it with the command +`--apply-defaults' for all real users with an existing GnuPG home +directory. Admins might want to use this script to update he GnuPG +configuration files for all users after `/etc/gnupg/gpgconf.conf' has +been changed. This allows to enforce certain policies for all users. +Note, that this is not a bulletproof of forcing a user to use certain +options. A user may always directly edit the configuration files and +bypass gpgconf. + +`applygnupgdefaults' is invoked by root as: + + applygnupgdefaults + + +File: gnupg.info, Node: gpgsm-gencert.sh, Next: gpg-preset-passphrase, Prev: applygnupgdefaults, Up: Helper Tools + +7.6 Generate an X.509 certificate request +========================================= + +This is a simple tool to interactively generate a certificate request +which will be printed to stdout. + +`gpgsm-gencert.sh' is invoked as: + + `gpgsm-cencert.sh' + + +File: gnupg.info, Node: gpg-preset-passphrase, Next: gpg-connect-agent, Prev: gpgsm-gencert.sh, Up: Helper Tools + +7.7 Put a passphrase into the cache. +==================================== + +The `gpg-preset-passphrase' is a utility to seed the internal cache of +a running `gpg-agent' with passphrases. It is mainly useful for +unattended machines, where the usual `pinentry' tool may not be used +and the passphrases for the to be used keys are given at machine +startup. + + Passphrases set with this utility don't expire unless the `--forget' +option is used to explicitly clear them from the cache -- or +`gpg-agent' is either restarted or reloaded (by sending a SIGHUP to +it). It is necessary to allow this passphrase presetting by starting +`gpg-agent' with the `--allow-preset-passphrase'. + +* Menu: + +* Invoking gpg-preset-passphrase:: List of all commands and options. + + +File: gnupg.info, Node: Invoking gpg-preset-passphrase, Up: gpg-preset-passphrase + +7.7.1 List of all commands and options. +--------------------------------------- + +`gpg-preset-passphrase' is invoked this way: + + gpg-preset-passphrase [options] [command] CACHEID + + CACHEID is either a 40 character keygrip of hexadecimal characters +identifying the key for which the passphrase should be set or cleared. +The keygrip is listed along with the key when running the command: +`gpgsm --dump-secret-keys'. Alternatively an arbitrary string may be +used to identify a passphrase; it is suggested that such a string is +prefixed with the name of the application (e.g `foo:12346'). + +One of the following command options must be given: + +`--preset' + Preset a passphrase. This is what you usually will use. + `gpg-preset-passphrase' will then read the passphrase from `stdin'. + +`--forget' + Flush the passphrase for the given cache ID from the cache. + + +The following additional options may be used: + +`-v' +`--verbose' + Output additional information while running. + +`-P STRING' +`--passphrase STRING' + Instead of reading the passphrase from `stdin', use the supplied + STRING as passphrase. Note that this makes the passphrase visible + for other users. + + +File: gnupg.info, Node: gpg-connect-agent, Next: gpgparsemail, Prev: gpg-preset-passphrase, Up: Helper Tools + +7.8 Communicate with a running agent. +===================================== + +The `gpg-connect-agent' is a utility to communicate with a running +`gpg-agent'. It is useful to check out the commands gpg-agent provides +using the Assuan interface. It might also be useful for scripting +simple applications. Input is expected at stdin and out put gets +printed to stdout. + + It is very similar to running `gpg-agent' in server mode; but here +we connect to a running instance. + +* Menu: + +* Invoking gpg-connect-agent:: List of all options. +* Controlling gpg-connect-agent:: Control commands. + + +File: gnupg.info, Node: Invoking gpg-connect-agent, Next: Controlling gpg-connect-agent, Up: gpg-connect-agent + +7.8.1 List of all options. +-------------------------- + +`gpg-connect-agent' is invoked this way: + + gpg-connect-agent [options] [commands] + +The following options may be used: + +`-v' +`--verbose' + Output additional information while running. + +`-q' + +`--quiet' + Try to be as quiet as possible. + +`--homedir DIR' + Set the name of the home directory to DIR. If this option is not + used, the home directory defaults to `~/.gnupg'. It is only + recognized when given on the command line. It also overrides any + home directory stated through the environment variable `GNUPGHOME' + or (on W32 systems) by means of the Registry entry + HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR. + +`--agent-program FILE' + Specify the agent program to be started if none is running. + +`-S' +`--raw-socket NAME' + Connect to socket NAME assuming this is an Assuan style server. + Do not run any special initializations or environment checks. + This may be used to directly connect to any Assuan style socket + server. + +`-E' +`--exec' + Take the rest of the command line as a program and it's arguments + and execute it as an assuan server. Here is how you would run + `gpgsm': + gpg-connect-agent --exec gpgsm --server + Note that you may not use options on the command line in this case. + +`--no-ext-connect' + When using `-S' or `--exec', `gpg-connect-agent' connects to the + assuan server in extended mode to allow descriptor passing. This + option makes it use the old mode. + +`--run FILE' + Run the commands from FILE at startup and then continue with the + regular input method. Note, that commands given on the command + line are executed after this file. + +`-s' +`--subst' + Run the command `/subst' at startup. + +`--hex' + Print data lines in a hex format and the ASCII representation of + non-control characters. + +`--decode' + Decode data lines. That is to remove percent escapes but make + sure that a new line always starts with a D and a space. + + + +File: gnupg.info, Node: Controlling gpg-connect-agent, Prev: Invoking gpg-connect-agent, Up: gpg-connect-agent + +7.8.2 Control commands. +----------------------- + +While reading Assuan commands, gpg-agent also allows a few special +commands to control its operation. These control commands all start +with a slash (`/'). + +`/echo ARGS' + Just print ARGS. + +`/let NAME VALUE' + Set the variable NAME to VALUE. Variables are only substituted on + the input if the `/subst' has been used. Variables are referenced + by prefixing the name with a dollar sign and optionally include + the name in curly braces. The rules for a valid name are + identically to those of the standard bourne shell. This is not yet + enforced but may be in the future. When used with curly braces no + leading or trailing white space is allowed. + + If a variable is not found, it is searched in the environment and + if found copied to the table of variables. + + Variable functions are available: The name of the function must be + followed by at least one space and the at least one argument. The + following functions are available: + + `get' + Return a value described by the argument. Available + arguments are: + + `cwd' + The current working directory. + + `homedir' + The gnupg homedir. + + `sysconfdir' + GnuPG's system configuration directory. + + `bindir' + GnuPG's binary directory. + + `libdir' + GnuPG's library directory. + + `libexecdir' + GnuPG's library directory for executable files. + + `datadir' + GnuPG's data directory. + + `serverpid' + The PID of the current server. Command `/serverpid' must + have been given to return a useful value. + + `unescape ARGS' + Remove C-style escapes from ARGS. Note that `\0' and `\x00' + terminate the returned string implicitly. The string to be + converted are the entire arguments right behind the + delimiting space of the function name. + + `unpercent ARGS' + `unpercent+ ARGS' + Remove percent style escaping from ARGS. Note that `%00' + terminates the string implicitly. The string to be converted + are the entire arguments right behind the delimiting space of + the function name. `unpercent+' also maps plus signs to a + spaces. + + `percent ARGS' + `percent+ ARGS' + Escape the ARGS using percent style escaping. Tabs, + formfeeds, linefeeds, carriage returns and colons are + escaped. `percent+' also maps spaces to plus signs. + + `errcode ARG' + `errsource ARG' + `errstring ARG' + Assume ARG is an integer and evaluate it using `strtol'. + Return the gpg-error error code, error source or a formatted + string with the error code and error source. + + `+' + `-' + `*' + `/' + `%' + Evaluate all arguments as long integers using `strtol' and + apply this operator. A division by zero yields an empty + string. + + `!' + `|' + `&' + Evaluate all arguments as long integers using `strtol' and + apply the logical oeprators NOT, OR or AND. The NOT operator + works on the last argument only. + + +`/definq NAME VAR' + Use content of the variable VAR for inquiries with NAME. NAME may + be an asterisk (`*') to match any inquiry. + +`/definqfile NAME FILE' + Use content of FILE for inquiries with NAME. NAME may be an + asterisk (`*') to match any inquiry. + +`/definqprog NAME PROG' + Run PROG for inquiries matching NAME and pass the entire line to + it as command line arguments. + +`/datafile NAME' + Write all data lines from the server to the file NAME. The file + is opened for writing and created if it does not exists. An + existing file is first truncated to 0. The data written to the + file fully decoded. Using a single dash for NAME writes to + stdout. The file is kept open until a new file is set using this + command or this command is used without an argument. + +`/showdef' + Print all definitions + +`/cleardef' + Delete all definitions + +`/sendfd FILE MODE' + Open FILE in MODE (which needs to be a valid `fopen' mode string) + and send the file descriptor to the server. This is usually + followed by a command like `INPUT FD' to set the input source for + other commands. + +`/recvfd' + Not yet implemented. + +`/open VAR FILE [MODE]' + Open FILE and assign the file descriptor to VAR. Warning: This + command is experimental and might change in future versions. + +`/close FD' + Close the file descriptor FD. Warning: This command is + experimental and might change in future versions. + +`/showopen' + Show a list of open files. + +`/serverpid' + Send the Assuan command `GETINFO pid' to the server and store the + returned PID for internal purposes. + +`/sleep' + Sleep for a second. + +`/hex' +`/nohex' + Same as the command line option `--hex'. + +`/decode' +`/nodecode' + Same as the command line option `--decode'. + +`/subst' +`/nosubst' + Enable and disable variable substitution. It defaults to disabled + unless the command line option `--subst' has been used. If /subst + as been enabled once, leading whitespace is removed from input + lines which makes scripts easier to read. + +`/while CONDITION' +`/end' + These commands provide a way for executing loops. All lines + between the `while' and the corresponding `end' are executed as + long as the evaluation of CONDITION yields a non-zero value or is + the string `true' or `yes'. The evaluation is done by passing + CONDITION to the `strtol' function. Example: + + /subst + /let i 3 + /while $i + /echo loop couter is $i + /let i ${- $i 1} + /end + +`/if CONDITION' +`/end' + These commands provide a way for conditional execution. All lines + between the `if' and the corresponding `end' are executed only if + the evaluation of CONDITION yields a non-zero value or is the + string `true' or `yes'. The evaluation is done by passing + CONDITION to the `strtol' function. + +`/run FILE' + Run commands from FILE. + +`/bye' + Terminate the connection and the program + +`/help' + Print a list of available control commands. + + + +File: gnupg.info, Node: gpgparsemail, Next: symcryptrun, Prev: gpg-connect-agent, Up: Helper Tools + +7.9 Parse a mail message into an annotated format +================================================= + +The `gpgparsemail' is a utility currently only useful for debugging. +Run it with `--help' for usage information. + + +File: gnupg.info, Node: symcryptrun, Next: gpg-zip, Prev: gpgparsemail, Up: Helper Tools + +7.10 Call a simple symmetric encryption tool. +============================================= + +Sometimes simple encryption tools are already in use for a long time and +there might be a desire to integrate them into the GnuPG framework. The +protocols and encryption methods might be non-standard or not even +properly documented, so that a full-fledged encryption tool with an +interface like gpg is not doable. `symcryptrun' provides a solution: +It operates by calling the external encryption/decryption module and +provides a passphrase for a key using the standard `pinentry' based +mechanism through `gpg-agent'. + + Note, that `symcryptrun' is only available if GnuPG has been +configured with `--enable-symcryptrun' at build time. + +* Menu: + +* Invoking symcryptrun:: List of all commands and options. + + +File: gnupg.info, Node: Invoking symcryptrun, Up: symcryptrun + +7.10.1 List of all commands and options. +---------------------------------------- + +`symcryptrun' is invoked this way: + + symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE + [--decrypt | --encrypt] [inputfile] + + For encryption, the plain text must be provided on STDIN or as the +argument INPUTFILE, and the ciphertext will be output to STDOUT. For +decryption vice versa. + + CLASS describes the calling conventions of the external tool. +Currently it must be given as `confucius'. PROGRAM is the full +filename of that external tool. + + For the class `confucius' the option `--keyfile' is required; +KEYFILE is the name of a file containing the secret key, which may be +protected by a passphrase. For detailed calling conventions, see the +source code. + +Note, that `gpg-agent' must be running before starting `symcryptrun'. + +The following additional options may be used: + +`-v' +`--verbose' + Output additional information while running. + +`-q' + +`--quiet' + Try to be as quiet as possible. + +`--homedir DIR' + Set the name of the home directory to DIR. If this option is not + used, the home directory defaults to `~/.gnupg'. It is only + recognized when given on the command line. It also overrides any + home directory stated through the environment variable `GNUPGHOME' + or (on W32 systems) by means of the Registry entry + HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR. + +`--log-file FILE' + Append all logging output to FILE. Default is to write logging + information to STDERR. + + +The possible exit status codes of `symcryptrun' are: + +`0' + Success. + +`1' + Some error occured. + +`2' + No valid passphrase was provided. + +`3' + The operation was canceled by the user. + + + +File: gnupg.info, Node: gpg-zip, Prev: symcryptrun, Up: Helper Tools + +7.11 Encrypt or sign files into an archive +========================================== + +`gpg-zip' encrypts or signs files into an archive. It is an gpg-ized +tar using the same format as used by PGP's PGP Zip. + +`gpg-zip' is invoked this way: + + gpg-zip [options] FILENAME1 [FILENAME2, ...] DIRECTORY [DIRECTORY2, ...] + +`gpg-zip' understands these options: + +`--encrypt' +`-e' + Encrypt data. This option may be combined with `--symmetric' (for + output that may be decrypted via a secret key or a passphrase). + +`--decrypt' +`-d' + Decrypt data. + +`--symmetric' +`-c' + Encrypt with a symmetric cipher using a passphrase. The default + symmetric cipher used is CAST5, but may be chosen with the + `--cipher-algo' option to `gpg'. + +`--sign' +`-s' + Make a signature. See `gpg'. + +`--recipient USER' +`-r USER' + Encrypt for user id USER. See `gpg'. + +`--local-user USER' +`-u USER' + Use USER as the key to sign with. See `gpg'. + +`--list-archive' + List the contents of the specified archive. + +`--output FILE' +`-o FILE' + Write output to specified file FILE. + +`--gpg GPGCMD' + Use the specified command GPGCMD instead of `gpg'. + +`--gpg-args ARGS' + Pass the specified options to `gpg'. + +`--tar TARCMD' + Use the specified command TARCMD instead of `tar'. + +`--tar-args ARGS' + Pass the specified options to `tar'. + +`--version' + Print version of the program and exit. + +`--help' + Display a brief help page and exit. + + +The program returns 0 if everything was fine, 1 otherwise. + +Some examples: + +Encrypt the contents of directory `mydocs' for user Bob to file `test1': + + gpg-zip --encrypt --output test1 --gpg-args -r Bob mydocs + +List the contents of archive `test1': + + gpg-zip --list-archive test1 + + +File: gnupg.info, Node: Howtos, Next: System Notes, Prev: Helper Tools, Up: Top + +8 How to do certain things +************************** + +This is a collection of small howto documents. + +* Menu: + +* Howto Create a Server Cert:: Creating a TLS server certificate. + + +File: gnupg.info, Node: Howto Create a Server Cert, Up: Howtos + +8.1 Creating a TLS server certificate +===================================== + +Here is a brief run up on how to create a server certificate. It has +actually been done this way to get a certificate from CAcert to be used +on a real server. It has only been tested with this CA, but there +shouldn't be any problem to run this against any other CA. + + Before you start, make sure that gpg-agent is running. As there is +no need for a configuration file, you may simply enter: + + $ gpgsm-gencert.sh >a.p10 + Key type + [1] RSA + [2] Existing key + [3] Direct from card + Your selection: 1 + You selected: RSA + + I opted for creating a new RSA key. The other option is to use an +already existing key, by selecting `2' and entering the so-called +keygrip. Running the command `gpgsm --dump-secret-key USERID' shows +you this keygrip. Using `3' offers another menu to create a +certificate directly from a smart card based key. + + Let's continue: + + Key length + [1] 1024 + [2] 2048 + Your selection: 1 + You selected: 1024 + + The script offers two common key sizes. With the current setup of +CAcert, it does not make much sense to use a 2k key; their policies need +to be revised anyway (a CA root key valid for 30 years is not really +serious). + + Key usage + [1] sign, encrypt + [2] sign + [3] encrypt + Your selection: 1 + You selected: sign, encrypt + + We want to sign and encrypt using this key. This is just a suggestion +and the CA may actually assign other key capabilities. + + Now for some real data: + + Name (DN) + > CN=kerckhoffs.g10code.com + + This is the most important value for a server certificate. Enter here +the canonical name of your server machine. You may add other virtual +server names later. + + E-Mail addresses (end with an empty line) + > + + We don't need email addresses in a server certificate and CAcert +would anyway ignore such a request. Thus just hit enter. + + If you want to create a client certificate for email encryption, this +would be the place to enter your mail address (e.g. <joe@example.org>). +You may enter as many addresses as you like, however the CA may not +accept them all or reject the entire request. + + DNS Names (optional; end with an empty line) + > www.g10code.com + DNS Names (optional; end with an empty line) + > ftp.g10code.com + DNS Names (optional; end with an empty line) + > + + Here I entered the names of the servers which actually run on the +machine given in the DN above. The browser will accept a certificate for +any of these names. As usual the CA must approve all of these names. + + URIs (optional; end with an empty line) + > + + It is possible to insert arbitrary URIs into a certificate; for a +server certificate this does not make sense. + + We have now entered all required information and `gpgsm' will +display what it has gathered and ask whether to create the certificate +request: + + Parameters for certificate request to create: + 1 Key-Type: RSA + 2 Key-Length: 1024 + 3 Key-Usage: sign, encrypt + 4 Name-DN: CN=kerckhoffs.g10code.com + 5 Name-DNS: www.g10code.com + 6 Name-DNS: ftp.g10code.com + + Really create such a CSR? + [1] yes + [2] no + Your selection: 1 + You selected: yes + + `gpgsm' will now start working on creating the request. As this +includes the creation of an RSA key it may take a while. During this +time you will be asked 3 times for a passphrase to protect the created +private key on your system. A pop up window will appear to ask for it. +The first two prompts are for the new passphrase and for re-entering it; +the third one is required to actually create the certificate signing +request. + + When it is ready, you should see the final notice: + + gpgsm: certificate request created + + Now, you may look at the created request: + + $ cat a.p10 + -----BEGIN CERTIFICATE REQUEST----- + MIIBnzCCAQgCAQAwITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCB + nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVyg + HtB7kr+YISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlS + wFTALLX78GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkm + Bj5cNy+YMbGVldECAwEAAaA+MDwGCSqGSIb3DQEJDjEvMC0wKwYDVR0RBCQwIoIP + d3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5jb20wDQYJKoZIhvcNAQEFBQAD + gYEAzBRIi8KTfKyebOlMtDN6oDYBOv+r9A4w3u/Z1ikjffaiN1Bmd2o9Ez9KXKHA + IezLeSEA/rGUPN5Ur5qIJnRNQ8xrS+iLftr8msWQSZppVnA/vnqMrtqBUpitqAr0 + eYBmt1Uem2Y3UFABrKPglv2xzgGkrKX6AqmFoOnJWQ0QcTw= + -----END CERTIFICATE REQUEST----- + $ + + You may now proceed by logging into your account at the CAcert +website, choose `Server Certificates - New', check `sign by class 3 root +certificate', paste the above request block into the text field and +click on `Submit'. + + If everything works out fine, a certificate will be shown. Now run + + $ gpgsm --import + + and paste the certificate from the CAcert page into your terminal +followed by a Ctrl-D + + -----BEGIN CERTIFICATE----- + MIIEIjCCAgqgAwIBAgIBTDANBgkqhkiG9w0BAQQFADBUMRQwEgYDVQQKEwtDQWNl + cnQgSW5jLjEeMBwGA1UECxMVaHR0cDovL3d3dy5DQWNlcnQub3JnMRwwGgYDVQQD + ExNDQWNlcnQgQ2xhc3MgMyBSb290MB4XDTA1MTAyODE2MjA1MVoXDTA3MTAyODE2 + MjA1MVowITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCBnzANBgkq + hkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVygHtB7kr+Y + ISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlSwFTALLX7 + 8GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkmBj5cNy+Y + MbGVldECAwEAAaOBtTCBsjAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUF + BwMCBggrBgEFBQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMAsGA1UdDwQEAwIF + oDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2Vy + dC5vcmcwKwYDVR0RBCQwIoIPd3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5j + b20wDQYJKoZIhvcNAQEEBQADggIBAAj5XAHCtzQR8PV6PkQBgZqUCbcfxGO/ZIp9 + aIT6J2z0Jo1OZI6KmConbqnZG9WyDlV5P7msQXW/Z9nBfoj4KSmNR8G/wtb8ClJn + W8s75+K3ZLq1UgEyxBDrS7GjtbVaj7gsfZsuiQzxmk9lbl1gbkpJ3VEMjwVCTMlM + fpjp8etyPhUZqOZaoKVaq//KTOsjhPMwz7TcfOkHvXketPrWTcefJQU7NKLH16D3 + mZAwnBxp3P51H6E6VG8AoJO8xCBuVwsbXKEf/FW+tmKG9pog6CaZQ9WibROTtnKj + NJjSBsrUk5C+JowO/EyZRGm6R1tlok8iFXj+2aimyeBqDcxozNmFgh9F3S5u0wK0 + 6cfYgkPVMHxgwV3f3Qh+tJkgLExN7KfO9hvpZqAh+CLQtxVmvpxEVEXKR6nwBI5U + BaseulvVy3wUfg2daPkG17kDDBzQlsWC0BRF8anH+FWSrvseC3nS0a9g3sXF1Ic3 + gIqeAMhkant1Ac3RR6YCWtJKr2rcQNdDAxXK35/gUSQNCi9dclEzoOgjziuA1Mha + 94jYcvGKcwThn0iITVS5hOsCfaySBLxTzfIruLbPxXlpWuCW/6I/7YyivppKgEZU + rUTFlNElRXCwIl0YcJkIaYYqWf7+A/aqYJCi8+51usZwMy3Jsq3hJ6MA3h1BgwZs + Rtct3tIX + -----END CERTIFICATE----- + gpgsm: issuer certificate (#/CN=CAcert Class 3 Ro[...]) not found + gpgsm: certificate imported + + gpgsm: total number processed: 1 + gpgsm: imported: 1 + + gpgsm tells you that it has imported the certificate. It is now +associated with the key you used when creating the request. The root +certificate has not been found, so you may want to import it from the +CACert website. + + To see the content of your certificate, you may now enter: + + $ gpgsm -K kerckhoffs.g10code.com + /home/foo/.gnupg/pubring.kbx + --------------------------- + Serial number: 4C + Issuer: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.[...] + Subject: /CN=kerckhoffs.g10code.com + aka: (dns-name www.g10code.com) + aka: (dns-name ftp.g10code.com) + validity: 2005-10-28 16:20:51 through 2007-10-28 16:20:51 + key type: 1024 bit RSA + key usage: digitalSignature keyEncipherment + ext key usage: clientAuth (suggested), serverAuth (suggested), [...] + fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:19:D8:E9:65:B9:BD:4F:B1:98:CC:57 + + I used `-K' above because this will only list certificates for which +a private key is available. To see more details, you may use +`--dump-secret-keys' instead of `-K'. + + To make actual use of the certificate you need to install it on your +server. Server software usually expects a PKCS\#12 file with key and +certificate. To create such a file, run: + + $ gpgsm --export-secret-key-p12 -a >kerckhoffs-cert.pem + + You will be asked for the passphrase as well as for a new passphrase +to be used to protect the PKCS\#12 file. The file now contains the +certificate as well as the private key: + + $ cat kerckhoffs-cert.pem + Issuer ...: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.CA[...] + Serial ...: 4C + Subject ..: /CN=kerckhoffs.g10code.com + aka ..: (dns-name www.g10code.com) + aka ..: (dns-name ftp.g10code.com) + + -----BEGIN PKCS12----- + MIIHlwIBAzCCB5AGCSqGSIb37QdHAaCCB4EEggd9MIIHeTk1BJ8GCSqGSIb3DQEu + [...many more lines...] + -----END PKCS12----- + $ + + Copy this file in a secure way to the server, install it there and +delete the file then. You may export the file again at any time as long +as it is available in GnuPG's private key database. + diff --git a/doc/gnupg.info-2 b/doc/gnupg.info-2 new file mode 100644 index 0000000..5959a28 --- /dev/null +++ b/doc/gnupg.info-2 @@ -0,0 +1,2125 @@ +This is /home/wk/w/gnupg-stable/doc/gnupg.info, produced by makeinfo +version 4.13 from /home/wk/w/gnupg-stable/doc/gnupg.texi. + +This is the `The GNU Privacy Guard Manual' (version 2.0.19, +March 2012). + + Copyright (C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software +Foundation, Inc. + + Permission is granted to copy, distribute and/or modify this + document under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 3 of the + License, or (at your option) any later version. The text of the + license can be found in the section entitled "Copying". + +INFO-DIR-SECTION GNU Utilities +START-INFO-DIR-ENTRY +* gpg2: (gnupg). OpenPGP encryption and signing tool. +* gpgsm: (gnupg). S/MIME encryption and signing tool. +* gpg-agent: (gnupg). The secret key daemon. +END-INFO-DIR-ENTRY + + +File: gnupg.info, Node: System Notes, Next: Debugging, Prev: Howtos, Up: Top + +9 Notes pertaining to certain OSes. +*********************************** + +GnuPG has been developed on GNU/Linux systems and is know to work on +almost all Free OSes. All modern POSIX systems should be supported +right now, however there are probably a lot of smaller glitches we need +to fix first. The major problem areas are: + + * For logging to sockets and other internal operations the + `fopencookie' function (`funopen' under *BSD) is used. This is a + very convenient function which makes it possible to create outputs + in a structures and easy maintainable way. The drawback however + is that most proprietary OSes don't support this function. At + g10 Code we have looked into several ways on how to overcome this + limitation but no sufficiently easy and maintainable way has been + found. Porting _glibc_ to a general POSIX system is of course an + option and would make writing portable software much easier; this + it has not yet been done and the system administrator would need + to cope with the GNU specific admin things in addition to the + generic ones of his system. + + We have now settled to use explicit stdio wrappers with a + functionality similar to funopen. Although the code for this has + already been written (_libestream_), we have not yet changed GnuPG + to use it. + + This means that on systems not supporting either `funopen' or + `fopencookie', logging to a socket won't work, prompts are not + formatted as pretty as they should be and `gpgsm''s `LISTKEYS' + Assuan command does not work. + + * We are planning to use file descriptor passing for interprocess + communication. This will allow us save a lot of resources and + improve performance of certain operations a lot. Systems not + supporting this won't gain these benefits but we try to keep them + working the standard way as it is done today. + + * We require more or less full POSIX compatibility. This has been + around for 15 years now and thus we don't believe it makes sense to + support non POSIX systems anymore. Well, we of course the usual + workarounds for near POSIX systems well be applied. + + There is one exception of this rule: Systems based the Microsoft + Windows API (called here _W32_) will be supported to some extend. + + +* Menu: + +* W32 Notes:: Microsoft Windows Notes + + +File: gnupg.info, Node: W32 Notes, Up: System Notes + +9.1 Microsoft Windows Notes +=========================== + +Current limitations are: + + * `gpgconf' does not create backup files, so in case of trouble your + configuration file might get lost. + + * `watchgnupg' is not available. Logging to sockets is not possible. + + * The periodical smartcard status checking done by `scdaemon' is not + yet supported. + + + +File: gnupg.info, Node: Debugging, Next: Copying, Prev: System Notes, Up: Top + +10 How to solve problems +************************ + +Everyone knows that software often does not do what it should do and +thus there is a need to track down problems. We call this debugging in +a reminiscent to the moth jamming a relay in a Mark II box back in 1947. + + Most of the problems a merely configuration and user problems but +nevertheless there are the most annoying ones and responsible for many +gray hairs. We try to give some guidelines here on how to identify and +solve the problem at hand. + +* Menu: + +* Debugging Tools:: Description of some useful tools. +* Debugging Hints:: Various hints on debugging. +* Common Problems:: Commonly seen problems. +* Architecture Details:: How the whole thing works internally. + + +File: gnupg.info, Node: Debugging Tools, Next: Debugging Hints, Up: Debugging + +10.1 Debugging Tools +==================== + +The GnuPG distribution comes with a couple of tools, useful to help find +and solving problems. + +* Menu: + +* kbxutil:: Scrutinizing a keybox file. + + +File: gnupg.info, Node: kbxutil, Up: Debugging Tools + +10.1.1 Scrutinizing a keybox file +--------------------------------- + +A keybox is a file format used to store public keys along with meta +information and indices. The commonly used one is the file +`pubring.kbx' in the `.gnupg' directory. It contains all X.509 +certificates as well as OpenPGP keys(1) . + +When called the standard way, e.g.: + + `kbxutil ~/.gnupg/pubring.kbx' + +it lists all records (called blobs) with there meta-information in a +human readable format. + +To see statistics on the keybox in question, run it using + + `kbxutil --stats ~/.gnupg/pubring.kbx' + +and you get an output like: + + Total number of blobs: 99 + header: 1 + empty: 0 + openpgp: 0 + x509: 98 + non flagged: 81 + secret flagged: 0 + ephemeral flagged: 17 + + In this example you see that the keybox does not have any OpenPGP +keys but contains 98 X.509 certificates and a total of 17 keys or +certificates are flagged as ephemeral, meaning that they are only +temporary stored (cached) in the keybox and won't get listed using the +usual commands provided by `gpgsm' or `gpg'. 81 certificates are stored +in a standard way and directly available from `gpgsm'. + +To find duplicated certificates and keyblocks in a keybox file (this +should not occur but sometimes things go wrong), run it using + + `kbxutil --find-dups ~/.gnupg/pubring.kbx' + + ---------- Footnotes ---------- + + (1) Well, OpenPGP keys are not implemented, `gpg' still used the +keyring file `pubring.gpg' + + +File: gnupg.info, Node: Debugging Hints, Next: Common Problems, Prev: Debugging Tools, Up: Debugging + +10.2 Various hints on debugging. +================================ + + * How to find the IP address of a keyserver + + If a round robin URL of is used for a keyserver (e.g. + subkeys.gnupg.org); it is not easy to see what server is actually + used. Using the keyserver debug option as in + + gpg --keyserver-options debug=1 -v --refresh-key 1E42B367 + + is thus often helpful. Note that the actual output depends on the + backend and may change from release to release. + + + +File: gnupg.info, Node: Common Problems, Next: Architecture Details, Prev: Debugging Hints, Up: Debugging + +10.3 Commonly Seen Problems +=========================== + + * Error code `Not supported' from Dirmngr + + Most likely the option `enable-ocsp' is active for gpgsm but + Dirmngr's OCSP feature has not been enabled using `allow-ocsp' in + `dirmngr.conf'. + + * The Curses based Pinentry does not work + + The far most common reason for this is that the environment + variable `GPG_TTY' has not been set correctly. Make sure that it + has been set to a real tty devce and not just to `/dev/tty'; i.e. + `GPG_TTY=tty' is plainly wrong; what you want is `GPG_TTY=`tty`' + -- note the back ticks. Also make sure that this environment + variable gets exported, that is you should follow up the setting + with an `export GPG_TTY' (assuming a Bourne style shell). Even for + GUI based Pinentries; you should have set `GPG_TTY'. See the + section on installing the `gpg-agent' on how to do it. + + * SSH hangs while a popping up pinentry was expected + + SSH has no way to tell the gpg-agent what terminal or X display it + is running on. So when remotely logging into a box where a + gpg-agent with SSH support is running, the pinentry will get + popped up on whatever display the gpg-agent has been started. To + solve this problem you may issue the command + + echo UPDATESTARTUPTTY | gpg-connect-agent + + and the next pinentry will pop up on your display or screen. + However, you need to kill the running pinentry first because only + one pinentry may be running at once. If you plan to use ssh on a + new display you should issue the above command before invoking ssh + or any other service making use of ssh. + + * Exporting a secret key without a certificate + + I may happen that you have created a certificate request using + `gpgsm' but not yet received and imported the certificate from the + CA. However, you want to export the secret key to another machine + right now to import the certificate over there then. You can do + this with a little trick but it requires that you know the + approximate time you created the signing request. By running the + command + + ls -ltr ~/.gnupg/private-keys-v1.d + + you get a listing of all private keys under control of `gpg-agent'. + Pick the key which best matches the creation time and run the + command + + /usr/local/libexec/gpg-protect-tool --p12-export ~/.gnupg/private-keys-v1.d/FOO >FOO.p12 + + (Please adjust the path to `gpg-protect-tool' to the appropriate + location). FOO is the name of the key file you picked (it should + have the suffix `.key'). A Pinentry box will pop up and ask you + for the current passphrase of the key and a new passphrase to + protect it in the pkcs#12 file. + + To import the created file on the machine you use this command: + + /usr/local/libexec/gpg-protect-tool --p12-import --store FOO.p12 + + You will be asked for the pkcs#12 passphrase and a new passphrase + to protect the imported private key at its new location. + + Note that there is no easy way to match existing certificates with + stored private keys because some private keys are used for Secure + Shell or other purposes and don't have a corresponding certificate. + + * A root certificate does not verify + + A common problem is that the root certificate misses the required + basicConstraints attribute and thus `gpgsm' rejects this + certificate. An error message indicating "no value" is a sign for + such a certificate. You may use the `relax' flag in + `trustlist.txt' to accept the certificate anyway. Note that the + fingerprint and this flag may only be added manually to + `trustlist.txt'. + + * Error message: "digest algorithm N has not been enabled" + + The signature is broken. You may try the option + `--extra-digest-algo SHA256' to workaround the problem. The + number N is the internal algorithm identifier; for example 8 + refers to SHA-256. + + * The Windows version does not work under Wine + + When running the W32 version of `gpg' under Wine you may get an + error messages like: + + gpg: fatal: WriteConsole failed: Access denied + + The solution is to use the command `wineconsole'. + + Some operations like gen-key really want to talk to the console + directly for increased security (for example to prevent the + passphrase from appearing on the screen). So, you should use + `wineconsole' instead of `wine', which will launch a windows + console that implements those additional features. + + * Why does GPG's -search-key list weird keys? + + For performance reasons the keyservers do not check the keys the + same way `gpg' does. It may happen that the listing of keys + available on the keyservers shows keys with wrong user IDs or with + user Ids from other keys. If you try to import this key, the bad + keys or bad user ids won't get imported, though. This is a bit + unfortunate but we can't do anything about it without actually + downloading the keys. + + + +File: gnupg.info, Node: Architecture Details, Prev: Common Problems, Up: Debugging + +10.4 How the whole thing works internally. +========================================== + +* Menu: + +* GnuPG-1 and GnuPG-2:: Relationship between the two branches. + + +File: gnupg.info, Node: GnuPG-1 and GnuPG-2, Up: Architecture Details + +10.4.1 Relationship between the two branches. +--------------------------------------------- + +Here is a little picture showing how the components work together: + + + +Lets try to explain it: + + TO BE DONE. + + +File: gnupg.info, Node: Copying, Next: Contributors, Prev: Debugging, Up: Top + +GNU General Public License +************************** + + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. `http://fsf.org/' + + Everyone is permitted to copy and distribute verbatim copies of this + license document, but changing it is not allowed. + +Preamble +======== + +The GNU General Public License is a free, copyleft license for software +and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program-to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you +have certain responsibilities if you distribute copies of the software, +or if you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the +manufacturer can do so. This is fundamentally incompatible with the +aim of protecting users' freedom to change the software. The +systematic pattern of such abuse occurs in the area of products for +individuals to use, which is precisely where it is most unacceptable. +Therefore, we have designed this version of the GPL to prohibit the +practice for those products. If such problems arise substantially in +other domains, we stand ready to extend this provision to those domains +in future versions of the GPL, as needed to protect the freedom of +users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public + License. + + "Copyright" also means copyright-like laws that apply to other + kinds of works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this + License. Each licensee is addressed as "you". "Licensees" and + "recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the + work in a fashion requiring copyright permission, other than the + making of an exact copy. The resulting work is called a "modified + version" of the earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work + based on the Program. + + To "propagate" a work means to do anything with it that, without + permission, would make you directly or secondarily liable for + infringement under applicable copyright law, except executing it + on a computer or modifying a private copy. Propagation includes + copying, distribution (with or without modification), making + available to the public, and in some countries other activities as + well. + + To "convey" a work means any kind of propagation that enables other + parties to make or receive copies. Mere interaction with a user + through a computer network, with no transfer of a copy, is not + conveying. + + An interactive user interface displays "Appropriate Legal Notices" + to the extent that it includes a convenient and prominently visible + feature that (1) displays an appropriate copyright notice, and (2) + tells the user that there is no warranty for the work (except to + the extent that warranties are provided), that licensees may + convey the work under this License, and how to view a copy of this + License. If the interface presents a list of user commands or + options, such as a menu, a prominent item in the list meets this + criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work + for making modifications to it. "Object code" means any + non-source form of a work. + + A "Standard Interface" means an interface that either is an + official standard defined by a recognized standards body, or, in + the case of interfaces specified for a particular programming + language, one that is widely used among developers working in that + language. + + The "System Libraries" of an executable work include anything, + other than the work as a whole, that (a) is included in the normal + form of packaging a Major Component, but which is not part of that + Major Component, and (b) serves only to enable use of the work + with that Major Component, or to implement a Standard Interface + for which an implementation is available to the public in source + code form. A "Major Component", in this context, means a major + essential component (kernel, window system, and so on) of the + specific operating system (if any) on which the executable work + runs, or a compiler used to produce the work, or an object code + interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all + the source code needed to generate, install, and (for an executable + work) run the object code and to modify the work, including + scripts to control those activities. However, it does not include + the work's System Libraries, or general-purpose tools or generally + available free programs which are used unmodified in performing + those activities but which are not part of the work. For example, + Corresponding Source includes interface definition files + associated with source files for the work, and the source code for + shared libraries and dynamically linked subprograms that the work + is specifically designed to require, such as by intimate data + communication or control flow between those subprograms and other + parts of the work. + + The Corresponding Source need not include anything that users can + regenerate automatically from other parts of the Corresponding + Source. + + The Corresponding Source for a work in source code form is that + same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of + copyright on the Program, and are irrevocable provided the stated + conditions are met. This License explicitly affirms your unlimited + permission to run the unmodified Program. The output from running + a covered work is covered by this License only if the output, + given its content, constitutes a covered work. This License + acknowledges your rights of fair use or other equivalent, as + provided by copyright law. + + You may make, run and propagate covered works that you do not + convey, without conditions so long as your license otherwise + remains in force. You may convey covered works to others for the + sole purpose of having them make modifications exclusively for + you, or provide you with facilities for running those works, + provided that you comply with the terms of this License in + conveying all material for which you do not control copyright. + Those thus making or running the covered works for you must do so + exclusively on your behalf, under your direction and control, on + terms that prohibit them from making any copies of your + copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under + the conditions stated below. Sublicensing is not allowed; section + 10 makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological + measure under any applicable law fulfilling obligations under + article 11 of the WIPO copyright treaty adopted on 20 December + 1996, or similar laws prohibiting or restricting circumvention of + such measures. + + When you convey a covered work, you waive any legal power to forbid + circumvention of technological measures to the extent such + circumvention is effected by exercising rights under this License + with respect to the covered work, and you disclaim any intention + to limit operation or modification of the work as a means of + enforcing, against the work's users, your or third parties' legal + rights to forbid circumvention of technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you + receive it, in any medium, provided that you conspicuously and + appropriately publish on each copy an appropriate copyright notice; + keep intact all notices stating that this License and any + non-permissive terms added in accord with section 7 apply to the + code; keep intact all notices of the absence of any warranty; and + give all recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, + and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to + produce it from the Program, in the form of source code under the + terms of section 4, provided that you also meet all of these + conditions: + + a. The work must carry prominent notices stating that you + modified it, and giving a relevant date. + + b. The work must carry prominent notices stating that it is + released under this License and any conditions added under + section 7. This requirement modifies the requirement in + section 4 to "keep intact all notices". + + c. You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable + section 7 additional terms, to the whole of the work, and all + its parts, regardless of how they are packaged. This License + gives no permission to license the work in any other way, but + it does not invalidate such permission if you have separately + received it. + + d. If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has + interactive interfaces that do not display Appropriate Legal + Notices, your work need not make them do so. + + A compilation of a covered work with other separate and independent + works, which are not by their nature extensions of the covered + work, and which are not combined with it such as to form a larger + program, in or on a volume of a storage or distribution medium, is + called an "aggregate" if the compilation and its resulting + copyright are not used to limit the access or legal rights of the + compilation's users beyond what the individual works permit. + Inclusion of a covered work in an aggregate does not cause this + License to apply to the other parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms + of sections 4 and 5, provided that you also convey the + machine-readable Corresponding Source under the terms of this + License, in one of these ways: + + a. Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b. Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for + as long as you offer spare parts or customer support for that + product model, to give anyone who possesses the object code + either (1) a copy of the Corresponding Source for all the + software in the product that is covered by this License, on a + durable physical medium customarily used for software + interchange, for a price no more than your reasonable cost of + physically performing this conveying of source, or (2) access + to copy the Corresponding Source from a network server at no + charge. + + c. Convey individual copies of the object code with a copy of + the written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, + and only if you received the object code with such an offer, + in accord with subsection 6b. + + d. Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access + to the Corresponding Source in the same way through the same + place at no further charge. You need not require recipients + to copy the Corresponding Source along with the object code. + If the place to copy the object code is a network server, the + Corresponding Source may be on a different server (operated + by you or a third party) that supports equivalent copying + facilities, provided you maintain clear directions next to + the object code saying where to find the Corresponding Source. + Regardless of what server hosts the Corresponding Source, you + remain obligated to ensure that it is available for as long + as needed to satisfy these requirements. + + e. Convey the object code using peer-to-peer transmission, + provided you inform other peers where the object code and + Corresponding Source of the work are being offered to the + general public at no charge under subsection 6d. + + + A separable portion of the object code, whose source code is + excluded from the Corresponding Source as a System Library, need + not be included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means + any tangible personal property which is normally used for personal, + family, or household purposes, or (2) anything designed or sold for + incorporation into a dwelling. In determining whether a product + is a consumer product, doubtful cases shall be resolved in favor of + coverage. For a particular product received by a particular user, + "normally used" refers to a typical or common use of that class of + product, regardless of the status of the particular user or of the + way in which the particular user actually uses, or expects or is + expected to use, the product. A product is a consumer product + regardless of whether the product has substantial commercial, + industrial or non-consumer uses, unless such uses represent the + only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, + procedures, authorization keys, or other information required to + install and execute modified versions of a covered work in that + User Product from a modified version of its Corresponding Source. + The information must suffice to ensure that the continued + functioning of the modified object code is in no case prevented or + interfered with solely because modification has been made. + + If you convey an object code work under this section in, or with, + or specifically for use in, a User Product, and the conveying + occurs as part of a transaction in which the right of possession + and use of the User Product is transferred to the recipient in + perpetuity or for a fixed term (regardless of how the transaction + is characterized), the Corresponding Source conveyed under this + section must be accompanied by the Installation Information. But + this requirement does not apply if neither you nor any third party + retains the ability to install modified object code on the User + Product (for example, the work has been installed in ROM). + + The requirement to provide Installation Information does not + include a requirement to continue to provide support service, + warranty, or updates for a work that has been modified or + installed by the recipient, or for the User Product in which it + has been modified or installed. Access to a network may be denied + when the modification itself materially and adversely affects the + operation of the network or violates the rules and protocols for + communication across the network. + + Corresponding Source conveyed, and Installation Information + provided, in accord with this section must be in a format that is + publicly documented (and with an implementation available to the + public in source code form), and must require no special password + or key for unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of + this License by making exceptions from one or more of its + conditions. Additional permissions that are applicable to the + entire Program shall be treated as though they were included in + this License, to the extent that they are valid under applicable + law. If additional permissions apply only to part of the Program, + that part may be used separately under those permissions, but the + entire Program remains governed by this License without regard to + the additional permissions. + + When you convey a copy of a covered work, you may at your option + remove any additional permissions from that copy, or from any part + of it. (Additional permissions may be written to require their own + removal in certain cases when you modify the work.) You may place + additional permissions on material, added by you to a covered work, + for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material + you add to a covered work, you may (if authorized by the copyright + holders of that material) supplement the terms of this License + with terms: + + a. Disclaiming warranty or limiting liability differently from + the terms of sections 15 and 16 of this License; or + + b. Requiring preservation of specified reasonable legal notices + or author attributions in that material or in the Appropriate + Legal Notices displayed by works containing it; or + + c. Prohibiting misrepresentation of the origin of that material, + or requiring that modified versions of such material be + marked in reasonable ways as different from the original + version; or + + d. Limiting the use for publicity purposes of names of licensors + or authors of the material; or + + e. Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f. Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified + versions of it) with contractual assumptions of liability to + the recipient, for any liability that these contractual + assumptions directly impose on those licensors and authors. + + All other non-permissive additional terms are considered "further + restrictions" within the meaning of section 10. If the Program as + you received it, or any part of it, contains a notice stating that + it is governed by this License along with a term that is a further + restriction, you may remove that term. If a license document + contains a further restriction but permits relicensing or + conveying under this License, you may add to a covered work + material governed by the terms of that license document, provided + that the further restriction does not survive such relicensing or + conveying. + + If you add terms to a covered work in accord with this section, you + must place, in the relevant source files, a statement of the + additional terms that apply to those files, or a notice indicating + where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in + the form of a separately written license, or stated as exceptions; + the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly + provided under this License. Any attempt otherwise to propagate or + modify it is void, and will automatically terminate your rights + under this License (including any patent licenses granted under + the third paragraph of section 11). + + However, if you cease all violation of this License, then your + license from a particular copyright holder is reinstated (a) + provisionally, unless and until the copyright holder explicitly + and finally terminates your license, and (b) permanently, if the + copyright holder fails to notify you of the violation by some + reasonable means prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is + reinstated permanently if the copyright holder notifies you of the + violation by some reasonable means, this is the first time you have + received notice of violation of this License (for any work) from + that copyright holder, and you cure the violation prior to 30 days + after your receipt of the notice. + + Termination of your rights under this section does not terminate + the licenses of parties who have received copies or rights from + you under this License. If your rights have been terminated and + not permanently reinstated, you do not qualify to receive new + licenses for the same material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or + run a copy of the Program. Ancillary propagation of a covered work + occurring solely as a consequence of using peer-to-peer + transmission to receive a copy likewise does not require + acceptance. However, nothing other than this License grants you + permission to propagate or modify any covered work. These actions + infringe copyright if you do not accept this License. Therefore, + by modifying or propagating a covered work, you indicate your + acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically + receives a license from the original licensors, to run, modify and + propagate that work, subject to this License. You are not + responsible for enforcing compliance by third parties with this + License. + + An "entity transaction" is a transaction transferring control of an + organization, or substantially all assets of one, or subdividing an + organization, or merging organizations. If propagation of a + covered work results from an entity transaction, each party to that + transaction who receives a copy of the work also receives whatever + licenses to the work the party's predecessor in interest had or + could give under the previous paragraph, plus a right to + possession of the Corresponding Source of the work from the + predecessor in interest, if the predecessor has it or can get it + with reasonable efforts. + + You may not impose any further restrictions on the exercise of the + rights granted or affirmed under this License. For example, you + may not impose a license fee, royalty, or other charge for + exercise of rights granted under this License, and you may not + initiate litigation (including a cross-claim or counterclaim in a + lawsuit) alleging that any patent claim is infringed by making, + using, selling, offering for sale, or importing the Program or any + portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this + License of the Program or a work on which the Program is based. + The work thus licensed is called the contributor's "contributor + version". + + A contributor's "essential patent claims" are all patent claims + owned or controlled by the contributor, whether already acquired or + hereafter acquired, that would be infringed by some manner, + permitted by this License, of making, using, or selling its + contributor version, but do not include claims that would be + infringed only as a consequence of further modification of the + contributor version. For purposes of this definition, "control" + includes the right to grant patent sublicenses in a manner + consistent with the requirements of this License. + + Each contributor grants you a non-exclusive, worldwide, + royalty-free patent license under the contributor's essential + patent claims, to make, use, sell, offer for sale, import and + otherwise run, modify and propagate the contents of its + contributor version. + + In the following three paragraphs, a "patent license" is any + express agreement or commitment, however denominated, not to + enforce a patent (such as an express permission to practice a + patent or covenant not to sue for patent infringement). To + "grant" such a patent license to a party means to make such an + agreement or commitment not to enforce a patent against the party. + + If you convey a covered work, knowingly relying on a patent + license, and the Corresponding Source of the work is not available + for anyone to copy, free of charge and under the terms of this + License, through a publicly available network server or other + readily accessible means, then you must either (1) cause the + Corresponding Source to be so available, or (2) arrange to deprive + yourself of the benefit of the patent license for this particular + work, or (3) arrange, in a manner consistent with the requirements + of this License, to extend the patent license to downstream + recipients. "Knowingly relying" means you have actual knowledge + that, but for the patent license, your conveying the covered work + in a country, or your recipient's use of the covered work in a + country, would infringe one or more identifiable patents in that + country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or + arrangement, you convey, or propagate by procuring conveyance of, a + covered work, and grant a patent license to some of the parties + receiving the covered work authorizing them to use, propagate, + modify or convey a specific copy of the covered work, then the + patent license you grant is automatically extended to all + recipients of the covered work and works based on it. + + A patent license is "discriminatory" if it does not include within + the scope of its coverage, prohibits the exercise of, or is + conditioned on the non-exercise of one or more of the rights that + are specifically granted under this License. You may not convey a + covered work if you are a party to an arrangement with a third + party that is in the business of distributing software, under + which you make payment to the third party based on the extent of + your activity of conveying the work, and under which the third + party grants, to any of the parties who would receive the covered + work from you, a discriminatory patent license (a) in connection + with copies of the covered work conveyed by you (or copies made + from those copies), or (b) primarily for and in connection with + specific products or compilations that contain the covered work, + unless you entered into that arrangement, or that patent license + was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting + any implied license or other defenses to infringement that may + otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, + agreement or otherwise) that contradict the conditions of this + License, they do not excuse you from the conditions of this + License. If you cannot convey a covered work so as to satisfy + simultaneously your obligations under this License and any other + pertinent obligations, then as a consequence you may not convey it + at all. For example, if you agree to terms that obligate you to + collect a royalty for further conveying from those to whom you + convey the Program, the only way you could satisfy both those + terms and this License would be to refrain entirely from conveying + the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have + permission to link or combine any covered work with a work licensed + under version 3 of the GNU Affero General Public License into a + single combined work, and to convey the resulting work. The terms + of this License will continue to apply to the part which is the + covered work, but the special requirements of the GNU Affero + General Public License, section 13, concerning interaction through + a network will apply to the combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new + versions of the GNU General Public License from time to time. + Such new versions will be similar in spirit to the present + version, but may differ in detail to address new problems or + concerns. + + Each version is given a distinguishing version number. If the + Program specifies that a certain numbered version of the GNU + General Public License "or any later version" applies to it, you + have the option of following the terms and conditions either of + that numbered version or of any later version published by the + Free Software Foundation. If the Program does not specify a + version number of the GNU General Public License, you may choose + any version ever published by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future + versions of the GNU General Public License can be used, that + proxy's public statement of acceptance of a version permanently + authorizes you to choose that version for the Program. + + Later license versions may give you additional or different + permissions. However, no additional obligations are imposed on any + author or copyright holder as a result of your choosing to follow a + later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY + APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE + COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" + WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE + RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. + SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL + NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN + WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES + AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU + FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR + CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE + THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA + BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD + PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER + PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF + THE POSSIBILITY OF SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided + above cannot be given local legal effect according to their terms, + reviewing courts shall apply local law that most closely + approximates an absolute waiver of all civil liability in + connection with the Program, unless a warranty or assumption of + liability accompanies a copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS +How to Apply These Terms to Your New Programs +============================================= + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these +terms. + + To do so, attach the following notices to the program. It is +safest to attach them to the start of each source file to most +effectively state the exclusion of warranty; and each file should have +at least the "copyright" line and a pointer to where the full notice is +found. + ONE LINE TO GIVE THE PROGRAM'S NAME AND A BRIEF IDEA OF WHAT IT DOES. + Copyright (C) YEAR NAME OF AUTHOR + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or (at + your option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see `http://www.gnu.org/licenses/'. + + Also add information on how to contact you by electronic and paper +mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + PROGRAM Copyright (C) YEAR NAME OF AUTHOR + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. + + The hypothetical commands `show w' and `show c' should show the +appropriate parts of the General Public License. Of course, your +program's commands might be different; for a GUI interface, you would +use an "about box". + + You should also get your employer (if you work as a programmer) or +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. For more information on this, and how to apply and follow +the GNU GPL, see `http://www.gnu.org/licenses/'. + + The GNU General Public License does not permit incorporating your +program into proprietary programs. If your program is a subroutine +library, you may consider it more useful to permit linking proprietary +applications with the library. If this is what you want to do, use the +GNU Lesser General Public License instead of this License. But first, +please read `http://www.gnu.org/philosophy/why-not-lgpl.html'. + + + +File: gnupg.info, Node: Contributors, Next: Glossary, Prev: Copying, Up: Top + +Contributors to GnuPG +********************* + +The GnuPG project would like to thank its many contributors. Without +them the project would not have been nearly as successful as it has +been. Any omissions in this list are accidental. Feel free to contact +the maintainer if you have been left out or some of your contributions +are not listed. + + David Shaw, Matthew Skala, Michael Roth, Niklas Hernaeus, Nils +Ellmenreich, Rémi Guyomarch, Stefan Bellon, Timo Schulz and Werner Koch +wrote the code. Birger Langkjer, Daniel Resare, Dokianakis Theofanis, +Edmund GRIMLEY EVANS, Gaël Quéri, Gregory Steuck, Nagy Ferenc László, +Ivo Timmermans, Jacobo Tarri'o Barreiro, Janusz Aleksander Urbanowicz, +Jedi Lin, Jouni Hiltunen, Laurentiu Buzdugan, Magda Procha'zkova', +Michael Anckaert, Michal Majer, Marco d'Itri, Nilgun Belma Buguner, +Pedro Morais, Tedi Heriyanto, Thiago Jung Bauermann, Rafael Caetano dos +Santos, Toomas Soome, Urko Lusa, Walter Koch, Yosiaki IIDA did the +official translations. Mike Ashley wrote and maintains the GNU Privacy +Handbook. David Scribner is the current FAQ editor. Lorenzo +Cappelletti maintains the web site. + + The new modularized architecture of gnupg 1.9 as well as the +X.509/CMS part has been developed as part of the Ägypten project. +Direct contributors to this project are: Bernhard Herzog, who did +extensive testing and tracked down a lot of bugs. Bernhard Reiter, who +made sure that we met the specifications and the deadlines. He did +extensive testing and came up with a lot of suggestions. Jan-Oliver +Wagner made sure that we met the specifications and the deadlines. He +also did extensive testing and came up with a lot of suggestions. +Karl-Heinz Zimmer and Marc Mutz had to struggle with all the bugs and +misconceptions while working on KDE integration. Marcus Brinkman +extended GPGME, cleaned up the Assuan code and fixed bugs all over the +place. Moritz Schulte took over Libgcrypt maintenance and developed it +into a stable an useful library. Steffen Hansen had a hard time to +write the dirmngr due to underspecified interfaces. Thomas Koester did +extensive testing and tracked down a lot of bugs. Werner Koch designed +the system and wrote most of the code. + + The following people helped greatly by suggesting improvements, +testing, fixing bugs, providing resources and doing other important +tasks: Adam Mitchell, Albert Chin, Alec Habig, Allan Clark, Anand +Kumria, Andreas Haumer, Anthony Mulcahy, Ariel T Glenn, Bob Mathews, +Bodo Moeller, Brendan O'Dea, Brenno de Winter, Brian M. Carlson, Brian +Moore, Brian Warner, Bryan Fullerton, Caskey L. Dickson, Cees van de +Griend, Charles Levert, Chip Salzenberg, Chris Adams, Christian Biere, +Christian Kurz, Christian von Roques, Christopher Oliver, Christian +Recktenwald, Dan Winship, Daniel Eisenbud, Daniel Koening, Dave +Dykstra, David C Niemi, David Champion, David Ellement, David Hallinan, +David Hollenberg, David Mathog, David R. Bergstein, Detlef Lannert, +Dimitri, Dirk Lattermann, Dirk Meyer, Disastry, Douglas Calvert, Ed +Boraas, Edmund GRIMLEY EVANS, Edwin Woudt, Enzo Michelangeli, Ernst +Molitor, Fabio Coatti, Felix von Leitner, fish stiqz, Florian Weimer, +Francesco Potorti, Frank Donahoe, Frank Heckenbach, Frank Stajano, +Frank Tobin, Gabriel Rosenkoetter, Gaël Quéri, Gene Carter, Geoff +Keating, Georg Schwarz, Giampaolo Tomassoni, Gilbert Fernandes, Greg +Louis, Greg Troxel, Gregory Steuck, Gregery Barton, Harald Denker, +Holger Baust, Hendrik Buschkamp, Holger Schurig, Holger Smolinski, +Holger Trapp, Hugh Daniel, Huy Le, Ian McKellar, Ivo Timmermans, Jan +Krueger, Jan Niehusmann, Janusz A. Urbanowicz, James Troup, Jean-loup +Gailly, Jeff Long, Jeffery Von Ronne, Jens Bachem, Jeroen C. van +Gelderen, J Horacio MG, J. Michael Ashley, Jim Bauer, Jim Small, +Joachim Backes, Joe Rhett, John A. Martin, Johnny Teveßen, Jörg +Schilling, Jos Backus, Joseph Walton, Juan F. Codagnone, Jun Kuriyama, +Kahil D. Jallad, Karl Fogel, Karsten Thygesen, Katsuhiro Kondou, Kazu +Yamamoto, Keith Clayton, Kevin Ryde, Klaus Singvogel, Kurt Garloff, +Lars Kellogg-Stedman, L. Sassaman, M Taylor, Marcel Waldvogel, Marco +d'Itri, Marco Parrone, Marcus Brinkmann, Mark Adler, Mark Elbrecht, +Mark Pettit, Markus Friedl, Martin Kahlert, Martin Hamilton, Martin +Schulte, Matt Kraai, Matthew Skala, Matthew Wilcox, Matthias Urlichs, +Max Valianskiy, Michael Engels, Michael Fischer v. Mollard, Michael +Roth, Michael Sobolev, Michael Tokarev, Nicolas Graner, Mike McEwan, +Neal H Walfield, Nelson H. F. Beebe, NIIBE Yutaka, Niklas Hernaeus, +Nimrod Zimerman, N J Doye, Oliver Haakert, Oskari Jääskeläinen, Pascal +Scheffers, Paul D. Smith, Per Cederqvist, Phil Blundell, Philippe +Laliberte, Peter Fales, Peter Gutmann, Peter Marschall, Peter Valchev, +Piotr Krukowiecki, QingLong, Ralph Gillen, Rat, Reinhard Wobst, Rémi +Guyomarch, Reuben Sumner, Richard Outerbridge, Robert Joop, Roddy +Strachan, Roger Sondermann, Roland Rosenfeld, Roman Pavlik, Ross +Golder, Ryan Malayter, Sam Roberts, Sami Tolvanen, Sean MacLennan, +Sebastian Klemke, Serge Munhoven, SL Baur, Stefan Bellon, +Dr.Stefan.Dalibor, Stefan Karrmann, Stefan Keller, Steffen Ullrich, +Steffen Zahn, Steven Bakker, Steven Murdoch, Susanne Schultz, Ted +Cabeen, Thiago Jung Bauermann, Thijmen Klok, Thomas Roessler, Tim +Mooney, Timo Schulz, Todd Vierling, TOGAWA Satoshi, Tom Spindler, Tom +Zerucha, Tomas Fasth, Tommi Komulainen, Thomas Klausner, Tomasz +Kozlowski, Thomas Mikkelsen, Ulf Möller, Urko Lusa, Vincent P. Broman, +Volker Quetschke, W Lewis, Walter Hofmann, Walter Koch, Wayne +Chapeskie, Wim Vandeputte, Winona Brown, Yosiaki IIDA, Yoshihiro Kajiki +and Gerlinde Klaes. + + This software has been made possible by the previous work of Chris +Wedgwood, Jean-loup Gailly, Jon Callas, Mark Adler, Martin Hellmann +Paul Kendall, Philip R. Zimmermann, Peter Gutmann, Philip A. Nelson, +Taher Elgamal, Torbjorn Granlund, Whitfield Diffie, some unknown NSA +mathematicians and all the folks who have worked hard to create +complete and free operating systems. + + And finally we'd like to thank everyone who uses these tools, submits +bug reports and generally reminds us why we're doing this work in the +first place. + + +File: gnupg.info, Node: Glossary, Next: Option Index, Prev: Contributors, Up: Top + +Glossary +******** + +`ARL' + The _Authority Revocation List_ is technical identical to a CRL + but used for CAs and not for end user certificates. + +`Chain model' + Verification model for X.509 which uses the creation date of a + signature as the date the validation starts and in turn checks + that each certificate has been issued within the time frame, the + issuing certificate was valid. This allows the verification of + signatures after the CA's certificate expired. The validation + test also required an online check of the certificate status. The + chain model is required by the German signature law. See also + _Shell model_. + +`CMS' + The _Cryptographic Message Standard_ describes a message format + for encryption and digital signing. It is closely related to the + X.509 certificate format. CMS was formerly known under the name + `PKCS#7' and is described by `RFC3369'. + +`CRL' + The _Certificate Revocation List_ is a list containing + certificates revoked by the issuer. + +`CSR' + The _Certificate Signing Request_ is a message send to a CA to ask + them to issue a new certificate. The data format of such a signing + request is called PCKS#10. + +`OpenPGP' + A data format used to build a PKI and to exchange encrypted or + signed messages. In contrast to X.509, OpenPGP also includes the + message format but does not explicitly demand a specific PKI. + However any kind of PKI may be build upon the OpenPGP protocol. + +`Keygrip' + This term is used by GnuPG to describe a 20 byte hash value used + to identify a certain key without referencing to a concrete + protocol. It is used internally to access a private key. Usually + it is shown and entered as a 40 character hexadecimal formatted + string. + +`OCSP' + The _Online Certificate Status Protocol_ is used as an alternative + to a CRL. It is described in `RFC 2560'. + +`PSE' + The _Personal Security Environment_ describes a database to store + private keys. This is either a smartcard or a collection of files + on a disk; the latter is often called a Soft-PSE. + +`Shell model' + The standard model for validation of certificates under X.509. At + the time of the verification all certificates must be valid and + not expired. See also _Chain mode_. + +`X.509' + Description of a PKI used with CMS. It is for example defined by + `RFC3280'. + + + +File: gnupg.info, Node: Option Index, Next: Index, Prev: Glossary, Up: Top + +Option Index +************ + + +* Menu: + +* agent-program <1>: Invoking gpg-connect-agent. + (line 30) +* agent-program: Configuration Options. + (line 34) +* allow-admin: Scdaemon Options. (line 184) +* allow-freeform-uid: GPG Esoteric Options. + (line 312) +* allow-mark-trusted: Agent Options. (line 147) +* allow-multiple-messages: GPG Esoteric Options. + (line 429) +* allow-non-selfsigned-uid: GPG Esoteric Options. + (line 307) +* allow-secret-key-import: GPG Esoteric Options. + (line 424) +* always-trust: GPG Esoteric Options. + (line 498) +* armor <1>: Input and Output. (line 8) +* armor: GPG Input and Output. + (line 8) +* ask-cert-expire: GPG Esoteric Options. + (line 411) +* ask-cert-level: GPG Configuration Options. + (line 302) +* ask-sig-expire: GPG Esoteric Options. + (line 397) +* assume-armor: Input and Output. (line 14) +* assume-base64: Input and Output. (line 18) +* assume-binary: Input and Output. (line 21) +* attribute-fd: GPG Esoteric Options. + (line 85) +* attribute-file: GPG Esoteric Options. + (line 91) +* auto-check-trustdb: GPG Configuration Options. + (line 598) +* auto-issuer-key-retrieve: Certificate Options. (line 51) +* auto-key-locate: GPG Configuration Options. + (line 382) +* base64: Input and Output. (line 11) +* batch <1>: GPG Configuration Options. + (line 39) +* batch: Agent Options. (line 33) +* bzip2-compress-level: GPG Configuration Options. + (line 276) +* bzip2-decompress-lowmem: GPG Configuration Options. + (line 286) +* call-dirmngr: Operational GPGSM Commands. + (line 27) +* call-protect-tool: Operational GPGSM Commands. + (line 41) +* card-edit: Operational GPG Commands. + (line 157) +* card-status: Operational GPG Commands. + (line 163) +* card-timeout: Scdaemon Options. (line 168) +* cert-digest-algo: GPG Esoteric Options. + (line 221) +* cert-notation: GPG Esoteric Options. + (line 113) +* cert-policy-url: GPG Esoteric Options. + (line 143) +* change-pin: Operational GPG Commands. + (line 166) +* check-passphrase-pattern: Agent Options. (line 191) +* check-sigs: Operational GPG Commands. + (line 126) +* check-trustdb: Operational GPG Commands. + (line 257) +* cipher-algo <1>: CMS Options. (line 13) +* cipher-algo: GPG Esoteric Options. + (line 181) +* clearsign: Operational GPG Commands. + (line 17) +* command-fd: GPG Esoteric Options. + (line 295) +* command-file: GPG Esoteric Options. + (line 302) +* comment: GPG Esoteric Options. + (line 96) +* compliant-needed: GPG Configuration Options. + (line 557) +* compress-algo: GPG Esoteric Options. + (line 198) +* compress-level: GPG Configuration Options. + (line 276) +* csh: Agent Options. (line 118) +* ctapi-driver: Scdaemon Options. (line 146) +* daemon <1>: Scdaemon Commands. (line 31) +* daemon: Agent Commands. (line 27) +* dearmor: Operational GPG Commands. + (line 312) +* debug <1>: Scdaemon Options. (line 61) +* debug <2>: Esoteric Options. (line 58) +* debug <3>: GPG Esoteric Options. + (line 51) +* debug: Agent Options. (line 71) +* debug-all <1>: Scdaemon Options. (line 97) +* debug-all <2>: Esoteric Options. (line 92) +* debug-all <3>: GPG Esoteric Options. + (line 55) +* debug-all: Agent Options. (line 103) +* debug-allow-core-dump <1>: Scdaemon Options. (line 114) +* debug-allow-core-dump: Esoteric Options. (line 95) +* debug-assuan-log-cats: Scdaemon Options. (line 123) +* debug-disable-ticker: Scdaemon Options. (line 110) +* debug-ignore-expiration: Esoteric Options. (line 106) +* debug-level <1>: Scdaemon Options. (line 28) +* debug-level <2>: Esoteric Options. (line 29) +* debug-level <3>: GPG Esoteric Options. + (line 22) +* debug-level: Agent Options. (line 42) +* debug-log-tid: Scdaemon Options. (line 120) +* debug-no-chain-validation: Esoteric Options. (line 102) +* debug-wait <1>: Scdaemon Options. (line 100) +* debug-wait: Agent Options. (line 106) +* decode: Invoking gpg-connect-agent. + (line 66) +* decrypt <1>: gpg-zip. (line 22) +* decrypt <2>: Operational GPGSM Commands. + (line 11) +* decrypt: Operational GPG Commands. + (line 52) +* decrypt-files: Operational GPG Commands. + (line 87) +* default-cache-ttl: Agent Options. (line 158) +* default-cert-expire: GPG Esoteric Options. + (line 417) +* default-cert-level: GPG Configuration Options. + (line 310) +* default-key <1>: Input and Output. (line 34) +* default-key: GPG Configuration Options. + (line 10) +* default-keyserver-url: GPG Esoteric Options. + (line 457) +* default-preference-list: GPG Esoteric Options. + (line 452) +* default-recipient: GPG Configuration Options. + (line 15) +* default-recipient-self: GPG Configuration Options. + (line 19) +* default-sig-expire: GPG Esoteric Options. + (line 403) +* delete-key: Operational GPG Commands. + (line 171) +* delete-keys: Certificate Management. + (line 57) +* delete-secret-and-public-key: Operational GPG Commands. + (line 180) +* delete-secret-key: Operational GPG Commands. + (line 176) +* deny-admin: Scdaemon Options. (line 184) +* desig-revoke: OpenPGP Key Management. + (line 21) +* detach-sign: Operational GPG Commands. + (line 27) +* digest-algo: GPG Esoteric Options. + (line 190) +* dirmnr-program: Configuration Options. + (line 40) +* disable-application: Scdaemon Options. (line 194) +* disable-ccid: Scdaemon Options. (line 151) +* disable-cipher-algo: GPG Esoteric Options. + (line 229) +* disable-crl-checks: Certificate Options. (line 13) +* disable-dsa2: GPG Configuration Options. + (line 167) +* disable-keypad: Scdaemon Options. (line 181) +* disable-mdc: OpenPGP Options. (line 40) +* disable-ocsp: Certificate Options. (line 42) +* disable-policy-checks: Certificate Options. (line 8) +* disable-pubkey-algo: GPG Esoteric Options. + (line 234) +* disable-scdaemon: Agent Options. (line 230) +* disable-trusted-cert-crl-check: Certificate Options. (line 19) +* display: Agent Options. (line 257) +* display-charset: GPG Configuration Options. + (line 231) +* display-charset:iso-8859-1: GPG Configuration Options. + (line 240) +* display-charset:iso-8859-15: GPG Configuration Options. + (line 246) +* display-charset:iso-8859-2: GPG Configuration Options. + (line 243) +* display-charset:koi8-r: GPG Configuration Options. + (line 249) +* display-charset:utf-8: GPG Configuration Options. + (line 252) +* dry-run: GPG Esoteric Options. + (line 8) +* dump-cert: Certificate Management. + (line 33) +* dump-chain: Certificate Management. + (line 37) +* dump-external-keys: Certificate Management. + (line 44) +* dump-keys: Certificate Management. + (line 33) +* dump-options <1>: Scdaemon Commands. (line 18) +* dump-options <2>: General GPGSM Commands. + (line 19) +* dump-options <3>: General GPG Commands. + (line 19) +* dump-options: Agent Commands. (line 19) +* dump-secret-keys: Certificate Management. + (line 40) +* edit-key: OpenPGP Key Management. + (line 26) +* emit-version: GPG Esoteric Options. + (line 107) +* enable-crl-checks: Certificate Options. (line 13) +* enable-dsa2: GPG Configuration Options. + (line 167) +* enable-ocsp: Certificate Options. (line 42) +* enable-passphrase-history: Agent Options. (line 210) +* enable-policy-checks: Certificate Options. (line 8) +* enable-progress-filter: GPG Esoteric Options. + (line 64) +* enable-special-filenames: GPG Esoteric Options. + (line 439) +* enable-ssh-support: Agent Options. (line 267) +* enable-trusted-cert-crl-check: Certificate Options. (line 19) +* enarmor: Operational GPG Commands. + (line 312) +* encrypt <1>: gpg-zip. (line 17) +* encrypt <2>: Operational GPGSM Commands. + (line 7) +* encrypt: Operational GPG Commands. + (line 31) +* encrypt-files: Operational GPG Commands. + (line 84) +* encrypt-to: GPG Key related Options. + (line 21) +* enforce-passphrase-constraints: Agent Options. (line 176) +* escape-from-lines: GPG Esoteric Options. + (line 259) +* exec: Invoking gpg-connect-agent. + (line 41) +* exec-path: GPG Configuration Options. + (line 190) +* exit-on-status-write-error: GPG Configuration Options. + (line 626) +* expert: GPG Configuration Options. + (line 684) +* export <1>: Certificate Management. + (line 66) +* export: Operational GPG Commands. + (line 185) +* export-options: GPG Input and Output. + (line 67) +* export-ownertrust: Operational GPG Commands. + (line 272) +* export-secret-keys: Operational GPG Commands. + (line 201) +* export-secret-subkeys: Operational GPG Commands. + (line 201) +* extra-digest-algo: Esoteric Options. (line 7) +* faked-system-time <1>: Esoteric Options. (line 18) +* faked-system-time <2>: GPG Esoteric Options. + (line 58) +* faked-system-time: Agent Options. (line 37) +* fast-list-mode: GPG Esoteric Options. + (line 362) +* fetch-keys: Operational GPG Commands. + (line 242) +* fingerprint: Operational GPG Commands. + (line 146) +* fixed-list-mode: GPG Input and Output. + (line 118) +* fixed-passphrase: Esoteric Options. (line 111) +* for-your-eyes-only: GPG Esoteric Options. + (line 167) +* force: watchgnupg. (line 22) +* force-crl-refresh: Certificate Options. (line 31) +* force-mdc: OpenPGP Options. (line 34) +* force-v3-sigs: OpenPGP Options. (line 19) +* force-v4-certs: OpenPGP Options. (line 29) +* forget: Invoking gpg-preset-passphrase. + (line 24) +* gen-key <1>: Certificate Management. + (line 7) +* gen-key: OpenPGP Key Management. + (line 9) +* gen-prime: Operational GPG Commands. + (line 306) +* gen-random: Operational GPG Commands. + (line 299) +* gen-revoke: OpenPGP Key Management. + (line 17) +* gnupg: OpenPGP Options. (line 108) +* gpg: gpg-zip. (line 50) +* gpg-agent-info: GPG Configuration Options. + (line 608) +* gpg-args: gpg-zip. (line 53) +* gpgconf-list: GPG Esoteric Options. + (line 470) +* gpgconf-test: GPG Esoteric Options. + (line 474) +* group: GPG Key related Options. + (line 41) +* help <1>: gpg-zip. (line 65) +* help <2>: watchgnupg. (line 35) +* help <3>: Scdaemon Commands. (line 14) +* help <4>: General GPGSM Commands. + (line 11) +* help <5>: General GPG Commands. + (line 12) +* help: Agent Commands. (line 15) +* hex: Invoking gpg-connect-agent. + (line 62) +* hidden-encrypt-to: GPG Key related Options. + (line 29) +* hidden-recipient: GPG Key related Options. + (line 14) +* homedir <1>: Invoking symcryptrun. + (line 38) +* homedir <2>: Invoking gpg-connect-agent. + (line 22) +* homedir <3>: gpgv. (line 53) +* homedir <4>: Scdaemon Options. (line 13) +* homedir <5>: Configuration Options. + (line 16) +* homedir <6>: GPG Configuration Options. + (line 223) +* homedir: Agent Options. (line 13) +* ignore-cache-for-signing: Agent Options. (line 152) +* ignore-cert-extension: Certificate Options. (line 71) +* ignore-crc-error: GPG Esoteric Options. + (line 332) +* ignore-mdc-error: GPG Esoteric Options. + (line 339) +* ignore-time-conflict <1>: gpgv. (line 47) +* ignore-time-conflict: GPG Esoteric Options. + (line 318) +* ignore-valid-from: GPG Esoteric Options. + (line 325) +* import <1>: Certificate Management. + (line 87) +* import: Operational GPG Commands. + (line 211) +* import-options: GPG Input and Output. + (line 29) +* import-ownertrust: Operational GPG Commands. + (line 278) +* include-certs: CMS Options. (line 7) +* interactive: GPG Esoteric Options. + (line 19) +* keep-display: Agent Options. (line 262) +* keep-tty: Agent Options. (line 262) +* keydb-clear-some-cert-flags: Certificate Management. + (line 49) +* keyedit:addcardkey: OpenPGP Key Management. + (line 166) +* keyedit:addkey: OpenPGP Key Management. + (line 163) +* keyedit:addphoto: OpenPGP Key Management. + (line 81) +* keyedit:addrevoker: OpenPGP Key Management. + (line 215) +* keyedit:adduid: OpenPGP Key Management. + (line 78) +* keyedit:bkuptocard: OpenPGP Key Management. + (line 180) +* keyedit:check: OpenPGP Key Management. + (line 75) +* keyedit:clean: OpenPGP Key Management. + (line 227) +* keyedit:cross-certify: OpenPGP Key Management. + (line 241) +* keyedit:delkey: OpenPGP Key Management. + (line 191) +* keyedit:delsig: OpenPGP Key Management. + (line 65) +* keyedit:deluid: OpenPGP Key Management. + (line 92) +* keyedit:disable: OpenPGP Key Management. + (line 211) +* keyedit:enable: OpenPGP Key Management. + (line 211) +* keyedit:expire: OpenPGP Key Management. + (line 200) +* keyedit:key: OpenPGP Key Management. + (line 35) +* keyedit:keyserver: OpenPGP Key Management. + (line 110) +* keyedit:keytocard: OpenPGP Key Management. + (line 169) +* keyedit:lsign: OpenPGP Key Management. + (line 46) +* keyedit:minimize: OpenPGP Key Management. + (line 236) +* keyedit:notation: OpenPGP Key Management. + (line 117) +* keyedit:nrsign: OpenPGP Key Management. + (line 51) +* keyedit:passwd: OpenPGP Key Management. + (line 221) +* keyedit:pref: OpenPGP Key Management. + (line 125) +* keyedit:primary: OpenPGP Key Management. + (line 101) +* keyedit:quit: OpenPGP Key Management. + (line 252) +* keyedit:revkey: OpenPGP Key Management. + (line 197) +* keyedit:revsig: OpenPGP Key Management. + (line 70) +* keyedit:revuid: OpenPGP Key Management. + (line 98) +* keyedit:save: OpenPGP Key Management. + (line 249) +* keyedit:setpref: OpenPGP Key Management. + (line 138) +* keyedit:showphoto: OpenPGP Key Management. + (line 89) +* keyedit:showpref: OpenPGP Key Management. + (line 130) +* keyedit:sign: OpenPGP Key Management. + (line 39) +* keyedit:toggle: OpenPGP Key Management. + (line 224) +* keyedit:trust: OpenPGP Key Management. + (line 206) +* keyedit:tsign: OpenPGP Key Management. + (line 55) +* keyedit:uid: OpenPGP Key Management. + (line 31) +* keyid-format: GPG Configuration Options. + (line 422) +* keyring <1>: gpgv. (line 34) +* keyring: GPG Configuration Options. + (line 197) +* keyserver: GPG Configuration Options. + (line 429) +* keyserver-options: GPG Configuration Options. + (line 449) +* kill: Invoking gpgconf. (line 53) +* lc-ctype: Agent Options. (line 257) +* lc-messages: Agent Options. (line 257) +* learn-card: Certificate Management. + (line 92) +* limit-card-insert-tries: GPG Configuration Options. + (line 635) +* list-archive: gpg-zip. (line 43) +* list-chain: Certificate Management. + (line 29) +* list-config: GPG Esoteric Options. + (line 462) +* list-keys <1>: Certificate Management. + (line 14) +* list-keys: Operational GPG Commands. + (line 92) +* list-only: GPG Esoteric Options. + (line 11) +* list-options: GPG Configuration Options. + (line 59) +* list-options:show-keyring: GPG Configuration Options. + (line 102) +* list-options:show-keyserver-urls: GPG Configuration Options. + (line 86) +* list-options:show-notations: GPG Configuration Options. + (line 81) +* list-options:show-photos: GPG Configuration Options. + (line 67) +* list-options:show-policy-urls: GPG Configuration Options. + (line 75) +* list-options:show-sig-expire: GPG Configuration Options. + (line 106) +* list-options:show-sig-subpackets: GPG Configuration Options. + (line 110) +* list-options:show-std-notations: GPG Configuration Options. + (line 81) +* list-options:show-uid-validity: GPG Configuration Options. + (line 90) +* list-options:show-unusable-subkeys: GPG Configuration Options. + (line 98) +* list-options:show-unusable-uids: GPG Configuration Options. + (line 94) +* list-options:show-user-notations: GPG Configuration Options. + (line 81) +* list-packets: Operational GPG Commands. + (line 153) +* list-secret-keys <1>: Certificate Management. + (line 21) +* list-secret-keys: Operational GPG Commands. + (line 102) +* list-sigs: Operational GPG Commands. + (line 108) +* local-user <1>: gpg-zip. (line 40) +* local-user <2>: Input and Output. (line 42) +* local-user: GPG Key related Options. + (line 63) +* locate-keys: Operational GPG Commands. + (line 139) +* lock-multiple: GPG Configuration Options. + (line 615) +* lock-never: GPG Configuration Options. + (line 619) +* lock-once: GPG Configuration Options. + (line 611) +* log-file <1>: Invoking symcryptrun. + (line 46) +* log-file <2>: Scdaemon Options. (line 136) +* log-file <3>: Configuration Options. + (line 59) +* log-file <4>: GPG Esoteric Options. + (line 81) +* log-file: Agent Options. (line 140) +* logger-fd <1>: gpgv. (line 44) +* logger-fd: GPG Esoteric Options. + (line 77) +* lsign-key: OpenPGP Key Management. + (line 289) +* mangle-dos-filenames: GPG Configuration Options. + (line 294) +* marginals-needed: GPG Configuration Options. + (line 561) +* max-cache-ttl: Agent Options. (line 166) +* max-cache-ttl-ssh: Agent Options. (line 171) +* max-cert-depth: GPG Configuration Options. + (line 565) +* max-output: GPG Input and Output. + (line 19) +* max-passphrase-days: Agent Options. (line 205) +* min-cert-level: GPG Configuration Options. + (line 339) +* min-passphrase-len: Agent Options. (line 180) +* min-passphrase-nonalpha: Agent Options. (line 185) +* multi-server: Scdaemon Commands. (line 26) +* multifile: Operational GPG Commands. + (line 73) +* no: GPG Configuration Options. + (line 56) +* no-armor: GPG Input and Output. + (line 12) +* no-batch: GPG Configuration Options. + (line 39) +* no-common-certs-import: Esoteric Options. (line 116) +* no-default-keyring: GPG Esoteric Options. + (line 347) +* no-default-recipient: GPG Configuration Options. + (line 25) +* no-detach <1>: Scdaemon Options. (line 132) +* no-detach: Agent Options. (line 111) +* no-encrypt-to: GPG Key related Options. + (line 37) +* no-expensive-trust-checks: GPG Esoteric Options. + (line 444) +* no-ext-connect: Invoking gpg-connect-agent. + (line 48) +* no-grab: Agent Options. (line 136) +* no-greeting: GPG Configuration Options. + (line 649) +* no-groups: GPG Key related Options. + (line 59) +* no-literal: GPG Esoteric Options. + (line 370) +* no-mangle-dos-filenames: GPG Configuration Options. + (line 294) +* no-mdc-warning: GPG Configuration Options. + (line 668) +* no-options: GPG Configuration Options. + (line 269) +* no-random-seed-file: GPG Configuration Options. + (line 643) +* no-secmem-warning <1>: Configuration Options. + (line 55) +* no-secmem-warning: GPG Configuration Options. + (line 652) +* no-sig-cache: GPG Configuration Options. + (line 579) +* no-sig-create-check: GPG Configuration Options. + (line 588) +* no-skip-hidden-recipients: GPG Key related Options. + (line 75) +* no-tty: GPG Configuration Options. + (line 48) +* no-use-standard-socket: Agent Options. (line 237) +* no-verbose: GPG Configuration Options. + (line 32) +* not-dash-escaped: GPG Esoteric Options. + (line 249) +* openpgp: OpenPGP Options. (line 116) +* options <1>: Scdaemon Options. (line 7) +* options <2>: Configuration Options. + (line 10) +* options <3>: GPG Configuration Options. + (line 264) +* options: Agent Options. (line 7) +* output <1>: gpg-zip. (line 47) +* output <2>: Input and Output. (line 52) +* output: GPG Input and Output. + (line 16) +* override-session-key: GPG Esoteric Options. + (line 388) +* p12-charset: Input and Output. (line 24) +* passphrase <1>: Invoking gpg-preset-passphrase. + (line 35) +* passphrase: GPG Esoteric Options. + (line 288) +* passphrase-fd: GPG Esoteric Options. + (line 271) +* passphrase-file: GPG Esoteric Options. + (line 279) +* passphrase-repeat: GPG Esoteric Options. + (line 266) +* passwd <1>: Certificate Management. + (line 97) +* passwd: OpenPGP Key Management. + (line 294) +* pcsc-driver: Scdaemon Options. (line 140) +* permission-warning: GPG Configuration Options. + (line 655) +* personal-cipher-preferences: OpenPGP Options. (line 45) +* personal-compress-preferences: OpenPGP Options. (line 64) +* personal-digest-preferences: OpenPGP Options. (line 54) +* pgp2: OpenPGP Options. (line 134) +* pgp6: OpenPGP Options. (line 147) +* pgp7: OpenPGP Options. (line 158) +* pgp8: OpenPGP Options. (line 164) +* photo-viewer: GPG Configuration Options. + (line 173) +* pinentry-program: Agent Options. (line 213) +* pinentry-touch-file: Agent Options. (line 217) +* policy-file: Configuration Options. + (line 31) +* prefer-system-dirmngr: Configuration Options. + (line 46) +* preserve-permissions: GPG Esoteric Options. + (line 447) +* preset: Invoking gpg-preset-passphrase. + (line 20) +* primary-keyring: GPG Configuration Options. + (line 211) +* print-md: Operational GPG Commands. + (line 294) +* q <1>: Invoking symcryptrun. + (line 35) +* q: Invoking gpg-connect-agent. + (line 19) +* quiet <1>: Invoking symcryptrun. + (line 35) +* quiet <2>: Invoking gpg-connect-agent. + (line 19) +* quiet <3>: gpgv. (line 31) +* quiet <4>: GPG Configuration Options. + (line 35) +* quiet: Agent Options. (line 30) +* raw-socket: Invoking gpg-connect-agent. + (line 34) +* reader-port: Scdaemon Options. (line 157) +* rebuild-keydb-caches: Operational GPG Commands. + (line 288) +* recipient <1>: gpg-zip. (line 36) +* recipient <2>: Input and Output. (line 47) +* recipient: GPG Key related Options. + (line 8) +* recv-keys: Operational GPG Commands. + (line 220) +* refresh-keys: Operational GPG Commands. + (line 224) +* reload: Invoking gpgconf. (line 48) +* require-cross-certification: GPG Configuration Options. + (line 677) +* require-secmem: GPG Configuration Options. + (line 672) +* rfc1991: OpenPGP Options. (line 131) +* rfc2440: OpenPGP Options. (line 127) +* rfc4880: OpenPGP Options. (line 122) +* run: Invoking gpg-connect-agent. + (line 53) +* s2k-cipher-algo: OpenPGP Options. (line 74) +* s2k-count: OpenPGP Options. (line 91) +* s2k-digest-algo: OpenPGP Options. (line 80) +* s2k-mode: OpenPGP Options. (line 84) +* scdaemon-program: Agent Options. (line 226) +* search-keys: Operational GPG Commands. + (line 233) +* secret-keyring: GPG Configuration Options. + (line 208) +* send-keys: Operational GPG Commands. + (line 192) +* server <1>: Scdaemon Commands. (line 22) +* server <2>: Operational GPGSM Commands. + (line 24) +* server: Agent Commands. (line 23) +* set-filename: GPG Esoteric Options. + (line 161) +* set-filesize: GPG Esoteric Options. + (line 374) +* set-notation: GPG Esoteric Options. + (line 113) +* set-policy-url: GPG Esoteric Options. + (line 143) +* sh: Agent Options. (line 118) +* show-keyring: GPG Esoteric Options. + (line 493) +* show-notation: GPG Esoteric Options. + (line 502) +* show-photos: GPG Esoteric Options. + (line 485) +* show-policy-url: GPG Esoteric Options. + (line 510) +* show-session-key: GPG Esoteric Options. + (line 378) +* sig-keyserver-url: GPG Esoteric Options. + (line 153) +* sig-notation: GPG Esoteric Options. + (line 113) +* sig-policy-url: GPG Esoteric Options. + (line 143) +* sign <1>: Operational GPGSM Commands. + (line 16) +* sign: Operational GPG Commands. + (line 8) +* sign-key: OpenPGP Key Management. + (line 285) +* simple-sk-checksum: GPG Configuration Options. + (line 568) +* skip-hidden-recipients: GPG Key related Options. + (line 75) +* skip-verify: GPG Esoteric Options. + (line 354) +* status-fd <1>: gpgv. (line 40) +* status-fd: GPG Esoteric Options. + (line 69) +* status-file: GPG Esoteric Options. + (line 73) +* store: Operational GPG Commands. + (line 48) +* subst: Invoking gpg-connect-agent. + (line 59) +* symmetric: Operational GPG Commands. + (line 39) +* tar: gpg-zip. (line 56) +* tar-args: gpg-zip. (line 59) +* textmode: OpenPGP Options. (line 8) +* throw-keyids: GPG Esoteric Options. + (line 240) +* trust-mode:always: GPG Configuration Options. + (line 368) +* trust-mode:auto: GPG Configuration Options. + (line 376) +* trust-mode:classic: GPG Configuration Options. + (line 360) +* trust-mode:direct: GPG Configuration Options. + (line 364) +* trust-mode:pgp: GPG Configuration Options. + (line 355) +* trust-model: GPG Configuration Options. + (line 352) +* trustdb-name: GPG Configuration Options. + (line 216) +* trusted-key: GPG Configuration Options. + (line 345) +* try-all-secrets: GPG Key related Options. + (line 67) +* ttyname: Agent Options. (line 257) +* ttytype: Agent Options. (line 257) +* ungroup: GPG Key related Options. + (line 56) +* update-trustdb: Operational GPG Commands. + (line 247) +* use-agent: GPG Configuration Options. + (line 605) +* use-embedded-filename: GPG Esoteric Options. + (line 176) +* use-standard-socket: Agent Options. (line 237) +* utf8-strings: GPG Configuration Options. + (line 257) +* v <1>: Scdaemon Options. (line 23) +* v: Configuration Options. + (line 26) +* validation-model: Certificate Options. (line 62) +* verbose <1>: Invoking symcryptrun. + (line 30) +* verbose <2>: Invoking gpg-connect-agent. + (line 14) +* verbose <3>: Invoking gpg-preset-passphrase. + (line 31) +* verbose <4>: gpgv. (line 26) +* verbose <5>: watchgnupg. (line 29) +* verbose <6>: Scdaemon Options. (line 23) +* verbose <7>: Configuration Options. + (line 26) +* verbose <8>: GPG Configuration Options. + (line 28) +* verbose: Agent Options. (line 23) +* verify <1>: Operational GPGSM Commands. + (line 20) +* verify: Operational GPG Commands. + (line 60) +* verify-files: Operational GPG Commands. + (line 81) +* verify-options: GPG Configuration Options. + (line 118) +* verify-options:pka-lookups: GPG Configuration Options. + (line 154) +* verify-options:pka-trust-increase: GPG Configuration Options. + (line 161) +* verify-options:show-keyserver-urls: GPG Configuration Options. + (line 137) +* verify-options:show-notations: GPG Configuration Options. + (line 133) +* verify-options:show-photos: GPG Configuration Options. + (line 123) +* verify-options:show-policy-urls: GPG Configuration Options. + (line 127) +* verify-options:show-primary-uid-only: GPG Configuration Options. + (line 149) +* verify-options:show-std-notations: GPG Configuration Options. + (line 133) +* verify-options:show-uid-validity: GPG Configuration Options. + (line 141) +* verify-options:show-unusable-uids: GPG Configuration Options. + (line 145) +* verify-options:show-user-notations: GPG Configuration Options. + (line 133) +* version <1>: gpg-zip. (line 62) +* version <2>: watchgnupg. (line 32) +* version <3>: Scdaemon Commands. (line 10) +* version <4>: General GPGSM Commands. + (line 7) +* version <5>: General GPG Commands. + (line 7) +* version: Agent Commands. (line 10) +* warranty <1>: General GPGSM Commands. + (line 15) +* warranty: General GPG Commands. + (line 16) +* with-colons: GPG Input and Output. + (line 110) +* with-ephemeral-keys: Esoteric Options. (line 24) +* with-fingerprint: GPG Input and Output. + (line 124) +* with-key-data <1>: Input and Output. (line 55) +* with-key-data: GPG Esoteric Options. + (line 358) +* with-validation: Input and Output. (line 61) +* write-env-file: Agent Options. (line 124) +* xauthority: Agent Options. (line 257) +* yes: GPG Configuration Options. + (line 53) + + +File: gnupg.info, Node: Index, Prev: Option Index, Up: Top + +Index +***** + + +* Menu: + +* com-certs.pem: GPGSM Configuration. (line 84) +* command options <1>: Invoking SCDAEMON. (line 6) +* command options <2>: Invoking GPGSM. (line 6) +* command options <3>: Invoking GPG. (line 6) +* command options: Invoking GPG-AGENT. (line 6) +* contributors: Contributors. (line 6) +* GPG command options: Invoking GPG. (line 6) +* GPG-AGENT command options: Invoking GPG-AGENT. (line 6) +* gpg-agent.conf: Agent Configuration. (line 11) +* gpg.conf: GPG Configuration. (line 11) +* gpgconf.conf: Files used by gpgconf. + (line 7) +* GPGSM command options: Invoking GPGSM. (line 6) +* gpgsm.conf: GPGSM Configuration. (line 11) +* help.txt: GPGSM Configuration. (line 72) +* options, GPG command: Invoking GPG. (line 6) +* options, GPG-AGENT command: Invoking GPG-AGENT. (line 6) +* options, GPGSM command: Invoking GPGSM. (line 6) +* options, SCDAEMON command: Invoking SCDAEMON. (line 6) +* policies.txt: GPGSM Configuration. (line 18) +* pubring.kbx: GPGSM Configuration. (line 101) +* qualified.txt: GPGSM Configuration. (line 33) +* random_seed: GPGSM Configuration. (line 107) +* relax: Agent Configuration. (line 63) +* S.gpg-agent: GPGSM Configuration. (line 112) +* scd-event: Scdaemon Configuration. + (line 18) +* SCDAEMON command options: Invoking SCDAEMON. (line 6) +* scdaemon.conf: Scdaemon Configuration. + (line 11) +* SIGHUP: Agent Signals. (line 12) +* SIGINT: Agent Signals. (line 28) +* SIGTERM: Agent Signals. (line 23) +* SIGUSR1: Agent Signals. (line 31) +* SIGUSR2: Agent Signals. (line 34) +* sshcontrol: Agent Configuration. (line 76) + + diff --git a/doc/gnupg.texi b/doc/gnupg.texi new file mode 100644 index 0000000..7bb54af --- /dev/null +++ b/doc/gnupg.texi @@ -0,0 +1,222 @@ +\input texinfo @c -*-texinfo-*- +@c %**start of header +@setfilename gnupg.info +@include version.texi +@settitle Using the GNU Privacy Guard + +@c A couple of macros with no effect on texinfo +@c but used by the yat2m processor. +@macro manpage {a} +@end macro +@macro mansect {a} +@end macro +@macro manpause +@end macro +@macro mancont +@end macro + +@c Create a separate index for command line options. +@defcodeindex op +@c Merge the standard indexes into a single one. +@syncodeindex fn cp +@syncodeindex vr cp +@syncodeindex ky cp +@syncodeindex pg cp +@syncodeindex tp cp +@c %**end of header +@copying +This is the @cite{The GNU Privacy Guard Manual} (version +@value{VERSION}, @value{UPDATED-MONTH}). + +@iftex +Published by the Free Software Foundation@* +51 Franklin St, Fifth Floor@* +Boston, MA 02110-1301 USA +@end iftex + +Copyright @copyright{} 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc. + +@quotation +Permission is granted to copy, distribute and/or modify this document +under the terms of the GNU General Public License as published by the +Free Software Foundation; either version 3 of the License, or (at your +option) any later version. The text of the license can be found in the +section entitled ``Copying''. +@end quotation +@end copying + + +@dircategory GNU Utilities +@direntry +* gpg2: (gnupg). OpenPGP encryption and signing tool. +* gpgsm: (gnupg). S/MIME encryption and signing tool. +* gpg-agent: (gnupg). The secret key daemon. +@ifset gpgtwoone +* dirmngr: (gnupg). X.509 CRL and OCSP server. +* dirmngr-client: (gnupg). X.509 CRL and OCSP client. +@end ifset +@end direntry + + +@c +@c Printing stuff taken from gcc. +@c +@macro gnupgtabopt{body} +@code{\body\} +@end macro +@macro gnupgoptlist{body} +@smallexample +\body\ +@end smallexample +@end macro +@c Makeinfo handles the above macro OK, TeX needs manual line breaks; +@c they get lost at some point in handling the macro. But if @macro is +@c used here rather than @alias, it produces double line breaks. +@iftex +@alias gol = * +@end iftex +@ifnottex +@macro gol +@end macro +@end ifnottex + + +@c +@c Titlepage +@c +@setchapternewpage odd +@titlepage +@title Using the GNU Privacy Guard +@subtitle Version @value{VERSION} +@subtitle @value{UPDATED-MONTH} + +@sp 3 + +@image{gnupg-logo,16cm,,The GnuPG Logo} + +@sp 3 + +@author Werner Koch (@email{wk@@gnupg.org}) + +@page +@vskip 0pt plus 1filll +@insertcopying +@end titlepage + +@ifnothtml +@summarycontents +@contents +@page +@end ifnothtml + +@ifhtml +@center @image{gnupg-logo,6cm,,The GnuPG Logo} +@end ifhtml + +@ifnottex +@node Top +@top +@insertcopying + +This manual documents how to use the GNU Privacy Guard system as well as +the administration and the architecture. +@end ifnottex + +@menu +* Installation:: A short installation guide. + +* Invoking GPG-AGENT:: How to launch the secret key daemon. +@ifset gpgtwoone +* Invoking DIRMNGR:: How to launch the CRL and OCSP daemon. +@end ifset +* Invoking GPG:: Using the OpenPGP protocol. +* Invoking GPGSM:: Using the S/MIME protocol. +* Invoking SCDAEMON:: How to handle Smartcards. +* Specify a User ID:: How to Specify a User Id. + +* Helper Tools:: Description of small helper tools + +* Howtos:: How to do certain things. +* System Notes:: Notes pertaining to certain OSes. +* Debugging:: How to solve problems + +* Copying:: GNU General Public License says + how you can copy and share GnuPG +* Contributors:: People who have contributed to GnuPG. + +* Glossary:: Short description of terms used. +* Option Index:: Index to command line options. +* Index:: Index of concepts and symbol names. +@end menu + + +@ifhtml +@page +@summarycontents +@contents +@end ifhtml + + +@include instguide.texi + +@include gpg-agent.texi +@ifset gpgtwoone +@include dirmngr.texi +@end ifset +@include gpg.texi +@include gpgsm.texi +@include scdaemon.texi + +@node Specify a User ID +@chapter How to Specify a User Id +@anchor{how-to-specify-a-user-id} +@include specify-user-id.texi + + +@include tools.texi + +@include howtos.texi + +@include sysnotes.texi + +@include debugging.texi + +@include gpl.texi + +@include contrib.texi + +@c --------------------------------------------------------------------- +@c Indexes +@c --------------------------------------------------------------------- + +@include glossary.texi + +@node Option Index +@unnumbered Option Index + +@printindex op + +@node Index +@unnumbered Index + +@printindex cp + +@c --------------------------------------------------------------------- +@c Epilogue +@c --------------------------------------------------------------------- + +@c @node History +@c @unnumbered History +@c +@c Here are the notices from the old dirmngr manual: +@c +@c @itemize +@c @item Using DirMngr, 2002, Steffen Hansen, Klar"alvdalens Datakonsult AB. +@c @item Using DirMngr, 2004, 2005, 2006, 2008 Werner Koch, g10 Code GmbH. +@c @end itemize +@c + + +@bye + + diff --git a/doc/gnupg7.texi b/doc/gnupg7.texi new file mode 100644 index 0000000..c48dca9 --- /dev/null +++ b/doc/gnupg7.texi @@ -0,0 +1,31 @@ +@c @c -*-texinfo-*- +@c This is only used to create a man page, thus we don't need to care +@c about actual texinfo stuff. + +@manpage gnupg.7 +@ifset manverb +.B GnuPG +\- The GNU Privacy Guard suite of programs +@end ifset +@mansect description +@ifset isman +GnuPG is a set of programs for public key encryption and digital +signatures. The program most users will want to use is the OpenPGP +command line tool, named @command{gpg2}. @command{gpgv}is a stripped +down version of @command{gpg2} with no encryption functionality, used +only to verify signatures against a trusted keyring. @command{gpgsm} is +the X.509/CMS (for S/MIME) counterpart of +@command{gpg2}. @command{gpg-agent} is a passphrase and private key +daemon which may also emulate the @command{ssh-agent}. +@mansect see also +@command{gpg}(1), +@command{gpg2}(1), +@command{gpgv}(1), +@command{gpgsm}(1), +@command{gpg-agent}(1), +@command{dirmngr}(8), +@command{scdaemon}(1) +@include see-also-note.texi +@end ifset + +@bye diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi new file mode 100644 index 0000000..4c7f13f --- /dev/null +++ b/doc/gpg-agent.texi @@ -0,0 +1,1386 @@ +@c Copyright (C) 2002 Free Software Foundation, Inc. +@c This is part of the GnuPG manual. +@c For copying conditions, see the file gnupg.texi. + +@c Note that we use this texinfo file for all versions of GnuPG: +@c 2.0 and 2.1. The macro "gpgtwoone" controls parts which are only +@c valid for GnuPG 2.1 and later. + + +@node Invoking GPG-AGENT +@chapter Invoking GPG-AGENT +@cindex GPG-AGENT command options +@cindex command options +@cindex options, GPG-AGENT command + +@manpage gpg-agent.1 +@ifset manverb +.B gpg-agent +\- Secret key management for GnuPG +@end ifset + +@mansect synopsis +@ifset manverb +.B gpg-agent +.RB [ \-\-homedir +.IR dir ] +.RB [ \-\-options +.IR file ] +.RI [ options ] +.br +.B gpg-agent +.RB [ \-\-homedir +.IR dir ] +.RB [ \-\-options +.IR file ] +.RI [ options ] +.B \-\-server +.br +.B gpg-agent +.RB [ \-\-homedir +.IR dir ] +.RB [ \-\-options +.IR file ] +.RI [ options ] +.B \-\-daemon +.RI [ command_line ] +@end ifset + +@mansect description +@command{gpg-agent} is a daemon to manage secret (private) keys +independently from any protocol. It is used as a backend for +@command{gpg} and @command{gpgsm} as well as for a couple of other +utilities. + +@ifset gpgtwoone +The agent is usualy started on demand by @command{gpg}, @command{gpgsm}, +@command{gpgconf} or @command{gpg-connect-agent}. Thus there is no +reason to start it manually. In case you want to use the included +Secure Shell Agent you may start the agent using: + +@example +gpg-connect-agent /bye +@end example +@end ifset + +@ifclear gpgtwoone +@noindent +The usual way to run the agent is from the @code{~/.xsession} file: + +@example +eval $(gpg-agent --daemon) +@end example +@noindent +If you don't use an X server, you can also put this into your regular +startup file @code{~/.profile} or @code{.bash_profile}. It is best not +to run multiple instance of the @command{gpg-agent}, so you should make +sure that only one is running: @command{gpg-agent} uses an environment +variable to inform clients about the communication parameters. You can +write the content of this environment variable to a file so that you can +test for a running agent. Here is an example using Bourne shell syntax: + +@smallexample +gpg-agent --daemon --enable-ssh-support \ + --write-env-file "$@{HOME@}/.gpg-agent-info" +@end smallexample + +This code should only be run once per user session to initially fire up +the agent. In the example the optional support for the included Secure +Shell agent is enabled and the information about the agent is written to +a file in the HOME directory. Note that by running gpg-agent without +arguments you may test whether an agent is already running; however such +a test may lead to a race condition, thus it is not suggested. + +@noindent +The second script needs to be run for each interactive session: + +@smallexample +if [ -f "$@{HOME@}/.gpg-agent-info" ]; then + . "$@{HOME@}/.gpg-agent-info" + export GPG_AGENT_INFO + export SSH_AUTH_SOCK +fi +@end smallexample + +@noindent +It reads the data out of the file and exports the variables. If you +don't use Secure Shell, you don't need the last two export statements. +@end ifclear + +@noindent +You should always add the following lines to your @code{.bashrc} or +whatever initialization file is used for all shell invocations: + +@smallexample +GPG_TTY=$(tty) +export GPG_TTY +@end smallexample + +@noindent +It is important that this environment variable always reflects the +output of the @code{tty} command. For W32 systems this option is not +required. + +Please make sure that a proper pinentry program has been installed +under the default filename (which is system dependant) or use the +option @option{pinentry-program} to specify the full name of that program. +It is often useful to install a symbolic link from the actual used +pinentry (e.g. @file{/usr/bin/pinentry-gtk}) to the expected +one (e.g. @file{/usr/bin/pinentry}). + +@manpause +@noindent +@xref{Option Index},for an index to @command{GPG-AGENT}'s commands and options. +@mancont + +@menu +* Agent Commands:: List of all commands. +* Agent Options:: List of all options. +* Agent Configuration:: Configuration files. +* Agent Signals:: Use of some signals. +* Agent Examples:: Some usage examples. +* Agent Protocol:: The protocol the agent uses. +@end menu + +@mansect commands +@node Agent Commands +@section Commands + +Commands are not distinguished from options except for the fact that +only one command is allowed. + +@table @gnupgtabopt +@item --version +@opindex version +Print the program version and licensing information. Note that you cannot +abbreviate this command. + +@item --help +@itemx -h +@opindex help +Print a usage message summarizing the most useful command-line options. +Note that you cannot abbreviate this command. + +@item --dump-options +@opindex dump-options +Print a list of all available options and commands. Note that you cannot +abbreviate this command. + +@item --server +@opindex server +Run in server mode and wait for commands on the @code{stdin}. The +default mode is to create a socket and listen for commands there. + +@item --daemon [@var{command line}] +@opindex daemon +Start the gpg-agent as a daemon; that is, detach it from the console +and run it in the background. Because @command{gpg-agent} prints out +important information required for further use, a common way of +invoking gpg-agent is: @code{eval $(gpg-agent --daemon)} to setup the +environment variables. The option @option{--write-env-file} is +another way commonly used to do this. Yet another way is creating +a new process as a child of gpg-agent: @code{gpg-agent --daemon +/bin/sh}. This way you get a new shell with the environment setup +properly; if you exit from this shell, gpg-agent terminates as well. +@end table + +@mansect options +@node Agent Options +@section Option Summary + +@table @gnupgtabopt + +@anchor{option --options} +@item --options @var{file} +@opindex options +Reads configuration from @var{file} instead of from the default +per-user configuration file. The default configuration file is named +@file{gpg-agent.conf} and expected in the @file{.gnupg} directory directly +below the home directory of the user. + +@anchor{option --homedir} +@include opt-homedir.texi + + +@item -v +@item --verbose +@opindex verbose +Outputs additional information while running. +You can increase the verbosity by giving several +verbose commands to @command{gpgsm}, such as @samp{-vv}. + +@item -q +@item --quiet +@opindex quiet +Try to be as quiet as possible. + +@item --batch +@opindex batch +Don't invoke a pinentry or do any other thing requiring human interaction. + +@item --faked-system-time @var{epoch} +@opindex faked-system-time +This option is only useful for testing; it sets the system time back or +forth to @var{epoch} which is the number of seconds elapsed since the year +1970. + +@item --debug-level @var{level} +@opindex debug-level +Select the debug level for investigating problems. @var{level} may be +a numeric value or a keyword: + +@table @code +@item none +No debugging at all. A value of less than 1 may be used instead of +the keyword. +@item basic +Some basic debug messages. A value between 1 and 2 may be used +instead of the keyword. +@item advanced +More verbose debug messages. A value between 3 and 5 may be used +instead of the keyword. +@item expert +Even more detailed messages. A value between 6 and 8 may be used +instead of the keyword. +@item guru +All of the debug messages you can get. A value greater than 8 may be +used instead of the keyword. The creation of hash tracing files is +only enabled if the keyword is used. +@end table + +How these messages are mapped to the actual debugging flags is not +specified and may change with newer releases of this program. They are +however carefully selected to best aid in debugging. + +@item --debug @var{flags} +@opindex debug +This option is only useful for debugging and the behaviour may change at +any time without notice. FLAGS are bit encoded and may be given in +usual C-Syntax. The currently defined bits are: + +@table @code +@item 0 (1) +X.509 or OpenPGP protocol related data +@item 1 (2) +values of big number integers +@item 2 (4) +low level crypto operations +@item 5 (32) +memory allocation +@item 6 (64) +caching +@item 7 (128) +show memory statistics. +@item 9 (512) +write hashed data to files named @code{dbgmd-000*} +@item 10 (1024) +trace Assuan protocol +@item 12 (4096) +bypass all certificate validation +@end table + +@item --debug-all +@opindex debug-all +Same as @code{--debug=0xffffffff} + +@item --debug-wait @var{n} +@opindex debug-wait +When running in server mode, wait @var{n} seconds before entering the +actual processing loop and print the pid. This gives time to attach a +debugger. + +@item --no-detach +@opindex no-detach +Don't detach the process from the console. This is mainly useful for +debugging. + +@item -s +@itemx --sh +@itemx -c +@itemx --csh +@opindex sh +@opindex csh +Format the info output in daemon mode for use with the standard Bourne +shell or the C-shell respectively. The default is to guess it based on +the environment variable @code{SHELL} which is correct in almost all +cases. + +@item --write-env-file @var{file} +@opindex write-env-file +Often it is required to connect to the agent from a process not being an +inferior of @command{gpg-agent} and thus the environment variable with +the socket name is not available. To help setting up those variables in +other sessions, this option may be used to write the information into +@var{file}. If @var{file} is not specified the default name +@file{$@{HOME@}/.gpg-agent-info} will be used. The format is suitable +to be evaluated by a Bourne shell like in this simple example: + +@example +eval $(cat @var{file}) +eval $(cut -d= -f 1 < @var{file} | xargs echo export) +@end example + + + +@item --no-grab +@opindex no-grab +Tell the pinentry not to grab the keyboard and mouse. This option +should in general not be used to avoid X-sniffing attacks. + +@anchor{option --log-file} +@item --log-file @var{file} +@opindex log-file +Append all logging output to @var{file}. This is very helpful in seeing +what the agent actually does. If neither a log file nor a log file +descriptor has been set on a Windows platform, the Registry entry +@code{HKCU\Software\GNU\GnuPG:DefaultLogFile}, if set, is used to specify +the logging output. + + +@anchor{option --allow-mark-trusted} +@item --allow-mark-trusted +@opindex allow-mark-trusted +Allow clients to mark keys as trusted, i.e. put them into the +@file{trustlist.txt} file. This is by default not allowed to make it +harder for users to inadvertently accept Root-CA keys. + +@ifset gpgtwoone +@anchor{option --allow-loopback-pinentry} +@item --allow-loopback-pinentry +@opindex allow-loopback-pinentry +Allow clients to use the loopback pinentry features; see the option +@option{pinentry-mode} for details. +@end ifset + +@item --ignore-cache-for-signing +@opindex ignore-cache-for-signing +This option will let @command{gpg-agent} bypass the passphrase cache for all +signing operation. Note that there is also a per-session option to +control this behaviour but this command line option takes precedence. + +@item --default-cache-ttl @var{n} +@opindex default-cache-ttl +Set the time a cache entry is valid to @var{n} seconds. The default is +600 seconds. + +@item --default-cache-ttl-ssh @var{n} +@opindex default-cache-ttl +Set the time a cache entry used for SSH keys is valid to @var{n} +seconds. The default is 1800 seconds. + +@item --max-cache-ttl @var{n} +@opindex max-cache-ttl +Set the maximum time a cache entry is valid to @var{n} seconds. After +this time a cache entry will be expired even if it has been accessed +recently. The default is 2 hours (7200 seconds). + +@item --max-cache-ttl-ssh @var{n} +@opindex max-cache-ttl-ssh +Set the maximum time a cache entry used for SSH keys is valid to @var{n} +seconds. After this time a cache entry will be expired even if it has +been accessed recently. The default is 2 hours (7200 seconds). + +@item --enforce-passphrase-constraints +@opindex enforce-passphrase-constraints +Enforce the passphrase constraints by not allowing the user to bypass +them using the ``Take it anyway'' button. + +@item --min-passphrase-len @var{n} +@opindex min-passphrase-len +Set the minimal length of a passphrase. When entering a new passphrase +shorter than this value a warning will be displayed. Defaults to 8. + +@item --min-passphrase-nonalpha @var{n} +@opindex min-passphrase-nonalpha +Set the minimal number of digits or special characters required in a +passphrase. When entering a new passphrase with less than this number +of digits or special characters a warning will be displayed. Defaults +to 1. + +@item --check-passphrase-pattern @var{file} +@opindex check-passphrase-pattern +Check the passphrase against the pattern given in @var{file}. When +entering a new passphrase matching one of these pattern a warning will +be displayed. @var{file} should be an absolute filename. The default is +not to use any pattern file. + +Security note: It is known that checking a passphrase against a list of +pattern or even against a complete dictionary is not very effective to +enforce good passphrases. Users will soon figure up ways to bypass such +a policy. A better policy is to educate users on good security +behavior and optionally to run a passphrase cracker regularly on all +users passphrases to catch the very simple ones. + +@item --max-passphrase-days @var{n} +@opindex max-passphrase-days +Ask the user to change the passphrase if @var{n} days have passed since +the last change. With @option{--enforce-passphrase-constraints} set the +user may not bypass this check. + +@item --enable-passphrase-history +@opindex enable-passphrase-history +This option does nothing yet. + +@item --pinentry-program @var{filename} +@opindex pinentry-program +Use program @var{filename} as the PIN entry. The default is installation +dependent. + +@item --pinentry-touch-file @var{filename} +@opindex pinentry-touch-file +By default the filename of the socket gpg-agent is listening for +requests is passed to Pinentry, so that it can touch that file before +exiting (it does this only in curses mode). This option changes the +file passed to Pinentry to @var{filename}. The special name +@code{/dev/null} may be used to completely disable this feature. Note +that Pinentry will not create that file, it will only change the +modification and access time. + + +@item --scdaemon-program @var{filename} +@opindex scdaemon-program +Use program @var{filename} as the Smartcard daemon. The default is +installation dependent and can be shown with the @command{gpgconf} +command. + +@item --disable-scdaemon +@opindex disable-scdaemon +Do not make use of the scdaemon tool. This option has the effect of +disabling the ability to do smartcard operations. Note, that enabling +this option at runtime does not kill an already forked scdaemon. + +@item --use-standard-socket +@itemx --no-use-standard-socket +@opindex use-standard-socket +@opindex no-use-standard-socket +By enabling this option @command{gpg-agent} will listen on the socket +named @file{S.gpg-agent}, located in the home directory, and not create +a random socket below a temporary directory. Tools connecting to +@command{gpg-agent} should first try to connect to the socket given in +environment variable @var{GPG_AGENT_INFO} and then fall back to this +socket. This option may not be used if the home directory is mounted on +a remote file system which does not support special files like fifos or +sockets. +@ifset gpgtwoone +Note, that @option{--use-standard-socket} is the default on all +systems since GnuPG 2.1. +@end ifset +@ifclear gpgtwoone +Note, that @option{--use-standard-socket} is the default on +Windows systems. +@end ifclear +The default may be changed at build time. It is +possible to test at runtime whether the agent has been configured for +use with the standard socket by issuing the command @command{gpg-agent +--use-standard-socket-p} which returns success if the standard socket +option has been enabled. + +@item --display @var{string} +@itemx --ttyname @var{string} +@itemx --ttytype @var{string} +@itemx --lc-ctype @var{string} +@itemx --lc-messages @var{string} +@itemx --xauthority @var{string} +@opindex display +@opindex ttyname +@opindex ttytype +@opindex lc-ctype +@opindex lc-messages +@opindex xauthority +These options are used with the server mode to pass localization +information. + +@item --keep-tty +@itemx --keep-display +@opindex keep-tty +@opindex keep-display +Ignore requests to change the current @code{tty} or X window system's +@code{DISPLAY} variable respectively. This is useful to lock the +pinentry to pop up at the @code{tty} or display you started the agent. + +@anchor{option --enable-ssh-support} +@item --enable-ssh-support +@opindex enable-ssh-support + +Enable the OpenSSH Agent protocol. + +In this mode of operation, the agent does not only implement the +gpg-agent protocol, but also the agent protocol used by OpenSSH +(through a separate socket). Consequently, it should be possible to use +the gpg-agent as a drop-in replacement for the well known ssh-agent. + +SSH Keys, which are to be used through the agent, need to be added to +the gpg-agent initially through the ssh-add utility. When a key is +added, ssh-add will ask for the password of the provided key file and +send the unprotected key material to the agent; this causes the +gpg-agent to ask for a passphrase, which is to be used for encrypting +the newly received key and storing it in a gpg-agent specific +directory. + +Once a key has been added to the gpg-agent this way, the gpg-agent +will be ready to use the key. + +Note: in case the gpg-agent receives a signature request, the user might +need to be prompted for a passphrase, which is necessary for decrypting +the stored key. Since the ssh-agent protocol does not contain a +mechanism for telling the agent on which display/terminal it is running, +gpg-agent's ssh-support will use the TTY or X display where gpg-agent +has been started. To switch this display to the current one, the +following command may be used: + +@smallexample +gpg-connect-agent updatestartuptty /bye +@end smallexample + +Although all GnuPG components try to start the gpg-agent as needed, this +is not possible for the ssh support because ssh does not know about it. +Thus if no GnuPG tool which accesses the agent has been run, there is no +guarantee that ssh is abale to use gpg-agent for authentication. To fix +this you may start gpg-agent if needed using this simple command: + +@smallexample +gpg-connect-agent /bye +@end smallexample + +Adding the @option{--verbose} shows the progress of starting the agent. + +@end table + +All the long options may also be given in the configuration file after +stripping off the two leading dashes. + + +@mansect files +@node Agent Configuration +@section Configuration + +There are a few configuration files needed for the operation of the +agent. By default they may all be found in the current home directory +(@pxref{option --homedir}). + +@table @file + +@item gpg-agent.conf +@cindex gpg-agent.conf + This is the standard configuration file read by @command{gpg-agent} on + startup. It may contain any valid long option; the leading + two dashes may not be entered and the option may not be abbreviated. + This file is also read after a @code{SIGHUP} however only a few + options will actually have an effect. This default name may be + changed on the command line (@pxref{option --options}). + You should backup this file. + +@item trustlist.txt + This is the list of trusted keys. You should backup this file. + + Comment lines, indicated by a leading hash mark, as well as empty + lines are ignored. To mark a key as trusted you need to enter its + fingerprint followed by a space and a capital letter @code{S}. Colons + may optionally be used to separate the bytes of a fingerprint; this + allows to cut and paste the fingerprint from a key listing output. If + the line is prefixed with a @code{!} the key is explicitly marked as + not trusted. + + Here is an example where two keys are marked as ultimately trusted + and one as not trusted: + + @example + # CN=Wurzel ZS 3,O=Intevation GmbH,C=DE + A6935DD34EF3087973C706FC311AA2CCF733765B S + + # CN=PCA-1-Verwaltung-02/O=PKI-1-Verwaltung/C=DE + DC:BD:69:25:48:BD:BB:7E:31:6E:BB:80:D3:00:80:35:D4:F8:A6:CD S + + # CN=Root-CA/O=Schlapphuete/L=Pullach/C=DE + !14:56:98:D3:FE:9C:CA:5A:31:6E:BC:81:D3:11:4E:00:90:A3:44:C2 S + @end example + +Before entering a key into this file, you need to ensure its +authenticity. How to do this depends on your organisation; your +administrator might have already entered those keys which are deemed +trustworthy enough into this file. Places where to look for the +fingerprint of a root certificate are letters received from the CA or +the website of the CA (after making 100% sure that this is indeed the +website of that CA). You may want to consider allowing interactive +updates of this file by using the @xref{option --allow-mark-trusted}. +This is however not as secure as maintaining this file manually. It is +even advisable to change the permissions to read-only so that this file +can't be changed inadvertently. + +As a special feature a line @code{include-default} will include a global +list of trusted certificates (e.g. @file{/etc/gnupg/trustlist.txt}). +This global list is also used if the local list is not available. + +It is possible to add further flags after the @code{S} for use by the +caller: + +@table @code + +@item relax +@cindex relax +Relax checking of some root certificate requirements. As of now this +flag allows the use of root certificates with a missing basicConstraints +attribute (despite that it is a MUST for CA certificates) and disables +CRL checking for the root certificate. + +@item cm +If validation of a certificate finally issued by a CA with this flag set +fails, try again using the chain validation model. + +@end table + + +@item sshcontrol +@cindex sshcontrol +This file is used when support for the secure shell agent protocol has +been enabled (@pxref{option --enable-ssh-support}). Only keys present in +this file are used in the SSH protocol. You should backup this file. + +The @command{ssh-add} tool may be used to add new entries to this file; +you may also add them manually. Comment lines, indicated by a leading +hash mark, as well as empty lines are ignored. An entry starts with +optional whitespace, followed by the keygrip of the key given as 40 hex +digits, optionally followed by the caching TTL in seconds and another +optional field for arbitrary flags. A non-zero TTL overrides the global +default as set by @option{--default-cache-ttl-ssh}. + +The only flag support is @code{confirm}. If this flag is found for a +key, each use of the key will pop up a pinentry to confirm the use of +that key. The flag is automatically set if a new key was loaded into +@code{gpg-agent} using the option @option{-c} of the @code{ssh-add} +command. + +The keygrip may be prefixed with a @code{!} to disable an entry entry. + +The following example lists exactly one key. Note that keys available +through a OpenPGP smartcard in the active smartcard reader are +implicitly added to this list; i.e. there is no need to list them. + + @example + # Key added on: 2011-07-20 20:38:46 + # Fingerprint: 5e:8d:c4:ad:e7:af:6e:27:8a:d6:13:e4:79:ad:0b:81 + 34B62F25E277CF13D3C6BCEBFD3F85D08F0A864B 0 confirm + @end example + +@item private-keys-v1.d/ + + This is the directory where gpg-agent stores the private keys. Each + key is stored in a file with the name made up of the keygrip and the + suffix @file{key}. You should backup all files in this directory + and take great care to keep this backup closed away. + + +@end table + +Note that on larger installations, it is useful to put predefined +files into the directory @file{/etc/skel/.gnupg/} so that newly created +users start up with a working configuration. For existing users the +a small helper script is provided to create these files (@pxref{addgnupghome}). + + + +@c +@c Agent Signals +@c +@mansect signals +@node Agent Signals +@section Use of some signals. +A running @command{gpg-agent} may be controlled by signals, i.e. using +the @command{kill} command to send a signal to the process. + +Here is a list of supported signals: + +@table @gnupgtabopt + +@item SIGHUP +@cpindex SIGHUP +This signal flushes all cached passphrases and if the program has been +started with a configuration file, the configuration file is read again. +Only certain options are honored: @code{quiet}, @code{verbose}, +@code{debug}, @code{debug-all}, @code{debug-level}, @code{no-grab}, +@code{pinentry-program}, @code{default-cache-ttl}, @code{max-cache-ttl}, +@code{ignore-cache-for-signing}, @code{allow-mark-trusted} and +@code{disable-scdaemon}. @code{scdaemon-program} is also supported but +due to the current implementation, which calls the scdaemon only once, +it is not of much use unless you manually kill the scdaemon. + + +@item SIGTERM +@cpindex SIGTERM +Shuts down the process but waits until all current requests are +fulfilled. If the process has received 3 of these signals and requests +are still pending, a shutdown is forced. + +@item SIGINT +@cpindex SIGINT +Shuts down the process immediately. + +@item SIGUSR1 +@cpindex SIGUSR1 +Dump internal information to the log file. + +@item SIGUSR2 +@cpindex SIGUSR2 +This signal is used for internal purposes. + +@end table + +@c +@c Examples +@c +@mansect examples +@node Agent Examples +@section Examples + +The usual way to invoke @command{gpg-agent} is + +@example +$ eval $(gpg-agent --daemon) +@end example + +An alternative way is by replacing @command{ssh-agent} with +@command{gpg-agent}. If for example @command{ssh-agent} is started as +part of the Xsession initialization, you may simply replace +@command{ssh-agent} by a script like: + +@cartouche +@example +#!/bin/sh + +exec /usr/local/bin/gpg-agent --enable-ssh-support --daemon \ + --write-env-file $@{HOME@}/.gpg-agent-info "$@@" +@end example +@end cartouche + +@noindent +and add something like (for Bourne shells) + +@cartouche +@example + if [ -f "$@{HOME@}/.gpg-agent-info" ]; then + . "$@{HOME@}/.gpg-agent-info" + export GPG_AGENT_INFO + export SSH_AUTH_SOCK + fi +@end example +@end cartouche + +@noindent +to your shell initialization file (e.g. @file{~/.bashrc}). + +@c +@c Assuan Protocol +@c +@manpause +@node Agent Protocol +@section Agent's Assuan Protocol + +Note: this section does only document the protocol, which is used by +GnuPG components; it does not deal with the ssh-agent protocol. + +The @command{gpg-agent} should be started by the login shell and set an +environment variable to tell clients about the socket to be used. +Clients should deny to access an agent with a socket name which does +not match its own configuration. An application may choose to start +an instance of the gpgagent if it does not figure that any has been +started; it should not do this if a gpgagent is running but not +usable. Because @command{gpg-agent} can only be used in background mode, no +special command line option is required to activate the use of the +protocol. + +To identify a key we use a thing called keygrip which is the SHA-1 hash +of an canonical encoded S-Expression of the public key as used in +Libgcrypt. For the purpose of this interface the keygrip is given as a +hex string. The advantage of using this and not the hash of a +certificate is that it will be possible to use the same keypair for +different protocols, thereby saving space on the token used to keep the +secret keys. + +@menu +* Agent PKDECRYPT:: Decrypting a session key +* Agent PKSIGN:: Signing a Hash +* Agent GENKEY:: Generating a Key +* Agent IMPORT:: Importing a Secret Key +* Agent EXPORT:: Exporting a Secret Key +* Agent ISTRUSTED:: Importing a Root Certificate +* Agent GET_PASSPHRASE:: Ask for a passphrase +* Agent GET_CONFIRMATION:: Ask for confirmation +* Agent HAVEKEY:: Check whether a key is available +* Agent LEARN:: Register a smartcard +* Agent PASSWD:: Change a Passphrase +* Agent UPDATESTARTUPTTY:: Change the Standard Display +* Agent GETEVENTCOUNTER:: Get the Event Counters +* Agent GETINFO:: Return information about the process +* Agent OPTION:: Set options for the session +@end menu + +@node Agent PKDECRYPT +@subsection Decrypting a session key + +The client asks the server to decrypt a session key. The encrypted +session key should have all information needed to select the +appropriate secret key or to delegate it to a smartcard. + +@example + SETKEY <keyGrip> +@end example + +Tell the server about the key to be used for decryption. If this is +not used, @command{gpg-agent} may try to figure out the key by trying to +decrypt the message with each key available. + +@example + PKDECRYPT +@end example + +The agent checks whether this command is allowed and then does an +INQUIRY to get the ciphertext the client should then send the cipher +text. + +@example + S: INQUIRE CIPHERTEXT + C: D (xxxxxx + C: D xxxx) + C: END +@end example + +Please note that the server may send status info lines while reading the +data lines from the client. The data send is a SPKI like S-Exp with +this structure: + +@example + (enc-val + (<algo> + (<param_name1> <mpi>) + ... + (<param_namen> <mpi>))) +@end example + +Where algo is a string with the name of the algorithm; see the libgcrypt +documentation for a list of valid algorithms. The number and names of +the parameters depend on the algorithm. The agent does return an error +if there is an inconsistency. + +If the decryption was successful the decrypted data is returned by +means of "D" lines. + +Here is an example session: + +@example + C: PKDECRYPT + S: INQUIRE CIPHERTEXT + C: D (enc-val elg (a 349324324) + C: D (b 3F444677CA))) + C: END + S: # session key follows + S: D (value 1234567890ABCDEF0) + S: OK descryption successful +@end example + + +@node Agent PKSIGN +@subsection Signing a Hash + +The client ask the agent to sign a given hash value. A default key +will be chosen if no key has been set. To set a key a client first +uses: + +@example + SIGKEY <keyGrip> +@end example + +This can be used multiple times to create multiple signature, the list +of keys is reset with the next PKSIGN command or a RESET. The server +test whether the key is a valid key to sign something and responds with +okay. + +@example + SETHASH --hash=<name>|<algo> <hexstring> +@end example + +The client can use this command to tell the server about the data <hexstring> +(which usually is a hash) to be signed. <algo> is the decimal encoded hash +algorithm number as used by Libgcrypt. Either <algo> or --hash=<name> +must be given. Valid names for <name> are: + +@table @code +@item sha1 +@item sha256 +@item rmd160 +@item md5 +@item tls-md5sha1 +@end table + +@noindent +The actual signing is done using + +@example + PKSIGN <options> +@end example + +Options are not yet defined, but my later be used to choose among +different algorithms. The agent does then some checks, asks for the +passphrase and as a result the server returns the signature as an SPKI +like S-expression in "D" lines: + +@example + (sig-val + (<algo> + (<param_name1> <mpi>) + ... + (<param_namen> <mpi>))) +@end example + + +The operation is affected by the option + +@example + OPTION use-cache-for-signing=0|1 +@end example + +The default of @code{1} uses the cache. Setting this option to @code{0} +will lead @command{gpg-agent} to ignore the passphrase cache. Note, that there is +also a global command line option for @command{gpg-agent} to globally disable the +caching. + + +Here is an example session: + +@example + C: SIGKEY <keyGrip> + S: OK key available + C: SIGKEY <keyGrip> + S: OK key available + C: PKSIGN + S: # I did ask the user whether he really wants to sign + S: # I did ask the user for the passphrase + S: INQUIRE HASHVAL + C: D ABCDEF012345678901234 + C: END + S: # signature follows + S: D (sig-val rsa (s 45435453654612121212)) + S: OK +@end example + + +@node Agent GENKEY +@subsection Generating a Key + +This is used to create a new keypair and store the secret key inside the +active PSE --- which is in most cases a Soft-PSE. An not yet defined +option allows to choose the storage location. To get the secret key out +of the PSE, a special export tool has to be used. + +@example + GENKEY +@end example + +Invokes the key generation process and the server will then inquire +on the generation parameters, like: + +@example + S: INQUIRE KEYPARM + C: D (genkey (rsa (nbits 1024))) + C: END +@end example + +The format of the key parameters which depends on the algorithm is of +the form: + +@example + (genkey + (algo + (parameter_name_1 ....) + .... + (parameter_name_n ....))) +@end example + +If everything succeeds, the server returns the *public key* in a SPKI +like S-Expression like this: + +@example + (public-key + (rsa + (n <mpi>) + (e <mpi>))) +@end example + +Here is an example session: + +@example + C: GENKEY + S: INQUIRE KEYPARM + C: D (genkey (rsa (nbits 1024))) + C: END + S: D (public-key + S: D (rsa (n 326487324683264) (e 10001))) + S OK key created +@end example + +@node Agent IMPORT +@subsection Importing a Secret Key + +This operation is not yet supported by GpgAgent. Specialized tools +are to be used for this. + +There is no actual need because we can expect that secret keys +created by a 3rd party are stored on a smartcard. If we have +generated the key ourself, we do not need to import it. + +@node Agent EXPORT +@subsection Export a Secret Key + +Not implemented. + +Should be done by an extra tool. + +@node Agent ISTRUSTED +@subsection Importing a Root Certificate + +Actually we do not import a Root Cert but provide a way to validate +any piece of data by storing its Hash along with a description and +an identifier in the PSE. Here is the interface description: + +@example + ISTRUSTED <fingerprint> +@end example + +Check whether the OpenPGP primary key or the X.509 certificate with the +given fingerprint is an ultimately trusted key or a trusted Root CA +certificate. The fingerprint should be given as a hexstring (without +any blanks or colons or whatever in between) and may be left padded with +00 in case of an MD5 fingerprint. GPGAgent will answer with: + +@example + OK +@end example + +The key is in the table of trusted keys. + +@example + ERR 304 (Not Trusted) +@end example + +The key is not in this table. + +Gpg needs the entire list of trusted keys to maintain the web of +trust; the following command is therefore quite helpful: + +@example + LISTTRUSTED +@end example + +GpgAgent returns a list of trusted keys line by line: + +@example + S: D 000000001234454556565656677878AF2F1ECCFF P + S: D 340387563485634856435645634856438576457A P + S: D FEDC6532453745367FD83474357495743757435D S + S: OK +@end example + +The first item on a line is the hexified fingerprint where MD5 +fingerprints are @code{00} padded to the left and the second item is a +flag to indicate the type of key (so that gpg is able to only take care +of PGP keys). P = OpenPGP, S = S/MIME. A client should ignore the rest +of the line, so that we can extend the format in the future. + +Finally a client should be able to mark a key as trusted: + +@example + MARKTRUSTED @var{fingerprint} "P"|"S" +@end example + +The server will then pop up a window to ask the user whether she +really trusts this key. For this it will probably ask for a text to +be displayed like this: + +@example + S: INQUIRE TRUSTDESC + C: D Do you trust the key with the fingerprint @@FPR@@ + C: D bla fasel blurb. + C: END + S: OK +@end example + +Known sequences with the pattern @@foo@@ are replaced according to this +table: + +@table @code +@item @@FPR16@@ +Format the fingerprint according to gpg rules for a v3 keys. +@item @@FPR20@@ +Format the fingerprint according to gpg rules for a v4 keys. +@item @@FPR@@ +Choose an appropriate format to format the fingerprint. +@item @@@@ +Replaced by a single @code{@@} +@end table + +@node Agent GET_PASSPHRASE +@subsection Ask for a passphrase + +This function is usually used to ask for a passphrase to be used for +conventional encryption, but may also be used by programs which need +special handling of passphrases. This command uses a syntax which helps +clients to use the agent with minimum effort. + +@example + GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]] [--qualitybar] @var{cache_id} [@var{error_message} @var{prompt} @var{description}] +@end example + +@var{cache_id} is expected to be a string used to identify a cached +passphrase. Use a @code{X} to bypass the cache. With no other +arguments the agent returns a cached passphrase or an error. By +convention either the hexified fingerprint of the key shall be used for +@var{cache_id} or an arbitrary string prefixed with the name of the +calling application and a colon: Like @code{gpg:somestring}. + +@var{error_message} is either a single @code{X} for no error message or +a string to be shown as an error message like (e.g. "invalid +passphrase"). Blanks must be percent escaped or replaced by @code{+}'. + +@var{prompt} is either a single @code{X} for a default prompt or the +text to be shown as the prompt. Blanks must be percent escaped or +replaced by @code{+}. + +@var{description} is a text shown above the entry field. Blanks must be +percent escaped or replaced by @code{+}. + +The agent either returns with an error or with a OK followed by the hex +encoded passphrase. Note that the length of the strings is implicitly +limited by the maximum length of a command. If the option +@option{--data} is used, the passphrase is not returned on the OK line +but by regular data lines; this is the preferred method. + +If the option @option{--check} is used, the standard passphrase +constraints checks are applied. A check is not done if the passphrase +has been found in the cache. + +If the option @option{--no-ask} is used and the passphrase is not in the +cache the user will not be asked to enter a passphrase but the error +code @code{GPG_ERR_NO_DATA} is returned. + +If the option @option{--qualitybar} is used and a minimum passphrase +length has been configured, a visual indication of the entered +passphrase quality is shown. + +@example + CLEAR_PASSPHRASE @var{cache_id} +@end example + +may be used to invalidate the cache entry for a passphrase. The +function returns with OK even when there is no cached passphrase. + + +@node Agent GET_CONFIRMATION +@subsection Ask for confirmation + +This command may be used to ask for a simple confirmation by +presenting a text and 2 buttons: Okay and Cancel. + +@example + GET_CONFIRMATION @var{description} +@end example + +@var{description}is displayed along with a Okay and Cancel +button. Blanks must be percent escaped or replaced by @code{+}. A +@code{X} may be used to display confirmation dialog with a default +text. + +The agent either returns with an error or with a OK. Note, that the +length of @var{description} is implicitly limited by the maximum +length of a command. + + + +@node Agent HAVEKEY +@subsection Check whether a key is available + +This can be used to see whether a secret key is available. It does +not return any information on whether the key is somehow protected. + +@example + HAVEKEY @var{keygrips} +@end example + +The agent answers either with OK or @code{No_Secret_Key} (208). The +caller may want to check for other error codes as well. More than one +keygrip may be given. In this case the command returns success if at +least one of the keygrips corresponds to an available secret key. + + +@node Agent LEARN +@subsection Register a smartcard + +@example + LEARN [--send] +@end example + +This command is used to register a smartcard. With the --send +option given the certificates are send back. + + +@node Agent PASSWD +@subsection Change a Passphrase + +@example + PASSWD @var{keygrip} +@end example + +This command is used to interactively change the passphrase of the key +identified by the hex string @var{keygrip}. + + +@node Agent UPDATESTARTUPTTY +@subsection Change the standard display + +@example + UPDATESTARTUPTTY +@end example + +Set the startup TTY and X-DISPLAY variables to the values of this +session. This command is useful to direct future pinentry invocations +to another screen. It is only required because there is no way in the +ssh-agent protocol to convey this information. + + +@node Agent GETEVENTCOUNTER +@subsection Get the Event Counters + +@example + GETEVENTCOUNTER +@end example + +This function return one status line with the current values of the +event counters. The event counters are useful to avoid polling by +delaying a poll until something has changed. The values are decimal +numbers in the range @code{0} to @code{UINT_MAX} and wrapping around to +0. The actual values should not be relied upon; they shall only be used +to detect a change. + +The currently defined counters are are: +@table @code +@item ANY +Incremented with any change of any of the other counters. +@item KEY +Incremented for added or removed private keys. +@item CARD +Incremented for changes of the card readers stati. +@end table + +@node Agent GETINFO +@subsection Return information about the process + +This is a multipurpose function to return a variety of information. + +@example +GETINFO @var{what} +@end example + +The value of @var{what} specifies the kind of information returned: +@table @code +@item version +Return the version of the program. +@item pid +Return the process id of the process. +@item socket_name +Return the name of the socket used to connect the agent. +@item ssh_socket_name +Return the name of the socket used for SSH connections. If SSH support +has not been enabled the error @code{GPG_ERR_NO_DATA} will be returned. +@end table + +@node Agent OPTION +@subsection Set options for the session + +Here is a list of session options which are not yet described with +other commands. The general syntax for an Assuan option is: + +@smallexample +OPTION @var{key}=@var{value} +@end smallexample + +@noindent +Supported @var{key}s are: + +@table @code +@item agent-awareness +This may be used to tell gpg-agent of which gpg-agent version the +client is aware of. gpg-agent uses this information to enable +features which might break older clients. + +@item putenv +Change the session's environment to be used for the +Pinentry. Valid values are: + + @table @code + @item @var{name} + Delete envvar @var{name} + @item @var{name}= + Set envvar @var{name} to the empty string + @item @var{name}=@var{value} + Set envvar @var{name} to the string @var{value}. + @end table + +@item use-cache-for-signing +See Assuan command @code{PKSIGN}. + +@item allow-pinentry-notify +This does not need any value. It is used to enable the +PINENTRY_LAUNCHED inquiry. + +@ifset gpgtwoone +@item pinentry-mode +This option is used to change the operation mode of the pinentry. The +following values are defined: + + @table @code + @item ask + This is the default mode which pops up a pinentry as needed. + + @item cancel + Instead of popping up a pinentry, return the error code + @code{GPG_ERR_CANCELED}. + + @item error + Instead of popping up a pinentry, return the error code + @code{GPG_ERR_NO_PIN_ENTRY}. + + @item loopback + Use a loopback pinentry. This fakes a pinentry by using inquiries + back to the caller to ask for a passphrase. This option may only be + set if the agent has been configured for that. + Use the @xref{option --allow-loopback-pinentry}. + + @end table +@end ifset + +@ifset gpgtwoone +@item cache-ttl-opt-preset +This option sets the cache TTL for new entries created by GENKEY and +PASSWD commands when using the @option{--preset} option. It it is not +used a default value is used. +@end ifset + +@ifset gpgtwoone +@item s2k-count +Instead of using the standard S2K count (which is computed on the +fly), the given S2K count is used for new keys or when changing the +passphrase of a key. Values below 65536 are considered to be 0. This +option is valid for the entire session or until reset to 0. This +option is useful if the key is later used on boxes which are either +much slower or faster than the actual box. +@end ifset + +@end table + + +@mansect see also +@ifset isman +@command{gpg2}(1), +@command{gpgsm}(1), +@command{gpg-connect-agent}(1), +@command{scdaemon}(1) +@end ifset +@include see-also-note.texi diff --git a/doc/gpg.texi b/doc/gpg.texi new file mode 100644 index 0000000..420326b --- /dev/null +++ b/doc/gpg.texi @@ -0,0 +1,3394 @@ +@c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, +@c 2008, 2009, 2010 Free Software Foundation, Inc. +@c This is part of the GnuPG manual. +@c For copying conditions, see the file gnupg.texi. + +@c Note that we use this texinfo file for all versions of GnuPG: 1.4.x, +@c 2.0 and 2.1. The macro "gpgone" controls parts which are only valid +@c for GnuPG 1.4, the macro "gpgtwoone" controls parts which are only +@c valid for GnupG 2.1 and later. + +@node Invoking GPG +@chapter Invoking GPG +@cindex GPG command options +@cindex command options +@cindex options, GPG command + +@c Begin GnuPG 1.x specific stuff +@ifset gpgone +@macro gpgname +gpg +@end macro +@manpage gpg.1 +@ifset manverb +.B gpg +\- OpenPGP encryption and signing tool +@end ifset + +@mansect synopsis +@ifset manverb +.B gpg +.RB [ \-\-homedir +.IR dir ] +.RB [ \-\-options +.IR file ] +.RI [ options ] +.I command +.RI [ args ] +@end ifset +@end ifset +@c End GnuPG 1.x specific stuff + +@c Begin GnuPG 2 specific stuff +@ifclear gpgone +@macro gpgname +gpg2 +@end macro +@manpage gpg2.1 +@ifset manverb +.B gpg2 +\- OpenPGP encryption and signing tool +@end ifset + +@mansect synopsis +@ifset manverb +.B gpg2 +.RB [ \-\-homedir +.IR dir ] +.RB [ \-\-options +.IR file ] +.RI [ options ] +.I command +.RI [ args ] +@end ifset +@end ifclear +@c Begin GnuPG 2 specific stuff + +@mansect description +@command{@gpgname} is the OpenPGP part of the GNU Privacy Guard (GnuPG). It +is a tool to provide digital encryption and signing services using the +OpenPGP standard. @command{@gpgname} features complete key management and +all bells and whistles you can expect from a decent OpenPGP +implementation. + +@ifset gpgone +This is the standalone version of @command{gpg}. For desktop use you +should consider using @command{gpg2} @footnote{On some platforms gpg2 is +installed under the name @command{gpg}}. +@end ifset + +@ifclear gpgone +In contrast to the standalone version @command{gpg}, which is more +suited for server and embedded platforms, this version is commonly +installed under the name @command{gpg2} and more targeted to the desktop +as it requires several other modules to be installed. The standalone +version will be kept maintained and it is possible to install both +versions on the same system. If you need to use different configuration +files, you should make use of something like @file{gpg.conf-2} instead +of just @file{gpg.conf}. +@end ifclear + +@manpause +@ifclear gpgone +Documentation for the old standard @command{gpg} is available as a man +page and at @inforef{Top,GnuPG 1,gpg}. +@end ifclear + +@xref{Option Index}, for an index to @command{@gpgname}'s commands and options. +@mancont + +@menu +* GPG Commands:: List of all commands. +* GPG Options:: List of all options. +* GPG Configuration:: Configuration files. +* GPG Examples:: Some usage examples. + +Developer information: +* Unattended Usage of GPG:: Using @command{gpg} from other programs. +@end menu + +@c * GPG Protocol:: The protocol the server mode uses. + + +@c ******************************************* +@c *************** **************** +@c *************** COMMANDS **************** +@c *************** **************** +@c ******************************************* +@mansect commands +@node GPG Commands +@section Commands + +Commands are not distinguished from options except for the fact that +only one command is allowed. + +@command{@gpgname} may be run with no commands, in which case it will +perform a reasonable action depending on the type of file it is given +as input (an encrypted message is decrypted, a signature is verified, +a file containing keys is listed). + +Please remember that option as well as command parsing stops as soon as +a non-option is encountered, you can explicitly stop parsing by +using the special option @option{--}. + + +@menu +* General GPG Commands:: Commands not specific to the functionality. +* Operational GPG Commands:: Commands to select the type of operation. +* OpenPGP Key Management:: How to manage your keys. +@end menu + + +@c ******************************************* +@c ********** GENERAL COMMANDS ************* +@c ******************************************* +@node General GPG Commands +@subsection Commands not specific to the function + +@table @gnupgtabopt +@item --version +@opindex version +Print the program version and licensing information. Note that you +cannot abbreviate this command. + +@item --help +@itemx -h +@opindex help +Print a usage message summarizing the most useful command line options. +Note that you cannot abbreviate this command. + +@item --warranty +@opindex warranty +Print warranty information. + +@item --dump-options +@opindex dump-options +Print a list of all available options and commands. Note that you cannot +abbreviate this command. +@end table + + +@c ******************************************* +@c ******** OPERATIONAL COMMANDS *********** +@c ******************************************* +@node Operational GPG Commands +@subsection Commands to select the type of operation + + +@table @gnupgtabopt + +@item --sign +@itemx -s +@opindex sign +Make a signature. This command may be combined with @option{--encrypt} +(for a signed and encrypted message), @option{--symmetric} (for a +signed and symmetrically encrypted message), or @option{--encrypt} and +@option{--symmetric} together (for a signed message that may be +decrypted via a secret key or a passphrase). The key to be used for +signing is chosen by default or can be set with the +@option{--local-user} and @option{--default-key} options. + +@item --clearsign +@opindex clearsign +Make a clear text signature. The content in a clear text signature is +readable without any special software. OpenPGP software is only needed +to verify the signature. Clear text signatures may modify end-of-line +whitespace for platform independence and are not intended to be +reversible. The key to be used for signing is chosen by default or +can be set with the @option{--local-user} and @option{--default-key} +options. + + +@item --detach-sign +@itemx -b +@opindex detach-sign +Make a detached signature. + +@item --encrypt +@itemx -e +@opindex encrypt +Encrypt data. This option may be combined with @option{--sign} (for a +signed and encrypted message), @option{--symmetric} (for a message that +may be decrypted via a secret key or a passphrase), or @option{--sign} +and @option{--symmetric} together (for a signed message that may be +decrypted via a secret key or a passphrase). + +@item --symmetric +@itemx -c +@opindex symmetric +Encrypt with a symmetric cipher using a passphrase. The default +symmetric cipher used is CAST5, but may be chosen with the +@option{--cipher-algo} option. This option may be combined with +@option{--sign} (for a signed and symmetrically encrypted message), +@option{--encrypt} (for a message that may be decrypted via a secret key +or a passphrase), or @option{--sign} and @option{--encrypt} together +(for a signed message that may be decrypted via a secret key or a +passphrase). + +@item --store +@opindex store +Store only (make a simple RFC1991 literal data packet). + +@item --decrypt +@itemx -d +@opindex decrypt +Decrypt the file given on the command line (or STDIN if no file +is specified) and write it to STDOUT (or the file specified with +@option{--output}). If the decrypted file is signed, the signature is also +verified. This command differs from the default operation, as it never +writes to the filename which is included in the file and it rejects +files which don't begin with an encrypted message. + +@item --verify +@opindex verify +Assume that the first argument is a signed file or a detached signature +and verify it without generating any output. With no arguments, the +signature packet is read from STDIN. If only a sigfile is given, it may +be a complete signature or a detached signature, in which case the +signed stuff is expected in a file without the ".sig" or ".asc" +extension. With more than 1 argument, the first should be a detached +signature and the remaining files are the signed stuff. To read the +signed stuff from STDIN, use @samp{-} as the second filename. For +security reasons a detached signature cannot read the signed material +from STDIN without denoting it in the above way. + +@item --multifile +@opindex multifile +This modifies certain other commands to accept multiple files for +processing on the command line or read from STDIN with each filename on +a separate line. This allows for many files to be processed at +once. @option{--multifile} may currently be used along with +@option{--verify}, @option{--encrypt}, and @option{--decrypt}. Note that +@option{--multifile --verify} may not be used with detached signatures. + +@item --verify-files +@opindex verify-files +Identical to @option{--multifile --verify}. + +@item --encrypt-files +@opindex encrypt-files +Identical to @option{--multifile --encrypt}. + +@item --decrypt-files +@opindex decrypt-files +Identical to @option{--multifile --decrypt}. + +@item --list-keys +@itemx -k +@itemx --list-public-keys +@opindex list-keys +List all keys from the public keyrings, or just the keys given on the +command line. +@ifset gpgone +@option{-k} is slightly different from @option{--list-keys} in that it +allows only for one argument and takes the second argument as the +keyring to search. This is for command line compatibility with PGP 2 +and has been removed in @command{gpg2}. +@end ifset + +Avoid using the output of this command in scripts or other programs as +it is likely to change as GnuPG changes. See @option{--with-colons} for a +machine-parseable key listing command that is appropriate for use in +scripts and other programs. + +@item --list-secret-keys +@itemx -K +@opindex list-secret-keys +List all keys from the secret keyrings, or just the ones given on the +command line. A @code{#} after the letters @code{sec} means that the +secret key is not usable (for example, if it was created via +@option{--export-secret-subkeys}). + +@item --list-sigs +@opindex list-sigs +Same as @option{--list-keys}, but the signatures are listed too. +@ifclear gpgone +This command has the same effect as +using @option{--list-keys} with @option{--with-sig-list}. +@end ifclear + +For each signature listed, there are several flags in between the "sig" +tag and keyid. These flags give additional information about each +signature. From left to right, they are the numbers 1-3 for certificate +check level (see @option{--ask-cert-level}), "L" for a local or +non-exportable signature (see @option{--lsign-key}), "R" for a +nonRevocable signature (see the @option{--edit-key} command "nrsign"), +"P" for a signature that contains a policy URL (see +@option{--cert-policy-url}), "N" for a signature that contains a +notation (see @option{--cert-notation}), "X" for an eXpired signature +(see @option{--ask-cert-expire}), and the numbers 1-9 or "T" for 10 and +above to indicate trust signature levels (see the @option{--edit-key} +command "tsign"). + +@item --check-sigs +@opindex check-sigs +Same as @option{--list-sigs}, but the signatures are verified. Note +that for performance reasons the revocation status of a signing key is +not shown. +@ifclear gpgone +This command has the same effect as +using @option{--list-keys} with @option{--with-sig-check}. +@end ifclear + +The status of the verification is indicated by a flag directly following +the "sig" tag (and thus before the flags described above for +@option{--list-sigs}). A "!" indicates that the signature has been +successfully verified, a "-" denotes a bad signature and a "%" is used +if an error occurred while checking the signature (e.g. a non supported +algorithm). + +@ifclear gpgone +@item --locate-keys +@opindex locate-keys +Locate the keys given as arguments. This command basically uses the +same algorithm as used when locating keys for encryption or signing and +may thus be used to see what keys @command{@gpgname} might use. In +particular external methods as defined by @option{--auto-key-locate} may +be used to locate a key. Only public keys are listed. +@end ifclear + + +@item --fingerprint +@opindex fingerprint +List all keys (or the specified ones) along with their +fingerprints. This is the same output as @option{--list-keys} but with +the additional output of a line with the fingerprint. May also be +combined with @option{--list-sigs} or @option{--check-sigs}. If this +command is given twice, the fingerprints of all secondary keys are +listed too. + +@item --list-packets +@opindex list-packets +List only the sequence of packets. This is mainly +useful for debugging. + + +@item --card-edit +@opindex card-edit +Present a menu to work with a smartcard. The subcommand "help" provides +an overview on available commands. For a detailed description, please +see the Card HOWTO at +http://www.gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO . + +@item --card-status +@opindex card-status +Show the content of the smart card. + +@item --change-pin +@opindex change-pin +Present a menu to allow changing the PIN of a smartcard. This +functionality is also available as the subcommand "passwd" with the +@option{--card-edit} command. + +@item --delete-key @code{name} +@opindex delete-key +Remove key from the public keyring. In batch mode either @option{--yes} is +required or the key must be specified by fingerprint. This is a +safeguard against accidental deletion of multiple keys. + +@item --delete-secret-key @code{name} +@opindex delete-secret-key +Remove key from the secret and public keyring. In batch mode the key +must be specified by fingerprint. + +@item --delete-secret-and-public-key @code{name} +@opindex delete-secret-and-public-key +Same as @option{--delete-key}, but if a secret key exists, it will be +removed first. In batch mode the key must be specified by fingerprint. + +@item --export +@opindex export +Either export all keys from all keyrings (default keyrings and those +registered via option @option{--keyring}), or if at least one name is given, +those of the given name. The new keyring is written to STDOUT or to the +file given with option @option{--output}. Use together with +@option{--armor} to mail those keys. + +@item --send-keys @code{key IDs} +@opindex send-keys +Similar to @option{--export} but sends the keys to a keyserver. +Fingerprints may be used instead of key IDs. Option @option{--keyserver} +must be used to give the name of this keyserver. Don't send your +complete keyring to a keyserver --- select only those keys which are new +or changed by you. If no key IDs are given, @command{gpg} does nothing. + +@item --export-secret-keys +@itemx --export-secret-subkeys +@opindex export-secret-keys +@opindex export-secret-subkeys +Same as @option{--export}, but exports the secret keys instead. This is +normally not very useful and a security risk. The second form of the +command has the special property to render the secret part of the +primary key useless; this is a GNU extension to OpenPGP and other +implementations can not be expected to successfully import such a key. +@ifclear gpgtwoone +See the option @option{--simple-sk-checksum} if you want to import such +an exported key with an older OpenPGP implementation. +@end ifclear + +@item --import +@itemx --fast-import +@opindex import +Import/merge keys. This adds the given keys to the +keyring. The fast version is currently just a synonym. + +There are a few other options which control how this command works. +Most notable here is the @option{--import-options merge-only} option +which does not insert new keys but does only the merging of new +signatures, user-IDs and subkeys. + +@item --recv-keys @code{key IDs} +@opindex recv-keys +Import the keys with the given key IDs from a keyserver. Option +@option{--keyserver} must be used to give the name of this keyserver. + +@item --refresh-keys +@opindex refresh-keys +Request updates from a keyserver for keys that already exist on the +local keyring. This is useful for updating a key with the latest +signatures, user IDs, etc. Calling this with no arguments will refresh +the entire keyring. Option @option{--keyserver} must be used to give the +name of the keyserver for all keys that do not have preferred keyservers +set (see @option{--keyserver-options honor-keyserver-url}). + +@item --search-keys @code{names} +@opindex search-keys +Search the keyserver for the given names. Multiple names given here will +be joined together to create the search string for the keyserver. +Option @option{--keyserver} must be used to give the name of this +keyserver. Keyservers that support different search methods allow using +the syntax specified in "How to specify a user ID" below. Note that +different keyserver types support different search methods. Currently +only LDAP supports them all. + +@item --fetch-keys @code{URIs} +@opindex fetch-keys +Retrieve keys located at the specified URIs. Note that different +installations of GnuPG may support different protocols (HTTP, FTP, +LDAP, etc.) + +@item --update-trustdb +@opindex update-trustdb +Do trust database maintenance. This command iterates over all keys and +builds the Web of Trust. This is an interactive command because it may +have to ask for the "ownertrust" values for keys. The user has to give +an estimation of how far she trusts the owner of the displayed key to +correctly certify (sign) other keys. GnuPG only asks for the ownertrust +value if it has not yet been assigned to a key. Using the +@option{--edit-key} menu, the assigned value can be changed at any time. + +@item --check-trustdb +@opindex check-trustdb +Do trust database maintenance without user interaction. From time to +time the trust database must be updated so that expired keys or +signatures and the resulting changes in the Web of Trust can be +tracked. Normally, GnuPG will calculate when this is required and do it +automatically unless @option{--no-auto-check-trustdb} is set. This +command can be used to force a trust database check at any time. The +processing is identical to that of @option{--update-trustdb} but it +skips keys with a not yet defined "ownertrust". + +For use with cron jobs, this command can be used together with +@option{--batch} in which case the trust database check is done only if +a check is needed. To force a run even in batch mode add the option +@option{--yes}. + +@anchor{option --export-ownertrust} +@item --export-ownertrust +@opindex export-ownertrust +Send the ownertrust values to STDOUT. This is useful for backup purposes +as these values are the only ones which can't be re-created from a +corrupted trustdb. Example: +@c man:.RS +@example + @gpgname{} --export-ownertrust > otrust.txt +@end example +@c man:.RE + + +@item --import-ownertrust +@opindex import-ownertrust +Update the trustdb with the ownertrust values stored in @code{files} (or +STDIN if not given); existing values will be overwritten. In case of a +severely damaged trustdb and if you have a recent backup of the +ownertrust values (e.g. in the file @file{otrust.txt}, you may re-create +the trustdb using these commands: +@c man:.RS +@example + cd ~/.gnupg + rm trustdb.gpg + @gpgname{} --import-ownertrust < otrust.txt +@end example +@c man:.RE + + +@item --rebuild-keydb-caches +@opindex rebuild-keydb-caches +When updating from version 1.0.6 to 1.0.7 this command should be used +to create signature caches in the keyring. It might be handy in other +situations too. + +@item --print-md @code{algo} +@itemx --print-mds +@opindex print-md +Print message digest of algorithm ALGO for all given files or STDIN. +With the second form (or a deprecated "*" as algo) digests for all +available algorithms are printed. + +@item --gen-random @code{0|1|2} @code{count} +@opindex gen-random +Emit @var{count} random bytes of the given quality level 0, 1 or 2. If +@var{count} is not given or zero, an endless sequence of random bytes +will be emitted. If used with @option{--armor} the output will be +base64 encoded. PLEASE, don't use this command unless you know what +you are doing; it may remove precious entropy from the system! + +@item --gen-prime @code{mode} @code{bits} +@opindex gen-prime +Use the source, Luke :-). The output format is still subject to change. + + +@item --enarmor +@item --dearmor +@opindex enarmor +@opindex dearmor +Pack or unpack an arbitrary input into/from an OpenPGP ASCII armor. +This is a GnuPG extension to OpenPGP and in general not very useful. + +@end table + + +@c ******************************************* +@c ******* KEY MANGEMENT COMMANDS ********** +@c ******************************************* +@node OpenPGP Key Management +@subsection How to manage your keys + +This section explains the main commands for key management + +@table @gnupgtabopt + +@item --gen-key +@opindex gen-key +Generate a new key pair. This command is normally only used +interactively. + +There is an experimental feature which allows you to create keys in +batch mode. See the file @file{doc/DETAILS} in the source distribution +on how to use this. + +@item --gen-revoke @code{name} +@opindex gen-revoke +Generate a revocation certificate for the complete key. To revoke +a subkey or a signature, use the @option{--edit} command. + +@item --desig-revoke @code{name} +@opindex desig-revoke +Generate a designated revocation certificate for a key. This allows a +user (with the permission of the keyholder) to revoke someone else's +key. + + +@item --edit-key +@opindex edit-key +Present a menu which enables you to do most of the key management +related tasks. It expects the specification of a key on the command +line. + +@c ******** Begin Edit-key Options ********** +@table @asis + + @item uid @code{n} + @opindex keyedit:uid + Toggle selection of user ID or photographic user ID with index @code{n}. + Use @code{*} to select all and @code{0} to deselect all. + + @item key @code{n} + @opindex keyedit:key + Toggle selection of subkey with index @code{n}. + Use @code{*} to select all and @code{0} to deselect all. + + @item sign + @opindex keyedit:sign + Make a signature on key of user @code{name} If the key is not yet + signed by the default user (or the users given with -u), the program + displays the information of the key again, together with its + fingerprint and asks whether it should be signed. This question is + repeated for all users specified with + -u. + + @item lsign + @opindex keyedit:lsign + Same as "sign" but the signature is marked as non-exportable and will + therefore never be used by others. This may be used to make keys + valid only in the local environment. + + @item nrsign + @opindex keyedit:nrsign + Same as "sign" but the signature is marked as non-revocable and can + therefore never be revoked. + + @item tsign + @opindex keyedit:tsign + Make a trust signature. This is a signature that combines the notions + of certification (like a regular signature), and trust (like the + "trust" command). It is generally only useful in distinct communities + or groups. +@end table + +@c man:.RS +Note that "l" (for local / non-exportable), "nr" (for non-revocable, +and "t" (for trust) may be freely mixed and prefixed to "sign" to +create a signature of any type desired. +@c man:.RE + +@table @asis + + @item delsig + @opindex keyedit:delsig + Delete a signature. Note that it is not possible to retract a signature, + once it has been send to the public (i.e. to a keyserver). In that case + you better use @code{revsig}. + + @item revsig + @opindex keyedit:revsig + Revoke a signature. For every signature which has been generated by + one of the secret keys, GnuPG asks whether a revocation certificate + should be generated. + + @item check + @opindex keyedit:check + Check the signatures on all selected user IDs. + + @item adduid + @opindex keyedit:adduid + Create an additional user ID. + + @item addphoto + @opindex keyedit:addphoto + Create a photographic user ID. This will prompt for a JPEG file that + will be embedded into the user ID. Note that a very large JPEG will make + for a very large key. Also note that some programs will display your + JPEG unchanged (GnuPG), and some programs will scale it to fit in a + dialog box (PGP). + + @item showphoto + @opindex keyedit:showphoto + Display the selected photographic user ID. + + @item deluid + @opindex keyedit:deluid + Delete a user ID or photographic user ID. Note that it is not + possible to retract a user id, once it has been send to the public + (i.e. to a keyserver). In that case you better use @code{revuid}. + + @item revuid + @opindex keyedit:revuid + Revoke a user ID or photographic user ID. + + @item primary + @opindex keyedit:primary + Flag the current user id as the primary one, removes the primary user + id flag from all other user ids and sets the timestamp of all affected + self-signatures one second ahead. Note that setting a photo user ID + as primary makes it primary over other photo user IDs, and setting a + regular user ID as primary makes it primary over other regular user + IDs. + + @item keyserver + @opindex keyedit:keyserver + Set a preferred keyserver for the specified user ID(s). This allows + other users to know where you prefer they get your key from. See + @option{--keyserver-options honor-keyserver-url} for more on how this + works. Setting a value of "none" removes an existing preferred + keyserver. + + @item notation + @opindex keyedit:notation + Set a name=value notation for the specified user ID(s). See + @option{--cert-notation} for more on how this works. Setting a value of + "none" removes all notations, setting a notation prefixed with a minus + sign (-) removes that notation, and setting a notation name (without the + =value) prefixed with a minus sign removes all notations with that name. + + @item pref + @opindex keyedit:pref + List preferences from the selected user ID. This shows the actual + preferences, without including any implied preferences. + + @item showpref + @opindex keyedit:showpref + More verbose preferences listing for the selected user ID. This shows + the preferences in effect by including the implied preferences of 3DES + (cipher), SHA-1 (digest), and Uncompressed (compression) if they are + not already included in the preference list. In addition, the + preferred keyserver and signature notations (if any) are shown. + + @item setpref @code{string} + @opindex keyedit:setpref + Set the list of user ID preferences to @code{string} for all (or just + the selected) user IDs. Calling setpref with no arguments sets the + preference list to the default (either built-in or set via + @option{--default-preference-list}), and calling setpref with "none" + as the argument sets an empty preference list. Use @command{@gpgname + --version} to get a list of available algorithms. Note that while you + can change the preferences on an attribute user ID (aka "photo ID"), + GnuPG does not select keys via attribute user IDs so these preferences + will not be used by GnuPG. + + When setting preferences, you should list the algorithms in the order + which you'd like to see them used by someone else when encrypting a + message to your key. If you don't include 3DES, it will be + automatically added at the end. Note that there are many factors that + go into choosing an algorithm (for example, your key may not be the + only recipient), and so the remote OpenPGP application being used to + send to you may or may not follow your exact chosen order for a given + message. It will, however, only choose an algorithm that is present + on the preference list of every recipient key. See also the + INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS section below. + + @item addkey + @opindex keyedit:addkey + Add a subkey to this key. + + @item addcardkey + @opindex keyedit:addcardkey + Generate a subkey on a card and add it to this key. + + @item keytocard + @opindex keyedit:keytocard + Transfer the selected secret subkey (or the primary key if no subkey + has been selected) to a smartcard. The secret key in the keyring will + be replaced by a stub if the key could be stored successfully on the + card and you use the save command later. Only certain key types may be + transferred to the card. A sub menu allows you to select on what card + to store the key. Note that it is not possible to get that key back + from the card - if the card gets broken your secret key will be lost + unless you have a backup somewhere. + + @item bkuptocard @code{file} + @opindex keyedit:bkuptocard + Restore the given file to a card. This command may be used to restore a + backup key (as generated during card initialization) to a new card. In + almost all cases this will be the encryption key. You should use this + command only with the corresponding public key and make sure that the + file given as argument is indeed the backup to restore. You should then + select 2 to restore as encryption key. You will first be asked to enter + the passphrase of the backup key and then for the Admin PIN of the card. + + @item delkey + @opindex keyedit:delkey + Remove a subkey (secondart key). Note that it is not possible to retract + a subkey, once it has been send to the public (i.e. to a keyserver). In + that case you better use @code{revkey}. + + @item revkey + @opindex keyedit:revkey + Revoke a subkey. + + @item expire + @opindex keyedit:expire + Change the key or subkey expiration time. If a subkey is selected, the + expiration time of this subkey will be changed. With no selection, the + key expiration of the primary key is changed. + + @item trust + @opindex keyedit:trust + Change the owner trust value for the key. This updates the trust-db + immediately and no save is required. + + @item disable + @itemx enable + @opindex keyedit:disable + @opindex keyedit:enable + Disable or enable an entire key. A disabled key can not normally be + used for encryption. + + @item addrevoker + @opindex keyedit:addrevoker + Add a designated revoker to the key. This takes one optional argument: + "sensitive". If a designated revoker is marked as sensitive, it will + not be exported by default (see export-options). + + @item passwd + @opindex keyedit:passwd + Change the passphrase of the secret key. + + @item toggle + @opindex keyedit:toggle + Toggle between public and secret key listing. + + @item clean + @opindex keyedit:clean + Compact (by removing all signatures except the selfsig) any user ID + that is no longer usable (e.g. revoked, or expired). Then, remove any + signatures that are not usable by the trust calculations. + Specifically, this removes any signature that does not validate, any + signature that is superseded by a later signature, revoked signatures, + and signatures issued by keys that are not present on the keyring. + + @item minimize + @opindex keyedit:minimize + Make the key as small as possible. This removes all signatures from + each user ID except for the most recent self-signature. + + @item cross-certify + @opindex keyedit:cross-certify + Add cross-certification signatures to signing subkeys that may not + currently have them. Cross-certification signatures protect against a + subtle attack against signing subkeys. See + @option{--require-cross-certification}. All new keys generated have + this signature by default, so this option is only useful to bring + older keys up to date. + + @item save + @opindex keyedit:save + Save all changes to the key rings and quit. + + @item quit + @opindex keyedit:quit + Quit the program without updating the + key rings. +@end table + +@c man:.RS +The listing shows you the key with its secondary keys and all user +ids. The primary user id is indicated by a dot, and selected keys or +user ids are indicated by an asterisk. The trust +value is displayed with the primary key: the first is the assigned owner +trust and the second is the calculated trust value. Letters are used for +the values: +@c man:.RE + +@table @asis + + @item - + No ownertrust assigned / not yet calculated. + + @item e + Trust + calculation has failed; probably due to an expired key. + + @item q + Not enough information for calculation. + + @item n + Never trust this key. + + @item m + Marginally trusted. + + @item f + Fully trusted. + + @item u + Ultimately trusted. + +@end table +@c ******** End Edit-key Options ********** + +@item --sign-key @code{name} +@opindex sign-key +Signs a public key with your secret key. This is a shortcut version of +the subcommand "sign" from @option{--edit}. + +@item --lsign-key @code{name} +@opindex lsign-key +Signs a public key with your secret key but marks it as +non-exportable. This is a shortcut version of the subcommand "lsign" +from @option{--edit-key}. + +@ifclear gpgone +@item --passwd @var{user_id} +@opindex passwd +Change the passphrase of the secret key belonging to the certificate +specified as @var{user_id}. This is a shortcut for the sub-command +@code{passwd} of the edit key menu. +@end ifclear + +@end table + + +@c ******************************************* +@c *************** **************** +@c *************** OPTIONS **************** +@c *************** **************** +@c ******************************************* +@mansect options +@node GPG Options +@section Option Summary + +@command{@gpgname} features a bunch of options to control the exact +behaviour and to change the default configuration. + +@menu +* GPG Configuration Options:: How to change the configuration. +* GPG Key related Options:: Key related options. +* GPG Input and Output:: Input and Output. +* OpenPGP Options:: OpenPGP protocol specific options. +* GPG Esoteric Options:: Doing things one usually don't want to do. +@end menu + +Long options can be put in an options file (default +"~/.gnupg/gpg.conf"). Short option names will not work - for example, +"armor" is a valid option for the options file, while "a" is not. Do not +write the 2 dashes, but simply the name of the option and any required +arguments. Lines with a hash ('#') as the first non-white-space +character are ignored. Commands may be put in this file too, but that is +not generally useful as the command will execute automatically with +every execution of gpg. + +Please remember that option parsing stops as soon as a non-option is +encountered, you can explicitly stop parsing by using the special option +@option{--}. + +@c ******************************************* +@c ******** CONFIGURATION OPTIONS ********** +@c ******************************************* +@node GPG Configuration Options +@subsection How to change the configuration + +These options are used to change the configuration and are usually found +in the option file. + +@table @gnupgtabopt + +@item --default-key @var{name} +@opindex default-key +Use @var{name} as the default key to sign with. If this option is not +used, the default key is the first key found in the secret keyring. +Note that @option{-u} or @option{--local-user} overrides this option. + +@item --default-recipient @var{name} +@opindex default-recipient +Use @var{name} as default recipient if option @option{--recipient} is +not used and don't ask if this is a valid one. @var{name} must be +non-empty. + +@item --default-recipient-self +@opindex default-recipient-self +Use the default key as default recipient if option @option{--recipient} is not +used and don't ask if this is a valid one. The default key is the first +one from the secret keyring or the one set with @option{--default-key}. + +@item --no-default-recipient +@opindex no-default-recipient +Reset @option{--default-recipient} and @option{--default-recipient-self}. + +@item -v, --verbose +@opindex verbose +Give more information during processing. If used +twice, the input data is listed in detail. + +@item --no-verbose +@opindex no-verbose +Reset verbose level to 0. + +@item -q, --quiet +@opindex quiet +Try to be as quiet as possible. + +@item --batch +@itemx --no-batch +@opindex batch +@opindex no-batch +Use batch mode. Never ask, do not allow interactive commands. +@option{--no-batch} disables this option. Note that even with a +filename given on the command line, gpg might still need to read from +STDIN (in particular if gpg figures that the input is a +detached signature and no data file has been specified). Thus if you +do not want to feed data via STDIN, you should connect STDIN to +@file{/dev/null}. + +@item --no-tty +@opindex no-tty +Make sure that the TTY (terminal) is never used for any output. +This option is needed in some cases because GnuPG sometimes prints +warnings to the TTY even if @option{--batch} is used. + +@item --yes +@opindex yes +Assume "yes" on most questions. + +@item --no +@opindex no +Assume "no" on most questions. + + +@item --list-options @code{parameters} +@opindex list-options +This is a space or comma delimited string that gives options used when +listing keys and signatures (that is, @option{--list-keys}, +@option{--list-sigs}, @option{--list-public-keys}, +@option{--list-secret-keys}, and the @option{--edit-key} functions). +Options can be prepended with a @option{no-} (after the two dashes) to +give the opposite meaning. The options are: + +@table @asis + + @item show-photos + @opindex list-options:show-photos + Causes @option{--list-keys}, @option{--list-sigs}, + @option{--list-public-keys}, and @option{--list-secret-keys} to + display any photo IDs attached to the key. Defaults to no. See also + @option{--photo-viewer}. Does not work with @option{--with-colons}: + see @option{--attribute-fd} for the appropriate way to get photo data + for scripts and other frontends. + + @item show-policy-urls + @opindex list-options:show-policy-urls + Show policy URLs in the @option{--list-sigs} or @option{--check-sigs} + listings. Defaults to no. + + @item show-notations + @itemx show-std-notations + @itemx show-user-notations + @opindex list-options:show-notations + @opindex list-options:show-std-notations + @opindex list-options:show-user-notations + Show all, IETF standard, or user-defined signature notations in the + @option{--list-sigs} or @option{--check-sigs} listings. Defaults to no. + + @item show-keyserver-urls + @opindex list-options:show-keyserver-urls + Show any preferred keyserver URL in the @option{--list-sigs} or + @option{--check-sigs} listings. Defaults to no. + + @item show-uid-validity + @opindex list-options:show-uid-validity + Display the calculated validity of user IDs during key listings. + Defaults to no. + + @item show-unusable-uids + @opindex list-options:show-unusable-uids + Show revoked and expired user IDs in key listings. Defaults to no. + + @item show-unusable-subkeys + @opindex list-options:show-unusable-subkeys + Show revoked and expired subkeys in key listings. Defaults to no. + + @item show-keyring + @opindex list-options:show-keyring + Display the keyring name at the head of key listings to show which + keyring a given key resides on. Defaults to no. + + @item show-sig-expire + @opindex list-options:show-sig-expire + Show signature expiration dates (if any) during @option{--list-sigs} or + @option{--check-sigs} listings. Defaults to no. + + @item show-sig-subpackets + @opindex list-options:show-sig-subpackets + Include signature subpackets in the key listing. This option can take an + optional argument list of the subpackets to list. If no argument is + passed, list all subpackets. Defaults to no. This option is only + meaningful when using @option{--with-colons} along with + @option{--list-sigs} or @option{--check-sigs}. + +@end table + +@item --verify-options @code{parameters} +@opindex verify-options +This is a space or comma delimited string that gives options used when +verifying signatures. Options can be prepended with a `no-' to give +the opposite meaning. The options are: + +@table @asis + + @item show-photos + @opindex verify-options:show-photos + Display any photo IDs present on the key that issued the signature. + Defaults to no. See also @option{--photo-viewer}. + + @item show-policy-urls + @opindex verify-options:show-policy-urls + Show policy URLs in the signature being verified. Defaults to no. + + @item show-notations + @itemx show-std-notations + @itemx show-user-notations + @opindex verify-options:show-notations + @opindex verify-options:show-std-notations + @opindex verify-options:show-user-notations + Show all, IETF standard, or user-defined signature notations in the + signature being verified. Defaults to IETF standard. + + @item show-keyserver-urls + @opindex verify-options:show-keyserver-urls + Show any preferred keyserver URL in the signature being verified. + Defaults to no. + + @item show-uid-validity + @opindex verify-options:show-uid-validity + Display the calculated validity of the user IDs on the key that issued + the signature. Defaults to no. + + @item show-unusable-uids + @opindex verify-options:show-unusable-uids + Show revoked and expired user IDs during signature verification. + Defaults to no. + + @item show-primary-uid-only + @opindex verify-options:show-primary-uid-only + Show only the primary user ID during signature verification. That is + all the AKA lines as well as photo Ids are not shown with the signature + verification status. + + @item pka-lookups + @opindex verify-options:pka-lookups + Enable PKA lookups to verify sender addresses. Note that PKA is based + on DNS, and so enabling this option may disclose information on when + and what signatures are verified or to whom data is encrypted. This + is similar to the "web bug" described for the auto-key-retrieve + feature. + + @item pka-trust-increase + @opindex verify-options:pka-trust-increase + Raise the trust in a signature to full if the signature passes PKA + validation. This option is only meaningful if pka-lookups is set. +@end table + +@item --enable-dsa2 +@itemx --disable-dsa2 +@opindex enable-dsa2 +@opindex disable-dsa2 +Enable hash truncation for all DSA keys even for old DSA Keys up to +1024 bit. This is also the default with @option{--openpgp}. Note +that older versions of GnuPG also required this flag to allow the +generation of DSA larger than 1024 bit. + +@item --photo-viewer @code{string} +@opindex photo-viewer +This is the command line that should be run to view a photo ID. "%i" +will be expanded to a filename containing the photo. "%I" does the +same, except the file will not be deleted once the viewer exits. +Other flags are "%k" for the key ID, "%K" for the long key ID, "%f" +for the key fingerprint, "%t" for the extension of the image type +(e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"), +"%v" for the single-character calculated validity of the image being +viewed (e.g. "f"), "%V" for the calculated validity as a string (e.g. +"full"), +and "%%" for an actual percent sign. If neither %i or %I are present, +then the photo will be supplied to the viewer on standard input. + +The default viewer is "xloadimage -fork -quiet -title 'KeyID 0x%k' +STDIN". Note that if your image viewer program is not secure, then +executing it from GnuPG does not make it secure. + +@item --exec-path @code{string} +@opindex exec-path +Sets a list of directories to search for photo viewers and keyserver +helpers. If not provided, keyserver helpers use the compiled-in +default directory, and photo viewers use the $PATH environment +variable. +Note, that on W32 system this value is ignored when searching for +keyserver helpers. + +@item --keyring @code{file} +@opindex keyring +Add @code{file} to the current list of keyrings. If @code{file} begins +with a tilde and a slash, these are replaced by the $HOME directory. If +the filename does not contain a slash, it is assumed to be in the GnuPG +home directory ("~/.gnupg" if @option{--homedir} or $GNUPGHOME is not +used). + +Note that this adds a keyring to the current list. If the intent is to +use the specified keyring alone, use @option{--keyring} along with +@option{--no-default-keyring}. + +@item --secret-keyring @code{file} +@opindex secret-keyring +Same as @option{--keyring} but for the secret keyrings. + +@item --primary-keyring @code{file} +@opindex primary-keyring +Designate @code{file} as the primary public keyring. This means that +newly imported keys (via @option{--import} or keyserver +@option{--recv-from}) will go to this keyring. + +@item --trustdb-name @code{file} +@opindex trustdb-name +Use @code{file} instead of the default trustdb. If @code{file} begins +with a tilde and a slash, these are replaced by the $HOME directory. If +the filename does not contain a slash, it is assumed to be in the GnuPG +home directory (@file{~/.gnupg} if @option{--homedir} or $GNUPGHOME is +not used). + +@ifset gpgone +@anchor{option --homedir} +@end ifset +@include opt-homedir.texi + + +@ifset gpgone +@item --pcsc-driver @code{file} +@opindex pcsc-driver +Use @code{file} to access the smartcard reader. The current default is +`libpcsclite.so.1' for GLIBC based systems, +`/System/Library/Frameworks/PCSC.framework/PCSC' for MAC OS X, +`winscard.dll' for Windows and `libpcsclite.so' for other systems. +@end ifset + +@ifset gpgone +@item --disable-ccid +@opindex disable-ccid +Disable the integrated support for CCID compliant readers. This +allows to fall back to one of the other drivers even if the internal +CCID driver can handle the reader. Note, that CCID support is only +available if libusb was available at build time. +@end ifset + +@ifset gpgone +@item --reader-port @code{number_or_string} +@opindex reader-port +This option may be used to specify the port of the card terminal. A +value of 0 refers to the first serial device; add 32768 to access USB +devices. The default is 32768 (first USB device). PC/SC or CCID +readers might need a string here; run the program in verbose mode to get +a list of available readers. The default is then the first reader +found. +@end ifset + +@item --display-charset @code{name} +@opindex display-charset +Set the name of the native character set. This is used to convert +some informational strings like user IDs to the proper UTF-8 encoding. +Note that this has nothing to do with the character set of data to be +encrypted or signed; GnuPG does not recode user-supplied data. If +this option is not used, the default character set is determined from +the current locale. A verbosity level of 3 shows the chosen set. +Valid values for @code{name} are: + +@table @asis + + @item iso-8859-1 + @opindex display-charset:iso-8859-1 + This is the Latin 1 set. + + @item iso-8859-2 + @opindex display-charset:iso-8859-2 + The Latin 2 set. + + @item iso-8859-15 + @opindex display-charset:iso-8859-15 + This is currently an alias for + the Latin 1 set. + + @item koi8-r + @opindex display-charset:koi8-r + The usual Russian set (rfc1489). + + @item utf-8 + @opindex display-charset:utf-8 + Bypass all translations and assume + that the OS uses native UTF-8 encoding. +@end table + +@item --utf8-strings +@itemx --no-utf8-strings +@opindex utf8-strings +Assume that command line arguments are given as UTF8 strings. The +default (@option{--no-utf8-strings}) is to assume that arguments are +encoded in the character set as specified by +@option{--display-charset}. These options affect all following +arguments. Both options may be used multiple times. + +@ifset gpgone +@anchor{option --options} +@end ifset +@item --options @code{file} +@opindex options +Read options from @code{file} and do not try to read them from the +default options file in the homedir (see @option{--homedir}). This +option is ignored if used in an options file. + +@item --no-options +@opindex no-options +Shortcut for @option{--options /dev/null}. This option is detected +before an attempt to open an option file. Using this option will also +prevent the creation of a @file{~/.gnupg} homedir. + +@item -z @code{n} +@itemx --compress-level @code{n} +@itemx --bzip2-compress-level @code{n} +@opindex compress-level +@opindex bzip2-compress-level +Set compression level to @code{n} for the ZIP and ZLIB compression +algorithms. The default is to use the default compression level of zlib +(normally 6). @option{--bzip2-compress-level} sets the compression level +for the BZIP2 compression algorithm (defaulting to 6 as well). This is a +different option from @option{--compress-level} since BZIP2 uses a +significant amount of memory for each additional compression level. +@option{-z} sets both. A value of 0 for @code{n} disables compression. + +@item --bzip2-decompress-lowmem +@opindex bzip2-decompress-lowmem +Use a different decompression method for BZIP2 compressed files. This +alternate method uses a bit more than half the memory, but also runs +at half the speed. This is useful under extreme low memory +circumstances when the file was originally compressed at a high +@option{--bzip2-compress-level}. + + +@item --mangle-dos-filenames +@itemx --no-mangle-dos-filenames +@opindex mangle-dos-filenames +@opindex no-mangle-dos-filenames +Older version of Windows cannot handle filenames with more than one +dot. @option{--mangle-dos-filenames} causes GnuPG to replace (rather +than add to) the extension of an output filename to avoid this +problem. This option is off by default and has no effect on non-Windows +platforms. + +@item --ask-cert-level +@itemx --no-ask-cert-level +@opindex ask-cert-level +When making a key signature, prompt for a certification level. If this +option is not specified, the certification level used is set via +@option{--default-cert-level}. See @option{--default-cert-level} for +information on the specific levels and how they are +used. @option{--no-ask-cert-level} disables this option. This option +defaults to no. + +@item --default-cert-level @code{n} +@opindex default-cert-level +The default to use for the check level when signing a key. + +0 means you make no particular claim as to how carefully you verified +the key. + +1 means you believe the key is owned by the person who claims to own +it but you could not, or did not verify the key at all. This is +useful for a "persona" verification, where you sign the key of a +pseudonymous user. + +2 means you did casual verification of the key. For example, this +could mean that you verified the key fingerprint and checked the +user ID on the key against a photo ID. + +3 means you did extensive verification of the key. For example, this +could mean that you verified the key fingerprint with the owner of the +key in person, and that you checked, by means of a hard to forge +document with a photo ID (such as a passport) that the name of the key +owner matches the name in the user ID on the key, and finally that you +verified (by exchange of email) that the email address on the key +belongs to the key owner. + +Note that the examples given above for levels 2 and 3 are just that: +examples. In the end, it is up to you to decide just what "casual" +and "extensive" mean to you. + +This option defaults to 0 (no particular claim). + +@item --min-cert-level +@opindex min-cert-level +When building the trust database, treat any signatures with a +certification level below this as invalid. Defaults to 2, which +disregards level 1 signatures. Note that level 0 "no particular +claim" signatures are always accepted. + +@item --trusted-key @code{long key ID} +@opindex trusted-key +Assume that the specified key (which must be given +as a full 8 byte key ID) is as trustworthy as one of +your own secret keys. This option is useful if you +don't want to keep your secret keys (or one of them) +online but still want to be able to check the validity of a given +recipient's or signator's key. + +@item --trust-model @code{pgp|classic|direct|always|auto} +@opindex trust-model +Set what trust model GnuPG should follow. The models are: + +@table @asis + + @item pgp + @opindex trust-mode:pgp + This is the Web of Trust combined with trust signatures as used in PGP + 5.x and later. This is the default trust model when creating a new + trust database. + + @item classic + @opindex trust-mode:classic + This is the standard Web of Trust as used in PGP 2.x and earlier. + + @item direct + @opindex trust-mode:direct + Key validity is set directly by the user and not calculated via the + Web of Trust. + + @item always + @opindex trust-mode:always + Skip key validation and assume that used keys are always fully + trusted. You generally won't use this unless you are using some + external validation scheme. This option also suppresses the + "[uncertain]" tag printed with signature checks when there is no + evidence that the user ID is bound to the key. + + @item auto + @opindex trust-mode:auto + Select the trust model depending on whatever the internal trust + database says. This is the default model if such a database already + exists. +@end table + +@item --auto-key-locate @code{parameters} +@itemx --no-auto-key-locate +@opindex auto-key-locate +GnuPG can automatically locate and retrieve keys as needed using this +option. This happens when encrypting to an email address (in the +"user@@example.com" form), and there are no user@@example.com keys on +the local keyring. This option takes any number of the following +mechanisms, in the order they are to be tried: + +@table @asis + + @item cert + Locate a key using DNS CERT, as specified in rfc4398. + + @item pka + Locate a key using DNS PKA. + + @item ldap + Using DNS Service Discovery, check the domain in question for any LDAP + keyservers to use. If this fails, attempt to locate the key using the + PGP Universal method of checking @samp{ldap://keys.(thedomain)}. + + @item keyserver + Locate a key using whatever keyserver is defined using the + @option{--keyserver} option. + + @item keyserver-URL + In addition, a keyserver URL as used in the @option{--keyserver} option + may be used here to query that particular keyserver. + + @item local + Locate the key using the local keyrings. This mechanism allows to + select the order a local key lookup is done. Thus using + @samp{--auto-key-locate local} is identical to + @option{--no-auto-key-locate}. + + @item nodefault + This flag disables the standard local key lookup, done before any of the + mechanisms defined by the @option{--auto-key-locate} are tried. The + position of this mechanism in the list does not matter. It is not + required if @code{local} is also used. + +@end table + +@item --keyid-format @code{short|0xshort|long|0xlong} +@opindex keyid-format +Select how to display key IDs. "short" is the traditional 8-character +key ID. "long" is the more accurate (but less convenient) +16-character key ID. Add an "0x" to either to include an "0x" at the +beginning of the key ID, as in 0x99242560. Note that this option is +ignored if the option --with-colons is used. + +@item --keyserver @code{name} +@opindex keyserver +Use @code{name} as your keyserver. This is the server that +@option{--recv-keys}, @option{--send-keys}, and @option{--search-keys} +will communicate with to receive keys from, send keys to, and search for +keys on. The format of the @code{name} is a URI: +`scheme:[//]keyservername[:port]' The scheme is the type of keyserver: +"hkp" for the HTTP (or compatible) keyservers, "ldap" for the LDAP +keyservers, or "mailto" for the Graff email keyserver. Note that your +particular installation of GnuPG may have other keyserver types +available as well. Keyserver schemes are case-insensitive. After the +keyserver name, optional keyserver configuration options may be +provided. These are the same as the global @option{--keyserver-options} +from below, but apply only to this particular keyserver. + +Most keyservers synchronize with each other, so there is generally no +need to send keys to more than one server. The keyserver +@code{hkp://keys.gnupg.net} uses round robin DNS to give a different +keyserver each time you use it. + +@item --keyserver-options @code{name=value1 } +@opindex keyserver-options +This is a space or comma delimited string that gives options for the +keyserver. Options can be prefixed with a `no-' to give the opposite +meaning. Valid import-options or export-options may be used here as +well to apply to importing (@option{--recv-key}) or exporting +(@option{--send-key}) a key from a keyserver. While not all options +are available for all keyserver types, some common options are: + +@table @asis + + @item include-revoked + When searching for a key with @option{--search-keys}, include keys that + are marked on the keyserver as revoked. Note that not all keyservers + differentiate between revoked and unrevoked keys, and for such + keyservers this option is meaningless. Note also that most keyservers do + not have cryptographic verification of key revocations, and so turning + this option off may result in skipping keys that are incorrectly marked + as revoked. + + @item include-disabled + When searching for a key with @option{--search-keys}, include keys that + are marked on the keyserver as disabled. Note that this option is not + used with HKP keyservers. + + @item auto-key-retrieve + This option enables the automatic retrieving of keys from a keyserver + when verifying signatures made by keys that are not on the local + keyring. + + Note that this option makes a "web bug" like behavior possible. + Keyserver operators can see which keys you request, so by sending you + a message signed by a brand new key (which you naturally will not have + on your local keyring), the operator can tell both your IP address and + the time when you verified the signature. + + @item honor-keyserver-url + When using @option{--refresh-keys}, if the key in question has a preferred + keyserver URL, then use that preferred keyserver to refresh the key + from. In addition, if auto-key-retrieve is set, and the signature + being verified has a preferred keyserver URL, then use that preferred + keyserver to fetch the key from. Defaults to yes. + + @item honor-pka-record + If auto-key-retrieve is set, and the signature being verified has a + PKA record, then use the PKA information to fetch the key. Defaults + to yes. + + @item include-subkeys + When receiving a key, include subkeys as potential targets. Note that + this option is not used with HKP keyservers, as they do not support + retrieving keys by subkey id. + + @item use-temp-files + On most Unix-like platforms, GnuPG communicates with the keyserver + helper program via pipes, which is the most efficient method. This + option forces GnuPG to use temporary files to communicate. On some + platforms (such as Win32 and RISC OS), this option is always enabled. + + @item keep-temp-files + If using `use-temp-files', do not delete the temp files after using + them. This option is useful to learn the keyserver communication + protocol by reading the temporary files. + + @item verbose + Tell the keyserver helper program to be more verbose. This option can + be repeated multiple times to increase the verbosity level. + + @item timeout + Tell the keyserver helper program how long (in seconds) to try and + perform a keyserver action before giving up. Note that performing + multiple actions at the same time uses this timeout value per action. + For example, when retrieving multiple keys via @option{--recv-keys}, the + timeout applies separately to each key retrieval, and not to the + @option{--recv-keys} command as a whole. Defaults to 30 seconds. + + @item http-proxy=@code{value} + Set the proxy to use for HTTP and HKP keyservers. This overrides the + "http_proxy" environment variable, if any. + + +@ifclear gpgtwoone + @item max-cert-size + When retrieving a key via DNS CERT, only accept keys up to this size. + Defaults to 16384 bytes. +@end ifclear + + @item debug + Turn on debug output in the keyserver helper program. Note that the + details of debug output depends on which keyserver helper program is + being used, and in turn, on any libraries that the keyserver helper + program uses internally (libcurl, openldap, etc). + + @item check-cert + Enable certificate checking if the keyserver presents one (for hkps or + ldaps). Defaults to on. + + @item ca-cert-file + Provide a certificate store to override the system default. Only + necessary if check-cert is enabled, and the keyserver is using a + certificate that is not present in a system default certificate list. + + Note that depending on the SSL library that the keyserver helper is + built with, this may actually be a directory or a file. +@end table + +@item --completes-needed @code{n} +@opindex compliant-needed +Number of completely trusted users to introduce a new +key signer (defaults to 1). + +@item --marginals-needed @code{n} +@opindex marginals-needed +Number of marginally trusted users to introduce a new +key signer (defaults to 3) + +@item --max-cert-depth @code{n} +@opindex max-cert-depth +Maximum depth of a certification chain (default is 5). + +@ifclear gpgtwoone +@item --simple-sk-checksum +@opindex simple-sk-checksum +Secret keys are integrity protected by using a SHA-1 checksum. This +method is part of the upcoming enhanced OpenPGP specification but +GnuPG already uses it as a countermeasure against certain attacks. +Old applications don't understand this new format, so this option may +be used to switch back to the old behaviour. Using this option bears +a security risk. Note that using this option only takes effect when +the secret key is encrypted - the simplest way to make this happen is +to change the passphrase on the key (even changing it to the same +value is acceptable). +@end ifclear + +@item --no-sig-cache +@opindex no-sig-cache +Do not cache the verification status of key signatures. +Caching gives a much better performance in key listings. However, if +you suspect that your public keyring is not save against write +modifications, you can use this option to disable the caching. It +probably does not make sense to disable it because all kind of damage +can be done if someone else has write access to your public keyring. + +@item --no-sig-create-check +@opindex no-sig-create-check +GnuPG normally verifies each signature right after creation to protect +against bugs and hardware malfunctions which could leak out bits from +the secret key. This extra verification needs some time (about 115% +for DSA keys), and so this option can be used to disable it. +However, due to the fact that the signature creation needs manual +interaction, this performance penalty does not matter in most settings. + +@item --auto-check-trustdb +@itemx --no-auto-check-trustdb +@opindex auto-check-trustdb +If GnuPG feels that its information about the Web of Trust has to be +updated, it automatically runs the @option{--check-trustdb} command +internally. This may be a time consuming +process. @option{--no-auto-check-trustdb} disables this option. + +@item --use-agent +@itemx --no-use-agent +@opindex use-agent +@ifclear gpgone +This is dummy option. @command{@gpgname} always requires the agent. +@end ifclear +@ifset gpgone +Try to use the GnuPG-Agent. With this option, GnuPG first tries to +connect to the agent before it asks for a +passphrase. @option{--no-use-agent} disables this option. +@end ifset + +@item --gpg-agent-info +@opindex gpg-agent-info +@ifclear gpgone +This is dummy option. It has no effect when used with @command{gpg2}. +@end ifclear +@ifset gpgone +Override the value of the environment variable +@samp{GPG_AGENT_INFO}. This is only used when @option{--use-agent} has +been given. Given that this option is not anymore used by +@command{gpg2}, it should be avoided if possible. +@end ifset + +@item --lock-once +@opindex lock-once +Lock the databases the first time a lock is requested +and do not release the lock until the process +terminates. + +@item --lock-multiple +@opindex lock-multiple +Release the locks every time a lock is no longer +needed. Use this to override a previous @option{--lock-once} +from a config file. + +@item --lock-never +@opindex lock-never +Disable locking entirely. This option should be used only in very +special environments, where it can be assured that only one process +is accessing those files. A bootable floppy with a stand-alone +encryption system will probably use this. Improper usage of this +option may lead to data and key corruption. + +@item --exit-on-status-write-error +@opindex exit-on-status-write-error +This option will cause write errors on the status FD to immediately +terminate the process. That should in fact be the default but it never +worked this way and thus we need an option to enable this, so that the +change won't break applications which close their end of a status fd +connected pipe too early. Using this option along with +@option{--enable-progress-filter} may be used to cleanly cancel long +running gpg operations. + +@item --limit-card-insert-tries @code{n} +@opindex limit-card-insert-tries +With @code{n} greater than 0 the number of prompts asking to insert a +smartcard gets limited to N-1. Thus with a value of 1 gpg won't at +all ask to insert a card if none has been inserted at startup. This +option is useful in the configuration file in case an application does +not know about the smartcard support and waits ad infinitum for an +inserted card. + +@item --no-random-seed-file +@opindex no-random-seed-file +GnuPG uses a file to store its internal random pool over invocations. +This makes random generation faster; however sometimes write operations +are not desired. This option can be used to achieve that with the cost of +slower random generation. + +@item --no-greeting +@opindex no-greeting +Suppress the initial copyright message. + +@item --no-secmem-warning +@opindex no-secmem-warning +Suppress the warning about "using insecure memory". + +@item --no-permission-warning +@opindex permission-warning +Suppress the warning about unsafe file and home directory (@option{--homedir}) +permissions. Note that the permission checks that GnuPG performs are +not intended to be authoritative, but rather they simply warn about +certain common permission problems. Do not assume that the lack of a +warning means that your system is secure. + +Note that the warning for unsafe @option{--homedir} permissions cannot be +suppressed in the gpg.conf file, as this would allow an attacker to +place an unsafe gpg.conf file in place, and use this file to suppress +warnings about itself. The @option{--homedir} permissions warning may only be +suppressed on the command line. + +@item --no-mdc-warning +@opindex no-mdc-warning +Suppress the warning about missing MDC integrity protection. + +@item --require-secmem +@itemx --no-require-secmem +@opindex require-secmem +Refuse to run if GnuPG cannot get secure memory. Defaults to no +(i.e. run, but give a warning). + + +@item --require-cross-certification +@itemx --no-require-cross-certification +@opindex require-cross-certification +When verifying a signature made from a subkey, ensure that the cross +certification "back signature" on the subkey is present and valid. This +protects against a subtle attack against subkeys that can sign. +Defaults to @option{--require-cross-certification} for +@command{@gpgname}. + +@item --expert +@itemx --no-expert +@opindex expert +Allow the user to do certain nonsensical or "silly" things like +signing an expired or revoked key, or certain potentially incompatible +things like generating unusual key types. This also disables certain +warning messages about potentially incompatible actions. As the name +implies, this option is for experts only. If you don't fully +understand the implications of what it allows you to do, leave this +off. @option{--no-expert} disables this option. + +@end table + + +@c ******************************************* +@c ******** KEY RELATED OPTIONS ************ +@c ******************************************* +@node GPG Key related Options +@subsection Key related options + +@table @gnupgtabopt + +@item --recipient @var{name} +@itemx -r +@opindex recipient +Encrypt for user id @var{name}. If this option or +@option{--hidden-recipient} is not specified, GnuPG asks for the user-id +unless @option{--default-recipient} is given. + +@item --hidden-recipient @var{name} +@itemx -R +@opindex hidden-recipient +Encrypt for user ID @var{name}, but hide the key ID of this user's +key. This option helps to hide the receiver of the message and is a +limited countermeasure against traffic analysis. If this option or +@option{--recipient} is not specified, GnuPG asks for the user ID unless +@option{--default-recipient} is given. + +@item --encrypt-to @code{name} +@opindex encrypt-to +Same as @option{--recipient} but this one is intended for use in the +options file and may be used with your own user-id as an +"encrypt-to-self". These keys are only used when there are other +recipients given either by use of @option{--recipient} or by the asked +user id. No trust checking is performed for these user ids and even +disabled keys can be used. + +@item --hidden-encrypt-to @code{name} +@opindex hidden-encrypt-to +Same as @option{--hidden-recipient} but this one is intended for use in the +options file and may be used with your own user-id as a hidden +"encrypt-to-self". These keys are only used when there are other +recipients given either by use of @option{--recipient} or by the asked user id. +No trust checking is performed for these user ids and even disabled +keys can be used. + +@item --no-encrypt-to +@opindex no-encrypt-to +Disable the use of all @option{--encrypt-to} and +@option{--hidden-encrypt-to} keys. + +@item --group @code{name=value1 } +@opindex group +Sets up a named group, which is similar to aliases in email programs. +Any time the group name is a recipient (@option{-r} or +@option{--recipient}), it will be expanded to the values +specified. Multiple groups with the same name are automatically merged +into a single group. + +The values are @code{key IDs} or fingerprints, but any key description +is accepted. Note that a value with spaces in it will be treated as +two different values. Note also there is only one level of expansion +--- you cannot make an group that points to another group. When used +from the command line, it may be necessary to quote the argument to +this option to prevent the shell from treating it as multiple +arguments. + +@item --ungroup @code{name} +@opindex ungroup +Remove a given entry from the @option{--group} list. + +@item --no-groups +@opindex no-groups +Remove all entries from the @option{--group} list. + +@item --local-user @var{name} +@itemx -u +@opindex local-user +Use @var{name} as the key to sign with. Note that this option overrides +@option{--default-key}. + +@ifset gpgtwoone +@item --try-secret-key @var{name} +@opindex try-secret-key +For hidden recipients GPG needs to know the keys to use for trial +decryption. The key set with @option{--default-key} is always tried +first, but this is often not sufficient. This option allows to set more +keys to be used for trial decryption. Although any valid user-id +specification may be used for @var{name} it makes sense to use at least +the long keyid to avoid ambiguities. Note that gpg-agent might pop up a +pinentry for a lot keys to do the trial decryption. If you want to stop +all further trial decryption you may use close-window button instead of +the cancel button. +@end ifset + +@item --try-all-secrets +@opindex try-all-secrets +Don't look at the key ID as stored in the message but try all secret +keys in turn to find the right decryption key. This option forces the +behaviour as used by anonymous recipients (created by using +@option{--throw-keyids} or @option{--hidden-recipient}) and might come +handy in case where an encrypted message contains a bogus key ID. + +@item --skip-hidden-recipients +@itemx --no-skip-hidden-recipients +@opindex skip-hidden-recipients +@opindex no-skip-hidden-recipients +During decryption skip all anonymous recipients. This option helps in +the case that people use the hidden recipients feature to hide there +own encrypt-to key from others. If oneself has many secret keys this +may lead to a major annoyance because all keys are tried in turn to +decrypt soemthing which was not really intended for it. The drawback +of this option is that it is currently not possible to decrypt a +message which includes real anonymous recipients. + + +@end table + +@c ******************************************* +@c ******** INPUT AND OUTPUT *************** +@c ******************************************* +@node GPG Input and Output +@subsection Input and Output + +@table @gnupgtabopt + +@item --armor +@itemx -a +@opindex armor +Create ASCII armored output. The default is to create the binary +OpenPGP format. + +@item --no-armor +@opindex no-armor +Assume the input data is not in ASCII armored format. + +@item --output @var{file} +@itemx -o @var{file} +@opindex output +Write output to @var{file}. + +@item --max-output @code{n} +@opindex max-output +This option sets a limit on the number of bytes that will be generated +when processing a file. Since OpenPGP supports various levels of +compression, it is possible that the plaintext of a given message may be +significantly larger than the original OpenPGP message. While GnuPG +works properly with such messages, there is often a desire to set a +maximum file size that will be generated before processing is forced to +stop by the OS limits. Defaults to 0, which means "no limit". + +@item --import-options @code{parameters} +@opindex import-options +This is a space or comma delimited string that gives options for +importing keys. Options can be prepended with a `no-' to give the +opposite meaning. The options are: + +@table @asis + + @item import-local-sigs + Allow importing key signatures marked as "local". This is not + generally useful unless a shared keyring scheme is being used. + Defaults to no. + + @item repair-pks-subkey-bug + During import, attempt to repair the damage caused by the PKS keyserver + bug (pre version 0.9.6) that mangles keys with multiple subkeys. Note + that this cannot completely repair the damaged key as some crucial data + is removed by the keyserver, but it does at least give you back one + subkey. Defaults to no for regular @option{--import} and to yes for + keyserver @option{--recv-keys}. + + @item merge-only + During import, allow key updates to existing keys, but do not allow + any new keys to be imported. Defaults to no. + + @item import-clean + After import, compact (remove all signatures except the + self-signature) any user IDs from the new key that are not usable. + Then, remove any signatures from the new key that are not usable. + This includes signatures that were issued by keys that are not present + on the keyring. This option is the same as running the @option{--edit-key} + command "clean" after import. Defaults to no. + + @item import-minimal + Import the smallest key possible. This removes all signatures except + the most recent self-signature on each user ID. This option is the + same as running the @option{--edit-key} command "minimize" after import. + Defaults to no. +@end table + +@item --export-options @code{parameters} +@opindex export-options +This is a space or comma delimited string that gives options for +exporting keys. Options can be prepended with a `no-' to give the +opposite meaning. The options are: + +@table @asis + + @item export-local-sigs + Allow exporting key signatures marked as "local". This is not + generally useful unless a shared keyring scheme is being used. + Defaults to no. + + @item export-attributes + Include attribute user IDs (photo IDs) while exporting. This is + useful to export keys if they are going to be used by an OpenPGP + program that does not accept attribute user IDs. Defaults to yes. + + @item export-sensitive-revkeys + Include designated revoker information that was marked as + "sensitive". Defaults to no. + + @c Since GnuPG 2.1 gpg-agent manages the secret key and thus the + @c export-reset-subkey-passwd hack is not anymore justified. Such use + @c cases need to be implemented using a specialized secret key export + @c tool. +@ifclear gpgtwoone + @item export-reset-subkey-passwd + When using the @option{--export-secret-subkeys} command, this option resets + the passphrases for all exported subkeys to empty. This is useful + when the exported subkey is to be used on an unattended machine where + a passphrase doesn't necessarily make sense. Defaults to no. +@end ifclear + + @item export-clean + Compact (remove all signatures from) user IDs on the key being + exported if the user IDs are not usable. Also, do not export any + signatures that are not usable. This includes signatures that were + issued by keys that are not present on the keyring. This option is + the same as running the @option{--edit-key} command "clean" before export + except that the local copy of the key is not modified. Defaults to + no. + + @item export-minimal + Export the smallest key possible. This removes all signatures except the + most recent self-signature on each user ID. This option is the same as + running the @option{--edit-key} command "minimize" before export except + that the local copy of the key is not modified. Defaults to no. +@end table + +@item --with-colons +@opindex with-colons +Print key listings delimited by colons. Note that the output will be +encoded in UTF-8 regardless of any @option{--display-charset} setting. This +format is useful when GnuPG is called from scripts and other programs +as it is easily machine parsed. The details of this format are +documented in the file @file{doc/DETAILS}, which is included in the GnuPG +source distribution. + +@item --fixed-list-mode +@opindex fixed-list-mode +Do not merge primary user ID and primary key in @option{--with-colon} +listing mode and print all timestamps as seconds since 1970-01-01. +@ifclear gpgone +Since GnuPG 2.0.10, this mode is always used and thus this option is +obsolete; it does not harm to use it though. +@end ifclear + +@item --with-fingerprint +@opindex with-fingerprint +Same as the command @option{--fingerprint} but changes only the format +of the output and may be used together with another command. + +@ifset gpgtwoone +@item --with-keygrip +@opindex with-keygrip +Include the keygrip in the key listings. +@end ifset + +@end table + +@c ******************************************* +@c ******** OPENPGP OPTIONS **************** +@c ******************************************* +@node OpenPGP Options +@subsection OpenPGP protocol specific options. + +@table @gnupgtabopt + +@item -t, --textmode +@itemx --no-textmode +@opindex textmode +Treat input files as text and store them in the OpenPGP canonical text +form with standard "CRLF" line endings. This also sets the necessary +flags to inform the recipient that the encrypted or signed data is text +and may need its line endings converted back to whatever the local +system uses. This option is useful when communicating between two +platforms that have different line ending conventions (UNIX-like to Mac, +Mac to Windows, etc). @option{--no-textmode} disables this option, and +is the default. + +@ifset gpgone +If @option{-t} (but not @option{--textmode}) is used together with +armoring and signing, this enables clearsigned messages. This kludge is +needed for command-line compatibility with command-line versions of PGP; +normally you would use @option{--sign} or @option{--clearsign} to select +the type of the signature. +@end ifset + +@item --force-v3-sigs +@itemx --no-force-v3-sigs +@opindex force-v3-sigs +OpenPGP states that an implementation should generate v4 signatures +but PGP versions 5 through 7 only recognize v4 signatures on key +material. This option forces v3 signatures for signatures on data. +Note that this option implies @option{--no-ask-sig-expire}, and unsets +@option{--sig-policy-url}, @option{--sig-notation}, and +@option{--sig-keyserver-url}, as these features cannot be used with v3 +signatures. @option{--no-force-v3-sigs} disables this option. +Defaults to no. + +@item --force-v4-certs +@itemx --no-force-v4-certs +@opindex force-v4-certs +Always use v4 key signatures even on v3 keys. This option also +changes the default hash algorithm for v3 RSA keys from MD5 to SHA-1. +@option{--no-force-v4-certs} disables this option. + +@item --force-mdc +@opindex force-mdc +Force the use of encryption with a modification detection code. This +is always used with the newer ciphers (those with a blocksize greater +than 64 bits), or if all of the recipient keys indicate MDC support in +their feature flags. + +@item --disable-mdc +@opindex disable-mdc +Disable the use of the modification detection code. Note that by +using this option, the encrypted message becomes vulnerable to a +message modification attack. + +@item --personal-cipher-preferences @code{string} +@opindex personal-cipher-preferences +Set the list of personal cipher preferences to @code{string}. Use +@command{@gpgname --version} to get a list of available algorithms, +and use @code{none} to set no preference at all. This allows the user +to safely override the algorithm chosen by the recipient key +preferences, as GPG will only select an algorithm that is usable by +all recipients. The most highly ranked cipher in this list is also +used for the @option{--symmetric} encryption command. + +@item --personal-digest-preferences @code{string} +@opindex personal-digest-preferences +Set the list of personal digest preferences to @code{string}. Use +@command{@gpgname --version} to get a list of available algorithms, +and use @code{none} to set no preference at all. This allows the user +to safely override the algorithm chosen by the recipient key +preferences, as GPG will only select an algorithm that is usable by +all recipients. The most highly ranked digest algorithm in this list +is also used when signing without encryption +(e.g. @option{--clearsign} or @option{--sign}). + +@item --personal-compress-preferences @code{string} +@opindex personal-compress-preferences +Set the list of personal compression preferences to @code{string}. +Use @command{@gpgname --version} to get a list of available +algorithms, and use @code{none} to set no preference at all. This +allows the user to safely override the algorithm chosen by the +recipient key preferences, as GPG will only select an algorithm that +is usable by all recipients. The most highly ranked compression +algorithm in this list is also used when there are no recipient keys +to consider (e.g. @option{--symmetric}). + +@item --s2k-cipher-algo @code{name} +@opindex s2k-cipher-algo +Use @code{name} as the cipher algorithm used to protect secret keys. +The default cipher is CAST5. This cipher is also used for +conventional encryption if @option{--personal-cipher-preferences} and +@option{--cipher-algo} is not given. + +@item --s2k-digest-algo @code{name} +@opindex s2k-digest-algo +Use @code{name} as the digest algorithm used to mangle the passphrases. +The default algorithm is SHA-1. + +@item --s2k-mode @code{n} +@opindex s2k-mode +Selects how passphrases are mangled. If @code{n} is 0 a plain +passphrase (which is not recommended) will be used, a 1 adds a salt to +the passphrase and a 3 (the default) iterates the whole process a +number of times (see --s2k-count). Unless @option{--rfc1991} is used, +this mode is also used for conventional encryption. + +@item --s2k-count @code{n} +@opindex s2k-count +Specify how many times the passphrase mangling is repeated. This +value may range between 1024 and 65011712 inclusive. The default is +inquired from gpg-agent. Note that not all values in the +1024-65011712 range are legal and if an illegal value is selected, +GnuPG will round up to the nearest legal value. This option is only +meaningful if @option{--s2k-mode} is 3. + + +@end table + +@c *************************** +@c ******* Compliance ******** +@c *************************** +@subsection Compliance options + +These options control what GnuPG is compliant to. Only one of these +options may be active at a time. Note that the default setting of +this is nearly always the correct one. See the INTEROPERABILITY WITH +OTHER OPENPGP PROGRAMS section below before using one of these +options. + +@table @gnupgtabopt + +@item --gnupg +@opindex gnupg +Use standard GnuPG behavior. This is essentially OpenPGP behavior +(see @option{--openpgp}), but with some additional workarounds for common +compatibility problems in different versions of PGP. This is the +default option, so it is not generally needed, but it may be useful to +override a different compliance option in the gpg.conf file. + +@item --openpgp +@opindex openpgp +Reset all packet, cipher and digest options to strict OpenPGP +behavior. Use this option to reset all previous options like +@option{--s2k-*}, @option{--cipher-algo}, @option{--digest-algo} and +@option{--compress-algo} to OpenPGP compliant values. All PGP +workarounds are disabled. + +@item --rfc4880 +@opindex rfc4880 +Reset all packet, cipher and digest options to strict RFC-4880 +behavior. Note that this is currently the same thing as +@option{--openpgp}. + +@item --rfc2440 +@opindex rfc2440 +Reset all packet, cipher and digest options to strict RFC-2440 +behavior. + +@item --rfc1991 +@opindex rfc1991 +Try to be more RFC-1991 (PGP 2.x) compliant. + +@item --pgp2 +@opindex pgp2 +Set up all options to be as PGP 2.x compliant as possible, and warn if +an action is taken (e.g. encrypting to a non-RSA key) that will create +a message that PGP 2.x will not be able to handle. Note that `PGP +2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x +available, but the MIT release is a good common baseline. + +This option implies @option{--rfc1991 --disable-mdc +--no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo +IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables +@option{--textmode} when encrypting. + +@item --pgp6 +@opindex pgp6 +Set up all options to be as PGP 6 compliant as possible. This +restricts you to the ciphers IDEA (if the IDEA plugin is installed), +3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160, and the +compression algorithms none and ZIP. This also disables +--throw-keyids, and making signatures with signing subkeys as PGP 6 +does not understand signatures made by signing subkeys. + +This option implies @option{--disable-mdc --escape-from-lines +--force-v3-sigs}. + +@item --pgp7 +@opindex pgp7 +Set up all options to be as PGP 7 compliant as possible. This is +identical to @option{--pgp6} except that MDCs are not disabled, and the +list of allowable ciphers is expanded to add AES128, AES192, AES256, and +TWOFISH. + +@item --pgp8 +@opindex pgp8 +Set up all options to be as PGP 8 compliant as possible. PGP 8 is a lot +closer to the OpenPGP standard than previous versions of PGP, so all +this does is disable @option{--throw-keyids} and set +@option{--escape-from-lines}. All algorithms are allowed except for the +SHA224, SHA384, and SHA512 digests. + +@end table + + +@c ******************************************* +@c ******** ESOTERIC OPTIONS *************** +@c ******************************************* +@node GPG Esoteric Options +@subsection Doing things one usually doesn't want to do. + +@table @gnupgtabopt + +@item -n +@itemx --dry-run +@opindex dry-run +Don't make any changes (this is not completely implemented). + +@item --list-only +@opindex list-only +Changes the behaviour of some commands. This is like @option{--dry-run} but +different in some cases. The semantic of this command may be extended in +the future. Currently it only skips the actual decryption pass and +therefore enables a fast listing of the encryption keys. + +@item -i +@itemx --interactive +@opindex interactive +Prompt before overwriting any files. + +@item --debug-level @var{level} +@opindex debug-level +Select the debug level for investigating problems. @var{level} may be +a numeric value or by a keyword: + +@table @code + @item none + No debugging at all. A value of less than 1 may be used instead of + the keyword. + @item basic + Some basic debug messages. A value between 1 and 2 may be used + instead of the keyword. + @item advanced + More verbose debug messages. A value between 3 and 5 may be used + instead of the keyword. + @item expert + Even more detailed messages. A value between 6 and 8 may be used + instead of the keyword. + @item guru + All of the debug messages you can get. A value greater than 8 may be + used instead of the keyword. The creation of hash tracing files is + only enabled if the keyword is used. +@end table + +How these messages are mapped to the actual debugging flags is not +specified and may change with newer releases of this program. They are +however carefully selected to best aid in debugging. + +@item --debug @var{flags} +@opindex debug +Set debugging flags. All flags are or-ed and @var{flags} may +be given in C syntax (e.g. 0x0042). + +@item --debug-all +@opindex debug-all +Set all useful debugging flags. + +@ifset gpgone +@item --debug-ccid-driver +@opindex debug-ccid-driver +Enable debug output from the included CCID driver for smartcards. +Note that this option is only available on some system. +@end ifset + +@item --faked-system-time @var{epoch} +@opindex faked-system-time +This option is only useful for testing; it sets the system time back or +forth to @var{epoch} which is the number of seconds elapsed since the year +1970. Alternatively @var{epoch} may be given as a full ISO time string +(e.g. "20070924T154812"). + +@item --enable-progress-filter +@opindex enable-progress-filter +Enable certain PROGRESS status outputs. This option allows frontends +to display a progress indicator while gpg is processing larger files. +There is a slight performance overhead using it. + +@item --status-fd @code{n} +@opindex status-fd +Write special status strings to the file descriptor @code{n}. +See the file DETAILS in the documentation for a listing of them. + +@item --status-file @code{file} +@opindex status-file +Same as @option{--status-fd}, except the status data is written to file +@code{file}. + +@item --logger-fd @code{n} +@opindex logger-fd +Write log output to file descriptor @code{n} and not to STDERR. + +@item --log-file @code{file} +@itemx --logger-file @code{file} +@opindex log-file +Same as @option{--logger-fd}, except the logger data is written to file +@code{file}. Note that @option{--log-file} is only implemented for +GnuPG-2. + +@item --attribute-fd @code{n} +@opindex attribute-fd +Write attribute subpackets to the file descriptor @code{n}. This is most +useful for use with @option{--status-fd}, since the status messages are +needed to separate out the various subpackets from the stream delivered +to the file descriptor. + +@item --attribute-file @code{file} +@opindex attribute-file +Same as @option{--attribute-fd}, except the attribute data is written to +file @code{file}. + +@item --comment @code{string} +@itemx --no-comments +@opindex comment +Use @code{string} as a comment string in clear text signatures and ASCII +armored messages or keys (see @option{--armor}). The default behavior is +not to use a comment string. @option{--comment} may be repeated multiple +times to get multiple comment strings. @option{--no-comments} removes +all comments. It is a good idea to keep the length of a single comment +below 60 characters to avoid problems with mail programs wrapping such +lines. Note that comment lines, like all other header lines, are not +protected by the signature. + +@item --emit-version +@itemx --no-emit-version +@opindex emit-version +Force inclusion of the version string in ASCII armored output. +@option{--no-emit-version} disables this option. + +@item --sig-notation @code{name=value} +@itemx --cert-notation @code{name=value} +@itemx -N, --set-notation @code{name=value} +@opindex sig-notation +@opindex cert-notation +@opindex set-notation +Put the name value pair into the signature as notation data. +@code{name} must consist only of printable characters or spaces, and +must contain a '@@' character in the form keyname@@domain.example.com +(substituting the appropriate keyname and domain name, of course). This +is to help prevent pollution of the IETF reserved notation +namespace. The @option{--expert} flag overrides the '@@' +check. @code{value} may be any printable string; it will be encoded in +UTF8, so you should check that your @option{--display-charset} is set +correctly. If you prefix @code{name} with an exclamation mark (!), the +notation data will be flagged as critical +(rfc2440:5.2.3.15). @option{--sig-notation} sets a notation for data +signatures. @option{--cert-notation} sets a notation for key signatures +(certifications). @option{--set-notation} sets both. + +There are special codes that may be used in notation names. "%k" will +be expanded into the key ID of the key being signed, "%K" into the +long key ID of the key being signed, "%f" into the fingerprint of the +key being signed, "%s" into the key ID of the key making the +signature, "%S" into the long key ID of the key making the signature, +"%g" into the fingerprint of the key making the signature (which might +be a subkey), "%p" into the fingerprint of the primary key of the key +making the signature, "%c" into the signature count from the OpenPGP +smartcard, and "%%" results in a single "%". %k, %K, and %f are only +meaningful when making a key signature (certification), and %c is only +meaningful when using the OpenPGP smartcard. + +@item --sig-policy-url @code{string} +@itemx --cert-policy-url @code{string} +@itemx --set-policy-url @code{string} +@opindex sig-policy-url +@opindex cert-policy-url +@opindex set-policy-url +Use @code{string} as a Policy URL for signatures (rfc2440:5.2.3.19). If +you prefix it with an exclamation mark (!), the policy URL packet will +be flagged as critical. @option{--sig-policy-url} sets a policy url for +data signatures. @option{--cert-policy-url} sets a policy url for key +signatures (certifications). @option{--set-policy-url} sets both. + +The same %-expandos used for notation data are available here as well. + +@item --sig-keyserver-url @code{string} +@opindex sig-keyserver-url +Use @code{string} as a preferred keyserver URL for data signatures. If +you prefix it with an exclamation mark (!), the keyserver URL packet +will be flagged as critical. + +The same %-expandos used for notation data are available here as well. + +@item --set-filename @code{string} +@opindex set-filename +Use @code{string} as the filename which is stored inside messages. +This overrides the default, which is to use the actual filename of the +file being encrypted. + +@item --for-your-eyes-only +@itemx --no-for-your-eyes-only +@opindex for-your-eyes-only +Set the `for your eyes only' flag in the message. This causes GnuPG to +refuse to save the file unless the @option{--output} option is given, +and PGP to use a "secure viewer" with a claimed Tempest-resistant font +to display the message. This option overrides @option{--set-filename}. +@option{--no-for-your-eyes-only} disables this option. + +@item --use-embedded-filename +@itemx --no-use-embedded-filename +@opindex use-embedded-filename +Try to create a file with a name as embedded in the data. This can be +a dangerous option as it allows to overwrite files. Defaults to no. + +@item --cipher-algo @code{name} +@opindex cipher-algo +Use @code{name} as cipher algorithm. Running the program with the +command @option{--version} yields a list of supported algorithms. If +this is not used the cipher algorithm is selected from the preferences +stored with the key. In general, you do not want to use this option as +it allows you to violate the OpenPGP standard. +@option{--personal-cipher-preferences} is the safe way to accomplish the +same thing. + +@item --digest-algo @code{name} +@opindex digest-algo +Use @code{name} as the message digest algorithm. Running the program +with the command @option{--version} yields a list of supported algorithms. In +general, you do not want to use this option as it allows you to +violate the OpenPGP standard. @option{--personal-digest-preferences} is the +safe way to accomplish the same thing. + +@item --compress-algo @code{name} +@opindex compress-algo +Use compression algorithm @code{name}. "zlib" is RFC-1950 ZLIB +compression. "zip" is RFC-1951 ZIP compression which is used by PGP. +"bzip2" is a more modern compression scheme that can compress some +things better than zip or zlib, but at the cost of more memory used +during compression and decompression. "uncompressed" or "none" +disables compression. If this option is not used, the default +behavior is to examine the recipient key preferences to see which +algorithms the recipient supports. If all else fails, ZIP is used for +maximum compatibility. + +ZLIB may give better compression results than ZIP, as the compression +window size is not limited to 8k. BZIP2 may give even better +compression results than that, but will use a significantly larger +amount of memory while compressing and decompressing. This may be +significant in low memory situations. Note, however, that PGP (all +versions) only supports ZIP compression. Using any algorithm other +than ZIP or "none" will make the message unreadable with PGP. In +general, you do not want to use this option as it allows you to +violate the OpenPGP standard. @option{--personal-compress-preferences} is the +safe way to accomplish the same thing. + +@item --cert-digest-algo @code{name} +@opindex cert-digest-algo +Use @code{name} as the message digest algorithm used when signing a +key. Running the program with the command @option{--version} yields a +list of supported algorithms. Be aware that if you choose an algorithm +that GnuPG supports but other OpenPGP implementations do not, then some +users will not be able to use the key signatures you make, or quite +possibly your entire key. + +@item --disable-cipher-algo @code{name} +@opindex disable-cipher-algo +Never allow the use of @code{name} as cipher algorithm. +The given name will not be checked so that a later loaded algorithm +will still get disabled. + +@item --disable-pubkey-algo @code{name} +@opindex disable-pubkey-algo +Never allow the use of @code{name} as public key algorithm. +The given name will not be checked so that a later loaded algorithm +will still get disabled. + +@item --throw-keyids +@itemx --no-throw-keyids +@opindex throw-keyids +Do not put the recipient key IDs into encrypted messages. This helps to +hide the receivers of the message and is a limited countermeasure +against traffic analysis.@footnote{Using a little social engineering +anyone who is able to decrypt the message can check whether one of the +other recipients is the one he suspects.} On the receiving side, it may +slow down the decryption process because all available secret keys must +be tried. @option{--no-throw-keyids} disables this option. This option +is essentially the same as using @option{--hidden-recipient} for all +recipients. + +@item --not-dash-escaped +@opindex not-dash-escaped +This option changes the behavior of cleartext signatures +so that they can be used for patch files. You should not +send such an armored file via email because all spaces +and line endings are hashed too. You can not use this +option for data which has 5 dashes at the beginning of a +line, patch files don't have this. A special armor header +line tells GnuPG about this cleartext signature option. + +@item --escape-from-lines +@itemx --no-escape-from-lines +@opindex escape-from-lines +Because some mailers change lines starting with "From " to ">From " it +is good to handle such lines in a special way when creating cleartext +signatures to prevent the mail system from breaking the signature. Note +that all other PGP versions do it this way too. Enabled by +default. @option{--no-escape-from-lines} disables this option. + +@item --passphrase-repeat @code{n} +@opindex passphrase-repeat +Specify how many times @command{@gpgname} will request a new +passphrase be repeated. This is useful for helping memorize a +passphrase. Defaults to 1 repetition. + +@item --passphrase-fd @code{n} +@opindex passphrase-fd +Read the passphrase from file descriptor @code{n}. Only the first line +will be read from file descriptor @code{n}. If you use 0 for @code{n}, +the passphrase will be read from STDIN. This can only be used if only +one passphrase is supplied. +@ifclear gpgone +Note that this passphrase is only used if the option @option{--batch} +has also been given. This is different from @command{gpg}. +@end ifclear + +@item --passphrase-file @code{file} +@opindex passphrase-file +Read the passphrase from file @code{file}. Only the first line will +be read from file @code{file}. This can only be used if only one +passphrase is supplied. Obviously, a passphrase stored in a file is +of questionable security if other users can read this file. Don't use +this option if you can avoid it. +@ifclear gpgone +Note that this passphrase is only used if the option @option{--batch} +has also been given. This is different from @command{gpg}. +@end ifclear + +@item --passphrase @code{string} +@opindex passphrase +Use @code{string} as the passphrase. This can only be used if only one +passphrase is supplied. Obviously, this is of very questionable +security on a multi-user system. Don't use this option if you can +avoid it. +@ifclear gpgone +Note that this passphrase is only used if the option @option{--batch} +has also been given. This is different from @command{gpg}. +@end ifclear + +@item --command-fd @code{n} +@opindex command-fd +This is a replacement for the deprecated shared-memory IPC mode. +If this option is enabled, user input on questions is not expected +from the TTY but from the given file descriptor. It should be used +together with @option{--status-fd}. See the file doc/DETAILS in the source +distribution for details on how to use it. + +@item --command-file @code{file} +@opindex command-file +Same as @option{--command-fd}, except the commands are read out of file +@code{file} + +@item --allow-non-selfsigned-uid +@itemx --no-allow-non-selfsigned-uid +@opindex allow-non-selfsigned-uid +Allow the import and use of keys with user IDs which are not +self-signed. This is not recommended, as a non self-signed user ID is +trivial to forge. @option{--no-allow-non-selfsigned-uid} disables. + +@item --allow-freeform-uid +@opindex allow-freeform-uid +Disable all checks on the form of the user ID while generating a new +one. This option should only be used in very special environments as +it does not ensure the de-facto standard format of user IDs. + +@item --ignore-time-conflict +@opindex ignore-time-conflict +GnuPG normally checks that the timestamps associated with keys and +signatures have plausible values. However, sometimes a signature +seems to be older than the key due to clock problems. This option +makes these checks just a warning. See also @option{--ignore-valid-from} for +timestamp issues on subkeys. + +@item --ignore-valid-from +@opindex ignore-valid-from +GnuPG normally does not select and use subkeys created in the future. +This option allows the use of such keys and thus exhibits the +pre-1.0.7 behaviour. You should not use this option unless there +is some clock problem. See also @option{--ignore-time-conflict} for timestamp +issues with signatures. + +@item --ignore-crc-error +@opindex ignore-crc-error +The ASCII armor used by OpenPGP is protected by a CRC checksum against +transmission errors. Occasionally the CRC gets mangled somewhere on +the transmission channel but the actual content (which is protected by +the OpenPGP protocol anyway) is still okay. This option allows GnuPG +to ignore CRC errors. + +@item --ignore-mdc-error +@opindex ignore-mdc-error +This option changes a MDC integrity protection failure into a warning. +This can be useful if a message is partially corrupt, but it is +necessary to get as much data as possible out of the corrupt message. +However, be aware that a MDC protection failure may also mean that the +message was tampered with intentionally by an attacker. + +@item --no-default-keyring +@opindex no-default-keyring +Do not add the default keyrings to the list of keyrings. Note that +GnuPG will not operate without any keyrings, so if you use this option +and do not provide alternate keyrings via @option{--keyring} or +@option{--secret-keyring}, then GnuPG will still use the default public or +secret keyrings. + +@item --skip-verify +@opindex skip-verify +Skip the signature verification step. This may be +used to make the decryption faster if the signature +verification is not needed. + +@item --with-key-data +@opindex with-key-data +Print key listings delimited by colons (like @option{--with-colons}) and +print the public key data. + +@item --fast-list-mode +@opindex fast-list-mode +Changes the output of the list commands to work faster; this is achieved +by leaving some parts empty. Some applications don't need the user ID +and the trust information given in the listings. By using this options +they can get a faster listing. The exact behaviour of this option may +change in future versions. If you are missing some information, don't +use this option. + +@item --no-literal +@opindex no-literal +This is not for normal use. Use the source to see for what it might be useful. + +@item --set-filesize +@opindex set-filesize +This is not for normal use. Use the source to see for what it might be useful. + +@item --show-session-key +@opindex show-session-key +Display the session key used for one message. See +@option{--override-session-key} for the counterpart of this option. + +We think that Key Escrow is a Bad Thing; however the user should have +the freedom to decide whether to go to prison or to reveal the content +of one specific message without compromising all messages ever +encrypted for one secret key. DON'T USE IT UNLESS YOU ARE REALLY +FORCED TO DO SO. + +@item --override-session-key @code{string} +@opindex override-session-key +Don't use the public key but the session key @code{string}. The format +of this string is the same as the one printed by +@option{--show-session-key}. This option is normally not used but comes +handy in case someone forces you to reveal the content of an encrypted +message; using this option you can do this without handing out the +secret key. + +@item --ask-sig-expire +@itemx --no-ask-sig-expire +@opindex ask-sig-expire +When making a data signature, prompt for an expiration time. If this +option is not specified, the expiration time set via +@option{--default-sig-expire} is used. @option{--no-ask-sig-expire} +disables this option. + +@item --default-sig-expire +@opindex default-sig-expire +The default expiration time to use for signature expiration. Valid +values are "0" for no expiration, a number followed by the letter d +(for days), w (for weeks), m (for months), or y (for years) (for +example "2m" for two months, or "5y" for five years), or an absolute +date in the form YYYY-MM-DD. Defaults to "0". + +@item --ask-cert-expire +@itemx --no-ask-cert-expire +@opindex ask-cert-expire +When making a key signature, prompt for an expiration time. If this +option is not specified, the expiration time set via +@option{--default-cert-expire} is used. @option{--no-ask-cert-expire} +disables this option. + +@item --default-cert-expire +@opindex default-cert-expire +The default expiration time to use for key signature expiration. +Valid values are "0" for no expiration, a number followed by the +letter d (for days), w (for weeks), m (for months), or y (for years) +(for example "2m" for two months, or "5y" for five years), or an +absolute date in the form YYYY-MM-DD. Defaults to "0". + +@item --allow-secret-key-import +@opindex allow-secret-key-import +This is an obsolete option and is not used anywhere. + +@item --allow-multiple-messages +@item --no-allow-multiple-messages +@opindex allow-multiple-messages +Allow processing of multiple OpenPGP messages contained in a single file +or stream. Some programs that call GPG are not prepared to deal with +multiple messages being processed together, so this option defaults to +no. Note that versions of GPG prior to 1.4.7 always allowed multiple +messages. + +Warning: Do not use this option unless you need it as a temporary +workaround! + + +@item --enable-special-filenames +@opindex enable-special-filenames +This options enables a mode in which filenames of the form +@file{-&n}, where n is a non-negative decimal number, +refer to the file descriptor n and not to a file with that name. + +@item --no-expensive-trust-checks +@opindex no-expensive-trust-checks +Experimental use only. + +@item --preserve-permissions +@opindex preserve-permissions +Don't change the permissions of a secret keyring back to user +read/write only. Use this option only if you really know what you are doing. + +@item --default-preference-list @code{string} +@opindex default-preference-list +Set the list of default preferences to @code{string}. This preference +list is used for new keys and becomes the default for "setpref" in the +edit menu. + +@item --default-keyserver-url @code{name} +@opindex default-keyserver-url +Set the default keyserver URL to @code{name}. This keyserver will be +used as the keyserver URL when writing a new self-signature on a key, +which includes key generation and changing preferences. + +@item --list-config +@opindex list-config +Display various internal configuration parameters of GnuPG. This option +is intended for external programs that call GnuPG to perform tasks, and +is thus not generally useful. See the file @file{doc/DETAILS} in the +source distribution for the details of which configuration items may be +listed. @option{--list-config} is only usable with +@option{--with-colons} set. + +@item --gpgconf-list +@opindex gpgconf-list +This command is similar to @option{--list-config} but in general only +internally used by the @command{gpgconf} tool. + +@item --gpgconf-test +@opindex gpgconf-test +This is more or less dummy action. However it parses the configuration +file and returns with failure if the configuration file would prevent +@command{gpg} from startup. Thus it may be used to run a syntax check +on the configuration file. + +@end table + +@c ******************************* +@c ******* Deprecated ************ +@c ******************************* +@subsection Deprecated options + +@table @gnupgtabopt + +@ifset gpgone +@item --load-extension @code{name} +@opindex load-extension +Load an extension module. If @code{name} does not contain a slash it is +searched for in the directory configured when GnuPG was built +(generally "/usr/local/lib/gnupg"). Extensions are not generally +useful anymore, and the use of this option is deprecated. +@end ifset + +@item --show-photos +@itemx --no-show-photos +@opindex show-photos +Causes @option{--list-keys}, @option{--list-sigs}, +@option{--list-public-keys}, @option{--list-secret-keys}, and verifying +a signature to also display the photo ID attached to the key, if +any. See also @option{--photo-viewer}. These options are deprecated. Use +@option{--list-options [no-]show-photos} and/or @option{--verify-options +[no-]show-photos} instead. + +@item --show-keyring +@opindex show-keyring +Display the keyring name at the head of key listings to show which +keyring a given key resides on. This option is deprecated: use +@option{--list-options [no-]show-keyring} instead. + +@ifset gpgone +@item --ctapi-driver @code{file} +@opindex ctapi-driver +Use @code{file} to access the smartcard reader. The current default +is `libtowitoko.so'. Note that the use of this interface is +deprecated; it may be removed in future releases. +@end ifset + +@item --always-trust +@opindex always-trust +Identical to @option{--trust-model always}. This option is deprecated. + +@item --show-notation +@itemx --no-show-notation +@opindex show-notation +Show signature notations in the @option{--list-sigs} or @option{--check-sigs} listings +as well as when verifying a signature with a notation in it. These +options are deprecated. Use @option{--list-options [no-]show-notation} +and/or @option{--verify-options [no-]show-notation} instead. + +@item --show-policy-url +@itemx --no-show-policy-url +@opindex show-policy-url +Show policy URLs in the @option{--list-sigs} or @option{--check-sigs} +listings as well as when verifying a signature with a policy URL in +it. These options are deprecated. Use @option{--list-options +[no-]show-policy-url} and/or @option{--verify-options +[no-]show-policy-url} instead. + + +@end table + + +@c ******************************************* +@c *************** **************** +@c *************** FILES **************** +@c *************** **************** +@c ******************************************* +@mansect files +@node GPG Configuration +@section Configuration files + +There are a few configuration files to control certain aspects of +@command{@gpgname}'s operation. Unless noted, they are expected in the +current home directory (@pxref{option --homedir}). + +@table @file + + @item gpg.conf + @cindex gpg.conf + This is the standard configuration file read by @command{@gpgname} on + startup. It may contain any valid long option; the leading two dashes + may not be entered and the option may not be abbreviated. This default + name may be changed on the command line (@pxref{option --options}). + You should backup this file. + +@end table + +@c man:.RE +Note that on larger installations, it is useful to put predefined files +into the directory @file{/etc/skel/.gnupg/} so that newly created users +start up with a working configuration. +@ifclear gpgone +For existing users the a small +helper script is provided to create these files (@pxref{addgnupghome}). +@end ifclear + +For internal purposes @command{@gpgname} creates and maintains a few other +files; They all live in in the current home directory (@pxref{option +--homedir}). Only the @command{@gpgname} may modify these files. + + +@table @file + @item ~/.gnupg/secring.gpg + The secret keyring. You should backup this file. + + @item ~/.gnupg/secring.gpg.lock + The lock file for the secret keyring. + + @item ~/.gnupg/pubring.gpg + The public keyring. You should backup this file. + + @item ~/.gnupg/pubring.gpg.lock + The lock file for the public keyring. + + @item ~/.gnupg/trustdb.gpg + The trust database. There is no need to backup this file; it is better + to backup the ownertrust values (@pxref{option --export-ownertrust}). + + @item ~/.gnupg/trustdb.gpg.lock + The lock file for the trust database. + + @item ~/.gnupg/random_seed + A file used to preserve the state of the internal random pool. + + @item /usr[/local]/share/gnupg/options.skel + The skeleton options file. + + @item /usr[/local]/lib/gnupg/ + Default location for extensions. + +@end table + +@c man:.RE +Operation is further controlled by a few environment variables: + +@table @asis + + @item HOME + Used to locate the default home directory. + + @item GNUPGHOME + If set directory used instead of "~/.gnupg". + + @item GPG_AGENT_INFO + Used to locate the gpg-agent. + @ifset gpgone + This is only honored when @option{--use-agent} is set. + @end ifset + The value consists of 3 colon delimited fields: The first is the path + to the Unix Domain Socket, the second the PID of the gpg-agent and the + protocol version which should be set to 1. When starting the gpg-agent + as described in its documentation, this variable is set to the correct + value. The option @option{--gpg-agent-info} can be used to override it. + + @item PINENTRY_USER_DATA + This value is passed via gpg-agent to pinentry. It is useful to convey + extra information to a custom pinentry. + + @item COLUMNS + @itemx LINES + Used to size some displays to the full size of the screen. + + + @item LANGUAGE + Apart from its use by GNU, it is used in the W32 version to override the + language selection done through the Registry. If used and set to a + valid and available language name (@var{langid}), the file with the + translation is loaded from + + @code{@var{gpgdir}/gnupg.nls/@var{langid}.mo}. Here @var{gpgdir} is the + directory out of which the gpg binary has been loaded. If it can't be + loaded the Registry is tried and as last resort the native Windows + locale system is used. + +@end table + + +@c ******************************************* +@c *************** **************** +@c *************** EXAMPLES **************** +@c *************** **************** +@c ******************************************* +@mansect examples +@node GPG Examples +@section Examples + +@table @asis + +@item gpg -se -r @code{Bob} @code{file} +sign and encrypt for user Bob + +@item gpg --clearsign @code{file} +make a clear text signature + +@item gpg -sb @code{file} +make a detached signature + +@item gpg -u 0x12345678 -sb @code{file} +make a detached signature with the key 0x12345678 + +@item gpg --list-keys @code{user_ID} +show keys + +@item gpg --fingerprint @code{user_ID} +show fingerprint + +@item gpg --verify @code{pgpfile} +@itemx gpg --verify @code{sigfile} +Verify the signature of the file but do not output the data. The +second form is used for detached signatures, where @code{sigfile} +is the detached signature (either ASCII armored or binary) and +are the signed data; if this is not given, the name of +the file holding the signed data is constructed by cutting off the +extension (".asc" or ".sig") of @code{sigfile} or by asking the +user for the filename. +@end table + + +@c ******************************************* +@c *************** **************** +@c *************** USER ID **************** +@c *************** **************** +@c ******************************************* +@mansect how to specify a user id +@ifset isman +@include specify-user-id.texi +@end ifset + +@mansect return value +@chapheading RETURN VALUE + +The program returns 0 if everything was fine, 1 if at least +a signature was bad, and other error codes for fatal errors. + +@mansect warnings +@chapheading WARNINGS + +Use a *good* password for your user account and a *good* passphrase +to protect your secret key. This passphrase is the weakest part of the +whole system. Programs to do dictionary attacks on your secret keyring +are very easy to write and so you should protect your "~/.gnupg/" +directory very well. + +Keep in mind that, if this program is used over a network (telnet), it +is *very* easy to spy out your passphrase! + +If you are going to verify detached signatures, make sure that the +program knows about it; either give both filenames on the command line +or use @samp{-} to specify STDIN. + +@mansect interoperability +@chapheading INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS + +GnuPG tries to be a very flexible implementation of the OpenPGP +standard. In particular, GnuPG implements many of the optional parts +of the standard, such as the SHA-512 hash, and the ZLIB and BZIP2 +compression algorithms. It is important to be aware that not all +OpenPGP programs implement these optional algorithms and that by +forcing their use via the @option{--cipher-algo}, +@option{--digest-algo}, @option{--cert-digest-algo}, or +@option{--compress-algo} options in GnuPG, it is possible to create a +perfectly valid OpenPGP message, but one that cannot be read by the +intended recipient. + +There are dozens of variations of OpenPGP programs available, and each +supports a slightly different subset of these optional algorithms. +For example, until recently, no (unhacked) version of PGP supported +the BLOWFISH cipher algorithm. A message using BLOWFISH simply could +not be read by a PGP user. By default, GnuPG uses the standard +OpenPGP preferences system that will always do the right thing and +create messages that are usable by all recipients, regardless of which +OpenPGP program they use. Only override this safe default if you +really know what you are doing. + +If you absolutely must override the safe default, or if the preferences +on a given key are invalid for some reason, you are far better off using +the @option{--pgp6}, @option{--pgp7}, or @option{--pgp8} options. These +options are safe as they do not force any particular algorithms in +violation of OpenPGP, but rather reduce the available algorithms to a +"PGP-safe" list. + +@mansect bugs +@chapheading BUGS + +On older systems this program should be installed as setuid(root). This +is necessary to lock memory pages. Locking memory pages prevents the +operating system from writing memory pages (which may contain +passphrases or other sensitive material) to disk. If you get no +warning message about insecure memory your operating system supports +locking without being root. The program drops root privileges as soon +as locked memory is allocated. + +Note also that some systems (especially laptops) have the ability to +``suspend to disk'' (also known as ``safe sleep'' or ``hibernate''). +This writes all memory to disk before going into a low power or even +powered off mode. Unless measures are taken in the operating system +to protect the saved memory, passphrases or other sensitive material +may be recoverable from it later. + +Before you report a bug you should first search the mailing list +archives for similar problems and second check whether such a bug has +already been reported to our bug tracker at http://bugs.gnupg.org . + +@c ******************************************* +@c *************** ************** +@c *************** UNATTENDED ************** +@c *************** ************** +@c ******************************************* +@manpause +@node Unattended Usage of GPG +@section Unattended Usage + +@command{gpg} is often used as a backend engine by other software. To help +with this a machine interface has been defined to have an unambiguous +way to do this. The options @option{--status-fd} and @option{--batch} +are almost always required for this. + +@menu +* Unattended GPG key generation:: Unattended key generation +@end menu + + +@node Unattended GPG key generation,,,Unattended Usage of GPG +@section Unattended key generation + +The command @option{--gen-key} may be used along with the option +@option{--batch} for unattended key generation. The parameters are +either read from stdin or given as a file on the command line. +The format of the parameter file is as follows: + +@itemize @bullet + @item Text only, line length is limited to about 1000 characters. + @item UTF-8 encoding must be used to specify non-ASCII characters. + @item Empty lines are ignored. + @item Leading and trailing while space is ignored. + @item A hash sign as the first non white space character indicates + a comment line. + @item Control statements are indicated by a leading percent sign, the + arguments are separated by white space from the keyword. + @item Parameters are specified by a keyword, followed by a colon. Arguments + are separated by white space. + @item + The first parameter must be @samp{Key-Type}; control statements may be + placed anywhere. + @item + The order of the parameters does not matter except for @samp{Key-Type} + which must be the first parameter. The parameters are only used for + the generated keyblock (primary and subkeys); parameters from previous + sets are not used. Some syntactically checks may be performed. + @item + Key generation takes place when either the end of the parameter file + is reached, the next @samp{Key-Type} parameter is encountered or at the + control statement @samp{%commit} is encountered. +@end itemize + +@noindent +Control statements: + +@table @asis + +@item %echo @var{text} +Print @var{text} as diagnostic. + +@item %dry-run +Suppress actual key generation (useful for syntax checking). + +@item %commit +Perform the key generation. Note that an implicit commit is done at +the next @asis{Key-Type} parameter. + +@item %pubring @var{filename} +@itemx %secring @var{filename} +Do not write the key to the default or commandline given keyring but +to @var{filename}. This must be given before the first commit to take +place, duplicate specification of the same filename is ignored, the +last filename before a commit is used. The filename is used until a +new filename is used (at commit points) and all keys are written to +that file. If a new filename is given, this file is created (and +overwrites an existing one). For GnuPG versions prior to 2.1, both +control statements must be given. For GnuPG 2.1 and later +@samp{%secring} is a no-op. + +@item %ask-passphrase +@itemx %no-ask-passphrase +Enable (or disable) a mode where the command @option{passphrase} is +ignored and instead the usual passphrase dialog is used. This does +not make sense for batch key generation; however the unattended key +generation feature is also used by GUIs and this feature relinquishes +the GUI from implementing its own passphrase entry code. These are +global control statements and affect all future key genrations. + +@item %no-protection +Since GnuPG version 2.1 it is not anymore possible to specify a +passphrase for unattended key generation. The passphrase command is +simply ignored and @samp{%ask-passpharse} is thus implicitly enabled. +Using this option allows the creation of keys without any passphrase +protection. This option is mainly intended for regression tests. + +@item %transient-key +If given the keys are created using a faster and a somewhat less +secure random number generator. This option may be used for keys +which are only used for a short time and do not require full +cryptographic strength. It takes only effect if used together with +the control statement @samp{%no-protection}. + +@end table + +@noindent +General Parameters: + +@table @asis + +@item Key-Type: @var{algo} +Starts a new parameter block by giving the type of the primary +key. The algorithm must be capable of signing. This is a required +parameter. @var{algo} may either be an OpenPGP algorithm number or a +string with the algorithm name. The special value @samp{default} may +be used for @var{algo} to create the default key type; in this case a +@samp{Key-Usage} shall not be given and @samp{default} also be used +for @samp{Subkey-Type}. + +@item Key-Length: @var{nbits} +The requested length of the generated key in bits. The default is +returned by running the command @samp{gpg2 --gpgconf-list}. + +@item Key-Grip: @var{hexstring} +This is optional and used to generate a CSR or certificate for an +already existing key. Key-Length will be ignored when given. + +@item Key-Usage: @var{usage-list} +Space or comma delimited list of key usages. Allowed values are +@samp{encrypt}, @samp{sign}, and @samp{auth}. This is used to +generate the key flags. Please make sure that the algorithm is +capable of this usage. Note that OpenPGP requires that all primary +keys are capable of certification, so no matter what usage is given +here, the @samp{cert} flag will be on. If no @samp{Key-Usage} is +specified and the @samp{Key-Type} is not @samp{default}, all allowed +usages for that particular algorithm are used; if it is not given but +@samp{default} is used the usage will be @samp{sign}. + +@item Subkey-Type: @var{algo} +This generates a secondary key (subkey). Currently only one subkey +can be handled. See also @samp{Key-Type} above. + +@item Subkey-Length: @var{nbits} +Length of the secondary key (subkey) in bits. The default is returned +by running the command @samp{gpg2 --gpgconf-list}". + +@item Subkey-Usage: @var{usage-list} +Key usage lists for a subkey; similar to @samp{Key-Usage}. + +@item Passphrase: @var{string} +If you want to specify a passphrase for the secret key, +enter it here. Default is not to use any passphrase. + +@item Name-Real: @var{name} +@itemx Name-Comment: @var{comment} +@itemx Name-Email: @var{email} +The three parts of a user name. Remember to use UTF-8 encoding here. +If you don't give any of them, no user ID is created. + +@item Expire-Date: @var{iso-date}|(@var{number}[d|w|m|y]) +Set the expiration date for the key (and the subkey). It may either +be entered in ISO date format (2000-08-15) or as number of days, +weeks, month or years. The special notation "seconds=N" is also +allowed to directly give an Epoch value. Without a letter days are +assumed. Note that there is no check done on the overflow of the type +used by OpenPGP for timestamps. Thus you better make sure that the +given value make sense. Although OpenPGP works with time intervals, +GnuPG uses an absolute value internally and thus the last year we can +represent is 2105. + +@item Ceation-Date: @var{iso-date} +Set the creation date of the key as stored in the key information and +which is also part of the fingerprint calculation. Either a date like +"1986-04-26" or a full timestamp like "19860426T042640" may be used. +The time is considered to be UTC. If it is not given the current time +is used. + +@item Preferences: @var{string} +Set the cipher, hash, and compression preference values for this key. +This expects the same type of string as the sub-command @samp{setpref} +in the @option{--edit-key} menu. + +@item Revoker: @var{algo}:@var{fpr} [sensitive] +Add a designated revoker to the generated key. Algo is the public key +algorithm of the designated revoker (i.e. RSA=1, DSA=17, etc.) +@var{fpr} is the fingerprint of the designated revoker. The optional +@samp{sensitive} flag marks the designated revoker as sensitive +information. Only v4 keys may be designated revokers. + +@item Keyserver: @var{string} +This is an optional parameter that specifies the preferred keyserver +URL for the key. + +@item Handle: @var{string} +This is an optional parameter only used with the status lines +KEY_CREATED and KEY_NOT_CREATED. @var{string} may be up to 100 +characters and should not contain spaces. It is useful for batch key +generation to associate a key parameter block with a status line. + +@end table + +@noindent +Here is an example on how to create a key: +@smallexample +$ cat >foo <<EOF + %echo Generating a basic OpenPGP key + Key-Type: DSA + Key-Length: 1024 + Subkey-Type: ELG-E + Subkey-Length: 1024 + Name-Real: Joe Tester + Name-Comment: with stupid passphrase + Name-Email: joe@@foo.bar + Expire-Date: 0 + Passphrase: abc + %pubring foo.pub + %secring foo.sec + # Do a commit here, so that we can later print "done" :-) + %commit + %echo done +EOF +$ gpg2 --batch --gen-key foo + [...] +$ gpg2 --no-default-keyring --secret-keyring ./foo.sec \ + --keyring ./foo.pub --list-secret-keys +/home/wk/work/gnupg-stable/scratch/foo.sec +------------------------------------------ +sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <joe@@foo.bar> +ssb 1024g/8F70E2C0 2000-03-09 +@end smallexample + + +@noindent +If you want to create a key with the default algorithms you would use +these parameters: +@smallexample + %echo Generating a default key + Key-Type: default + Subkey-Type: default + Name-Real: Joe Tester + Name-Comment: with stupid passphrase + Name-Email: joe@@foo.bar + Expire-Date: 0 + Passphrase: abc + %pubring foo.pub + %secring foo.sec + # Do a commit here, so that we can later print "done" :-) + %commit + %echo done +@end smallexample + + + + +@mansect see also +@ifset isman +@command{gpgv}(1), +@ifclear gpgone +@command{gpgsm}(1), +@command{gpg-agent}(1) +@end ifclear +@end ifset +@include see-also-note.texi diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi new file mode 100644 index 0000000..bdb0378 --- /dev/null +++ b/doc/gpgsm.texi @@ -0,0 +1,1458 @@ +@c Copyright (C) 2002 Free Software Foundation, Inc. +@c This is part of the GnuPG manual. +@c For copying conditions, see the file gnupg.texi. + +@node Invoking GPGSM +@chapter Invoking GPGSM +@cindex GPGSM command options +@cindex command options +@cindex options, GPGSM command + +@manpage gpgsm.1 +@ifset manverb +.B gpgsm +\- CMS encryption and signing tool +@end ifset + +@mansect synopsis +@ifset manverb +.B gpgsm +.RB [ \-\-homedir +.IR dir ] +.RB [ \-\-options +.IR file ] +.RI [ options ] +.I command +.RI [ args ] +@end ifset + + +@mansect description +@command{gpgsm} is a tool similar to @command{gpg} to provide digital +encryption and signing services on X.509 certificates and the CMS +protocol. It is mainly used as a backend for S/MIME mail processing. +@command{gpgsm} includes a full featured certificate management and +complies with all rules defined for the German Sphinx project. + +@manpause +@xref{Option Index}, for an index to @command{GPGSM}'s commands and options. +@mancont + +@menu +* GPGSM Commands:: List of all commands. +* GPGSM Options:: List of all options. +* GPGSM Configuration:: Configuration files. +* GPGSM Examples:: Some usage examples. + +Developer information: +* Unattended Usage:: Using @command{gpgsm} from other programs. +* GPGSM Protocol:: The protocol the server mode uses. +@end menu + +@c ******************************************* +@c *************** **************** +@c *************** COMMANDS **************** +@c *************** **************** +@c ******************************************* +@mansect commands +@node GPGSM Commands +@section Commands + +Commands are not distinguished from options except for the fact that +only one command is allowed. + +@menu +* General GPGSM Commands:: Commands not specific to the functionality. +* Operational GPGSM Commands:: Commands to select the type of operation. +* Certificate Management:: How to manage certificates. +@end menu + + +@c ******************************************* +@c ********** GENERAL COMMANDS ************* +@c ******************************************* +@node General GPGSM Commands +@subsection Commands not specific to the function + +@table @gnupgtabopt +@item --version +@opindex version +Print the program version and licensing information. Note that you +cannot abbreviate this command. + +@item --help, -h +@opindex help +Print a usage message summarizing the most useful command-line options. +Note that you cannot abbreviate this command. + +@item --warranty +@opindex warranty +Print warranty information. Note that you cannot abbreviate this +command. + +@item --dump-options +@opindex dump-options +Print a list of all available options and commands. Note that you cannot +abbreviate this command. +@end table + + +@c ******************************************* +@c ******** OPERATIONAL COMMANDS *********** +@c ******************************************* +@node Operational GPGSM Commands +@subsection Commands to select the type of operation + +@table @gnupgtabopt +@item --encrypt +@opindex encrypt +Perform an encryption. The keys the data is encrypted too must be set +using the option @option{--recipient}. + +@item --decrypt +@opindex decrypt +Perform a decryption; the type of input is automatically determined. It +may either be in binary form or PEM encoded; automatic determination of +base-64 encoding is not done. + +@item --sign +@opindex sign +Create a digital signature. The key used is either the fist one found +in the keybox or those set with the @option{--local-user} option. + +@item --verify +@opindex verify +Check a signature file for validity. Depending on the arguments a +detached signature may also be checked. + +@item --server +@opindex server +Run in server mode and wait for commands on the @code{stdin}. + +@item --call-dirmngr @var{command} [@var{args}] +@opindex call-dirmngr +Behave as a Dirmngr client issuing the request @var{command} with the +optional list of @var{args}. The output of the Dirmngr is printed +stdout. Please note that file names given as arguments should have an +absolute file name (i.e. commencing with @code{/} because they are +passed verbatim to the Dirmngr and the working directory of the +Dirmngr might not be the same as the one of this client. Currently it +is not possible to pass data via stdin to the Dirmngr. @var{command} +should not contain spaces. + +This is command is required for certain maintaining tasks of the dirmngr +where a dirmngr must be able to call back to @command{gpgsm}. See the Dirmngr +manual for details. + +@item --call-protect-tool @var{arguments} +@opindex call-protect-tool +Certain maintenance operations are done by an external program call +@command{gpg-protect-tool}; this is usually not installed in a directory +listed in the PATH variable. This command provides a simple wrapper to +access this tool. @var{arguments} are passed verbatim to this command; +use @samp{--help} to get a list of supported operations. + + +@end table + + +@c ******************************************* +@c ******* CERTIFICATE MANAGEMENT ********** +@c ******************************************* +@node Certificate Management +@subsection How to manage the certificates and keys + +@table @gnupgtabopt +@item --gen-key +@opindex gen-key +@ifclear gpgtwoone +-This command allows the creation of a certificate signing request. It +-is commonly used along with the @option{--output} option to save the +-created CSR into a file. If used with the @option{--batch} a parameter +-file is used to create the CSR. +@end ifclear +@ifset gpgtwoone +This command allows the creation of a certificate signing request or a +self-signed certificate. It is commonly used along with the +@option{--output} option to save the created CSR or certificate into a +file. If used with the @option{--batch} a parameter file is used to +create the CSR or certificate and it is further possible to create +non-self-signed certificates. +@end ifset + +@item --list-keys +@itemx -k +@opindex list-keys +List all available certificates stored in the local key database. +Note that the displayed data might be reformatted for better human +readability and illegal characters are replaced by safe substitutes. + +@item --list-secret-keys +@itemx -K +@opindex list-secret-keys +List all available certificates for which a corresponding a secret key +is available. + +@item --list-external-keys @var{pattern} +@opindex list-keys +List certificates matching @var{pattern} using an external server. This +utilizes the @code{dirmngr} service. + +@item --list-chain +@opindex list-chain +Same as @option{--list-keys} but also prints all keys making up the chain. + + +@item --dump-cert +@itemx --dump-keys +@opindex dump-cert +@opindex dump-keys +List all available certificates stored in the local key database using a +format useful mainly for debugging. + +@item --dump-chain +@opindex dump-chain +Same as @option{--dump-keys} but also prints all keys making up the chain. + +@item --dump-secret-keys +@opindex dump-secret-keys +List all available certificates for which a corresponding a secret key +is available using a format useful mainly for debugging. + +@item --dump-external-keys @var{pattern} +@opindex dump-external-keys +List certificates matching @var{pattern} using an external server. +This utilizes the @code{dirmngr} service. It uses a format useful +mainly for debugging. + +@item --keydb-clear-some-cert-flags +@opindex keydb-clear-some-cert-flags +This is a debugging aid to reset certain flags in the key database +which are used to cache certain certificate stati. It is especially +useful if a bad CRL or a weird running OCSP responder did accidentally +revoke certificate. There is no security issue with this command +because @command{gpgsm} always make sure that the validity of a certificate is +checked right before it is used. + +@item --delete-keys @var{pattern} +@opindex delete-keys +Delete the keys matching @var{pattern}. Note that there is no command +to delete the secret part of the key directly. In case you need to do +this, you should run the command @code{gpgsm --dump-secret-keys KEYID} +before you delete the key, copy the string of hex-digits in the +``keygrip'' line and delete the file consisting of these hex-digits +and the suffix @code{.key} from the @file{private-keys-v1.d} directory +below our GnuPG home directory (usually @file{~/.gnupg}). + +@item --export [@var{pattern}] +@opindex export +Export all certificates stored in the Keybox or those specified by the +optional @var{pattern}. Those pattern consist of a list of user ids +(@pxref{how-to-specify-a-user-id}). When used along with the +@option{--armor} option a few informational lines are prepended before +each block. There is one limitation: As there is no commonly agreed +upon way to pack more than one certificate into an ASN.1 structure, +the binary export (i.e. without using @option{armor}) works only for +the export of one certificate. Thus it is required to specify a +@var{pattern} which yields exactly one certificate. Ephemeral +certificate are only exported if all @var{pattern} are given as +fingerprints or keygrips. + +@item --export-secret-key-p12 @var{key-id} +@opindex export +Export the private key and the certificate identified by @var{key-id} in +a PKCS#12 format. When using along with the @code{--armor} option a few +informational lines are prepended to the output. Note, that the PKCS#12 +format is not very secure and this command is only provided if there is +no other way to exchange the private key. (@pxref{option --p12-charset}) + +@item --import [@var{files}] +@opindex import +Import the certificates from the PEM or binary encoded files as well as +from signed-only messages. This command may also be used to import a +secret key from a PKCS#12 file. + +@item --learn-card +@opindex learn-card +Read information about the private keys from the smartcard and import +the certificates from there. This command utilizes the @command{gpg-agent} +and in turn the @command{scdaemon}. + +@item --passwd @var{user_id} +@opindex passwd +Change the passphrase of the private key belonging to the certificate +specified as @var{user_id}. Note, that changing the passphrase/PIN of a +smartcard is not yet supported. + +@end table + + +@c ******************************************* +@c *************** **************** +@c *************** OPTIONS **************** +@c *************** **************** +@c ******************************************* +@mansect options +@node GPGSM Options +@section Option Summary + +@command{GPGSM} features a bunch of options to control the exact behaviour +and to change the default configuration. + +@menu +* Configuration Options:: How to change the configuration. +* Certificate Options:: Certificate related options. +* Input and Output:: Input and Output. +* CMS Options:: How to change how the CMS is created. +* Esoteric Options:: Doing things one usually do not want to do. +@end menu + + +@c ******************************************* +@c ******** CONFIGURATION OPTIONS ********** +@c ******************************************* +@node Configuration Options +@subsection How to change the configuration + +These options are used to change the configuration and are usually found +in the option file. + +@table @gnupgtabopt + +@item --options @var{file} +@opindex options +Reads configuration from @var{file} instead of from the default +per-user configuration file. The default configuration file is named +@file{gpgsm.conf} and expected in the @file{.gnupg} directory directly +below the home directory of the user. + +@include opt-homedir.texi + + +@item -v +@item --verbose +@opindex v +@opindex verbose +Outputs additional information while running. +You can increase the verbosity by giving several +verbose commands to @command{gpgsm}, such as @samp{-vv}. + +@item --policy-file @var{filename} +@opindex policy-file +Change the default name of the policy file to @var{filename}. + +@item --agent-program @var{file} +@opindex agent-program +Specify an agent program to be used for secret key operations. The +default value is the @file{/usr/local/bin/gpg-agent}. This is only used +as a fallback when the environment variable @code{GPG_AGENT_INFO} is not +set or a running agent cannot be connected. + +@item --dirmngr-program @var{file} +@opindex dirmnr-program +Specify a dirmngr program to be used for @acronym{CRL} checks. The +default value is @file{/usr/sbin/dirmngr}. This is only used as a +fallback when the environment variable @code{DIRMNGR_INFO} is not set or +a running dirmngr cannot be connected. + +@item --prefer-system-dirmngr +@opindex prefer-system-dirmngr +If a system wide @command{dirmngr} is running in daemon mode, first try +to connect to this one. Fallback to a pipe based server if this does +not work. Under Windows this option is ignored because the system dirmngr is +always used. + +@item --disable-dirmngr +Entirely disable the use of the Dirmngr. + +@item --no-secmem-warning +@opindex no-secmem-warning +Do not print a warning when the so called "secure memory" cannot be used. + +@item --log-file @var{file} +@opindex log-file +When running in server mode, append all logging output to @var{file}. + +@end table + + +@c ******************************************* +@c ******** CERTIFICATE OPTIONS ************ +@c ******************************************* +@node Certificate Options +@subsection Certificate related options + +@table @gnupgtabopt + +@item --enable-policy-checks +@itemx --disable-policy-checks +@opindex enable-policy-checks +@opindex disable-policy-checks +By default policy checks are enabled. These options may be used to +change it. + +@item --enable-crl-checks +@itemx --disable-crl-checks +@opindex enable-crl-checks +@opindex disable-crl-checks +By default the @acronym{CRL} checks are enabled and the DirMngr is used +to check for revoked certificates. The disable option is most useful +with an off-line network connection to suppress this check. + +@item --enable-trusted-cert-crl-check +@itemx --disable-trusted-cert-crl-check +@opindex enable-trusted-cert-crl-check +@opindex disable-trusted-cert-crl-check +By default the @acronym{CRL} for trusted root certificates are checked +like for any other certificates. This allows a CA to revoke its own +certificates voluntary without the need of putting all ever issued +certificates into a CRL. The disable option may be used to switch this +extra check off. Due to the caching done by the Dirmngr, there will not be +any noticeable performance gain. Note, that this also disables possible +OCSP checks for trusted root certificates. A more specific way of +disabling this check is by adding the ``relax'' keyword to the root CA +line of the @file{trustlist.txt} + + +@item --force-crl-refresh +@opindex force-crl-refresh +Tell the dirmngr to reload the CRL for each request. For better +performance, the dirmngr will actually optimize this by suppressing +the loading for short time intervals (e.g. 30 minutes). This option +is useful to make sure that a fresh CRL is available for certificates +hold in the keybox. The suggested way of doing this is by using it +along with the option @option{--with-validation} for a key listing +command. This option should not be used in a configuration file. + +@item --enable-ocsp +@itemx --disable-ocsp +@opindex enable-ocsp +@opindex disable-ocsp +By default @acronym{OCSP} checks are disabled. The enable option may +be used to enable OCSP checks via Dirmngr. If @acronym{CRL} checks +are also enabled, CRLs will be used as a fallback if for some reason an +OCSP request will not succeed. Note, that you have to allow OCSP +requests in Dirmngr's configuration too (option +@option{--allow-ocsp}) and configure Dirmngr properly. If you do not do +so you will get the error code @samp{Not supported}. + +@item --auto-issuer-key-retrieve +@opindex auto-issuer-key-retrieve +If a required certificate is missing while validating the chain of +certificates, try to load that certificate from an external location. +This usually means that Dirmngr is employed to search for the +certificate. Note that this option makes a "web bug" like behavior +possible. LDAP server operators can see which keys you request, so by +sending you a message signed by a brand new key (which you naturally +will not have on your local keybox), the operator can tell both your IP +address and the time when you verified the signature. + + +@item --validation-model @var{name} +@opindex validation-model +This option changes the default validation model. The only possible +values are "shell" (which is the default), "chain" which forces the +use of the chain model and "steed" for a new simplified model. The +chain model is also used if an option in the @file{trustlist.txt} or +an attribute of the certificate requests it. However the standard +model (shell) is in that case always tried first. + +@item --ignore-cert-extension @var{oid} +@opindex ignore-cert-extension +Add @var{oid} to the list of ignored certificate extensions. The +@var{oid} is expected to be in dotted decimal form, like +@code{2.5.29.3}. This option may be used more than once. Critical +flagged certificate extensions matching one of the OIDs in the list +are treated as if they are actually handled and thus the certificate +will not be rejected due to an unknown critical extension. Use this +option with care because extensions are usually flagged as critical +for a reason. + +@end table + +@c ******************************************* +@c *********** INPUT AND OUTPUT ************ +@c ******************************************* +@node Input and Output +@subsection Input and Output + +@table @gnupgtabopt +@item --armor +@itemx -a +@opindex armor +Create PEM encoded output. Default is binary output. + +@item --base64 +@opindex base64 +Create Base-64 encoded output; i.e. PEM without the header lines. + +@item --assume-armor +@opindex assume-armor +Assume the input data is PEM encoded. Default is to autodetect the +encoding but this is may fail. + +@item --assume-base64 +@opindex assume-base64 +Assume the input data is plain base-64 encoded. + +@item --assume-binary +@opindex assume-binary +Assume the input data is binary encoded. + +@anchor{option --p12-charset} +@item --p12-charset @var{name} +@opindex p12-charset +@command{gpgsm} uses the UTF-8 encoding when encoding passphrases for +PKCS#12 files. This option may be used to force the passphrase to be +encoded in the specified encoding @var{name}. This is useful if the +application used to import the key uses a different encoding and thus +will not be able to import a file generated by @command{gpgsm}. Commonly +used values for @var{name} are @code{Latin1} and @code{CP850}. Note +that @command{gpgsm} itself automagically imports any file with a +passphrase encoded to the most commonly used encodings. + + +@item --default-key @var{user_id} +@opindex default-key +Use @var{user_id} as the standard key for signing. This key is used if +no other key has been defined as a signing key. Note, that the first +@option{--local-users} option also sets this key if it has not yet been +set; however @option{--default-key} always overrides this. + + +@item --local-user @var{user_id} +@item -u @var{user_id} +@opindex local-user +Set the user(s) to be used for signing. The default is the first +secret key found in the database. + + +@item --recipient @var{name} +@itemx -r +@opindex recipient +Encrypt to the user id @var{name}. There are several ways a user id +may be given (@pxref{how-to-specify-a-user-id}). + + +@item --output @var{file} +@itemx -o @var{file} +@opindex output +Write output to @var{file}. The default is to write it to stdout. + + +@item --with-key-data +@opindex with-key-data +Displays extra information with the @code{--list-keys} commands. Especially +a line tagged @code{grp} is printed which tells you the keygrip of a +key. This string is for example used as the file name of the +secret key. + +@item --with-validation +@opindex with-validation +When doing a key listing, do a full validation check for each key and +print the result. This is usually a slow operation because it +requires a CRL lookup and other operations. + +When used along with --import, a validation of the certificate to +import is done and only imported if it succeeds the test. Note that +this does not affect an already available certificate in the DB. +This option is therefore useful to simply verify a certificate. + + +@item --with-md5-fingerprint +For standard key listings, also print the MD5 fingerprint of the +certificate. + +@item --with-keygrip +Include the keygrip in standard key listings. Note that the keygrip is +always listed in --with-colons mode. + +@end table + +@c ******************************************* +@c ************* CMS OPTIONS *************** +@c ******************************************* +@node CMS Options +@subsection How to change how the CMS is created. + +@table @gnupgtabopt +@item --include-certs @var{n} +@opindex include-certs +Using @var{n} of -2 includes all certificate except for the root cert, +-1 includes all certs, 0 does not include any certs, 1 includes only the +signers cert and all other positive values include up to @var{n} +certificates starting with the signer cert. The default is -2. + +@item --cipher-algo @var{oid} +@opindex cipher-algo +Use the cipher algorithm with the ASN.1 object identifier @var{oid} for +encryption. For convenience the strings @code{3DES}, @code{AES} and +@code{AES256} may be used instead of their OIDs. The default is +@code{3DES} (1.2.840.113549.3.7). + +@item --digest-algo @code{name} +Use @code{name} as the message digest algorithm. Usually this +algorithm is deduced from the respective signing certificate. This +option forces the use of the given algorithm and may lead to severe +interoperability problems. + +@end table + + + +@c ******************************************* +@c ******** ESOTERIC OPTIONS *************** +@c ******************************************* +@node Esoteric Options +@subsection Doing things one usually do not want to do. + + +@table @gnupgtabopt + +@item --extra-digest-algo @var{name} +@opindex extra-digest-algo +Sometimes signatures are broken in that they announce a different digest +algorithm than actually used. @command{gpgsm} uses a one-pass data +processing model and thus needs to rely on the announced digest +algorithms to properly hash the data. As a workaround this option may +be used to tell gpg to also hash the data using the algorithm +@var{name}; this slows processing down a little bit but allows to verify +such broken signatures. If @command{gpgsm} prints an error like +``digest algo 8 has not been enabled'' you may want to try this option, +with @samp{SHA256} for @var{name}. + + +@item --faked-system-time @var{epoch} +@opindex faked-system-time +This option is only useful for testing; it sets the system time back or +forth to @var{epoch} which is the number of seconds elapsed since the year +1970. Alternatively @var{epoch} may be given as a full ISO time string +(e.g. "20070924T154812"). + +@item --with-ephemeral-keys +@opindex with-ephemeral-keys +Include ephemeral flagged keys in the output of key listings. Note +that they are included anyway if the key specification for a listing +is given as fingerprint or keygrip. + +@item --debug-level @var{level} +@opindex debug-level +Select the debug level for investigating problems. @var{level} may be +a numeric value or by a keyword: + +@table @code +@item none +No debugging at all. A value of less than 1 may be used instead of +the keyword. +@item basic +Some basic debug messages. A value between 1 and 2 may be used +instead of the keyword. +@item advanced +More verbose debug messages. A value between 3 and 5 may be used +instead of the keyword. +@item expert +Even more detailed messages. A value between 6 and 8 may be used +instead of the keyword. +@item guru +All of the debug messages you can get. A value greater than 8 may be +used instead of the keyword. The creation of hash tracing files is +only enabled if the keyword is used. +@end table + +How these messages are mapped to the actual debugging flags is not +specified and may change with newer releases of this program. They are +however carefully selected to best aid in debugging. + +@item --debug @var{flags} +@opindex debug +This option is only useful for debugging and the behaviour may change +at any time without notice; using @code{--debug-levels} is the +preferred method to select the debug verbosity. FLAGS are bit encoded +and may be given in usual C-Syntax. The currently defined bits are: + +@table @code +@item 0 (1) +X.509 or OpenPGP protocol related data +@item 1 (2) +values of big number integers +@item 2 (4) +low level crypto operations +@item 5 (32) +memory allocation +@item 6 (64) +caching +@item 7 (128) +show memory statistics. +@item 9 (512) +write hashed data to files named @code{dbgmd-000*} +@item 10 (1024) +trace Assuan protocol +@end table + +Note, that all flags set using this option may get overridden by +@code{--debug-level}. + +@item --debug-all +@opindex debug-all +Same as @code{--debug=0xffffffff} + +@item --debug-allow-core-dump +@opindex debug-allow-core-dump +Usually @command{gpgsm} tries to avoid dumping core by well written code and by +disabling core dumps for security reasons. However, bugs are pretty +durable beasts and to squash them it is sometimes useful to have a core +dump. This option enables core dumps unless the Bad Thing happened +before the option parsing. + +@item --debug-no-chain-validation +@opindex debug-no-chain-validation +This is actually not a debugging option but only useful as such. It +lets @command{gpgsm} bypass all certificate chain validation checks. + +@item --debug-ignore-expiration +@opindex debug-ignore-expiration +This is actually not a debugging option but only useful as such. It +lets @command{gpgsm} ignore all notAfter dates, this is used by the regression +tests. + +@item --fixed-passphrase @var{string} +@opindex fixed-passphrase +Supply the passphrase @var{string} to the gpg-protect-tool. This +option is only useful for the regression tests included with this +package and may be revised or removed at any time without notice. + +@item --no-common-certs-import +@opindex no-common-certs-import +Suppress the import of common certificates on keybox creation. + +@end table + +All the long options may also be given in the configuration file after +stripping off the two leading dashes. + +@c ******************************************* +@c *************** **************** +@c *************** USER ID **************** +@c *************** **************** +@c ******************************************* +@mansect how to specify a user id +@ifset isman +@include specify-user-id.texi +@end ifset + +@c ******************************************* +@c *************** **************** +@c *************** FILES **************** +@c *************** **************** +@c ******************************************* +@mansect files +@node GPGSM Configuration +@section Configuration files + +There are a few configuration files to control certain aspects of +@command{gpgsm}'s operation. Unless noted, they are expected in the +current home directory (@pxref{option --homedir}). + +@table @file + +@item gpgsm.conf +@cindex gpgsm.conf +This is the standard configuration file read by @command{gpgsm} on +startup. It may contain any valid long option; the leading two dashes +may not be entered and the option may not be abbreviated. This default +name may be changed on the command line (@pxref{option + --options}). You should backup this file. + + +@item policies.txt +@cindex policies.txt +This is a list of allowed CA policies. This file should list the +object identifiers of the policies line by line. Empty lines and +lines starting with a hash mark are ignored. Policies missing in this +file and not marked as critical in the certificate will print only a +warning; certificates with policies marked as critical and not listed +in this file will fail the signature verification. You should backup +this file. + +For example, to allow only the policy 2.289.9.9, the file should look +like this: + +@c man:.RS +@example +# Allowed policies +2.289.9.9 +@end example +@c man:.RE + +@item qualified.txt +@cindex qualified.txt +This is the list of root certificates used for qualified certificates. +They are defined as certificates capable of creating legally binding +signatures in the same way as handwritten signatures are. Comments +start with a hash mark and empty lines are ignored. Lines do have a +length limit but this is not a serious limitation as the format of the +entries is fixed and checked by gpgsm: A non-comment line starts with +optional whitespace, followed by exactly 40 hex character, white space +and a lowercased 2 letter country code. Additional data delimited with +by a white space is current ignored but might late be used for other +purposes. + +Note that even if a certificate is listed in this file, this does not +mean that the certificate is trusted; in general the certificates listed +in this file need to be listed also in @file{trustlist.txt}. + +This is a global file an installed in the data directory +(e.g. @file{/usr/share/gnupg/qualified.txt}). GnuPG installs a suitable +file with root certificates as used in Germany. As new Root-CA +certificates may be issued over time, these entries may need to be +updated; new distributions of this software should come with an updated +list but it is still the responsibility of the Administrator to check +that this list is correct. + +Everytime @command{gpgsm} uses a certificate for signing or verification +this file will be consulted to check whether the certificate under +question has ultimately been issued by one of these CAs. If this is the +case the user will be informed that the verified signature represents a +legally binding (``qualified'') signature. When creating a signature +using such a certificate an extra prompt will be issued to let the user +confirm that such a legally binding signature shall really be created. + +Because this software has not yet been approved for use with such +certificates, appropriate notices will be shown to indicate this fact. + +@item help.txt +@cindex help.txt +This is plain text file with a few help entries used with +@command{pinentry} as well as a large list of help items for +@command{gpg} and @command{gpgsm}. The standard file has English help +texts; to install localized versions use filenames like @file{help.LL.txt} +with LL denoting the locale. GnuPG comes with a set of predefined help +files in the data directory (e.g. @file{/usr/share/gnupg/help.de.txt}) +and allows overriding of any help item by help files stored in the +system configuration directory (e.g. @file{/etc/gnupg/help.de.txt}). +For a reference of the help file's syntax, please see the installed +@file{help.txt} file. + + +@item com-certs.pem +@cindex com-certs.pem +This file is a collection of common certificates used to populated a +newly created @file{pubring.kbx}. An administrator may replace this +file with a custom one. The format is a concatenation of PEM encoded +X.509 certificates. This global file is installed in the data directory +(e.g. @file{/usr/share/gnupg/com-certs.pem}). + +@end table + +@c man:.RE +Note that on larger installations, it is useful to put predefined files +into the directory @file{/etc/skel/.gnupg/} so that newly created users +start up with a working configuration. For existing users a small +helper script is provided to create these files (@pxref{addgnupghome}). + +For internal purposes gpgsm creates and maintains a few other files; +they all live in in the current home directory (@pxref{option +--homedir}). Only @command{gpgsm} may modify these files. + + +@table @file +@item pubring.kbx +@cindex pubring.kbx +This a database file storing the certificates as well as meta +information. For debugging purposes the tool @command{kbxutil} may be +used to show the internal structure of this file. You should backup +this file. + +@item random_seed +@cindex random_seed +This content of this file is used to maintain the internal state of the +random number generator across invocations. The same file is used by +other programs of this software too. + +@item S.gpg-agent +@cindex S.gpg-agent +If this file exists and the environment variable @env{GPG_AGENT_INFO} is +not set, @command{gpgsm} will first try to connect to this socket for +accessing @command{gpg-agent} before starting a new @command{gpg-agent} +instance. Under Windows this socket (which in reality be a plain file +describing a regular TCP listening port) is the standard way of +connecting the @command{gpg-agent}. + +@end table + + +@c ******************************************* +@c *************** **************** +@c *************** EXAMPLES **************** +@c *************** **************** +@c ******************************************* +@mansect examples +@node GPGSM Examples +@section Examples + +@example +$ gpgsm -er goo@@bar.net <plaintext >ciphertext +@end example + + +@c ******************************************* +@c *************** ************** +@c *************** UNATTENDED ************** +@c *************** ************** +@c ******************************************* +@manpause +@node Unattended Usage +@section Unattended Usage + +@command{gpgsm} is often used as a backend engine by other software. To help +with this a machine interface has been defined to have an unambiguous +way to do this. This is most likely used with the @code{--server} command +but may also be used in the standard operation mode by using the +@code{--status-fd} option. + +@menu +* Automated signature checking:: Automated signature checking. +* CSR and certificate creation:: CSR and certificate creation. +@end menu + +@node Automated signature checking,,,Unattended Usage +@section Automated signature checking + +It is very important to understand the semantics used with signature +verification. Checking a signature is not as simple as it may sound and +so the operation is a bit complicated. In most cases it is required +to look at several status lines. Here is a table of all cases a signed +message may have: + +@table @asis +@item The signature is valid +This does mean that the signature has been successfully verified, the +certificates are all sane. However there are two subcases with +important information: One of the certificates may have expired or a +signature of a message itself as expired. It is a sound practise to +consider such a signature still as valid but additional information +should be displayed. Depending on the subcase @command{gpgsm} will issue +these status codes: + @table @asis + @item signature valid and nothing did expire + @code{GOODSIG}, @code{VALIDSIG}, @code{TRUST_FULLY} + @item signature valid but at least one certificate has expired + @code{EXPKEYSIG}, @code{VALIDSIG}, @code{TRUST_FULLY} + @item signature valid but expired + @code{EXPSIG}, @code{VALIDSIG}, @code{TRUST_FULLY} + Note, that this case is currently not implemented. + @end table + +@item The signature is invalid +This means that the signature verification failed (this is an indication +of af a transfer error, a program error or tampering with the message). +@command{gpgsm} issues one of these status codes sequences: + @table @code + @item @code{BADSIG} + @item @code{GOODSIG}, @code{VALIDSIG} @code{TRUST_NEVER} + @end table + +@item Error verifying a signature +For some reason the signature could not be verified, i.e. it cannot be +decided whether the signature is valid or invalid. A common reason for +this is a missing certificate. + +@end table + +@node CSR and certificate creation,,,Unattended Usage +@section CSR and certificate creation + +@ifclear gpgtwoone +@strong{Please notice}: The immediate creation of certificates is only +supported by GnuPG version 2.1 or later. With a 2.0 version you may +only create a CSR. +@end ifclear + +The command @option{--gen-key} may be used along with the option +@option{--batch} to either create a certificate signing request (CSR) +or an X.509 certificate. The is controlled by a parameter file; the +format of this file is as follows: + +@itemize @bullet +@item Text only, line length is limited to about 1000 characters. +@item UTF-8 encoding must be used to specify non-ASCII characters. +@item Empty lines are ignored. +@item Leading and trailing while space is ignored. +@item A hash sign as the first non white space character indicates +a comment line. +@item Control statements are indicated by a leading percent sign, the +arguments are separated by white space from the keyword. +@item Parameters are specified by a keyword, followed by a colon. Arguments +are separated by white space. +@item The first parameter must be @samp{Key-Type}, control statements +may be placed anywhere. +@item +The order of the parameters does not matter except for @samp{Key-Type} +which must be the first parameter. The parameters are only used for +the generated CSR/certificate; parameters from previous sets are not +used. Some syntactically checks may be performed. +@item +Key generation takes place when either the end of the parameter file +is reached, the next @samp{Key-Type} parameter is encountered or at the +control statement @samp{%commit} is encountered. +@end itemize + +@noindent +Control statements: + +@table @asis + +@item %echo @var{text} +Print @var{text} as diagnostic. + +@item %dry-run +Suppress actual key generation (useful for syntax checking). + +@item %commit +Perform the key generation. Note that an implicit commit is done at +the next @asis{Key-Type} parameter. + +@c %certfile <filename> +@c [Not yet implemented!] +@c Do not write the certificate to the keyDB but to <filename>. +@c This must be given before the first +@c commit to take place, duplicate specification of the same filename +@c is ignored, the last filename before a commit is used. +@c The filename is used until a new filename is used (at commit points) +@c and all keys are written to that file. If a new filename is given, +@c this file is created (and overwrites an existing one). +@c Both control statements must be given. +@end table + +@noindent +General Parameters: + +@table @asis + +@item Key-Type: @var{algo} +Starts a new parameter block by giving the type of the primary +key. The algorithm must be capable of signing. This is a required +parameter. The only supported value for @var{algo} is @samp{rsa}. + +@item Key-Length: @var{nbits} +The requested length of a generated key in bits. Defaults to 2048. + +@item Key-Grip: @var{hexstring} +This is optional and used to generate a CSR or certificatet for an +already existing key. Key-Length will be ignored when given. + +@item Key-Usage: @var{usage-list} +Space or comma delimited list of key usage, allowed values are +@samp{encrypt}, @samp{sign} and @samp{cert}. This is used to generate +the keyUsage extension. Please make sure that the algorithm is +capable of this usage. Default is to allow encrypt and sign. + +@item Name-DN: @var{subject-name} +This is the Distinguished Name (DN) of the subject in RFC-2253 format. + +@item Name-Email: @var{string} +This is an email address for the altSubjectName. This parameter is +optional but may occur several times to add several email addresses to +a certificate. + +@item Name-DNS: @var{string} +The is an DNS name for the altSubjectName. This parameter is optional +but may occur several times to add several DNS names to a certificate. + +@item Name-URI: @var{string} +This is an URI for the altSubjectName. This parameter is optional but +may occur several times to add several URIs to a certificate. +@end table + +@noindent +Additional parameters used to create a certificate (in contrast to a +certificate signing request): + +@table @asis + +@item Serial: @var{sn} +If this parameter is given an X.509 certificate will be generated. +@var{sn} is expected to be a hex string representing an unsigned +integer of arbitary length. The special value @samp{random} can be +used to create a 64 bit random serial number. + +@item Issuer-DN: @var{issuer-name} +This is the DN name of the issuer in rfc2253 format. If it is not set +it will default to the subject DN and a special GnuPG extension will +be included in the certificate to mark it as a standalone certificate. + +@item Creation-Date: @var{iso-date} +@itemx Not-Before: @var{iso-date} +Set the notBefore date of the certificate. Either a date like +@samp{1986-04-26} or @samp{1986-04-26 12:00} or a standard ISO +timestamp like @samp{19860426T042640} may be used. The time is +considered to be UTC. If it is not given the current date is used. + +@item Expire-Date: @var{iso-date} +@itemx Not-After: @var{iso-date} +Set the notAfter date of the certificate. Either a date like +@samp{2063-04-05} or @samp{2063-04-05 17:00} or a standard ISO +timestamp like @samp{20630405T170000} may be used. The time is +considered to be UTC. If it is not given a default value in the not +too far future is used. + +@item Signing-Key: @var{keygrip} +This gives the keygrip of the key used to sign the certificate. If it +is not given a self-signed certificate will be created. For +compatibility with future versions, it is suggested to prefix the +keygrip with a @samp{&}. + +@item Hash-Algo: @var{hash-algo} +Use @var{hash-algo} for this CSR or certificate. The supported hash +algorithms are: @samp{sha1}, @samp{sha256}, @samp{sha384} and +@samp{sha512}; they may also be specified with uppercase letters. The +default is @samp{sha1}. + +@end table + +@c ******************************************* +@c *************** ***************** +@c *************** ASSSUAN ***************** +@c *************** ***************** +@c ******************************************* +@node GPGSM Protocol +@section The Protocol the Server Mode Uses. + +Description of the protocol used to access @command{GPGSM}. +@command{GPGSM} does implement the Assuan protocol and in addition +provides a regular command line interface which exhibits a full client +to this protocol (but uses internal linking). To start +@command{gpgsm} as a server the command line the option +@code{--server} must be used. Additional options are provided to +select the communication method (i.e. the name of the socket). + +We assume that the connection has already been established; see the +Assuan manual for details. + +@menu +* GPGSM ENCRYPT:: Encrypting a message. +* GPGSM DECRYPT:: Decrypting a message. +* GPGSM SIGN:: Signing a message. +* GPGSM VERIFY:: Verifying a message. +* GPGSM GENKEY:: Generating a key. +* GPGSM LISTKEYS:: List available keys. +* GPGSM EXPORT:: Export certificates. +* GPGSM IMPORT:: Import certificates. +* GPGSM DELETE:: Delete certificates. +* GPGSM GETINFO:: Information about the process +@end menu + + +@node GPGSM ENCRYPT +@subsection Encrypting a Message + +Before encryption can be done the recipient must be set using the +command: + +@example + RECIPIENT @var{userID} +@end example + +Set the recipient for the encryption. @var{userID} should be the +internal representation of the key; the server may accept any other way +of specification. If this is a valid and trusted recipient the server +does respond with OK, otherwise the return is an ERR with the reason why +the recipient cannot be used, the encryption will then not be done for +this recipient. If the policy is not to encrypt at all if not all +recipients are valid, the client has to take care of this. All +@code{RECIPIENT} commands are cumulative until a @code{RESET} or an +successful @code{ENCRYPT} command. + +@example + INPUT FD[=@var{n}] [--armor|--base64|--binary] +@end example + +Set the file descriptor for the message to be encrypted to @var{n}. +Obviously the pipe must be open at that point, the server establishes +its own end. If the server returns an error the client should consider +this session failed. If @var{n} is not given, this commands uses the +last file descriptor passed to the application. +@xref{fun-assuan_sendfd, ,the assuan_sendfd function,assuan,the Libassuan +manual}, on how to do descriptor passing. + +The @code{--armor} option may be used to advice the server that the +input data is in @acronym{PEM} format, @code{--base64} advices that a +raw base-64 encoding is used, @code{--binary} advices of raw binary +input (@acronym{BER}). If none of these options is used, the server +tries to figure out the used encoding, but this may not always be +correct. + +@example + OUTPUT FD[=@var{n}] [--armor|--base64] +@end example + +Set the file descriptor to be used for the output (i.e. the encrypted +message). Obviously the pipe must be open at that point, the server +establishes its own end. If the server returns an error he client +should consider this session failed. + +The option armor encodes the output in @acronym{PEM} format, the +@code{--base64} option applies just a base 64 encoding. No option +creates binary output (@acronym{BER}). + +The actual encryption is done using the command + +@example + ENCRYPT +@end example + +It takes the plaintext from the @code{INPUT} command, writes to the +ciphertext to the file descriptor set with the @code{OUTPUT} command, +take the recipients from all the recipients set so far. If this command +fails the clients should try to delete all output currently done or +otherwise mark it as invalid. @command{GPGSM} does ensure that there +will not be any +security problem with leftover data on the output in this case. + +This command should in general not fail, as all necessary checks have +been done while setting the recipients. The input and output pipes are +closed. + + +@node GPGSM DECRYPT +@subsection Decrypting a message + +Input and output FDs are set the same way as in encryption, but +@code{INPUT} refers to the ciphertext and output to the plaintext. There +is no need to set recipients. @command{GPGSM} automatically strips any +@acronym{S/MIME} headers from the input, so it is valid to pass an +entire MIME part to the INPUT pipe. + +The encryption is done by using the command + +@example + DECRYPT +@end example + +It performs the decrypt operation after doing some check on the internal +state. (e.g. that all needed data has been set). Because it utilizes +the GPG-Agent for the session key decryption, there is no need to ask +the client for a protecting passphrase - GpgAgent takes care of this by +requesting this from the user. + + +@node GPGSM SIGN +@subsection Signing a Message + +Signing is usually done with these commands: + +@example + INPUT FD[=@var{n}] [--armor|--base64|--binary] +@end example + +This tells @command{GPGSM} to read the data to sign from file descriptor @var{n}. + +@example + OUTPUT FD[=@var{m}] [--armor|--base64] +@end example + +Write the output to file descriptor @var{m}. If a detached signature is +requested, only the signature is written. + +@example + SIGN [--detached] +@end example + +Sign the data set with the INPUT command and write it to the sink set by +OUTPUT. With @code{--detached}, a detached signature is created +(surprise). + +The key used for signing is the default one or the one specified in +the configuration file. To get finer control over the keys, it is +possible to use the command + +@example + SIGNER @var{userID} +@end example + +to the signer's key. @var{userID} should be the +internal representation of the key; the server may accept any other way +of specification. If this is a valid and trusted recipient the server +does respond with OK, otherwise the return is an ERR with the reason why +the key cannot be used, the signature will then not be created using +this key. If the policy is not to sign at all if not all +keys are valid, the client has to take care of this. All +@code{SIGNER} commands are cumulative until a @code{RESET} is done. +Note that a @code{SIGN} does not reset this list of signers which is in +contrats to the @code{RECIPIENT} command. + + +@node GPGSM VERIFY +@subsection Verifying a Message + +To verify a mesage the command: + +@example + VERIFY +@end example + +is used. It does a verify operation on the message send to the input FD. +The result is written out using status lines. If an output FD was +given, the signed text will be written to that. If the signature is a +detached one, the server will inquire about the signed material and the +client must provide it. + +@node GPGSM GENKEY +@subsection Generating a Key + +This is used to generate a new keypair, store the secret part in the +@acronym{PSE} and the public key in the key database. We will probably +add optional commands to allow the client to select whether a hardware +token is used to store the key. Configuration options to +@command{GPGSM} can be used to restrict the use of this command. + +@example + GENKEY +@end example + +@command{GPGSM} checks whether this command is allowed and then does an +INQUIRY to get the key parameters, the client should then send the +key parameters in the native format: + +@example + S: INQUIRE KEY_PARAM native + C: D foo:fgfgfg + C: D bar + C: END +@end example + +Please note that the server may send Status info lines while reading the +data lines from the client. After this the key generation takes place +and the server eventually does send an ERR or OK response. Status lines +may be issued as a progress indicator. + + +@node GPGSM LISTKEYS +@subsection List available keys + +To list the keys in the internal database or using an external key +provider, the command: + +@example + LISTKEYS @var{pattern} +@end example + +is used. To allow multiple patterns (which are ORed during the search) +quoting is required: Spaces are to be translated into "+" or into "%20"; +in turn this requires that the usual escape quoting rules are done. + +@example + LISTSECRETKEYS @var{pattern} +@end example + +Lists only the keys where a secret key is available. + +The list commands commands are affected by the option + +@example + OPTION list-mode=@var{mode} +@end example + +where mode may be: +@table @code +@item 0 +Use default (which is usually the same as 1). +@item 1 +List only the internal keys. +@item 2 +List only the external keys. +@item 3 +List internal and external keys. +@end table + +Note that options are valid for the entire session. + + +@node GPGSM EXPORT +@subsection Export certificates + +To export certificate from the internal key database the command: + +@example + EXPORT [--data [--armor] [--base64]] [--] @var{pattern} +@end example + +is used. To allow multiple patterns (which are ORed) quoting is +required: Spaces are to be translated into "+" or into "%20"; in turn +this requires that the usual escape quoting rules are done. + +If the @option{--data} option has not been given, the format of the +output depends on what was set with the OUTPUT command. When using +@acronym{PEM} encoding a few informational lines are prepended. + +If the @option{--data} has been given, a target set via OUTPUT is +ignored and the data is returned inline using standard +@code{D}-lines. This avoids the need for an extra file descriptor. In +this case the options @option{--armor} and @option{--base64} may be used +in the same way as with the OUTPUT command. + + +@node GPGSM IMPORT +@subsection Import certificates + +To import certificates into the internal key database, the command + +@example + IMPORT [--re-import] +@end example + +is used. The data is expected on the file descriptor set with the +@code{INPUT} command. Certain checks are performed on the +certificate. Note that the code will also handle PKCS#12 files and +import private keys; a helper program is used for that. + +With the option @option{--re-import} the input data is expected to a be +a linefeed separated list of fingerprints. The command will re-import +the corresponding certificates; that is they are made permanent by +removing their ephemeral flag. + + +@node GPGSM DELETE +@subsection Delete certificates + +To delete a certificate the command + +@example + DELKEYS @var{pattern} +@end example + +is used. To allow multiple patterns (which are ORed) quoting is +required: Spaces are to be translated into "+" or into "%20"; in turn +this requires that the usual escape quoting rules are done. + +The certificates must be specified unambiguously otherwise an error is +returned. + +@node GPGSM GETINFO +@subsection Return information about the process + +This is a multipurpose function to return a variety of information. + +@example +GETINFO @var{what} +@end example + +The value of @var{what} specifies the kind of information returned: +@table @code +@item version +Return the version of the program. +@item pid +Return the process id of the process. +@item agent-check +Return success if the agent is running. +@item cmd_has_option @var{cmd} @var{opt} +Return success if the command @var{cmd} implements the option @var{opt}. +The leading two dashes usually used with @var{opt} shall not be given. +@end table + +@mansect see also +@ifset isman +@command{gpg2}(1), +@command{gpg-agent}(1) +@end ifset +@include see-also-note.texi diff --git a/doc/gpgv.texi b/doc/gpgv.texi new file mode 100644 index 0000000..b6047f4 --- /dev/null +++ b/doc/gpgv.texi @@ -0,0 +1,163 @@ +@c Copyright (C) 2004 Free Software Foundation, Inc. +@c This is part of the GnuPG manual. +@c For copying conditions, see the file GnuPG.texi. + +@c +@c This is included by tools.texi. +@c + +@c Begin GnuPG 1.x specific stuff +@ifset gpgone +@macro gpgvname +gpgv +@end macro +@manpage gpgv.1 +@node gpgv +@section Verify OpenPGP signatures +@ifset manverb +.B gpgv +\- Verify OpenPGP signatures +@end ifset + +@mansect synopsis +@ifset manverb +.B gpgv +.RI [ options ] +.I signed_files +@end ifset +@end ifset +@c End GnuPG 1.x specific stuff + +@c Begin GnuPG 2 specific stuff +@ifclear gpgone +@macro gpgvname +gpgv2 +@end macro +@manpage gpgv2.1 +@node gpgv +@section Verify OpenPGP signatures +@ifset manverb +.B gpgv2 +\- Verify OpenPGP signatures +@end ifset + +@mansect synopsis +@ifset manverb +.B gpgv2 +.RI [ options ] +.I signed_files +@end ifset +@end ifclear +@c End GnuPG 2 specific stuff + + + +@mansect description +@code{@gpgvname} is an OpenPGP signature verification tool. + +This program is actually a stripped-down version of @code{gpg} which is +only able to check signatures. It is somewhat smaller than the fully-blown +@code{gpg} and uses a different (and simpler) way to check that +the public keys used to make the signature are valid. There are +no configuration files and only a few options are implemented. + +@code{@gpgvname} assumes that all keys in the keyring are trustworthy. +By default it uses a keyring named @file{trustedkeys.gpg} which is +assumed to be in the home directory as defined by GnuPG or set by an +option or an environment variable. An option may be used to specify +another keyring or even multiple keyrings. + +@noindent +@mansect options +@code{@gpgvname} recognizes these options: + +@table @gnupgtabopt + +@item --verbose +@itemx -v +@opindex verbose +Gives more information during processing. If used +twice, the input data is listed in detail. + +@item --quiet +@itemx -q +@opindex quiet +Try to be as quiet as possible. + +@item --keyring @var{file} +@opindex keyring +Add @var{file} to the list of keyrings. +If @var{file} begins with a tilde and a slash, these +are replaced by the HOME directory. If the filename +does not contain a slash, it is assumed to be in the +home-directory ("~/.gnupg" if --homedir is not used). + +@item --status-fd @var{n} +@opindex status-fd +Write special status strings to the file descriptor @var{n}. See the +file DETAILS in the documentation for a listing of them. + +@item --logger-fd @code{n} +@opindex logger-fd +Write log output to file descriptor @code{n} and not to stderr. + +@item --ignore-time-conflict +@opindex ignore-time-conflict +GnuPG normally checks that the timestamps associated with keys and +signatures have plausible values. However, sometimes a signature seems to +be older than the key due to clock problems. This option turns these +checks into warnings. + +@include opt-homedir.texi + +@end table + +@mansect return value + +The program returns 0 if everything is fine, 1 if at least +one signature was bad, and other error codes for fatal errors. + +@mansect examples +@subsection Examples + +@table @asis + +@item @gpgvname @code{pgpfile} +@itemx @gpgvname @code{sigfile} [@code{datafile}] +Verify the signature of the file. The second form is used for detached +signatures, where @code{sigfile} is the detached signature (either +ASCII-armored or binary) and @code{datafile} contains the signed data; +if @code{datafile} is "-" the signed data is expected on +@code{stdin}; if @code{datafile} is not given the name of the file +holding the signed data is constructed by cutting off the extension +(".asc", ".sig" or ".sign") from @code{sigfile}. + +@end table + +@mansect environment +@subsection Environment + +@table @asis + +@item HOME +Used to locate the default home directory. + +@item GNUPGHOME +If set directory used instead of "~/.gnupg". + +@end table + +@mansect files +@subsection FILES + +@table @asis + +@item ~/.gnupg/trustedkeys.gpg +The default keyring with the allowed keys. + +@end table + +@mansect see also +@command{gpg2}(1) +@include see-also-note.texi + diff --git a/doc/gpl.texi b/doc/gpl.texi new file mode 100644 index 0000000..7f9a48a --- /dev/null +++ b/doc/gpl.texi @@ -0,0 +1,725 @@ +@node Copying + +@unnumbered GNU General Public License +@center Version 3, 29 June 2007 + +@c This file is intended to be included in another file. + +@display +Copyright @copyright{} 2007 Free Software Foundation, Inc. @url{http://fsf.org/} + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. +@end display + +@unnumberedsec Preamble + +The GNU General Public License is a free, copyleft license for +software and other kinds of works. + +The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom +to share and change all versions of a program--to make sure it remains +free software for all its users. We, the Free Software Foundation, +use the GNU General Public License for most of our software; it +applies also to any other work released this way by its authors. You +can apply it to your programs, too. + +When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + +To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you +have certain responsibilities if you distribute copies of the +software, or if you modify it: responsibilities to respect the freedom +of others. + +For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, +receive or can get the source code. And you must show them these +terms so they know their rights. + +Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + +For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + +Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the +manufacturer can do so. This is fundamentally incompatible with the +aim of protecting users' freedom to change the software. The +systematic pattern of such abuse occurs in the area of products for +individuals to use, which is precisely where it is most unacceptable. +Therefore, we have designed this version of the GPL to prohibit the +practice for those products. If such problems arise substantially in +other domains, we stand ready to extend this provision to those +domains in future versions of the GPL, as needed to protect the +freedom of users. + +Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish +to avoid the special danger that patents applied to a free program +could make it effectively proprietary. To prevent this, the GPL +assures that patents cannot be used to render the program non-free. + +The precise terms and conditions for copying, distribution and +modification follow. + +@iftex +@unnumberedsec TERMS AND CONDITIONS +@end iftex +@ifinfo +@center TERMS AND CONDITIONS +@end ifinfo + +@enumerate 0 +@item Definitions. + +``This License'' refers to version 3 of the GNU General Public License. + +``Copyright'' also means copyright-like laws that apply to other kinds +of works, such as semiconductor masks. + +``The Program'' refers to any copyrightable work licensed under this +License. Each licensee is addressed as ``you''. ``Licensees'' and +``recipients'' may be individuals or organizations. + +To ``modify'' a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of +an exact copy. The resulting work is called a ``modified version'' of +the earlier work or a work ``based on'' the earlier work. + +A ``covered work'' means either the unmodified Program or a work based +on the Program. + +To ``propagate'' a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + +To ``convey'' a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user +through a computer network, with no transfer of a copy, is not +conveying. + +An interactive user interface displays ``Appropriate Legal Notices'' to +the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + +@item Source Code. + +The ``source code'' for a work means the preferred form of the work for +making modifications to it. ``Object code'' means any non-source form +of a work. + +A ``Standard Interface'' means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + +The ``System Libraries'' of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +``Major Component'', in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + +The ``Corresponding Source'' for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + +The Corresponding Source need not include anything that users can +regenerate automatically from other parts of the Corresponding Source. + +The Corresponding Source for a work in source code form is that same +work. + +@item Basic Permissions. + +All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not convey, +without conditions so long as your license otherwise remains in force. +You may convey covered works to others for the sole purpose of having +them make modifications exclusively for you, or provide you with +facilities for running those works, provided that you comply with the +terms of this License in conveying all material for which you do not +control copyright. Those thus making or running the covered works for +you must do so exclusively on your behalf, under your direction and +control, on terms that prohibit them from making any copies of your +copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under the +conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + +@item Protecting Users' Legal Rights From Anti-Circumvention Law. + +No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + +When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such +circumvention is effected by exercising rights under this License with +respect to the covered work, and you disclaim any intention to limit +operation or modification of the work as a means of enforcing, against +the work's users, your or third parties' legal rights to forbid +circumvention of technological measures. + +@item Conveying Verbatim Copies. + +You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + +@item Conveying Modified Source Versions. + +You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these +conditions: + +@enumerate a +@item +The work must carry prominent notices stating that you modified it, +and giving a relevant date. + +@item +The work must carry prominent notices stating that it is released +under this License and any conditions added under section 7. This +requirement modifies the requirement in section 4 to ``keep intact all +notices''. + +@item +You must license the entire work, as a whole, under this License to +anyone who comes into possession of a copy. This License will +therefore apply, along with any applicable section 7 additional terms, +to the whole of the work, and all its parts, regardless of how they +are packaged. This License gives no permission to license the work in +any other way, but it does not invalidate such permission if you have +separately received it. + +@item +If the work has interactive user interfaces, each must display +Appropriate Legal Notices; however, if the Program has interactive +interfaces that do not display Appropriate Legal Notices, your work +need not make them do so. +@end enumerate + +A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +``aggregate'' if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + +@item Conveying Non-Source Forms. + +You may convey a covered work in object code form under the terms of +sections 4 and 5, provided that you also convey the machine-readable +Corresponding Source under the terms of this License, in one of these +ways: + +@enumerate a +@item +Convey the object code in, or embodied in, a physical product +(including a physical distribution medium), accompanied by the +Corresponding Source fixed on a durable physical medium customarily +used for software interchange. + +@item +Convey the object code in, or embodied in, a physical product +(including a physical distribution medium), accompanied by a written +offer, valid for at least three years and valid for as long as you +offer spare parts or customer support for that product model, to give +anyone who possesses the object code either (1) a copy of the +Corresponding Source for all the software in the product that is +covered by this License, on a durable physical medium customarily used +for software interchange, for a price no more than your reasonable +cost of physically performing this conveying of source, or (2) access +to copy the Corresponding Source from a network server at no charge. + +@item +Convey individual copies of the object code with a copy of the written +offer to provide the Corresponding Source. This alternative is +allowed only occasionally and noncommercially, and only if you +received the object code with such an offer, in accord with subsection +6b. + +@item +Convey the object code by offering access from a designated place +(gratis or for a charge), and offer equivalent access to the +Corresponding Source in the same way through the same place at no +further charge. You need not require recipients to copy the +Corresponding Source along with the object code. If the place to copy +the object code is a network server, the Corresponding Source may be +on a different server (operated by you or a third party) that supports +equivalent copying facilities, provided you maintain clear directions +next to the object code saying where to find the Corresponding Source. +Regardless of what server hosts the Corresponding Source, you remain +obligated to ensure that it is available for as long as needed to +satisfy these requirements. + +@item +Convey the object code using peer-to-peer transmission, provided you +inform other peers where the object code and Corresponding Source of +the work are being offered to the general public at no charge under +subsection 6d. + +@end enumerate + +A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + +A ``User Product'' is either (1) a ``consumer product'', which means any +tangible personal property which is normally used for personal, +family, or household purposes, or (2) anything designed or sold for +incorporation into a dwelling. In determining whether a product is a +consumer product, doubtful cases shall be resolved in favor of +coverage. For a particular product received by a particular user, +``normally used'' refers to a typical or common use of that class of +product, regardless of the status of the particular user or of the way +in which the particular user actually uses, or expects or is expected +to use, the product. A product is a consumer product regardless of +whether the product has substantial commercial, industrial or +non-consumer uses, unless such uses represent the only significant +mode of use of the product. + +``Installation Information'' for a User Product means any methods, +procedures, authorization keys, or other information required to +install and execute modified versions of a covered work in that User +Product from a modified version of its Corresponding Source. The +information must suffice to ensure that the continued functioning of +the modified object code is in no case prevented or interfered with +solely because modification has been made. + +If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + +The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or +updates for a work that has been modified or installed by the +recipient, or for the User Product in which it has been modified or +installed. Access to a network may be denied when the modification +itself materially and adversely affects the operation of the network +or violates the rules and protocols for communication across the +network. + +Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + +@item Additional Terms. + +``Additional permissions'' are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders +of that material) supplement the terms of this License with terms: + +@enumerate a +@item +Disclaiming warranty or limiting liability differently from the terms +of sections 15 and 16 of this License; or + +@item +Requiring preservation of specified reasonable legal notices or author +attributions in that material or in the Appropriate Legal Notices +displayed by works containing it; or + +@item +Prohibiting misrepresentation of the origin of that material, or +requiring that modified versions of such material be marked in +reasonable ways as different from the original version; or + +@item +Limiting the use for publicity purposes of names of licensors or +authors of the material; or + +@item +Declining to grant rights under trademark law for use of some trade +names, trademarks, or service marks; or + +@item +Requiring indemnification of licensors and authors of that material by +anyone who conveys the material (or modified versions of it) with +contractual assumptions of liability to the recipient, for any +liability that these contractual assumptions directly impose on those +licensors and authors. +@end enumerate + +All other non-permissive additional terms are considered ``further +restrictions'' within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; the +above requirements apply either way. + +@item Termination. + +You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + +However, if you cease all violation of this License, then your license +from a particular copyright holder is reinstated (a) provisionally, +unless and until the copyright holder explicitly and finally +terminates your license, and (b) permanently, if the copyright holder +fails to notify you of the violation by some reasonable means prior to +60 days after the cessation. + +Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + +Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + +@item Acceptance Not Required for Having Copies. + +You are not required to accept this License in order to receive or run +a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + +@item Automatic Licensing of Downstream Recipients. + +Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + +An ``entity transaction'' is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + +@item Patents. + +A ``contributor'' is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's ``contributor version''. + +A contributor's ``essential patent claims'' are all patent claims owned +or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, ``control'' includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + +In the following three paragraphs, a ``patent license'' is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To ``grant'' such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + +If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. ``Knowingly relying'' means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + +A patent license is ``discriminatory'' if it does not include within the +scope of its coverage, prohibits the exercise of, or is conditioned on +the non-exercise of one or more of the rights that are specifically +granted under this License. You may not convey a covered work if you +are a party to an arrangement with a third party that is in the +business of distributing software, under which you make payment to the +third party based on the extent of your activity of conveying the +work, and under which the third party grants, to any of the parties +who would receive the covered work from you, a discriminatory patent +license (a) in connection with copies of the covered work conveyed by +you (or copies made from those copies), or (b) primarily for and in +connection with specific products or compilations that contain the +covered work, unless you entered into that arrangement, or that patent +license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + +@item No Surrender of Others' Freedom. + +If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey +a covered work so as to satisfy simultaneously your obligations under +this License and any other pertinent obligations, then as a +consequence you may not convey it at all. For example, if you agree +to terms that obligate you to collect a royalty for further conveying +from those to whom you convey the Program, the only way you could +satisfy both those terms and this License would be to refrain entirely +from conveying the Program. + +@item Use with the GNU Affero General Public License. + +Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + +@item Revised Versions of this License. + +The Free Software Foundation may publish revised and/or new versions +of the GNU General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies that a certain numbered version of the GNU General Public +License ``or any later version'' applies to it, you have the option of +following the terms and conditions either of that numbered version or +of any later version published by the Free Software Foundation. If +the Program does not specify a version number of the GNU General +Public License, you may choose any version ever published by the Free +Software Foundation. + +If the Program specifies that a proxy can decide which future versions +of the GNU General Public License can be used, that proxy's public +statement of acceptance of a version permanently authorizes you to +choose that version for the Program. + +Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + +@item Disclaimer of Warranty. + +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM ``AS IS'' WITHOUT +WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND +PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE +DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR +CORRECTION. + +@item Limitation of Liability. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR +CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES +ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT +NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR +LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM +TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER +PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +@item Interpretation of Sections 15 and 16. + +If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + +@iftex +@heading END OF TERMS AND CONDITIONS +@end iftex +@ifinfo +@center END OF TERMS AND CONDITIONS +@end ifinfo +@unnumberedsec How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these +terms. + +To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the ``copyright'' line and a pointer to where the full notice is found. +@smallexample +@var{one line to give the program's name and a brief idea of what it does.} +Copyright (C) @var{year} @var{name of author} + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or (at +your option) any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see @url{http://www.gnu.org/licenses/}. +@end smallexample + +Also add information on how to contact you by electronic and paper mail. + +If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + +@smallexample +@var{program} Copyright (C) @var{year} @var{name of author} +This program comes with ABSOLUTELY NO WARRANTY; for details type @samp{show w}. +This is free software, and you are welcome to redistribute it under certain conditions; type @samp{show c} for details. +@end smallexample + +The hypothetical commands @samp{show w} and @samp{show c} should show +the appropriate parts of the General Public License. Of course, your +program's commands might be different; for a GUI interface, you would +use an ``about box''. + +You should also get your employer (if you work as a programmer) or school, +if any, to sign a ``copyright disclaimer'' for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +@url{http://www.gnu.org/licenses/}. + +The GNU General Public License does not permit incorporating your +program into proprietary programs. If your program is a subroutine +library, you may consider it more useful to permit linking proprietary +applications with the library. If this is what you want to do, use +the GNU Lesser General Public License instead of this License. But +first, please read @url{http://www.gnu.org/philosophy/why-not-lgpl.html}. + +@end enumerate diff --git a/doc/help.be.txt b/doc/help.be.txt new file mode 100644 index 0000000..36c9ffb --- /dev/null +++ b/doc/help.be.txt @@ -0,0 +1,286 @@ +# help..txt - GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.#gpg.edit_ownertrust.value +# fixme: Please translate and remove the hash mark from the key line. +It's up to you to assign a value here; this value will never be exported +to any 3rd party. We need it to implement the web-of-trust; it has nothing +to do with the (implicitly created) web-of-certificates. +. + +.#gpg.edit_ownertrust.set_ultimate.okay +# fixme: Please translate and remove the hash mark from the key line. +To build the Web-of-Trust, GnuPG needs to know which keys are +ultimately trusted - those are usually the keys for which you have +access to the secret key. Answer "yes" to set this key to +ultimately trusted + +. + +.#gpg.untrusted_key.override +# fixme: Please translate and remove the hash mark from the key line. +If you want to use this untrusted key anyway, answer "yes". +. + +.#gpg.pklist.user_id.enter +# fixme: Please translate and remove the hash mark from the key line. +Enter the user ID of the addressee to whom you want to send the message. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.#gpg.keygen.algo.rsa_se +# fixme: Please translate and remove the hash mark from the key line. +In general it is not a good idea to use the same key for signing and +encryption. This algorithm should only be used in certain domains. +Please consult your security expert first. +. + +.#gpg.keygen.size +# fixme: Please translate and remove the hash mark from the key line. +Enter the size of the key +. + +.#gpg.keygen.size.huge.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.size.large.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.valid +# fixme: Please translate and remove the hash mark from the key line. +Enter the required value as shown in the prompt. +It is possible to enter a ISO date (YYYY-MM-DD) but you won't +get a good error response - instead the system tries to interpret +the given value as an interval. +. + +.#gpg.keygen.valid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.name +# fixme: Please translate and remove the hash mark from the key line. +Enter the name of the key holder +. + +.#gpg.keygen.email +# fixme: Please translate and remove the hash mark from the key line. +please enter an optional but highly suggested email address +. + +.#gpg.keygen.comment +# fixme: Please translate and remove the hash mark from the key line. +Please enter an optional comment +. + +.#gpg.keygen.userid.cmd +# fixme: Please translate and remove the hash mark from the key line. +N to change the name. +C to change the comment. +E to change the email address. +O to continue with key generation. +Q to to quit the key generation. +. + +.#gpg.keygen.sub.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" (or just "y") if it is okay to generate the sub key. +. + +.#gpg.sign_uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.sign_uid.class +# fixme: Please translate and remove the hash mark from the key line. +When you sign a user ID on a key, you should first verify that the key +belongs to the person named in the user ID. It is useful for others to +know how carefully you verified this. + +"0" means you make no particular claim as to how carefully you verified the + key. + +"1" means you believe the key is owned by the person who claims to own it + but you could not, or did not verify the key at all. This is useful for + a "persona" verification, where you sign the key of a pseudonymous user. + +"2" means you did casual verification of the key. For example, this could + mean that you verified the key fingerprint and checked the user ID on the + key against a photo ID. + +"3" means you did extensive verification of the key. For example, this could + mean that you verified the key fingerprint with the owner of the key in + person, and that you checked, by means of a hard to forge document with a + photo ID (such as a passport) that the name of the key owner matches the + name in the user ID on the key, and finally that you verified (by exchange + of email) that the email address on the key belongs to the key owner. + +Note that the examples given above for levels 2 and 3 are *only* examples. +In the end, it is up to you to decide just what "casual" and "extensive" +mean to you when you sign other keys. + +If you don't know what the right answer is, answer "0". +. + +.#gpg.change_passwd.empty.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.save.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.cancel.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.#gpg.keyedit.remove.uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you really want to delete this user ID. +All certificates are then also lost! +. + +.#gpg.keyedit.remove.subkey.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to delete the subkey +. + +.#gpg.keyedit.delsig.valid +# fixme: Please translate and remove the hash mark from the key line. +This is a valid signature on the key; you normally don't want +to delete this signature because it may be important to establish a +trust connection to the key or another key certified by this key. +. + +.#gpg.keyedit.delsig.unknown +# fixme: Please translate and remove the hash mark from the key line. +This signature can't be checked because you don't have the +corresponding key. You should postpone its deletion until you +know which key was used because this signing key might establish +a trust connection through another already certified key. +. + +.#gpg.keyedit.delsig.invalid +# fixme: Please translate and remove the hash mark from the key line. +The signature is not valid. It does make sense to remove it from +your keyring. +. + +.#gpg.keyedit.delsig.selfsig +# fixme: Please translate and remove the hash mark from the key line. +This is a signature which binds the user ID to the key. It is +usually not a good idea to remove such a signature. Actually +GnuPG might not be able to use this key anymore. So do this +only if this self-signature is for some reason not valid and +a second one is available. +. + +.#gpg.keyedit.updpref.okay +# fixme: Please translate and remove the hash mark from the key line. +Change the preferences of all user IDs (or just of the selected ones) +to the current list of preferences. The timestamp of all affected +self-signatures will be advanced by one second. + +. + +.#gpg.passphrase.enter +# fixme: Please translate and remove the hash mark from the key line. +Please enter the passhrase; this is a secret sentence + +. + +.#gpg.passphrase.repeat +# fixme: Please translate and remove the hash mark from the key line. +Please repeat the last passphrase, so you are sure what you typed in. +. + +.#gpg.detached_signature.filename +# fixme: Please translate and remove the hash mark from the key line. +Give the name of the file to which the signature applies +. + +.#gpg.openfile.overwrite.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to overwrite the file +. + +.#gpg.openfile.askoutname +# fixme: Please translate and remove the hash mark from the key line. +Please enter a new filename. If you just hit RETURN the default +file (which is shown in brackets) will be used. +. + +.#gpg.ask_revocation_reason.code +# fixme: Please translate and remove the hash mark from the key line. +You should specify a reason for the certification. Depending on the +context you have the ability to choose from this list: + "Key has been compromised" + Use this if you have a reason to believe that unauthorized persons + got access to your secret key. + "Key is superseded" + Use this if you have replaced this key with a newer one. + "Key is no longer used" + Use this if you have retired this key. + "User ID is no longer valid" + Use this to state that the user ID should not longer be used; + this is normally used to mark an email address invalid. + +. + +.#gpg.ask_revocation_reason.text +# fixme: Please translate and remove the hash mark from the key line. +If you like, you can enter a text describing why you issue this +revocation certificate. Please keep this text concise. +An empty line ends the text. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.ca.txt b/doc/help.ca.txt new file mode 100644 index 0000000..36c9ffb --- /dev/null +++ b/doc/help.ca.txt @@ -0,0 +1,286 @@ +# help..txt - GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.#gpg.edit_ownertrust.value +# fixme: Please translate and remove the hash mark from the key line. +It's up to you to assign a value here; this value will never be exported +to any 3rd party. We need it to implement the web-of-trust; it has nothing +to do with the (implicitly created) web-of-certificates. +. + +.#gpg.edit_ownertrust.set_ultimate.okay +# fixme: Please translate and remove the hash mark from the key line. +To build the Web-of-Trust, GnuPG needs to know which keys are +ultimately trusted - those are usually the keys for which you have +access to the secret key. Answer "yes" to set this key to +ultimately trusted + +. + +.#gpg.untrusted_key.override +# fixme: Please translate and remove the hash mark from the key line. +If you want to use this untrusted key anyway, answer "yes". +. + +.#gpg.pklist.user_id.enter +# fixme: Please translate and remove the hash mark from the key line. +Enter the user ID of the addressee to whom you want to send the message. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.#gpg.keygen.algo.rsa_se +# fixme: Please translate and remove the hash mark from the key line. +In general it is not a good idea to use the same key for signing and +encryption. This algorithm should only be used in certain domains. +Please consult your security expert first. +. + +.#gpg.keygen.size +# fixme: Please translate and remove the hash mark from the key line. +Enter the size of the key +. + +.#gpg.keygen.size.huge.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.size.large.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.valid +# fixme: Please translate and remove the hash mark from the key line. +Enter the required value as shown in the prompt. +It is possible to enter a ISO date (YYYY-MM-DD) but you won't +get a good error response - instead the system tries to interpret +the given value as an interval. +. + +.#gpg.keygen.valid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.name +# fixme: Please translate and remove the hash mark from the key line. +Enter the name of the key holder +. + +.#gpg.keygen.email +# fixme: Please translate and remove the hash mark from the key line. +please enter an optional but highly suggested email address +. + +.#gpg.keygen.comment +# fixme: Please translate and remove the hash mark from the key line. +Please enter an optional comment +. + +.#gpg.keygen.userid.cmd +# fixme: Please translate and remove the hash mark from the key line. +N to change the name. +C to change the comment. +E to change the email address. +O to continue with key generation. +Q to to quit the key generation. +. + +.#gpg.keygen.sub.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" (or just "y") if it is okay to generate the sub key. +. + +.#gpg.sign_uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.sign_uid.class +# fixme: Please translate and remove the hash mark from the key line. +When you sign a user ID on a key, you should first verify that the key +belongs to the person named in the user ID. It is useful for others to +know how carefully you verified this. + +"0" means you make no particular claim as to how carefully you verified the + key. + +"1" means you believe the key is owned by the person who claims to own it + but you could not, or did not verify the key at all. This is useful for + a "persona" verification, where you sign the key of a pseudonymous user. + +"2" means you did casual verification of the key. For example, this could + mean that you verified the key fingerprint and checked the user ID on the + key against a photo ID. + +"3" means you did extensive verification of the key. For example, this could + mean that you verified the key fingerprint with the owner of the key in + person, and that you checked, by means of a hard to forge document with a + photo ID (such as a passport) that the name of the key owner matches the + name in the user ID on the key, and finally that you verified (by exchange + of email) that the email address on the key belongs to the key owner. + +Note that the examples given above for levels 2 and 3 are *only* examples. +In the end, it is up to you to decide just what "casual" and "extensive" +mean to you when you sign other keys. + +If you don't know what the right answer is, answer "0". +. + +.#gpg.change_passwd.empty.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.save.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.cancel.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.#gpg.keyedit.remove.uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you really want to delete this user ID. +All certificates are then also lost! +. + +.#gpg.keyedit.remove.subkey.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to delete the subkey +. + +.#gpg.keyedit.delsig.valid +# fixme: Please translate and remove the hash mark from the key line. +This is a valid signature on the key; you normally don't want +to delete this signature because it may be important to establish a +trust connection to the key or another key certified by this key. +. + +.#gpg.keyedit.delsig.unknown +# fixme: Please translate and remove the hash mark from the key line. +This signature can't be checked because you don't have the +corresponding key. You should postpone its deletion until you +know which key was used because this signing key might establish +a trust connection through another already certified key. +. + +.#gpg.keyedit.delsig.invalid +# fixme: Please translate and remove the hash mark from the key line. +The signature is not valid. It does make sense to remove it from +your keyring. +. + +.#gpg.keyedit.delsig.selfsig +# fixme: Please translate and remove the hash mark from the key line. +This is a signature which binds the user ID to the key. It is +usually not a good idea to remove such a signature. Actually +GnuPG might not be able to use this key anymore. So do this +only if this self-signature is for some reason not valid and +a second one is available. +. + +.#gpg.keyedit.updpref.okay +# fixme: Please translate and remove the hash mark from the key line. +Change the preferences of all user IDs (or just of the selected ones) +to the current list of preferences. The timestamp of all affected +self-signatures will be advanced by one second. + +. + +.#gpg.passphrase.enter +# fixme: Please translate and remove the hash mark from the key line. +Please enter the passhrase; this is a secret sentence + +. + +.#gpg.passphrase.repeat +# fixme: Please translate and remove the hash mark from the key line. +Please repeat the last passphrase, so you are sure what you typed in. +. + +.#gpg.detached_signature.filename +# fixme: Please translate and remove the hash mark from the key line. +Give the name of the file to which the signature applies +. + +.#gpg.openfile.overwrite.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to overwrite the file +. + +.#gpg.openfile.askoutname +# fixme: Please translate and remove the hash mark from the key line. +Please enter a new filename. If you just hit RETURN the default +file (which is shown in brackets) will be used. +. + +.#gpg.ask_revocation_reason.code +# fixme: Please translate and remove the hash mark from the key line. +You should specify a reason for the certification. Depending on the +context you have the ability to choose from this list: + "Key has been compromised" + Use this if you have a reason to believe that unauthorized persons + got access to your secret key. + "Key is superseded" + Use this if you have replaced this key with a newer one. + "Key is no longer used" + Use this if you have retired this key. + "User ID is no longer valid" + Use this to state that the user ID should not longer be used; + this is normally used to mark an email address invalid. + +. + +.#gpg.ask_revocation_reason.text +# fixme: Please translate and remove the hash mark from the key line. +If you like, you can enter a text describing why you issue this +revocation certificate. Please keep this text concise. +An empty line ends the text. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.cs.txt b/doc/help.cs.txt new file mode 100644 index 0000000..36c9ffb --- /dev/null +++ b/doc/help.cs.txt @@ -0,0 +1,286 @@ +# help..txt - GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.#gpg.edit_ownertrust.value +# fixme: Please translate and remove the hash mark from the key line. +It's up to you to assign a value here; this value will never be exported +to any 3rd party. We need it to implement the web-of-trust; it has nothing +to do with the (implicitly created) web-of-certificates. +. + +.#gpg.edit_ownertrust.set_ultimate.okay +# fixme: Please translate and remove the hash mark from the key line. +To build the Web-of-Trust, GnuPG needs to know which keys are +ultimately trusted - those are usually the keys for which you have +access to the secret key. Answer "yes" to set this key to +ultimately trusted + +. + +.#gpg.untrusted_key.override +# fixme: Please translate and remove the hash mark from the key line. +If you want to use this untrusted key anyway, answer "yes". +. + +.#gpg.pklist.user_id.enter +# fixme: Please translate and remove the hash mark from the key line. +Enter the user ID of the addressee to whom you want to send the message. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.#gpg.keygen.algo.rsa_se +# fixme: Please translate and remove the hash mark from the key line. +In general it is not a good idea to use the same key for signing and +encryption. This algorithm should only be used in certain domains. +Please consult your security expert first. +. + +.#gpg.keygen.size +# fixme: Please translate and remove the hash mark from the key line. +Enter the size of the key +. + +.#gpg.keygen.size.huge.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.size.large.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.valid +# fixme: Please translate and remove the hash mark from the key line. +Enter the required value as shown in the prompt. +It is possible to enter a ISO date (YYYY-MM-DD) but you won't +get a good error response - instead the system tries to interpret +the given value as an interval. +. + +.#gpg.keygen.valid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.name +# fixme: Please translate and remove the hash mark from the key line. +Enter the name of the key holder +. + +.#gpg.keygen.email +# fixme: Please translate and remove the hash mark from the key line. +please enter an optional but highly suggested email address +. + +.#gpg.keygen.comment +# fixme: Please translate and remove the hash mark from the key line. +Please enter an optional comment +. + +.#gpg.keygen.userid.cmd +# fixme: Please translate and remove the hash mark from the key line. +N to change the name. +C to change the comment. +E to change the email address. +O to continue with key generation. +Q to to quit the key generation. +. + +.#gpg.keygen.sub.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" (or just "y") if it is okay to generate the sub key. +. + +.#gpg.sign_uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.sign_uid.class +# fixme: Please translate and remove the hash mark from the key line. +When you sign a user ID on a key, you should first verify that the key +belongs to the person named in the user ID. It is useful for others to +know how carefully you verified this. + +"0" means you make no particular claim as to how carefully you verified the + key. + +"1" means you believe the key is owned by the person who claims to own it + but you could not, or did not verify the key at all. This is useful for + a "persona" verification, where you sign the key of a pseudonymous user. + +"2" means you did casual verification of the key. For example, this could + mean that you verified the key fingerprint and checked the user ID on the + key against a photo ID. + +"3" means you did extensive verification of the key. For example, this could + mean that you verified the key fingerprint with the owner of the key in + person, and that you checked, by means of a hard to forge document with a + photo ID (such as a passport) that the name of the key owner matches the + name in the user ID on the key, and finally that you verified (by exchange + of email) that the email address on the key belongs to the key owner. + +Note that the examples given above for levels 2 and 3 are *only* examples. +In the end, it is up to you to decide just what "casual" and "extensive" +mean to you when you sign other keys. + +If you don't know what the right answer is, answer "0". +. + +.#gpg.change_passwd.empty.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.save.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.cancel.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.#gpg.keyedit.remove.uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you really want to delete this user ID. +All certificates are then also lost! +. + +.#gpg.keyedit.remove.subkey.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to delete the subkey +. + +.#gpg.keyedit.delsig.valid +# fixme: Please translate and remove the hash mark from the key line. +This is a valid signature on the key; you normally don't want +to delete this signature because it may be important to establish a +trust connection to the key or another key certified by this key. +. + +.#gpg.keyedit.delsig.unknown +# fixme: Please translate and remove the hash mark from the key line. +This signature can't be checked because you don't have the +corresponding key. You should postpone its deletion until you +know which key was used because this signing key might establish +a trust connection through another already certified key. +. + +.#gpg.keyedit.delsig.invalid +# fixme: Please translate and remove the hash mark from the key line. +The signature is not valid. It does make sense to remove it from +your keyring. +. + +.#gpg.keyedit.delsig.selfsig +# fixme: Please translate and remove the hash mark from the key line. +This is a signature which binds the user ID to the key. It is +usually not a good idea to remove such a signature. Actually +GnuPG might not be able to use this key anymore. So do this +only if this self-signature is for some reason not valid and +a second one is available. +. + +.#gpg.keyedit.updpref.okay +# fixme: Please translate and remove the hash mark from the key line. +Change the preferences of all user IDs (or just of the selected ones) +to the current list of preferences. The timestamp of all affected +self-signatures will be advanced by one second. + +. + +.#gpg.passphrase.enter +# fixme: Please translate and remove the hash mark from the key line. +Please enter the passhrase; this is a secret sentence + +. + +.#gpg.passphrase.repeat +# fixme: Please translate and remove the hash mark from the key line. +Please repeat the last passphrase, so you are sure what you typed in. +. + +.#gpg.detached_signature.filename +# fixme: Please translate and remove the hash mark from the key line. +Give the name of the file to which the signature applies +. + +.#gpg.openfile.overwrite.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to overwrite the file +. + +.#gpg.openfile.askoutname +# fixme: Please translate and remove the hash mark from the key line. +Please enter a new filename. If you just hit RETURN the default +file (which is shown in brackets) will be used. +. + +.#gpg.ask_revocation_reason.code +# fixme: Please translate and remove the hash mark from the key line. +You should specify a reason for the certification. Depending on the +context you have the ability to choose from this list: + "Key has been compromised" + Use this if you have a reason to believe that unauthorized persons + got access to your secret key. + "Key is superseded" + Use this if you have replaced this key with a newer one. + "Key is no longer used" + Use this if you have retired this key. + "User ID is no longer valid" + Use this to state that the user ID should not longer be used; + this is normally used to mark an email address invalid. + +. + +.#gpg.ask_revocation_reason.text +# fixme: Please translate and remove the hash mark from the key line. +If you like, you can enter a text describing why you issue this +revocation certificate. Please keep this text concise. +An empty line ends the text. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.da.txt b/doc/help.da.txt new file mode 100644 index 0000000..36c9ffb --- /dev/null +++ b/doc/help.da.txt @@ -0,0 +1,286 @@ +# help..txt - GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.#gpg.edit_ownertrust.value +# fixme: Please translate and remove the hash mark from the key line. +It's up to you to assign a value here; this value will never be exported +to any 3rd party. We need it to implement the web-of-trust; it has nothing +to do with the (implicitly created) web-of-certificates. +. + +.#gpg.edit_ownertrust.set_ultimate.okay +# fixme: Please translate and remove the hash mark from the key line. +To build the Web-of-Trust, GnuPG needs to know which keys are +ultimately trusted - those are usually the keys for which you have +access to the secret key. Answer "yes" to set this key to +ultimately trusted + +. + +.#gpg.untrusted_key.override +# fixme: Please translate and remove the hash mark from the key line. +If you want to use this untrusted key anyway, answer "yes". +. + +.#gpg.pklist.user_id.enter +# fixme: Please translate and remove the hash mark from the key line. +Enter the user ID of the addressee to whom you want to send the message. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.#gpg.keygen.algo.rsa_se +# fixme: Please translate and remove the hash mark from the key line. +In general it is not a good idea to use the same key for signing and +encryption. This algorithm should only be used in certain domains. +Please consult your security expert first. +. + +.#gpg.keygen.size +# fixme: Please translate and remove the hash mark from the key line. +Enter the size of the key +. + +.#gpg.keygen.size.huge.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.size.large.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.valid +# fixme: Please translate and remove the hash mark from the key line. +Enter the required value as shown in the prompt. +It is possible to enter a ISO date (YYYY-MM-DD) but you won't +get a good error response - instead the system tries to interpret +the given value as an interval. +. + +.#gpg.keygen.valid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.name +# fixme: Please translate and remove the hash mark from the key line. +Enter the name of the key holder +. + +.#gpg.keygen.email +# fixme: Please translate and remove the hash mark from the key line. +please enter an optional but highly suggested email address +. + +.#gpg.keygen.comment +# fixme: Please translate and remove the hash mark from the key line. +Please enter an optional comment +. + +.#gpg.keygen.userid.cmd +# fixme: Please translate and remove the hash mark from the key line. +N to change the name. +C to change the comment. +E to change the email address. +O to continue with key generation. +Q to to quit the key generation. +. + +.#gpg.keygen.sub.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" (or just "y") if it is okay to generate the sub key. +. + +.#gpg.sign_uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.sign_uid.class +# fixme: Please translate and remove the hash mark from the key line. +When you sign a user ID on a key, you should first verify that the key +belongs to the person named in the user ID. It is useful for others to +know how carefully you verified this. + +"0" means you make no particular claim as to how carefully you verified the + key. + +"1" means you believe the key is owned by the person who claims to own it + but you could not, or did not verify the key at all. This is useful for + a "persona" verification, where you sign the key of a pseudonymous user. + +"2" means you did casual verification of the key. For example, this could + mean that you verified the key fingerprint and checked the user ID on the + key against a photo ID. + +"3" means you did extensive verification of the key. For example, this could + mean that you verified the key fingerprint with the owner of the key in + person, and that you checked, by means of a hard to forge document with a + photo ID (such as a passport) that the name of the key owner matches the + name in the user ID on the key, and finally that you verified (by exchange + of email) that the email address on the key belongs to the key owner. + +Note that the examples given above for levels 2 and 3 are *only* examples. +In the end, it is up to you to decide just what "casual" and "extensive" +mean to you when you sign other keys. + +If you don't know what the right answer is, answer "0". +. + +.#gpg.change_passwd.empty.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.save.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.cancel.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.#gpg.keyedit.remove.uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you really want to delete this user ID. +All certificates are then also lost! +. + +.#gpg.keyedit.remove.subkey.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to delete the subkey +. + +.#gpg.keyedit.delsig.valid +# fixme: Please translate and remove the hash mark from the key line. +This is a valid signature on the key; you normally don't want +to delete this signature because it may be important to establish a +trust connection to the key or another key certified by this key. +. + +.#gpg.keyedit.delsig.unknown +# fixme: Please translate and remove the hash mark from the key line. +This signature can't be checked because you don't have the +corresponding key. You should postpone its deletion until you +know which key was used because this signing key might establish +a trust connection through another already certified key. +. + +.#gpg.keyedit.delsig.invalid +# fixme: Please translate and remove the hash mark from the key line. +The signature is not valid. It does make sense to remove it from +your keyring. +. + +.#gpg.keyedit.delsig.selfsig +# fixme: Please translate and remove the hash mark from the key line. +This is a signature which binds the user ID to the key. It is +usually not a good idea to remove such a signature. Actually +GnuPG might not be able to use this key anymore. So do this +only if this self-signature is for some reason not valid and +a second one is available. +. + +.#gpg.keyedit.updpref.okay +# fixme: Please translate and remove the hash mark from the key line. +Change the preferences of all user IDs (or just of the selected ones) +to the current list of preferences. The timestamp of all affected +self-signatures will be advanced by one second. + +. + +.#gpg.passphrase.enter +# fixme: Please translate and remove the hash mark from the key line. +Please enter the passhrase; this is a secret sentence + +. + +.#gpg.passphrase.repeat +# fixme: Please translate and remove the hash mark from the key line. +Please repeat the last passphrase, so you are sure what you typed in. +. + +.#gpg.detached_signature.filename +# fixme: Please translate and remove the hash mark from the key line. +Give the name of the file to which the signature applies +. + +.#gpg.openfile.overwrite.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to overwrite the file +. + +.#gpg.openfile.askoutname +# fixme: Please translate and remove the hash mark from the key line. +Please enter a new filename. If you just hit RETURN the default +file (which is shown in brackets) will be used. +. + +.#gpg.ask_revocation_reason.code +# fixme: Please translate and remove the hash mark from the key line. +You should specify a reason for the certification. Depending on the +context you have the ability to choose from this list: + "Key has been compromised" + Use this if you have a reason to believe that unauthorized persons + got access to your secret key. + "Key is superseded" + Use this if you have replaced this key with a newer one. + "Key is no longer used" + Use this if you have retired this key. + "User ID is no longer valid" + Use this to state that the user ID should not longer be used; + this is normally used to mark an email address invalid. + +. + +.#gpg.ask_revocation_reason.text +# fixme: Please translate and remove the hash mark from the key line. +If you like, you can enter a text describing why you issue this +revocation certificate. Please keep this text concise. +An empty line ends the text. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.de.txt b/doc/help.de.txt new file mode 100644 index 0000000..ea2a4e4 --- /dev/null +++ b/doc/help.de.txt @@ -0,0 +1,279 @@ +# help.de.txt - German GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +# Die Datei help.txt beschreibt das verwendete Format. +# Diese Datei muß UTF-8 kodiert sein. + + +.#pinentry.qualitybar.tooltip +# Dies ist lediglich eine kommentiertes Beispiel. Es ist am sinnvolssten +# einen individuellen Text in /etc/gnupg/help.de.txt zu erstellen. +Die Qualität der Passphrase, die Sie oben eingegeben haben. Bitte +fragen sie Ihren Systembeauftragten nach den Kriterien für die Messung +der Qualität. +. + + + + +.gpg.edit_ownertrust.value +Sie müssen selbst entscheiden, welchen Wert Sie hier eintragen; dieser Wert +wird niemals an eine dritte Seite weitergegeben. Wir brauchen diesen Wert, +um das "Netz des Vertrauens" aufzubauen. Dieses hat nichts mit dem +(implizit erzeugten) "Netz der Zertifikate" zu tun. +. + +.gpg.edit_ownertrust.set_ultimate.okay +Um das Web-of-Trust aufzubauen muß GnuPG wissen, welchen Schlüsseln +uneingeschränkt vertraut wird. Das sind üblicherweise die Schlüssel +auf deren geheimen Schlüssel Sie Zugruff haben. +Antworten Sie mit "yes" um diesen Schlüssel uneingeschränkt zu vertrauen + +. + +.gpg.untrusted_key.override +Wenn Sie diesen nicht vertrauenswürdigen Schlüssel trotzdem benutzen wollen, +so antworten Sie mit "ja". +. + +.gpg.pklist.user_id.enter +Geben Sie die User-ID dessen ein, dem Sie die Botschaft senden wollen. +. + +.gpg.keygen.algo +Wählen Sie das zu verwendene Verfahren. + +DSA (alias DSS) ist der "Digital Signature Algorithm" und kann nur für +Unterschriften genutzt werden. + +Elgamal ist ein Verfahren nur für Verschlüsselung. + +RSA kann sowohl für Unterschriften als auch für Verschlüsselung genutzt +werden. + +Der erste Schlüssel (Hauptschlüssel) muß immer ein Schlüssel sein, mit dem +unterschrieben werden kann. +. + +.gpg.keygen.algo.rsa_se +Normalerweise ist es nicht gut, denselben Schlüssel zum unterschreiben +und verschlüsseln zu nutzen. Dieses Verfahren sollte in speziellen +Anwendungsgebiten benutzt werden. Bitte lassen Sie sich zuerst von +einem Sicherheistexperten beraten. +. + +.gpg.keygen.size +Wählen Sie die gewünschte Schlüssellänge +. + +.gpg.keygen.size.huge.okay +Geben Sie "ja" oder "nein" ein +. + +.gpg.keygen.size.large.okay +Geben Sie "ja" oder "nein" ein +. + +.gpg.keygen.valid +Geben Sie den benötigten Wert so an, wie er im Prompt erscheint. +Es ist zwar möglich ein "ISO"-Datum (JJJJ-MM-DD) einzugeben, aber man +erhält dann ggfs. keine brauchbaren Fehlermeldungen - stattdessen versucht +der Rechner den Wert als Intervall (von-bis) zu deuten. +. + +.gpg.keygen.valid.okay +Geben Sie "ja" oder "nein" ein +. + +.gpg.keygen.name +Geben Sie den Namen des Schlüsselinhabers ein. +Beispiel: Heinrich Heine. +. + +.gpg.keygen.email +Geben Sie eine Email-Adresse ein. Dies ist zwar nicht unbedingt notwendig, +aber sehr empfehlenswert. +Beispiel: heinrichh@duesseldorf.de +. + +.gpg.keygen.comment +Geben Sie - bei Bedarf - einen Kommentar ein. +. + +.gpg.keygen.userid.cmd +N um den Namen zu ändern. +K um den Kommentar zu ändern. +E um die Email-Adresse zu ändern. +F um mit der Schlüsselerzeugung fortzusetzen. +B um die Schlüsselerzeugung abbrechen. +. + +.gpg.keygen.sub.okay +Geben Sie "ja" (oder nur "j") ein, um den Unterschlüssel zu erzeugen. +. + +.gpg.sign_uid.okay +Geben Sie "ja" oder "nein" ein +. + +.gpg.sign_uid.class +Wenn Sie die User-ID eines Schlüssels beglaubigen wollen, sollten Sie zunächst +sicherstellen, daß der Schlüssel demjenigen gehört, der in der User-ID genannt +ist. Für Dritte ist es hilfreich zu wissen, wie gut diese Zuordnung überprüft +wurde. + +"0" zeigt, daß Sie keine bestimmte Aussage über die Sorgfalt der + Schlüsselzuordnung machen. + +"1" Sie glauben, daß der Schlüssel der benannten Person gehört, + aber Sie konnten oder nahmen die Ãœberpüfung überhaupt nicht vor. + Dies ist hilfreich für eine "persona"-Ãœberprüfung, wobei man den + Schlüssel eines Pseudonym-Trägers beglaubigt + +"2" Sie nahmen eine flüchtige Ãœberprüfung vor. Das heißt Sie haben z.B. + den Schlüsselfingerabdruck kontrolliert und die User-ID des Schlüssels + anhand des Fotos geprüft. + +"3" Sie haben eine ausführlich Kontrolle des Schlüssels vorgenommen. + Das kann z.B. die Kontrolle des Schlüsselfingerabdrucks mit dem + Schlüsselinhaber persönlich vorgenommen haben; daß Sie die User-ID des + Schlüssel anhand einer schwer zu fälschenden Urkunde mit Foto (wie z.B. + einem Paß) abgeglichen haben und schließlich per Email-Verkehr die + Email-Adresse als zum Schlüsselbesitzer gehörig erkannt haben. + +Beachten Sie, daß diese Beispiele für die Antworten 2 und 3 *nur* Beispiele +sind. Schlußendlich ist es Ihre Sache, was Sie unter "flüchtig" oder + "ausführlich" verstehen, wenn Sie Schlüssel Dritter beglaubigen. + +Wenn Sie nicht wissen, wie Sie antworten sollen, wählen Sie "0". +. + +.gpg.change_passwd.empty.okay +Geben Sie "ja" oder "nein" ein +. + +.gpg.keyedit.save.okay +Geben Sie "ja" oder "nein" ein +. + +.gpg.keyedit.cancel.okay +Geben Sie "ja" oder "nein" ein +. + +.gpg.keyedit.sign_all.okay +Geben Sie "ja" (oder nur "j") ein, um alle User-IDs zu beglaubigen +. + +.gpg.keyedit.remove.uid.okay +Geben Sie "ja" (oder nur "j") ein, um diese User-ID zu LÖSCHEN. +Alle Zertifikate werden dann auch weg sein! +. + +.gpg.keyedit.remove.subkey.okay +Geben Sie "ja" (oder nur "j") ein, um diesen Unterschlüssel zu löschen +. + +.gpg.keyedit.delsig.valid +Dies ist eine gültige Beglaubigung für den Schlüssel. Es ist normalerweise +unnötig sie zu löschen. Sie ist möglicherweise sogar notwendig, um einen +Trust-Weg zu diesem oder einem durch diesen Schlüssel beglaubigten Schlüssel +herzustellen. +. + +.gpg.keyedit.delsig.unknown +Diese Beglaubigung kann nicht geprüft werden, da Sie den passenden Schlüssel +nicht besitzen. Sie sollten die Löschung der Beglaubigung verschieben, bis +sie wissen, welcher Schlüssel verwendet wurde. Denn vielleicht würde genau +diese Beglaubigung den "Trust"-Weg komplettieren. +. + +.gpg.keyedit.delsig.invalid +Diese Beglaubigung ist ungültig. Es ist sinnvoll sie aus Ihrem +Schlüsselbund zu entfernen. +. + +.gpg.keyedit.delsig.selfsig +Diese Beglaubigung bindet die User-ID an den Schlüssel. Normalerweise ist +es nicht gut, solche Beglaubigungen zu entfernen. Um ehrlich zu sein: +Es könnte dann sein, daß GnuPG diesen Schlüssel gar nicht mehr benutzen kann. +Sie sollten diese Eigenbeglaubigung also nur dann entfernen, wenn sie aus +irgendeinem Grund nicht gültig ist und eine zweite Beglaubigung verfügbar ist. +. + +.gpg.keyedit.updpref.okay +Ändern der Voreinstellung aller User-IDs (oder nur der ausgewählten) +auf die aktuelle Liste der Voreinstellung. Die Zeitangaben aller betroffenen +Eigenbeglaubigungen werden um eine Sekunde vorgestellt. + +. + +.gpg.passphrase.enter +Bitte geben Sie die Passphrase ein. Dies ist ein geheimer Satz + +. + +.gpg.passphrase.repeat +Um sicher zu gehen, daß Sie sich bei der Eingabe der Passphrase nicht +vertippt haben, geben Sie diese bitte nochmal ein. Nur wenn beide Eingaben +übereinstimmen, wird die Passphrase akzeptiert. +. + +.gpg.detached_signature.filename +Geben Sie den Namen der Datei an, zu dem die abgetrennte Unterschrift gehört +. + +.gpg.openfile.overwrite.okay +Geben Sie "ja" ein, wenn Sie die Datei überschreiben möchten +. + +.gpg.openfile.askoutname +Geben Sie bitte einen neuen Dateinamen ein. Falls Sie nur die +Eingabetaste betätigen, wird der (in Klammern angezeigte) Standarddateiname +verwendet. +. + +.gpg.ask_revocation_reason.code +Sie sollten einen Grund für die Zertifizierung angeben. Je nach +Zusammenhang können Sie aus dieser Liste auswählen: + "Schlüssel wurde kompromitiert" + Falls Sie Grund zu der Annahme haben, daß nicht berechtigte Personen + Zugriff zu Ihrem geheimen Schlüssel hatten + "Schlüssel ist überholt" + Falls Sie diesen Schlüssel durch einem neuen ersetzt haben. + "Schlüssel wird nicht mehr benutzt" + Falls Sie diesen Schlüssel zurückgezogen haben. + "User-ID ist nicht mehr gültig" + Um bekanntzugeben, daß die User-ID nicht mehr benutzt werden soll. + So weist man normalerweise auf eine ungültige Emailadresse hin. + +. + +.gpg.ask_revocation_reason.text +Wenn Sie möchten, können Sie hier einen Text eingeben, der darlegt, warum +Sie diesen Widerruf herausgeben. Der Text sollte möglichst knapp sein. +Eine Leerzeile beendet die Eingabe. + +. + + + +# Local variables: +# mode: default-generic +# coding: utf-8 +# End: diff --git a/doc/help.el.txt b/doc/help.el.txt new file mode 100644 index 0000000..36c9ffb --- /dev/null +++ b/doc/help.el.txt @@ -0,0 +1,286 @@ +# help..txt - GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.#gpg.edit_ownertrust.value +# fixme: Please translate and remove the hash mark from the key line. +It's up to you to assign a value here; this value will never be exported +to any 3rd party. We need it to implement the web-of-trust; it has nothing +to do with the (implicitly created) web-of-certificates. +. + +.#gpg.edit_ownertrust.set_ultimate.okay +# fixme: Please translate and remove the hash mark from the key line. +To build the Web-of-Trust, GnuPG needs to know which keys are +ultimately trusted - those are usually the keys for which you have +access to the secret key. Answer "yes" to set this key to +ultimately trusted + +. + +.#gpg.untrusted_key.override +# fixme: Please translate and remove the hash mark from the key line. +If you want to use this untrusted key anyway, answer "yes". +. + +.#gpg.pklist.user_id.enter +# fixme: Please translate and remove the hash mark from the key line. +Enter the user ID of the addressee to whom you want to send the message. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.#gpg.keygen.algo.rsa_se +# fixme: Please translate and remove the hash mark from the key line. +In general it is not a good idea to use the same key for signing and +encryption. This algorithm should only be used in certain domains. +Please consult your security expert first. +. + +.#gpg.keygen.size +# fixme: Please translate and remove the hash mark from the key line. +Enter the size of the key +. + +.#gpg.keygen.size.huge.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.size.large.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.valid +# fixme: Please translate and remove the hash mark from the key line. +Enter the required value as shown in the prompt. +It is possible to enter a ISO date (YYYY-MM-DD) but you won't +get a good error response - instead the system tries to interpret +the given value as an interval. +. + +.#gpg.keygen.valid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.name +# fixme: Please translate and remove the hash mark from the key line. +Enter the name of the key holder +. + +.#gpg.keygen.email +# fixme: Please translate and remove the hash mark from the key line. +please enter an optional but highly suggested email address +. + +.#gpg.keygen.comment +# fixme: Please translate and remove the hash mark from the key line. +Please enter an optional comment +. + +.#gpg.keygen.userid.cmd +# fixme: Please translate and remove the hash mark from the key line. +N to change the name. +C to change the comment. +E to change the email address. +O to continue with key generation. +Q to to quit the key generation. +. + +.#gpg.keygen.sub.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" (or just "y") if it is okay to generate the sub key. +. + +.#gpg.sign_uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.sign_uid.class +# fixme: Please translate and remove the hash mark from the key line. +When you sign a user ID on a key, you should first verify that the key +belongs to the person named in the user ID. It is useful for others to +know how carefully you verified this. + +"0" means you make no particular claim as to how carefully you verified the + key. + +"1" means you believe the key is owned by the person who claims to own it + but you could not, or did not verify the key at all. This is useful for + a "persona" verification, where you sign the key of a pseudonymous user. + +"2" means you did casual verification of the key. For example, this could + mean that you verified the key fingerprint and checked the user ID on the + key against a photo ID. + +"3" means you did extensive verification of the key. For example, this could + mean that you verified the key fingerprint with the owner of the key in + person, and that you checked, by means of a hard to forge document with a + photo ID (such as a passport) that the name of the key owner matches the + name in the user ID on the key, and finally that you verified (by exchange + of email) that the email address on the key belongs to the key owner. + +Note that the examples given above for levels 2 and 3 are *only* examples. +In the end, it is up to you to decide just what "casual" and "extensive" +mean to you when you sign other keys. + +If you don't know what the right answer is, answer "0". +. + +.#gpg.change_passwd.empty.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.save.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.cancel.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.#gpg.keyedit.remove.uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you really want to delete this user ID. +All certificates are then also lost! +. + +.#gpg.keyedit.remove.subkey.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to delete the subkey +. + +.#gpg.keyedit.delsig.valid +# fixme: Please translate and remove the hash mark from the key line. +This is a valid signature on the key; you normally don't want +to delete this signature because it may be important to establish a +trust connection to the key or another key certified by this key. +. + +.#gpg.keyedit.delsig.unknown +# fixme: Please translate and remove the hash mark from the key line. +This signature can't be checked because you don't have the +corresponding key. You should postpone its deletion until you +know which key was used because this signing key might establish +a trust connection through another already certified key. +. + +.#gpg.keyedit.delsig.invalid +# fixme: Please translate and remove the hash mark from the key line. +The signature is not valid. It does make sense to remove it from +your keyring. +. + +.#gpg.keyedit.delsig.selfsig +# fixme: Please translate and remove the hash mark from the key line. +This is a signature which binds the user ID to the key. It is +usually not a good idea to remove such a signature. Actually +GnuPG might not be able to use this key anymore. So do this +only if this self-signature is for some reason not valid and +a second one is available. +. + +.#gpg.keyedit.updpref.okay +# fixme: Please translate and remove the hash mark from the key line. +Change the preferences of all user IDs (or just of the selected ones) +to the current list of preferences. The timestamp of all affected +self-signatures will be advanced by one second. + +. + +.#gpg.passphrase.enter +# fixme: Please translate and remove the hash mark from the key line. +Please enter the passhrase; this is a secret sentence + +. + +.#gpg.passphrase.repeat +# fixme: Please translate and remove the hash mark from the key line. +Please repeat the last passphrase, so you are sure what you typed in. +. + +.#gpg.detached_signature.filename +# fixme: Please translate and remove the hash mark from the key line. +Give the name of the file to which the signature applies +. + +.#gpg.openfile.overwrite.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to overwrite the file +. + +.#gpg.openfile.askoutname +# fixme: Please translate and remove the hash mark from the key line. +Please enter a new filename. If you just hit RETURN the default +file (which is shown in brackets) will be used. +. + +.#gpg.ask_revocation_reason.code +# fixme: Please translate and remove the hash mark from the key line. +You should specify a reason for the certification. Depending on the +context you have the ability to choose from this list: + "Key has been compromised" + Use this if you have a reason to believe that unauthorized persons + got access to your secret key. + "Key is superseded" + Use this if you have replaced this key with a newer one. + "Key is no longer used" + Use this if you have retired this key. + "User ID is no longer valid" + Use this to state that the user ID should not longer be used; + this is normally used to mark an email address invalid. + +. + +.#gpg.ask_revocation_reason.text +# fixme: Please translate and remove the hash mark from the key line. +If you like, you can enter a text describing why you issue this +revocation certificate. Please keep this text concise. +An empty line ends the text. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.eo.txt b/doc/help.eo.txt new file mode 100644 index 0000000..36c9ffb --- /dev/null +++ b/doc/help.eo.txt @@ -0,0 +1,286 @@ +# help..txt - GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.#gpg.edit_ownertrust.value +# fixme: Please translate and remove the hash mark from the key line. +It's up to you to assign a value here; this value will never be exported +to any 3rd party. We need it to implement the web-of-trust; it has nothing +to do with the (implicitly created) web-of-certificates. +. + +.#gpg.edit_ownertrust.set_ultimate.okay +# fixme: Please translate and remove the hash mark from the key line. +To build the Web-of-Trust, GnuPG needs to know which keys are +ultimately trusted - those are usually the keys for which you have +access to the secret key. Answer "yes" to set this key to +ultimately trusted + +. + +.#gpg.untrusted_key.override +# fixme: Please translate and remove the hash mark from the key line. +If you want to use this untrusted key anyway, answer "yes". +. + +.#gpg.pklist.user_id.enter +# fixme: Please translate and remove the hash mark from the key line. +Enter the user ID of the addressee to whom you want to send the message. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.#gpg.keygen.algo.rsa_se +# fixme: Please translate and remove the hash mark from the key line. +In general it is not a good idea to use the same key for signing and +encryption. This algorithm should only be used in certain domains. +Please consult your security expert first. +. + +.#gpg.keygen.size +# fixme: Please translate and remove the hash mark from the key line. +Enter the size of the key +. + +.#gpg.keygen.size.huge.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.size.large.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.valid +# fixme: Please translate and remove the hash mark from the key line. +Enter the required value as shown in the prompt. +It is possible to enter a ISO date (YYYY-MM-DD) but you won't +get a good error response - instead the system tries to interpret +the given value as an interval. +. + +.#gpg.keygen.valid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.name +# fixme: Please translate and remove the hash mark from the key line. +Enter the name of the key holder +. + +.#gpg.keygen.email +# fixme: Please translate and remove the hash mark from the key line. +please enter an optional but highly suggested email address +. + +.#gpg.keygen.comment +# fixme: Please translate and remove the hash mark from the key line. +Please enter an optional comment +. + +.#gpg.keygen.userid.cmd +# fixme: Please translate and remove the hash mark from the key line. +N to change the name. +C to change the comment. +E to change the email address. +O to continue with key generation. +Q to to quit the key generation. +. + +.#gpg.keygen.sub.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" (or just "y") if it is okay to generate the sub key. +. + +.#gpg.sign_uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.sign_uid.class +# fixme: Please translate and remove the hash mark from the key line. +When you sign a user ID on a key, you should first verify that the key +belongs to the person named in the user ID. It is useful for others to +know how carefully you verified this. + +"0" means you make no particular claim as to how carefully you verified the + key. + +"1" means you believe the key is owned by the person who claims to own it + but you could not, or did not verify the key at all. This is useful for + a "persona" verification, where you sign the key of a pseudonymous user. + +"2" means you did casual verification of the key. For example, this could + mean that you verified the key fingerprint and checked the user ID on the + key against a photo ID. + +"3" means you did extensive verification of the key. For example, this could + mean that you verified the key fingerprint with the owner of the key in + person, and that you checked, by means of a hard to forge document with a + photo ID (such as a passport) that the name of the key owner matches the + name in the user ID on the key, and finally that you verified (by exchange + of email) that the email address on the key belongs to the key owner. + +Note that the examples given above for levels 2 and 3 are *only* examples. +In the end, it is up to you to decide just what "casual" and "extensive" +mean to you when you sign other keys. + +If you don't know what the right answer is, answer "0". +. + +.#gpg.change_passwd.empty.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.save.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.cancel.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.#gpg.keyedit.remove.uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you really want to delete this user ID. +All certificates are then also lost! +. + +.#gpg.keyedit.remove.subkey.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to delete the subkey +. + +.#gpg.keyedit.delsig.valid +# fixme: Please translate and remove the hash mark from the key line. +This is a valid signature on the key; you normally don't want +to delete this signature because it may be important to establish a +trust connection to the key or another key certified by this key. +. + +.#gpg.keyedit.delsig.unknown +# fixme: Please translate and remove the hash mark from the key line. +This signature can't be checked because you don't have the +corresponding key. You should postpone its deletion until you +know which key was used because this signing key might establish +a trust connection through another already certified key. +. + +.#gpg.keyedit.delsig.invalid +# fixme: Please translate and remove the hash mark from the key line. +The signature is not valid. It does make sense to remove it from +your keyring. +. + +.#gpg.keyedit.delsig.selfsig +# fixme: Please translate and remove the hash mark from the key line. +This is a signature which binds the user ID to the key. It is +usually not a good idea to remove such a signature. Actually +GnuPG might not be able to use this key anymore. So do this +only if this self-signature is for some reason not valid and +a second one is available. +. + +.#gpg.keyedit.updpref.okay +# fixme: Please translate and remove the hash mark from the key line. +Change the preferences of all user IDs (or just of the selected ones) +to the current list of preferences. The timestamp of all affected +self-signatures will be advanced by one second. + +. + +.#gpg.passphrase.enter +# fixme: Please translate and remove the hash mark from the key line. +Please enter the passhrase; this is a secret sentence + +. + +.#gpg.passphrase.repeat +# fixme: Please translate and remove the hash mark from the key line. +Please repeat the last passphrase, so you are sure what you typed in. +. + +.#gpg.detached_signature.filename +# fixme: Please translate and remove the hash mark from the key line. +Give the name of the file to which the signature applies +. + +.#gpg.openfile.overwrite.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to overwrite the file +. + +.#gpg.openfile.askoutname +# fixme: Please translate and remove the hash mark from the key line. +Please enter a new filename. If you just hit RETURN the default +file (which is shown in brackets) will be used. +. + +.#gpg.ask_revocation_reason.code +# fixme: Please translate and remove the hash mark from the key line. +You should specify a reason for the certification. Depending on the +context you have the ability to choose from this list: + "Key has been compromised" + Use this if you have a reason to believe that unauthorized persons + got access to your secret key. + "Key is superseded" + Use this if you have replaced this key with a newer one. + "Key is no longer used" + Use this if you have retired this key. + "User ID is no longer valid" + Use this to state that the user ID should not longer be used; + this is normally used to mark an email address invalid. + +. + +.#gpg.ask_revocation_reason.text +# fixme: Please translate and remove the hash mark from the key line. +If you like, you can enter a text describing why you issue this +revocation certificate. Please keep this text concise. +An empty line ends the text. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.es.txt b/doc/help.es.txt new file mode 100644 index 0000000..42e531b --- /dev/null +++ b/doc/help.es.txt @@ -0,0 +1,251 @@ +# help.es.txt - es GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.gpg.edit_ownertrust.value +Está en su mano asignar un valor aquÃ. Dicho valor nunca será exportado a +terceros. Es necesario para implementar la red de confianza, no tiene nada +que ver con la red de certificados (implÃcitamente creada). +. + +.gpg.edit_ownertrust.set_ultimate.okay +Para construir la Red-de-Confianza, GnuPG necesita saber qué claves +tienen confianza absoluta - normalmente son las claves para las que usted +puede acceder a la clave secreta. Conteste "sÃ" para hacer que esta +clave se considere como de total confianza + +. + +.gpg.untrusted_key.override +Si quiere usar esta clave no fiable de todos modos, conteste "sÃ". +. + +.gpg.pklist.user_id.enter +Introduzca el ID de usuario al que quiere enviar el mensaje. +. + +.gpg.keygen.algo +Seleccione el algoritmo que usar. + +DSA (alias DSS) es el Algoritmo de Firma Digital y sólo se usa para firmas. + +Elgamal es un algoritmo sólo para cifrar. + +RSA sirve tanto para firmar como para cifrar. + +La primera clave (clave primaria) debe ser siempre de tipo capaz de firmar. +. + +.gpg.keygen.algo.rsa_se +En general no es una buena idea usar la misma clave para firmar y +cifrar. Este algoritmo debéria usarse solo en ciertos contextos. +Por favor consulte primero a un experto en seguridad. +. + +.gpg.keygen.size +Introduzca la longitud de la clave +. + +.gpg.keygen.size.huge.okay +Responda "sÃ" o "no" +. + +.gpg.keygen.size.large.okay +Responda "sÃ" o "no" +. + +.gpg.keygen.valid +Introduzca el valor requerido conforme se muestra. +Es posible introducir una fecha ISO (AAAA-MM-DD), pero no se obtendrá una +buena respuesta a los errores; el sistema intentará interpretar el valor +introducido como un intervalo. +. + +.gpg.keygen.valid.okay +Responda "sÃ" o "no" +. + +.gpg.keygen.name +Introduzca el nombre del dueño de la clave +. + +.gpg.keygen.email +Introduzca una dirección de correo electrónico (opcional pero muy +recomendable) +. + +.gpg.keygen.comment +Introduzca un comentario opcional +. + +.gpg.keygen.userid.cmd +N para cambiar el nombre. +C para cambiar el comentario. +E para cambiar la dirección. +O para continuar con la generación de clave. +S para interrumpir la generación de clave. +. + +.gpg.keygen.sub.okay +Responda "sÃ" (o sólo "s") para generar la subclave. +. + +.gpg.sign_uid.okay +Responda "sÃ" o "no" +. + +.gpg.sign_uid.class +Cuando firme un ID de usuario en una clave, deberÃa verificar que la clave +pertenece a la persona que se nombra en el ID de usuario. Es útil para +otros saber cómo de cuidadosamente lo ha verificado. + +"0" significa que no hace ninguna declaración concreta sobre como ha + comprobado la validez de la clave. + +"1" significa que cree que la clave pertenece a la persona que declara + poseerla pero no pudo o no verificó la clave en absoluto. Esto es útil + para una verificación en persona cuando firmas la clave de un usuario + pseudoanónimo. + +"2" significa que hizo una comprobación informal de la clave. Por ejemplo + podrÃa querer decir que comprobó la huella dactilar de la clave y + comprobó el ID de usuario en la clave con un ID fotográfico. + +"3" significa que hizo una comprobación exhaustiva de la clave. Por + ejemplo verificando la huella dactilar de la clave con el propietario + de la clave, y que comprobó, mediante un documento difÃcil de falsificar + con ID fotográfico (como un pasaporte) que el nombre del poseedor de la + clave coincide con el ID de usuario en la clave y finalmente que verificó + (intercambiando email) que la dirección de email de la clave pertenece + al poseedor de la clave. + +Observe que los ejemplos dados en los niveles 2 y 3 son *solo* ejemplos. +En definitiva, usted decide lo que significa "informal" y "exhaustivo" +para usted cuando firma las claves de otros. + +Si no sabe qué contestar, conteste "0". +. + +.gpg.change_passwd.empty.okay +Responda "sÃ" o "no" +. + +.gpg.keyedit.save.okay +Responda "sÃ" o "no" +. + +.gpg.keyedit.cancel.okay +Responda "sÃ" o "no" +. + +.gpg.keyedit.sign_all.okay +Responda "sÃ" si quiere firmar TODOS los IDs de usuario +. + +.gpg.keyedit.remove.uid.okay +Responda "sÃ" si realmente quiere borrar este ID de usuario. +¡También se perderán todos los certificados! +. + +.gpg.keyedit.remove.subkey.okay +Responda "sÃ" si quiere borrar esta subclave +. + +.gpg.keyedit.delsig.valid +Esta es una firma válida de esta clave. Normalmente no será deseable +borrar esta firma ya que puede ser importante para establecer una conexión +de confianza con la clave o con otra clave certificada por ésta. +. + +.gpg.keyedit.delsig.unknown +Esta firma no puede ser comprobada porque no tiene Vd. la clave +correspondiente. DeberÃa posponer su borrado hasta conocer qué clave +se usó, ya que dicha clave podrÃa establecer una conexión de confianza +a través de otra clave certificada. +. + +.gpg.keyedit.delsig.invalid +Esta firma no es válida. Tiene sentido borrarla de su anillo. +. + +.gpg.keyedit.delsig.selfsig +Esta es una firma que une el ID de usuario a la clave. No suele ser una +buena idea borrar dichas firmas. De hecho, GnuPG podrÃa no ser capaz de +volver a usar esta clave. Asà que bórrela tan sólo si esta autofirma no +es válida por alguna razón y hay otra disponible. +. + +.gpg.keyedit.updpref.okay +Cambiar las preferencias de todos los IDs de usuario (o sólo los +seleccionados) a la lista actual de preferencias. El sello de tiempo +de todas las autofirmas afectadas se avanzará en un segundo. + +. + +.gpg.passphrase.enter +Por favor introduzca la contraseña: una frase secreta + +. + +.gpg.passphrase.repeat +Repita la última frase contraseña para asegurarse de lo que tecleó. +. + +.gpg.detached_signature.filename +Introduzca el nombre del fichero al que corresponde la firma +. + +.gpg.openfile.overwrite.okay +Responda "sÃ" para sobreescribir el fichero +. + +.gpg.openfile.askoutname +Introduzca un nuevo nombre de fichero. Si pulsa INTRO se usará el fichero +por omisión (mostrado entre corchetes). +. + +.gpg.ask_revocation_reason.code +DeberÃa especificar un motivo para la certificación. Dependiendo del +contexto puede elegir una opción de esta lista: + "La clave ha sido comprometida" + Use esto si tiene razones para pensar que personas no autorizadas + tuvieron acceso a su clave secreta. + "La clave ha sido sustituida" + Use esto si ha reemplazado la clave por otra más nueva. + "La clave ya no está en uso" + Use esto si ha dejado de usar esta clave. + "La identificación de usuario ya no es válida" + Use esto para señalar que la identificación de usuario no deberÃa + seguir siendo usada; esto se utiliza normalmente para marcar una + dirección de correo-e como inválida. + +. + +.gpg.ask_revocation_reason.text +Si lo desea puede introducir un texto explicando por qué emite +este certificado de revocación. Por favor, que el texto sea breve. +Una lÃnea vacÃa pone fin al texto. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.et.txt b/doc/help.et.txt new file mode 100644 index 0000000..36c9ffb --- /dev/null +++ b/doc/help.et.txt @@ -0,0 +1,286 @@ +# help..txt - GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.#gpg.edit_ownertrust.value +# fixme: Please translate and remove the hash mark from the key line. +It's up to you to assign a value here; this value will never be exported +to any 3rd party. We need it to implement the web-of-trust; it has nothing +to do with the (implicitly created) web-of-certificates. +. + +.#gpg.edit_ownertrust.set_ultimate.okay +# fixme: Please translate and remove the hash mark from the key line. +To build the Web-of-Trust, GnuPG needs to know which keys are +ultimately trusted - those are usually the keys for which you have +access to the secret key. Answer "yes" to set this key to +ultimately trusted + +. + +.#gpg.untrusted_key.override +# fixme: Please translate and remove the hash mark from the key line. +If you want to use this untrusted key anyway, answer "yes". +. + +.#gpg.pklist.user_id.enter +# fixme: Please translate and remove the hash mark from the key line. +Enter the user ID of the addressee to whom you want to send the message. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.#gpg.keygen.algo.rsa_se +# fixme: Please translate and remove the hash mark from the key line. +In general it is not a good idea to use the same key for signing and +encryption. This algorithm should only be used in certain domains. +Please consult your security expert first. +. + +.#gpg.keygen.size +# fixme: Please translate and remove the hash mark from the key line. +Enter the size of the key +. + +.#gpg.keygen.size.huge.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.size.large.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.valid +# fixme: Please translate and remove the hash mark from the key line. +Enter the required value as shown in the prompt. +It is possible to enter a ISO date (YYYY-MM-DD) but you won't +get a good error response - instead the system tries to interpret +the given value as an interval. +. + +.#gpg.keygen.valid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.name +# fixme: Please translate and remove the hash mark from the key line. +Enter the name of the key holder +. + +.#gpg.keygen.email +# fixme: Please translate and remove the hash mark from the key line. +please enter an optional but highly suggested email address +. + +.#gpg.keygen.comment +# fixme: Please translate and remove the hash mark from the key line. +Please enter an optional comment +. + +.#gpg.keygen.userid.cmd +# fixme: Please translate and remove the hash mark from the key line. +N to change the name. +C to change the comment. +E to change the email address. +O to continue with key generation. +Q to to quit the key generation. +. + +.#gpg.keygen.sub.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" (or just "y") if it is okay to generate the sub key. +. + +.#gpg.sign_uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.sign_uid.class +# fixme: Please translate and remove the hash mark from the key line. +When you sign a user ID on a key, you should first verify that the key +belongs to the person named in the user ID. It is useful for others to +know how carefully you verified this. + +"0" means you make no particular claim as to how carefully you verified the + key. + +"1" means you believe the key is owned by the person who claims to own it + but you could not, or did not verify the key at all. This is useful for + a "persona" verification, where you sign the key of a pseudonymous user. + +"2" means you did casual verification of the key. For example, this could + mean that you verified the key fingerprint and checked the user ID on the + key against a photo ID. + +"3" means you did extensive verification of the key. For example, this could + mean that you verified the key fingerprint with the owner of the key in + person, and that you checked, by means of a hard to forge document with a + photo ID (such as a passport) that the name of the key owner matches the + name in the user ID on the key, and finally that you verified (by exchange + of email) that the email address on the key belongs to the key owner. + +Note that the examples given above for levels 2 and 3 are *only* examples. +In the end, it is up to you to decide just what "casual" and "extensive" +mean to you when you sign other keys. + +If you don't know what the right answer is, answer "0". +. + +.#gpg.change_passwd.empty.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.save.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.cancel.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.#gpg.keyedit.remove.uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you really want to delete this user ID. +All certificates are then also lost! +. + +.#gpg.keyedit.remove.subkey.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to delete the subkey +. + +.#gpg.keyedit.delsig.valid +# fixme: Please translate and remove the hash mark from the key line. +This is a valid signature on the key; you normally don't want +to delete this signature because it may be important to establish a +trust connection to the key or another key certified by this key. +. + +.#gpg.keyedit.delsig.unknown +# fixme: Please translate and remove the hash mark from the key line. +This signature can't be checked because you don't have the +corresponding key. You should postpone its deletion until you +know which key was used because this signing key might establish +a trust connection through another already certified key. +. + +.#gpg.keyedit.delsig.invalid +# fixme: Please translate and remove the hash mark from the key line. +The signature is not valid. It does make sense to remove it from +your keyring. +. + +.#gpg.keyedit.delsig.selfsig +# fixme: Please translate and remove the hash mark from the key line. +This is a signature which binds the user ID to the key. It is +usually not a good idea to remove such a signature. Actually +GnuPG might not be able to use this key anymore. So do this +only if this self-signature is for some reason not valid and +a second one is available. +. + +.#gpg.keyedit.updpref.okay +# fixme: Please translate and remove the hash mark from the key line. +Change the preferences of all user IDs (or just of the selected ones) +to the current list of preferences. The timestamp of all affected +self-signatures will be advanced by one second. + +. + +.#gpg.passphrase.enter +# fixme: Please translate and remove the hash mark from the key line. +Please enter the passhrase; this is a secret sentence + +. + +.#gpg.passphrase.repeat +# fixme: Please translate and remove the hash mark from the key line. +Please repeat the last passphrase, so you are sure what you typed in. +. + +.#gpg.detached_signature.filename +# fixme: Please translate and remove the hash mark from the key line. +Give the name of the file to which the signature applies +. + +.#gpg.openfile.overwrite.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to overwrite the file +. + +.#gpg.openfile.askoutname +# fixme: Please translate and remove the hash mark from the key line. +Please enter a new filename. If you just hit RETURN the default +file (which is shown in brackets) will be used. +. + +.#gpg.ask_revocation_reason.code +# fixme: Please translate and remove the hash mark from the key line. +You should specify a reason for the certification. Depending on the +context you have the ability to choose from this list: + "Key has been compromised" + Use this if you have a reason to believe that unauthorized persons + got access to your secret key. + "Key is superseded" + Use this if you have replaced this key with a newer one. + "Key is no longer used" + Use this if you have retired this key. + "User ID is no longer valid" + Use this to state that the user ID should not longer be used; + this is normally used to mark an email address invalid. + +. + +.#gpg.ask_revocation_reason.text +# fixme: Please translate and remove the hash mark from the key line. +If you like, you can enter a text describing why you issue this +revocation certificate. Please keep this text concise. +An empty line ends the text. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.fi.txt b/doc/help.fi.txt new file mode 100644 index 0000000..9f92246 --- /dev/null +++ b/doc/help.fi.txt @@ -0,0 +1,256 @@ +# help.fi.txt - fi GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.gpg.edit_ownertrust.value +Tämän arvon määrittäminen on sinun tehtäväsi, tätä arvoa ei koskaan +kerrota kolmansille osapuolille. Tarvitsemme sitä toteuttamaan +luottamusverkko eikä sillä ei ole mitään tekemistä (epäsuorasti luotujen) +varmenneverkkojen kanssa. +. + +.gpg.edit_ownertrust.set_ultimate.okay +Rakentaakseen luottamusverkon, GnuPG:n täytyy tietää mihin avaimiin +luotetaan ehdottomasti - nämä ovat tavallisesti ne avaimet, joiden salainen +pari on sinulla. Vastaa "kyllä" luottaaksesi tähän avaimeen ehdoitta + +. + +.gpg.untrusted_key.override +Vastaa "kyllä" jos haluat kaikesta huolimatta käyttää tätä epäluotettavaa +avainta. +. + +.gpg.pklist.user_id.enter +Syötä vastaanottajan, jolle haluat lähettää viestin, käyttäjätunnus. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.gpg.keygen.algo.rsa_se +Yleensä ei ole järkevää käyttää samaa avainta allekirjoitukseen +ja salaamiseen. Tätä algorimiä tulisi käyttää vain määrätyissä ympäristöissä. +Ole hyvä ja kysy tietoturva-asiantuntijaltasi ensin +. + +.gpg.keygen.size +Syötä avaimen koko +. + +.gpg.keygen.size.huge.okay +Vastaa "kyllä" tai " ei" +. + +.gpg.keygen.size.large.okay +Vastaa "kyllä" tai " ei" +. + +.gpg.keygen.valid +Syötä pyydetty arvo kuten näkyy kehotteessa. +On mahdollista syöttää ISO-muotoinen päivä (VVVV-KK-PP), +mutta sen seurauksena et saa kunnollista virheilmoitusta +vaan järjestelmä yrittää tulkita arvon aikajaksona. +. + +.gpg.keygen.valid.okay +Vastaa "kyllä" tai " ei" +. + +.gpg.keygen.name +Anna avaimen haltijan nimi +. + +.gpg.keygen.email +anna vapaaehtoinen, mutta erittäin suositeltava sähköpostiosoite +. + +.gpg.keygen.comment +Kirjoita vapaaehtoinen huomautus +. + +.gpg.keygen.userid.cmd +N muuta nimeä +C muuta kommenttia +E muuta sähköpostiosoitetta +O jatka avaimen luomista +L lopeta +. + +.gpg.keygen.sub.okay +Vastaa "kyllä" (tai vain "k") jos haluat luoda aliavaimen. +. + +.gpg.sign_uid.okay +Vastaa "kyllä" tai " ei" +. + +.gpg.sign_uid.class +Allekirjoittaessasi avaimen käyttäjätunnuksen sinun tulisi varmista, että +avain todella kuuluu henkilölle, joka mainitaan käyttäjätunnuksessa. Muiden +on hyvä tietää kuinka huolellisesti olet varmistanut tämän. + +"0" tarkoittaa, että et väitä mitään siitä, kuinka huolellisesti olet + varmistanut avaimen. + +"1" tarkoittaa, että uskot avaimen kuuluvan henkilölle, joka väittää + hallitsevan sitä, mutta et voinut varmistaa tai et varmistanut avainta + lainkaan. Tämä on hyödyllinen "persoonan" varmistamiseen, jossa + allekirjoitat pseudonyymin käyttäjän avaimen. + +"2" tarkoittaa arkista varmistusta. Esimerkiksi olet varmistanut + avaimen sormenjäljen ja tarkistanut käyttäjätunnuksen ja + valokuvatunnisteen täsmäävän. + +"3" tarkoittaa syvällistä henkilöllisyyden varmistamista. Esimerkiksi + tämä voi tarkoittaa avaimen sormenjäljen tarkistamista avaimen haltijan + kanssa henkilökohtaisesti, ja että tarkistit nimen avaimessa täsmäävän + vaikeasti väärennettävän kuvallisen henkilöllisyystodistuksen (kuten + passi) kanssa, ja lopuksi varmistit (sähköpostin vaihtamisella), että + sähköpostiosoite kuuluu avaimen haltijalle. + +Huomaa, että yllä annetut esimerkit tasoille 2 ja 3 ovat todellakin *vain* +esimerkkejä. Lopullisesti se on sinun päätöksesi mitä "arkinen" ja +"syvällinen" tarkoittaa allekirjoittaessasi muita avaimia. + +Jos et tiedä mikä olisi sopiva vastaus, vastaa "0". +. + +.gpg.change_passwd.empty.okay +Vastaa "kyllä" tai " ei" +. + +.gpg.keyedit.save.okay +Vastaa "kyllä" tai " ei" +. + +.gpg.keyedit.cancel.okay +Vastaa "kyllä" tai " ei" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.gpg.keyedit.remove.uid.okay +Vastaa "kyllä", jos haluat poistaa tämän käyttäjätunnuksen. +Menetät samalla kaikki siihen liittyvät varmenteet! +. + +.gpg.keyedit.remove.subkey.okay +Vastaa "kyllä", jos aliavaimen voi poistaa +. + +.gpg.keyedit.delsig.valid +Tämä on voimassa oleva allekirjoitus tälle avaimelle, tavallisesti ei +kannata poistaa tätä allekirjoitusta koska se saattaa olla tarpeen +luottamussuhteen luomiseksi avaimeen tai johonkin toiseen tämän avaimen +varmentamaan avaimeen. +. + +.gpg.keyedit.delsig.unknown +Allekirjoitusta ei voida tarkistaa koska sinulla ei ole +siihen liittyvää avainta. Lykkää sen poistamista kunnes + tiedät mitä avainta on käytetty, koska allekirjoitus +avain saattaa luoda luottamusketjun toisen, jo ennalta +varmennetun avaimen kautta. +. + +.gpg.keyedit.delsig.invalid +Allekirjoitus ei ole pätevä. Järkevintä olisi poistaa se +avainrenkaastasi. +. + +.gpg.keyedit.delsig.selfsig +Tämä allekirjoitus takaa avaimen haltijan henkilöllisyyden. +Tällaisen allekirjoituksen poistaminen on tavallisesti huono +ajatus. GnuPG ei kenties voi käyttää avainta enää. Poista +allekirjoitus vain, jos se ei ole jostain syystä pätevä, ja +avaimella on jo toinen allekirjoitus. +. + +.gpg.keyedit.updpref.okay +Muuta valinnat kaikille käyttäjätunnuksille (tai vain valituille) +nykyiseen luetteloon valinnoista. Kaikkien muutettujen +oma-allekirjoitusten aikaleima siirretään yhdellä sekunnilla eteenpäin. + +. + +.gpg.passphrase.enter +Ole hyvä ja syötä salasana, tämän on salainen lause + +. + +.gpg.passphrase.repeat +Toista edellinen salasanasi varmistuaksesi siitä, mitä kirjoitit. +. + +.gpg.detached_signature.filename +Anna allekirjoitetun tiedoston nimi +. + +.gpg.openfile.overwrite.okay +Vastaa "kyllä", jos tiedoston voi ylikirjoittaa +. + +.gpg.openfile.askoutname +Syötä uusi tiedostonimi. Jos painat vain RETURN, käytetään +oletustiedostoa (joka näkyy sulkeissa). +. + +.gpg.ask_revocation_reason.code +Sinun tulisi määrittää syy varmenteelle. Riippuen asiayhteydestä +voit valita tästä listasta: + "Avain on paljastunut" + Käytä tätä, jos sinulla on syytä uskoa, että luvattomat henkilöt + ovat saaneet salaisen avaimesi käsiinsä. + "Avain on korvattu" + Käytä tätä, jos olet korvannut tämän uudemmalla avaimella. + "Avain ei ole enää käytössä" + Käytä tätä, jost ole lopettanut tämän avaimen käytön. + "Käyttäjätunnus ei ole enää voimassa" + Käytä tätä ilmoittamaan, että käyttäjätunnusta ei pitäisi käyttää; + tätä normaalisti käytetään merkitsemään sähköpostiosoite vanhenneeksi. + +. + +.gpg.ask_revocation_reason.text +Halutessasi voit kirjoittaa tähän kuvauksen miksi julkaiset tämän +mitätöintivarmenteen. Kirjoita lyhyesti. +Tyhjä rivi päättää tekstin. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.fr.txt b/doc/help.fr.txt new file mode 100644 index 0000000..c18fea0 --- /dev/null +++ b/doc/help.fr.txt @@ -0,0 +1,256 @@ +# help.fr.txt - fr GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.gpg.edit_ownertrust.value +C'est à vous d'assigner une valeur ici; cette valeur ne sera jamais +envoyée à une tierce personne. Nous en avons besoin pour créer le réseau +de confiance (web-of-trust); cela n'a rien à voir avec le réseau des +certificats (créé implicitement) +. + +.gpg.edit_ownertrust.set_ultimate.okay +Pour mettre en place le Réseau de confiance (Web of Trust), GnuPG a +besoin de savoir en quelles clés votre confiance est ultime - ce sont +en général les clés dont vous avez accès à la clé secrète. Répondez +"oui" pour indiquer que votre confiance en cette clé est ultime + +. + +.gpg.untrusted_key.override +Si vous voulez utiliser cette clé peu sûre quand-même, répondez «oui». +. + +.gpg.pklist.user_id.enter +Entrez le nom d'utilisateur de la personne à qui vous voulez envoyer +le message. +. + +.gpg.keygen.algo +Sélectionnez l'algorithme à utiliser. + +DSA (connu également sous le nom de DSS) est un algorithme de signature +digitale et ne peut être utilisé que pour des signatures. + +Elgamal est un algorithme pour le chiffrement seul. + +RSA peut être utilisé pour les signatures et le chiffrement. + +La première clé (clé principale) doit toujours être une clé capable +de signer. +. + +.gpg.keygen.algo.rsa_se +En général ce n'est pas une bonne idée d'utiliser la même clé pour +signer et pour chiffrer. Cet algorithme ne doit être utilisé que +pour certains domaines. +Consultez votre expert en sécurité d'abord. +. + +.gpg.keygen.size +Entrez la taille de la clé +. + +.gpg.keygen.size.huge.okay +Répondez «oui» ou «non» +. + +.gpg.keygen.size.large.okay +Répondez «oui» ou «non» +. + +.gpg.keygen.valid +Entrez la valeur demandée comme indiqué dans la ligne de commande. +On peut entrer une date ISO (AAAA-MM-JJ) mais le résultat d'erreur sera +mauvais - le système essaierait d'interpréter la valeur donnée comme un +intervalle. +. + +.gpg.keygen.valid.okay +Répondez «oui» ou «non» +. + +.gpg.keygen.name +Entrez le nom du propriétaire de la clé +. + +.gpg.keygen.email +entrez une adresse e-mail optionnelle mais hautement recommandée +. + +.gpg.keygen.comment +Entrez un commentaire optionnel +. + +.gpg.keygen.userid.cmd +N pour changer le nom. +C pour changer le commentaire. +E pour changer l'adresse e-mail. +O pour continuer à générer la clé. +Q pour arrêter de générer de clé. +. + +.gpg.keygen.sub.okay +Répondez «oui» (ou simplement «o») pour générer la sous-clé +. + +.gpg.sign_uid.okay +Répondez «oui» ou «non» +. + +.gpg.sign_uid.class +Quand vous signez un nom d'utilisateur d'une clé, vous devriez d'abord +vérifier que la clé appartient à la personne nommée. Il est utile que +les autres personnes sachent avec quel soin vous l'avez vérifié. + +"0" signifie que vous n'avez pas d'opinon. + +"1" signifie que vous croyez que la clé appartient à la personne qui +dit la posséder mais vous n'avez pas pu vérifier du tout la clé. +C'est utile lorsque vous signez la clé d'un pseudonyme. + +"2" signifie que vous avez un peu vérifié la clé. Par exemple, cela +pourrait être un vérification de l'empreinte et du nom de +l'utilisateur avec la photo. + +"3" signifie que vous avez complètement vérifié la clé. Par exemple, +cela pourrait être une vérification de l'empreinte, du nom de +l'utilisateur avec un document difficile à contrefaire (comme un +passeport) et de son adresse e-mail (vérifié par un échange de +courrier électronique). + +Notez bien que les exemples donnés ci-dessus pour les niveaux 2 et +3 ne sont *que* des exemples. +C'est à vous de décider quelle valeur mettre quand vous signez +les clés des autres personnes. + +Si vous ne savez pas quelle réponse est la bonne, répondez "0". +. + +.gpg.change_passwd.empty.okay +Répondez «oui» ou «non» +. + +.gpg.keyedit.save.okay +Répondez «oui» ou «non» +. + +.gpg.keyedit.cancel.okay +Répondez «oui» ou «non» +. + +.gpg.keyedit.sign_all.okay +Répondez «oui» si vous voulez signer TOUS les noms d'utilisateurs +. + +.gpg.keyedit.remove.uid.okay +Répondez «oui» si vous voulez vraiment supprimer ce nom +d'utilisateur. Tous les certificats seront alors perdus en même temps ! +. + +.gpg.keyedit.remove.subkey.okay +Répondez «oui» s'il faut vraiment supprimer la sous-clé +. + +.gpg.keyedit.delsig.valid +C'est une signature valide dans la clé; vous n'avez pas normalement +intérêt à supprimer cette signature car elle peut être importante pour +établir une connection de confiance vers la clé ou une autre clé certifiée +par celle-là . +. + +.gpg.keyedit.delsig.unknown +Cette signature ne peut pas être vérifiée parce que vous n'avez pas la +clé correspondante. Vous devriez remettre sa supression jusqu'à ce que +vous soyez sûr de quelle clé a été utilisée car cette clé de signature +peut établir une connection de confiance vers une autre clé déjà certifiée. +. + +.gpg.keyedit.delsig.invalid +Cette signature n'est pas valide. Vous devriez la supprimer de votre +porte-clés. +. + +.gpg.keyedit.delsig.selfsig +Cette signature relie le nom d'utilisateur à la clé. Habituellement +enlever une telle signature n'est pas une bonne idée. En fait GnuPG peut +ne plus être capable d'utiliser cette clé. Donc faites ceci uniquement si +cette auto-signature est invalide pour une certaine raison et si une autre +est disponible. +. + +.gpg.keyedit.updpref.okay +Changer les préférences de tous les noms d'utilisateurs (ou juste +ceux qui sont sélectionnés) vers la liste actuelle. La date de toutes +les auto-signatures affectées seront avancées d'une seconde. + +. + +.gpg.passphrase.enter +Entrez le mot de passe ; c'est une phrase secrète + +. + +.gpg.passphrase.repeat +Répétez la dernière phrase de passe pour être sûr de ce que vous +avez tapé. +. + +.gpg.detached_signature.filename +Donnez le nom du fichier auquel la signature se rapporte +. + +.gpg.openfile.overwrite.okay +Répondez «oui» s'il faut vraiment réécrire le fichier +. + +.gpg.openfile.askoutname +Entrez le nouveau nom de fichier. Si vous tapez simplement ENTRÉE le +fichier par défaut (indiqué entre crochets) sera utilisé. +. + +.gpg.ask_revocation_reason.code +Vous devriez donner une raison pour la certification. Selon le contexte +vous pouvez choisir dans cette liste: + «La clé a été compromise» + Utilisez cette option si vous avez une raison de croire que des + personnes ont pu accéder à votre clé secrète sans autorisation. + «La clé a été remplacée» + Utilisez cette option si vous avez remplacé la clé par une nouvelle. + «La clé n'est plus utilisée» + Utilisez cette option si cette clé n'a plus d'utilité. + «Le nom d'utilisateur n'est plus valide» + Utilisez cette option si le nom d'utilisateur ne doit plus être + utilisé. Cela sert généralement à indiquer qu'une adresse e-mail + est invalide. + +. + +.gpg.ask_revocation_reason.text +Si vous le désirez, vous pouvez entrer un texte qui explique pourquoi vous +avez émis ce certificat de révocation. Essayez de garder ce texte concis. +Une ligne vide délimite la fin du texte. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.gl.txt b/doc/help.gl.txt new file mode 100644 index 0000000..36c9ffb --- /dev/null +++ b/doc/help.gl.txt @@ -0,0 +1,286 @@ +# help..txt - GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.#gpg.edit_ownertrust.value +# fixme: Please translate and remove the hash mark from the key line. +It's up to you to assign a value here; this value will never be exported +to any 3rd party. We need it to implement the web-of-trust; it has nothing +to do with the (implicitly created) web-of-certificates. +. + +.#gpg.edit_ownertrust.set_ultimate.okay +# fixme: Please translate and remove the hash mark from the key line. +To build the Web-of-Trust, GnuPG needs to know which keys are +ultimately trusted - those are usually the keys for which you have +access to the secret key. Answer "yes" to set this key to +ultimately trusted + +. + +.#gpg.untrusted_key.override +# fixme: Please translate and remove the hash mark from the key line. +If you want to use this untrusted key anyway, answer "yes". +. + +.#gpg.pklist.user_id.enter +# fixme: Please translate and remove the hash mark from the key line. +Enter the user ID of the addressee to whom you want to send the message. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.#gpg.keygen.algo.rsa_se +# fixme: Please translate and remove the hash mark from the key line. +In general it is not a good idea to use the same key for signing and +encryption. This algorithm should only be used in certain domains. +Please consult your security expert first. +. + +.#gpg.keygen.size +# fixme: Please translate and remove the hash mark from the key line. +Enter the size of the key +. + +.#gpg.keygen.size.huge.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.size.large.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.valid +# fixme: Please translate and remove the hash mark from the key line. +Enter the required value as shown in the prompt. +It is possible to enter a ISO date (YYYY-MM-DD) but you won't +get a good error response - instead the system tries to interpret +the given value as an interval. +. + +.#gpg.keygen.valid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.name +# fixme: Please translate and remove the hash mark from the key line. +Enter the name of the key holder +. + +.#gpg.keygen.email +# fixme: Please translate and remove the hash mark from the key line. +please enter an optional but highly suggested email address +. + +.#gpg.keygen.comment +# fixme: Please translate and remove the hash mark from the key line. +Please enter an optional comment +. + +.#gpg.keygen.userid.cmd +# fixme: Please translate and remove the hash mark from the key line. +N to change the name. +C to change the comment. +E to change the email address. +O to continue with key generation. +Q to to quit the key generation. +. + +.#gpg.keygen.sub.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" (or just "y") if it is okay to generate the sub key. +. + +.#gpg.sign_uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.sign_uid.class +# fixme: Please translate and remove the hash mark from the key line. +When you sign a user ID on a key, you should first verify that the key +belongs to the person named in the user ID. It is useful for others to +know how carefully you verified this. + +"0" means you make no particular claim as to how carefully you verified the + key. + +"1" means you believe the key is owned by the person who claims to own it + but you could not, or did not verify the key at all. This is useful for + a "persona" verification, where you sign the key of a pseudonymous user. + +"2" means you did casual verification of the key. For example, this could + mean that you verified the key fingerprint and checked the user ID on the + key against a photo ID. + +"3" means you did extensive verification of the key. For example, this could + mean that you verified the key fingerprint with the owner of the key in + person, and that you checked, by means of a hard to forge document with a + photo ID (such as a passport) that the name of the key owner matches the + name in the user ID on the key, and finally that you verified (by exchange + of email) that the email address on the key belongs to the key owner. + +Note that the examples given above for levels 2 and 3 are *only* examples. +In the end, it is up to you to decide just what "casual" and "extensive" +mean to you when you sign other keys. + +If you don't know what the right answer is, answer "0". +. + +.#gpg.change_passwd.empty.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.save.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.cancel.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.#gpg.keyedit.remove.uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you really want to delete this user ID. +All certificates are then also lost! +. + +.#gpg.keyedit.remove.subkey.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to delete the subkey +. + +.#gpg.keyedit.delsig.valid +# fixme: Please translate and remove the hash mark from the key line. +This is a valid signature on the key; you normally don't want +to delete this signature because it may be important to establish a +trust connection to the key or another key certified by this key. +. + +.#gpg.keyedit.delsig.unknown +# fixme: Please translate and remove the hash mark from the key line. +This signature can't be checked because you don't have the +corresponding key. You should postpone its deletion until you +know which key was used because this signing key might establish +a trust connection through another already certified key. +. + +.#gpg.keyedit.delsig.invalid +# fixme: Please translate and remove the hash mark from the key line. +The signature is not valid. It does make sense to remove it from +your keyring. +. + +.#gpg.keyedit.delsig.selfsig +# fixme: Please translate and remove the hash mark from the key line. +This is a signature which binds the user ID to the key. It is +usually not a good idea to remove such a signature. Actually +GnuPG might not be able to use this key anymore. So do this +only if this self-signature is for some reason not valid and +a second one is available. +. + +.#gpg.keyedit.updpref.okay +# fixme: Please translate and remove the hash mark from the key line. +Change the preferences of all user IDs (or just of the selected ones) +to the current list of preferences. The timestamp of all affected +self-signatures will be advanced by one second. + +. + +.#gpg.passphrase.enter +# fixme: Please translate and remove the hash mark from the key line. +Please enter the passhrase; this is a secret sentence + +. + +.#gpg.passphrase.repeat +# fixme: Please translate and remove the hash mark from the key line. +Please repeat the last passphrase, so you are sure what you typed in. +. + +.#gpg.detached_signature.filename +# fixme: Please translate and remove the hash mark from the key line. +Give the name of the file to which the signature applies +. + +.#gpg.openfile.overwrite.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to overwrite the file +. + +.#gpg.openfile.askoutname +# fixme: Please translate and remove the hash mark from the key line. +Please enter a new filename. If you just hit RETURN the default +file (which is shown in brackets) will be used. +. + +.#gpg.ask_revocation_reason.code +# fixme: Please translate and remove the hash mark from the key line. +You should specify a reason for the certification. Depending on the +context you have the ability to choose from this list: + "Key has been compromised" + Use this if you have a reason to believe that unauthorized persons + got access to your secret key. + "Key is superseded" + Use this if you have replaced this key with a newer one. + "Key is no longer used" + Use this if you have retired this key. + "User ID is no longer valid" + Use this to state that the user ID should not longer be used; + this is normally used to mark an email address invalid. + +. + +.#gpg.ask_revocation_reason.text +# fixme: Please translate and remove the hash mark from the key line. +If you like, you can enter a text describing why you issue this +revocation certificate. Please keep this text concise. +An empty line ends the text. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.hu.txt b/doc/help.hu.txt new file mode 100644 index 0000000..1440dae --- /dev/null +++ b/doc/help.hu.txt @@ -0,0 +1,257 @@ +# help.hu.txt - hu GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.gpg.edit_ownertrust.value +Az Ön döntésén múlik, hogy milyen értéket ad meg itt. Ezt az értéket soha +nem exportáljuk mások részére. Ez a bizalmak hálózatához (web-of-trust) +szükséges, semmi köze az igazolások hálózatához (web-of-certificates). +. + +.gpg.edit_ownertrust.set_ultimate.okay +Hogy a bizalmak hálózatát felépÃtsük, a GnuPG-nek tudnia kell, hogy +mely kulcsok alapvetÅ‘en megbÃzhatóak - általában ezek azok a kulcsok, +melyek titkos kulcsához hozzáfér. Válaszoljon "igen"-nel, ha kulcsot +alapvetÅ‘en megbÃzhatónak jelöli! + +. + +.gpg.untrusted_key.override +Ha mégis használni akarja ezt a kulcsot, melyben nem bÃzunk, +válaszoljon "igen"-nel! +. + +.gpg.pklist.user_id.enter +Adja meg a cÃmzett felhasználói azonosÃtóját! +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.gpg.keygen.algo.rsa_se +Ãltalában nem jó ötlet ugyanazt a kulcsot használni aláÃráshoz és +titkosÃtáshoz. Ezt az algoritmust csak bizonyos területeken ajánlatos +használni. Kérem, elÅ‘ször konzultáljon a biztonsági szakértÅ‘jével! +. + +.gpg.keygen.size +Adja meg a kulcs méretét! +. + +.gpg.keygen.size.huge.okay +Kérem, adjon "igen" vagy "nem" választ! +. + +.gpg.keygen.size.large.okay +Kérem, adjon "igen" vagy "nem" választ! +. + +.gpg.keygen.valid +Adja meg a szükséges értéket, ahogy a prompt mutatja! +Lehetséges ISO dátumot is beÃrni (ÉÉÉÉ-HH-NN), de nem fog rendes +hibaüzenetet kapni, hanem a rendszer megpróbálja az értéket +intervallumként értelmezni. +. + +.gpg.keygen.valid.okay +Kérem, adjon "igen" vagy "nem" választ! +. + +.gpg.keygen.name +Adja meg a kulcs tulajdonosának a nevét! +. + +.gpg.keygen.email +Kérem, adjon meg egy opcionális, de nagyon ajánlott e-mail cÃmet! +. + +.gpg.keygen.comment +Kérem, adjon meg egy opcionális megjegyzést! +. + +.gpg.keygen.userid.cmd +N név változtatása +M megjegyzés változtatása +E e-mail változtatása +R kulcsgenerálás folytatása +Q kilépés a kulcsgenerálásból +. + +.gpg.keygen.sub.okay +Válaszoljon "igen"-nel (vagy csak "i"-vel), ha kezdhetjük az alkulcs +létrehozását! +. + +.gpg.sign_uid.okay +Kérem, adjon "igen" vagy "nem" választ! +. + +.gpg.sign_uid.class +MielÅ‘tt aláÃr egy felhasználói azonosÃtót egy kulcson, ellenÅ‘riznie kell, +hogy a kulcs a felhasználói azonosÃtóban megnevezett személyhez tartozik. +Mások számára hasznos lehet, ha tudják, hogy milyen gondosan ellenÅ‘rizte +Ön ezt. + +"0" azt jelenti, hogy nem tesz az ellenÅ‘rzés gondosságára vonatkozó + kijelentést. + +"1" azt jelenti, hogy Ön hiszi, hogy a kulcs annak a személynek a + tulajdona, aki azt állÃtja, hogy az övé, de Ön nem tudta ezt + ellenÅ‘rizni, vagy egyszerűen nem ellenÅ‘rizte ezt. Ez hasznos egy + "persona" tÃpusú ellenÅ‘rzéshez, mikor Ön egy pszeudonim felhasználó + kulcsát Ãrja alá. + +"2" azt jelenti, hogy Ön a kulcsot hétköznapi alapossággal ellenÅ‘rizte. + Például ez azt jelentheti, hogy ellenÅ‘rizte a kulcs ujjlenyomatát, és + összevetette a kulcson szereplÅ‘ felhasználóazonosÃtót egy fényképes + igazolvánnyal. + +"3" azt jelenti, hogy alaposan ellenÅ‘rizte a kulcsot. Például ez azt + jelentheti, hogy a kulcs ujjlenyomatát a tulajdonossal személyesen + találkozva ellenÅ‘rizte, egy nehezen hamisÃtható, fényképes igazolvánnyal + (mint az útlevél) meggyÅ‘zÅ‘dött arról, hogy a személy neve egyezik a + kulcson levÅ‘vel, és végül (e-mail váltással) ellenÅ‘rizte, hogy a kulcson + szereplÅ‘ e-mail cÃm a kulcs tulajdonosához tartozik. + +A 2-es és 3-as szintekhez adott példák *csak* példák. VégsÅ‘ soron Ön dönti +el, hogy mit jelentenek Önnek a "hétköznapi" és "alapos" kifejezések, +amikor mások kulcsát aláÃrja. + +Ha nem tudja, hogy mit válaszoljon, Ãrjon "0"-t! +. + +.gpg.change_passwd.empty.okay +Kérem, adjon "igen" vagy "nem" választ! +. + +.gpg.keyedit.save.okay +Kérem, adjon "igen" vagy "nem" választ! +. + +.gpg.keyedit.cancel.okay +Kérem, adjon "igen" vagy "nem" választ! +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.gpg.keyedit.remove.uid.okay +Válaszoljon "igen"-nel, ha valóban törölni akarja ezt a felhasználóazonosÃtót! +Minden igazolás törlÅ‘dik vele együtt! +. + +.gpg.keyedit.remove.subkey.okay +Válaszoljon "igen"-nel, ha az alkulcs törölhetÅ‘. +. + +.gpg.keyedit.delsig.valid +Ez egy érvényes aláÃrás a kulcson. Normál esetben nincs értelme +törölni, mert fontos lehet ahhoz, hogy érvényesÃtse ezt a kulcsot, +vagy egy másikat, melyet ezzel a kulccsal igazolnak. +. + +.gpg.keyedit.delsig.unknown +Ezt az aláÃrást nem tudom ellenÅ‘rizni, mert nincs meg a hozzá tartozó +kulcs. Ajánlatos lenne elhalasztani a törlést addig, amÃg meg nem tudja, +hogy melyik kulcsot használták, mert ez az aláÃró kulcs bizalmi +kapcsolatot hozhat létre egy már hitelesÃtett kulcson keresztül. +. + +.gpg.keyedit.delsig.invalid +Ez az aláÃrás nem érvényes. Értelmetlen eltávolÃtani a kulcskarikáról. +. + +.gpg.keyedit.delsig.selfsig +Ez egy olyan aláÃrás, amely összeköti a felhasználóazonosÃtót +a kulccsal. Ãltalában nem jó ötlet egy ilyen aláÃrást eltávolÃtani. +Az is lehetséges, hogy a GnuPG többé nem tudja használni ezt +a kulcsot. Csak akkor tegye ezt, ha valami okból ez az önaláÃrás nem +érvényes, és rendelkezésre áll egy másik! +. + +.gpg.keyedit.updpref.okay +Lecseréli az összes felhasználóazonosÃtóhoz (vagy csak a kijelöltekhez) +tartozó preferenciákat az aktuális preferenciákra. Minden érintett +önaláÃrás idÅ‘pontját egy másodperccel növeli. + +. + +.gpg.passphrase.enter +Kérem, adja meg a jelszót! Ezt egy titkos mondat. + +. + +.gpg.passphrase.repeat +Kérem, ismételje meg az elÅ‘zÅ‘ jelszót ellenÅ‘rzésképpen! +. + +.gpg.detached_signature.filename +Adja meg az állomány nevét, melyhez az aláÃrás tartozik! +. + +.gpg.openfile.overwrite.okay +Válaszoljon "igen"-nel, ha felülÃrható az állomány! +. + +.gpg.openfile.askoutname +Kérem, adjon meg egy új fájlnevet! Ha RETURN-t/ENTER-t nyom, akkor +a szögletes zárójelben levÅ‘ alapértelmezett nevet használom. +. + +.gpg.ask_revocation_reason.code +Ajánlatos megadni a visszavonás okát. A helyzettÅ‘l függÅ‘en válasszon +a következÅ‘ listából: + "A kulcs kompromittálódott." + Használja ezt akkor, ha oka van azt hinni, hogy titkos kulcsa + illetéktelen kezekbe került! + "A kulcsot lecserélték." + Használja ezt akkor, ha a kulcsot lecserélte egy újabbra! + "A kulcs már nem használatos." + Használja ezt akkor, ha már nem használja a kulcsot! + "A felhasználóazonosÃtó már nem érvényes." + Használja ezt akkor, ha azt állÃtja, hogy a felhasználóazonosÃtó + már nem használatos! Ãltalában érvénytelen e-mail cÃmet jelent. + +. + +.gpg.ask_revocation_reason.text +Ha akarja, megadhat egy szöveget, melyben megindokolja, hogy miért +adta ki ezt a visszavonó igazolást. Kérem, fogalmazzon tömören! +Egy üres sor jelzi a szöveg végét. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.id.txt b/doc/help.id.txt new file mode 100644 index 0000000..ae9e808 --- /dev/null +++ b/doc/help.id.txt @@ -0,0 +1,251 @@ +# help.id.txt - id GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.gpg.edit_ownertrust.value +Terserah anda untuk memberi nilai baru di sini; nilai ini tidak akan diekspor +ke pihak ketiga. Kami perlu untuk mengimplementasikan web-of-trust; tidak ada +kaitan dengan (membuat secara implisit) web-of-certificates. +. + +.gpg.edit_ownertrust.set_ultimate.okay +Untuk membuat Web-of-Trust, GnuPG perlu tahu kunci mana yang +sangat dipercaya - mereka biasanya adalah kunci yang anda punya +akses ke kunci rahasia. Jawab "yes" untuk menset kunci ini ke +sangat dipercaya + +. + +.gpg.untrusted_key.override +Jika anda ingin menggunakan kunci tidak terpercaya ini, jawab "ya". +. + +.gpg.pklist.user_id.enter +Masukkan ID user penerima pesan. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.gpg.keygen.algo.rsa_se +Secara umum bukan ide baik untuk menggunakan kunci yang sama untuk menandai dan +mengenkripsi. Algoritma ini seharusnya digunakan dalam domain tertentu. +Silakan berkonsultasi dulu dengan ahli keamanan anda. +. + +.gpg.keygen.size +Masukkan ukuran kunci +. + +.gpg.keygen.size.huge.okay +Jawab "ya" atau "tidak" +. + +.gpg.keygen.size.large.okay +Jawab "ya" atau "tidak" +. + +.gpg.keygen.valid +Masukkan nilai yang diperlukan seperti pada prompt. +Dapat digunakan format (YYYY-MM-DD) untuk mengisi tanggal ISO tetapi anda +tidak akan mendapat respon kesalahan yang baik - sebaiknya sistem akan +berusaha menginterprestasi nilai yang diberikan sebagai sebuah interval. +. + +.gpg.keygen.valid.okay +Jawab "ya" atau "tidak" +. + +.gpg.keygen.name +Masukkan nama pemegang kunci +. + +.gpg.keygen.email +silakan masukkan alamat email (pilihan namun sangat dianjurkan) +. + +.gpg.keygen.comment +Silakan masukkan komentar tambahan +. + +.gpg.keygen.userid.cmd +N untuk merubah nama. +K untuk merubah komentar. +E untuk merubah alamat email. +O untuk melanjutkan dengan pembuatan kunci. +K untuk menghentikan pembuatan kunci. +. + +.gpg.keygen.sub.okay +Jawab "ya" (atau "y") jika telah siap membuat subkey. +. + +.gpg.sign_uid.okay +Jawab "ya" atau "tidak" +. + +.gpg.sign_uid.class +Ketika anda menandai user ID pada kunci, anda perlu memverifikasi bahwa kunci +milik orang yang disebut dalam user ID. Ini penting bagi orang lain untuk tahu +seberapa cermat anda memverifikasi ini. + +"0" berarti anda tidak melakukan klaim tentang betapa cermat anda memverifikasi kunci. + +"1" berarti anda percaya bahwa kunci dimiliki oleh orang yang mengklaim memilikinya + namun anda tidak dapat, atau tidak memverifikasi kunci sama sekali. Hal ini bergunabagi + verifikasi "persona", yaitu anda menandai kunci user pseudonymous + +"2" berarti anda melakukan verifikasi kasual atas kunci. Sebagai contoh, halini dapat + berarti bahwa anda memverifikasi fingerprint kunci dan memeriksa user ID pada kunci + dengan photo ID. + +"3" berarti anda melakukan verifikasi ekstensif atas kunci. Sebagai contoh, hal ini + dapat berarti anda memverifikasi fingerprint kunci dengan pemilik kunci + secara personal, dan anda memeriksa, dengan menggunakan dokumen yang sulit dipalsukan yang memiliki + photo ID (seperti paspor) bahwa nama pemilik kunci cocok dengan + nama user ID kunci, dan bahwa anda telah memverifikasi (dengan pertukaran + email) bahwa alamat email pada kunci milik pemilik kunci. + +Contoh-contoh pada level 2 dan 3 hanyalah contoh. +Pada akhirnya, terserah anda untuk memutuskan apa arti "kasual" dan "ekstensif" +bagi anda ketika menandai kunci lain. + +Jika anda tidak tahu jawaban yang tepat, jawab "0". +. + +.gpg.change_passwd.empty.okay +Jawab "ya" atau "tidak" +. + +.gpg.keyedit.save.okay +Jawab "ya" atau "tidak" +. + +.gpg.keyedit.cancel.okay +Jawab "ya" atau "tidak" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.gpg.keyedit.remove.uid.okay +Jawab "ya" jika anda benar-benar ingin menghapus ID user ini. +Seluruh sertifikat juga akan hilang! +. + +.gpg.keyedit.remove.subkey.okay +Jawab "ya" jika ingin menghapus subkey +. + +.gpg.keyedit.delsig.valid +Ini adalah signature valid untuk kunci; anda normalnya tdk ingin menghapus +signature ini karena mungkin penting membangun koneksi trust ke kunci atau +ke kunci tersertifikasi lain dengan kunci ini. +. + +.gpg.keyedit.delsig.unknown +Signature ini tidak dapat diperiksa karena anda tidak memiliki kunci +korespondennya. Anda perlu menunda penghapusannya hingga anda tahu +kunci yang digunakan karena kunci penanda ini mungkin membangun suatu +koneksi trust melalui kunci yang telah tersertifikasi lain. +. + +.gpg.keyedit.delsig.invalid +Signature tidak valid. Adalah hal yang masuk akal untuk menghapusnya dari +keyring anda +. + +.gpg.keyedit.delsig.selfsig +Ini adalah signature yang menghubungkan ID pemakai ke kunci. Biasanya +bukan ide yang baik untuk menghapus signature semacam itu. Umumnya +GnuPG tidak akan dapat menggunakan kunci ini lagi. Sehingga lakukan hal +ini bila self-signature untuk beberapa alasan tidak valid dan +tersedia yang kedua. +. + +.gpg.keyedit.updpref.okay +Rubah preferensi seluruh user ID (atau hanya yang terpilih) +ke daftar preferensi saat ini. Timestamp seluruh self-signature +yang terpengaruh akan bertambah satu detik. + +. + +.gpg.passphrase.enter +Silakan masukkan passphrase; ini kalimat rahasia + +. + +.gpg.passphrase.repeat +Silakan ulangi passphrase terakhir, sehingga anda yakin yang anda ketikkan. +. + +.gpg.detached_signature.filename +Beri nama file tempat berlakunya signature +. + +.gpg.openfile.overwrite.okay +Jawab "ya" jika tidak apa-apa menimpa file +. + +.gpg.openfile.askoutname +Silakan masukan nama file baru. Jika anda hanya menekan RETURN nama +file baku (yang diapit tanda kurung) akan dipakai. +. + +.gpg.ask_revocation_reason.code +Anda harus menspesifikasikan alasan pembatalan. Semua ini tergantung +konteks, anda dapat memilih dari daftar berikut: + "Key has been compromised" + Gunakan ini jika anda punya alasan untuk percaya bahwa orang yang tidak berhak + memiliki akses ke kunci pribadi anda. + "Key is superseded" + Gunakan ini bila anda mengganti kunci anda dengan yang baru. + "Key is no longer used" + Gunakan ini bila anda telah mempensiunkan kunci ini. + "User ID is no longer valid" + Gunakan ini untuk menyatakan user ID tidak boleh digunakan lagi; + normalnya digunakan untuk menandai bahwa alamat email tidak valid lagi. + +. + +.gpg.ask_revocation_reason.text +Jika anda suka, anda dapat memasukkan teks menjelaskan mengapa anda +mengeluarkan sertifikat pembatalan ini. Buatlah ringkas. +Baris kosong mengakhiri teks. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.it.txt b/doc/help.it.txt new file mode 100644 index 0000000..db6127f --- /dev/null +++ b/doc/help.it.txt @@ -0,0 +1,251 @@ +# help.it.txt - Italian GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.gpg.edit_ownertrust.value +E compito tuo assegnare un valore; questo valore non sarà mai esportato a +terzi. Ci serve per implementare il web-of-trust; non ha nulla a che fare +con il web-of-certificates (creato implicitamente). +. + +.gpg.edit_ownertrust.set_ultimate.okay +Per costruire il Web-Of-Trust, GnuPG ha bisogno di sapere quali chiavi sono +definitivamente affidabili - di solito quelle per cui hai accesso alla chiave +segreta. +Rispondi "sì" per impostare questa chiave come definitivamente affidabile + +. + +.gpg.untrusted_key.override +Se vuoi usare comunque questa chiave non fidata, rispondi "si". +. + +.gpg.pklist.user_id.enter +Inserisci l'user ID del destinatario a cui vuoi mandare il messaggio. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.gpg.keygen.algo.rsa_se +In generale non è una buona idea usare la stessa chiave per le firme e la +cifratura. Questo algoritmo dovrebbe solo essere usato in determinati campi. +Per favore consulta prima il tuo esperto di sicurezza. +. + +.gpg.keygen.size +Inserisci le dimensioni della chiave +. + +.gpg.keygen.size.huge.okay +Rispondi "si" o "no" +. + +.gpg.keygen.size.large.okay +Rispondi "si" o "no" +. + +.gpg.keygen.valid +Inserisci il valore richiesto come indicato dal prompt. +È possibile inserire una data in formato ISO (YYYY-MM-DD) ma non avrai un +messaggio di errore corretto: il sistema cerca di interpretare il valore +dato come un intervallo. +. + +.gpg.keygen.valid.okay +Rispondi "si" o "no" +. + +.gpg.keygen.name +Inserisci il nome del proprietario della chiave +. + +.gpg.keygen.email +Inserisci un indirizzo di email opzionale (ma fortemente suggerito) +. + +.gpg.keygen.comment +Inserisci un commento opzionale +. + +.gpg.keygen.userid.cmd +N per cambiare il nome. +C per cambiare il commento. +E per cambiare l'indirizzo di email. +O per continuare con la generazione della chiave. +Q per abbandonare il processo di generazione della chiave. +. + +.gpg.keygen.sub.okay +Rispondi "si" (o "y") se va bene generare la subchiave. +. + +.gpg.sign_uid.okay +Rispondi "si" o "no" +. + +.gpg.sign_uid.class +Quando firmi l'user ID di una chiave dovresti prima verificare che questa +appartiene alla persona indicata nell'user ID. È utile agli altri sapere +con quanta attenzione lo hai verificato. + +"0" significa che non fai particolari affermazioni sull'attenzione con cui + hai ferificato la chiave. + +"1" significa che credi che la chiave sia posseduta dalla persona che dice di + possederla, ma non hai o non hai potuto verificare per niente la chiave. + +"2" significa che hai fatto una verifica superficiale della chiave. Per esempio + potrebbe significare che hai verificato l'impronta digitale e confrontato + l'user ID della chiave con un documento di identità con fotografia. + +"3" significa che hai fatto una verifica approfondita della chiave. Per esempio + potrebbe significare che hai verificato di persona l'impronta digitale con + il possessore della chiave e hai controllato, per esempio per mezzo di + un documento di identità con fotografia difficile da falsificare (come + un passaporto), che il nome del proprietario della chiave corrisponde a + quello nell'user ID della chiave, e per finire che hai verificato + (scambiando dei messaggi) che l'indirizzo di email sulla chiave appartiene + al proprietario. + +Nota che gli esempi indicati per i livelli 2 e 3 sono *solo* esempi. Alla fine +sta a te decidere cosa significano "superficiale" e "approfondita" quando +firmi chiavi di altri. + +Se non sai cosa rispondere, rispondi "0". +. + +.gpg.change_passwd.empty.okay +Rispondi "si" o "no" +. + +.gpg.keyedit.save.okay +Rispondi "si" o "no" +. + +.gpg.keyedit.cancel.okay +Rispondi "si" o "no" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.gpg.keyedit.remove.uid.okay +Rispondi "si" se vuoi davvero cancellare questo user ID. +Tutti i certificati saranno persi! +. + +.gpg.keyedit.remove.subkey.okay +Rispondi "si" se va bene cancellare la subchiave +. + +.gpg.keyedit.delsig.valid +Questa è una firma valida per la chiave. Normalmente non vorresti cancellare +questa firma perchè può essere importante per stabilire una connessione di +fiducia alla chiave o a un'altra chiave certificata da questa chiave. +. + +.gpg.keyedit.delsig.unknown +Questa firma non può essere verificata perchè non hai la chiave corrispondente. +Dovresti rimandare la sua cancellazione finchè non saprai quale chiave è stata +usata perchè questa chiave potrebbe stabilire una connessione di fiducia +attraverso una chiave già certificata. +. + +.gpg.keyedit.delsig.invalid +La firma non è valida. Ha senso rimuoverla dal tuo portachiavi. +. + +.gpg.keyedit.delsig.selfsig +Questa è una firma che collega l'user id alla chiave. Solitamente non è una +buona idea rimuovere questo tipo di firma. In realtà GnuPG potrebbe non essere +più in grado di usare questa chiave. Quindi fallo solo se questa autofirma non +è valida per qualche ragione e ne è disponibile un'altra. +. + +.gpg.keyedit.updpref.okay +Cambia le preferenze di tutti gli user ID (o solo di quelli selezionati) con +la lista di preferenze corrente. L'orario di tutte le autofirme coinvolte +sarà aumentato di un secondo. + +. + +.gpg.passphrase.enter +Inserisci la passphrase, cioè una frase segreta + +. + +.gpg.passphrase.repeat +Ripeti l'ultima passphrase per essere sicuro di cosa hai scritto. +. + +.gpg.detached_signature.filename +Inserisci il nome del file a cui si riferisce la firma. +. + +.gpg.openfile.overwrite.okay +Rispondi "si" se va bene sovrascrivere il file. +. + +.gpg.openfile.askoutname +Inserisci il nuovo nome del file. Se premi INVIO sarà usato il nome +predefinito (quello indicato tra parentesi). +. + +.gpg.ask_revocation_reason.code +Dovresti specificare un motivo per questa certificazione. A seconda del +contesto hai la possibilità di scegliere tra questa lista: + "Key has been compromised" + Usa questo se hai un motivo per credere che una persona non autorizzata + abbia avuto accesso alla tua chiave segreta. + "Key is superseded" + Usa questo se hai sostituito questa chiave con una più recente. + "Key is no longer used" + Usa questo se hai mandato in pensione questa chiave. + "User ID is no longer valid" + Usa questo per affermare che l'user ID non dovrebbe più essere usato; + solitamente è usato per indicare un indirizzo di email non valido. + +. + +.gpg.ask_revocation_reason.text +Se vuoi, puoi digitare un testo che descrive perché hai emesso +questo certificato di revoca. Per favore sii conciso. +Una riga vuota termina il testo. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.ja.txt b/doc/help.ja.txt new file mode 100644 index 0000000..36c9ffb --- /dev/null +++ b/doc/help.ja.txt @@ -0,0 +1,286 @@ +# help..txt - GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.#gpg.edit_ownertrust.value +# fixme: Please translate and remove the hash mark from the key line. +It's up to you to assign a value here; this value will never be exported +to any 3rd party. We need it to implement the web-of-trust; it has nothing +to do with the (implicitly created) web-of-certificates. +. + +.#gpg.edit_ownertrust.set_ultimate.okay +# fixme: Please translate and remove the hash mark from the key line. +To build the Web-of-Trust, GnuPG needs to know which keys are +ultimately trusted - those are usually the keys for which you have +access to the secret key. Answer "yes" to set this key to +ultimately trusted + +. + +.#gpg.untrusted_key.override +# fixme: Please translate and remove the hash mark from the key line. +If you want to use this untrusted key anyway, answer "yes". +. + +.#gpg.pklist.user_id.enter +# fixme: Please translate and remove the hash mark from the key line. +Enter the user ID of the addressee to whom you want to send the message. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.#gpg.keygen.algo.rsa_se +# fixme: Please translate and remove the hash mark from the key line. +In general it is not a good idea to use the same key for signing and +encryption. This algorithm should only be used in certain domains. +Please consult your security expert first. +. + +.#gpg.keygen.size +# fixme: Please translate and remove the hash mark from the key line. +Enter the size of the key +. + +.#gpg.keygen.size.huge.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.size.large.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.valid +# fixme: Please translate and remove the hash mark from the key line. +Enter the required value as shown in the prompt. +It is possible to enter a ISO date (YYYY-MM-DD) but you won't +get a good error response - instead the system tries to interpret +the given value as an interval. +. + +.#gpg.keygen.valid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.name +# fixme: Please translate and remove the hash mark from the key line. +Enter the name of the key holder +. + +.#gpg.keygen.email +# fixme: Please translate and remove the hash mark from the key line. +please enter an optional but highly suggested email address +. + +.#gpg.keygen.comment +# fixme: Please translate and remove the hash mark from the key line. +Please enter an optional comment +. + +.#gpg.keygen.userid.cmd +# fixme: Please translate and remove the hash mark from the key line. +N to change the name. +C to change the comment. +E to change the email address. +O to continue with key generation. +Q to to quit the key generation. +. + +.#gpg.keygen.sub.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" (or just "y") if it is okay to generate the sub key. +. + +.#gpg.sign_uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.sign_uid.class +# fixme: Please translate and remove the hash mark from the key line. +When you sign a user ID on a key, you should first verify that the key +belongs to the person named in the user ID. It is useful for others to +know how carefully you verified this. + +"0" means you make no particular claim as to how carefully you verified the + key. + +"1" means you believe the key is owned by the person who claims to own it + but you could not, or did not verify the key at all. This is useful for + a "persona" verification, where you sign the key of a pseudonymous user. + +"2" means you did casual verification of the key. For example, this could + mean that you verified the key fingerprint and checked the user ID on the + key against a photo ID. + +"3" means you did extensive verification of the key. For example, this could + mean that you verified the key fingerprint with the owner of the key in + person, and that you checked, by means of a hard to forge document with a + photo ID (such as a passport) that the name of the key owner matches the + name in the user ID on the key, and finally that you verified (by exchange + of email) that the email address on the key belongs to the key owner. + +Note that the examples given above for levels 2 and 3 are *only* examples. +In the end, it is up to you to decide just what "casual" and "extensive" +mean to you when you sign other keys. + +If you don't know what the right answer is, answer "0". +. + +.#gpg.change_passwd.empty.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.save.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.cancel.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.#gpg.keyedit.remove.uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you really want to delete this user ID. +All certificates are then also lost! +. + +.#gpg.keyedit.remove.subkey.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to delete the subkey +. + +.#gpg.keyedit.delsig.valid +# fixme: Please translate and remove the hash mark from the key line. +This is a valid signature on the key; you normally don't want +to delete this signature because it may be important to establish a +trust connection to the key or another key certified by this key. +. + +.#gpg.keyedit.delsig.unknown +# fixme: Please translate and remove the hash mark from the key line. +This signature can't be checked because you don't have the +corresponding key. You should postpone its deletion until you +know which key was used because this signing key might establish +a trust connection through another already certified key. +. + +.#gpg.keyedit.delsig.invalid +# fixme: Please translate and remove the hash mark from the key line. +The signature is not valid. It does make sense to remove it from +your keyring. +. + +.#gpg.keyedit.delsig.selfsig +# fixme: Please translate and remove the hash mark from the key line. +This is a signature which binds the user ID to the key. It is +usually not a good idea to remove such a signature. Actually +GnuPG might not be able to use this key anymore. So do this +only if this self-signature is for some reason not valid and +a second one is available. +. + +.#gpg.keyedit.updpref.okay +# fixme: Please translate and remove the hash mark from the key line. +Change the preferences of all user IDs (or just of the selected ones) +to the current list of preferences. The timestamp of all affected +self-signatures will be advanced by one second. + +. + +.#gpg.passphrase.enter +# fixme: Please translate and remove the hash mark from the key line. +Please enter the passhrase; this is a secret sentence + +. + +.#gpg.passphrase.repeat +# fixme: Please translate and remove the hash mark from the key line. +Please repeat the last passphrase, so you are sure what you typed in. +. + +.#gpg.detached_signature.filename +# fixme: Please translate and remove the hash mark from the key line. +Give the name of the file to which the signature applies +. + +.#gpg.openfile.overwrite.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to overwrite the file +. + +.#gpg.openfile.askoutname +# fixme: Please translate and remove the hash mark from the key line. +Please enter a new filename. If you just hit RETURN the default +file (which is shown in brackets) will be used. +. + +.#gpg.ask_revocation_reason.code +# fixme: Please translate and remove the hash mark from the key line. +You should specify a reason for the certification. Depending on the +context you have the ability to choose from this list: + "Key has been compromised" + Use this if you have a reason to believe that unauthorized persons + got access to your secret key. + "Key is superseded" + Use this if you have replaced this key with a newer one. + "Key is no longer used" + Use this if you have retired this key. + "User ID is no longer valid" + Use this to state that the user ID should not longer be used; + this is normally used to mark an email address invalid. + +. + +.#gpg.ask_revocation_reason.text +# fixme: Please translate and remove the hash mark from the key line. +If you like, you can enter a text describing why you issue this +revocation certificate. Please keep this text concise. +An empty line ends the text. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.nb.txt b/doc/help.nb.txt new file mode 100644 index 0000000..36c9ffb --- /dev/null +++ b/doc/help.nb.txt @@ -0,0 +1,286 @@ +# help..txt - GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.#gpg.edit_ownertrust.value +# fixme: Please translate and remove the hash mark from the key line. +It's up to you to assign a value here; this value will never be exported +to any 3rd party. We need it to implement the web-of-trust; it has nothing +to do with the (implicitly created) web-of-certificates. +. + +.#gpg.edit_ownertrust.set_ultimate.okay +# fixme: Please translate and remove the hash mark from the key line. +To build the Web-of-Trust, GnuPG needs to know which keys are +ultimately trusted - those are usually the keys for which you have +access to the secret key. Answer "yes" to set this key to +ultimately trusted + +. + +.#gpg.untrusted_key.override +# fixme: Please translate and remove the hash mark from the key line. +If you want to use this untrusted key anyway, answer "yes". +. + +.#gpg.pklist.user_id.enter +# fixme: Please translate and remove the hash mark from the key line. +Enter the user ID of the addressee to whom you want to send the message. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.#gpg.keygen.algo.rsa_se +# fixme: Please translate and remove the hash mark from the key line. +In general it is not a good idea to use the same key for signing and +encryption. This algorithm should only be used in certain domains. +Please consult your security expert first. +. + +.#gpg.keygen.size +# fixme: Please translate and remove the hash mark from the key line. +Enter the size of the key +. + +.#gpg.keygen.size.huge.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.size.large.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.valid +# fixme: Please translate and remove the hash mark from the key line. +Enter the required value as shown in the prompt. +It is possible to enter a ISO date (YYYY-MM-DD) but you won't +get a good error response - instead the system tries to interpret +the given value as an interval. +. + +.#gpg.keygen.valid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.name +# fixme: Please translate and remove the hash mark from the key line. +Enter the name of the key holder +. + +.#gpg.keygen.email +# fixme: Please translate and remove the hash mark from the key line. +please enter an optional but highly suggested email address +. + +.#gpg.keygen.comment +# fixme: Please translate and remove the hash mark from the key line. +Please enter an optional comment +. + +.#gpg.keygen.userid.cmd +# fixme: Please translate and remove the hash mark from the key line. +N to change the name. +C to change the comment. +E to change the email address. +O to continue with key generation. +Q to to quit the key generation. +. + +.#gpg.keygen.sub.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" (or just "y") if it is okay to generate the sub key. +. + +.#gpg.sign_uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.sign_uid.class +# fixme: Please translate and remove the hash mark from the key line. +When you sign a user ID on a key, you should first verify that the key +belongs to the person named in the user ID. It is useful for others to +know how carefully you verified this. + +"0" means you make no particular claim as to how carefully you verified the + key. + +"1" means you believe the key is owned by the person who claims to own it + but you could not, or did not verify the key at all. This is useful for + a "persona" verification, where you sign the key of a pseudonymous user. + +"2" means you did casual verification of the key. For example, this could + mean that you verified the key fingerprint and checked the user ID on the + key against a photo ID. + +"3" means you did extensive verification of the key. For example, this could + mean that you verified the key fingerprint with the owner of the key in + person, and that you checked, by means of a hard to forge document with a + photo ID (such as a passport) that the name of the key owner matches the + name in the user ID on the key, and finally that you verified (by exchange + of email) that the email address on the key belongs to the key owner. + +Note that the examples given above for levels 2 and 3 are *only* examples. +In the end, it is up to you to decide just what "casual" and "extensive" +mean to you when you sign other keys. + +If you don't know what the right answer is, answer "0". +. + +.#gpg.change_passwd.empty.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.save.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.cancel.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.#gpg.keyedit.remove.uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you really want to delete this user ID. +All certificates are then also lost! +. + +.#gpg.keyedit.remove.subkey.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to delete the subkey +. + +.#gpg.keyedit.delsig.valid +# fixme: Please translate and remove the hash mark from the key line. +This is a valid signature on the key; you normally don't want +to delete this signature because it may be important to establish a +trust connection to the key or another key certified by this key. +. + +.#gpg.keyedit.delsig.unknown +# fixme: Please translate and remove the hash mark from the key line. +This signature can't be checked because you don't have the +corresponding key. You should postpone its deletion until you +know which key was used because this signing key might establish +a trust connection through another already certified key. +. + +.#gpg.keyedit.delsig.invalid +# fixme: Please translate and remove the hash mark from the key line. +The signature is not valid. It does make sense to remove it from +your keyring. +. + +.#gpg.keyedit.delsig.selfsig +# fixme: Please translate and remove the hash mark from the key line. +This is a signature which binds the user ID to the key. It is +usually not a good idea to remove such a signature. Actually +GnuPG might not be able to use this key anymore. So do this +only if this self-signature is for some reason not valid and +a second one is available. +. + +.#gpg.keyedit.updpref.okay +# fixme: Please translate and remove the hash mark from the key line. +Change the preferences of all user IDs (or just of the selected ones) +to the current list of preferences. The timestamp of all affected +self-signatures will be advanced by one second. + +. + +.#gpg.passphrase.enter +# fixme: Please translate and remove the hash mark from the key line. +Please enter the passhrase; this is a secret sentence + +. + +.#gpg.passphrase.repeat +# fixme: Please translate and remove the hash mark from the key line. +Please repeat the last passphrase, so you are sure what you typed in. +. + +.#gpg.detached_signature.filename +# fixme: Please translate and remove the hash mark from the key line. +Give the name of the file to which the signature applies +. + +.#gpg.openfile.overwrite.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to overwrite the file +. + +.#gpg.openfile.askoutname +# fixme: Please translate and remove the hash mark from the key line. +Please enter a new filename. If you just hit RETURN the default +file (which is shown in brackets) will be used. +. + +.#gpg.ask_revocation_reason.code +# fixme: Please translate and remove the hash mark from the key line. +You should specify a reason for the certification. Depending on the +context you have the ability to choose from this list: + "Key has been compromised" + Use this if you have a reason to believe that unauthorized persons + got access to your secret key. + "Key is superseded" + Use this if you have replaced this key with a newer one. + "Key is no longer used" + Use this if you have retired this key. + "User ID is no longer valid" + Use this to state that the user ID should not longer be used; + this is normally used to mark an email address invalid. + +. + +.#gpg.ask_revocation_reason.text +# fixme: Please translate and remove the hash mark from the key line. +If you like, you can enter a text describing why you issue this +revocation certificate. Please keep this text concise. +An empty line ends the text. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.pl.txt b/doc/help.pl.txt new file mode 100644 index 0000000..ef719a8 --- /dev/null +++ b/doc/help.pl.txt @@ -0,0 +1,250 @@ +# help.pl.txt - pl GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.gpg.edit_ownertrust.value +Te wartoÅ›ci użytkownik przydziela wg swojego uznania; nie bÄ™dÄ… nigdy +eksportowane poza ten system. Potrzebne sÄ… one do zbudowania sieci +zaufania, i nie ma to nic wspólnego z tworzonÄ… automatycznie sieciÄ… +certyfikatów. +. + +.gpg.edit_ownertrust.set_ultimate.okay +Aby zbudować Sieć Zaufania, GnuPG potrzebuje znać klucze do których +masz absolutne zaufanie. Zwykle sÄ… to klucze do których masz klucze +tajne. Odpowiedz ,,tak'', jeÅ›li chcesz okreÅ›lić ten klucz jako klucz +do którego masz absolutne zaufanie. + +. + +.gpg.untrusted_key.override +JeÅ›li mimo wszystko chcesz użyć tego klucza, klucza, co do którego nie ma +żadnej pewnoÅ›ci do kogo należy, odpowiedz ,,tak''. +. + +.gpg.pklist.user_id.enter +Podaj adresatów tej wiadomoÅ›ci. +. + +.gpg.keygen.algo +ProszÄ™ wybrać algorytm. + +DSA (znany także jako DSS) to algorytm podpisu cyfrowego (Digital Signature +Algorithm) i może być używany tylko do podpisów. + +Elgamal to algorytm tylko do szyfrowania. + +RSA może być używany do podpisów lub szyfrowania. + +Pierwszy (główny) klucz zawsze musi być kluczem nadajÄ…cym siÄ™ do podpisywania. +. + +.gpg.keygen.algo.rsa_se +Używanie tego samego klucza do podpisywania i szyfrowania nie jest dobrym +pomysÅ‚em. Można tak postÄ™pować tylko w niektórych zastosowaniach. ProszÄ™ siÄ™ +najpierw skonsultować z ekspertem od bezpieczeÅ„stwa. +. + +.gpg.keygen.size +Wprowadź rozmiar klucza +. + +.gpg.keygen.size.huge.okay +Odpowiedz "tak" lub "nie". +. + +.gpg.keygen.size.large.okay +Odpowiedz "tak" lub "nie". +. + +.gpg.keygen.valid +Wprowadź żądanÄ… wartość (jak w znaku zachÄ™ty). +Można tu podać datÄ™ w formacie ISO (RRRR-MM-DD) ale nie da to +wÅ‚aÅ›ciwej obsÅ‚ugi bÅ‚Ä™dów - system próbuje interpretować podanÄ… wartość +jako okres. +. + +.gpg.keygen.valid.okay +Odpowiedz "tak" lub "nie". +. + +.gpg.keygen.name +Nazwa wÅ‚aÅ›ciciela klucza. +. + +.gpg.keygen.email +proszÄ™ wprowadzić opcjonalny ale wysoce doradzany adres e-mail +. + +.gpg.keygen.comment +ProszÄ™ wprowadzić opcjonalny komentarz +. + +.gpg.keygen.userid.cmd +N aby zmienić nazwÄ™ (nazwisko). +C aby zmienić komentarz.< +E aby zmienić adres e-mail. +O aby kontynuować tworzenie klucza. +Q aby zrezygnować z tworzenia klucza. +. + +.gpg.keygen.sub.okay +JeÅ›li ma zostać wygenerowany podklucz, należy odpowiedzieć "tak". +. + +.gpg.sign_uid.okay +Odpowiedz "tak" lub "nie". +. + +.gpg.sign_uid.class +Przy podpisywaniu identyfikatora użytkownika na kluczu należy sprawdzić, +czy tożsamość użytkownika odpowiada temu, co jest wpisane w identyfikatorze. +Innym użytkownikom przyda siÄ™ informacja, jak dogÅ‚Ä™bnie zostaÅ‚o to przez +Ciebie sprawdzone. + +"0" oznacza, że nie podajesz żadnych informacji na temat tego jak dogÅ‚Ä™bnie + tożsamość użytkownika zostaÅ‚a przez Ciebie potwierdzona. + +"1" oznacza, że masz przekonanie, że tożsamość użytkownika odpowiada + identyfikatorowi klucza, ale nie byÅ‚o możliwoÅ›ci sprawdzenia tego. + Taka sytuacja wystÄ™puje też kiedy podpisujesz identyfikator bÄ™dÄ…cy + pseudonimem. + +"2" oznacza, że tożsamość użytkownika zostaÅ‚a przez Ciebie potwierdzona + pobieżnie - sprawdziliÅ›cie odcisk klucza, sprawdziÅ‚aÅ›/eÅ› tożsamość + na okazanym dokumencie ze zdjÄ™ciem. + +"3" to dogÅ‚Ä™bna weryfikacja tożsamoÅ›ci. Na przykÅ‚ad sprawdzenie odcisku + klucza, sprawdzenie tożsamoÅ›ci z okazanego oficjalnego dokumentu ze + zdjÄ™ciem (np paszportu) i weryfikacja poprawnoÅ›ci adresu poczty + elektronicznej przez wymianÄ™ poczty z tym adresem. + +Zauważ, że podane powyżej przykÅ‚ady dla poziomów "2" i "3" to *tylko* +przykÅ‚ady. Do Ciebie należy decyzja co oznacza "pobieżny" i "dogÅ‚Ä™bny" w +kontekÅ›cie poÅ›wiadczania i podpisywania kluczy. + +JeÅ›li nie wiesz co odpowiedzieć, podaj "0". +. + +.gpg.change_passwd.empty.okay +Odpowiedz "tak" lub "nie". +. + +.gpg.keyedit.save.okay +Odpowiedz "tak" lub "nie". +. + +.gpg.keyedit.cancel.okay +Odpowiedz "tak" lub "nie". +. + +.gpg.keyedit.sign_all.okay +Odpowiedz "tak", aby podpisać WSZYSTKIE identyfikatory użytkownika. +. + +.gpg.keyedit.remove.uid.okay +Aby skasować ten identyfikator użytkownika (co wiąże siÄ™ ze utratÄ… +wszystkich jego poÅ›wiadczeÅ„!) należy odpowiedzieć ,,tak''. +. + +.gpg.keyedit.remove.subkey.okay +Aby skasować podklucz należy odpowiedzieć "tak". +. + +.gpg.keyedit.delsig.valid +To jest poprawny podpis na tym kluczu; normalnie nie należy go usuwać +ponieważ może być ważny dla zestawienia poÅ‚Ä…czenia zaufania do klucza +którym go zÅ‚ożono lub do innego klucza nim poÅ›wiadczonego. +. + +.gpg.keyedit.delsig.unknown +Ten podpis nie może zostać potwierdzony ponieważ nie ma +odpowiadajÄ…cego mu klucza publicznego. Należy odÅ‚ożyć usuniÄ™cie tego +podpisu do czasu, kiedy okaże siÄ™ który klucz zostaÅ‚ użyty, ponieważ +w momencie uzyskania tego klucza może pojawić siÄ™ Å›cieżka zaufania +pomiÄ™dzy tym a innym, już poÅ›wiadczonym kluczem. +. + +.gpg.keyedit.delsig.invalid +Ten podpis jest niepoprawny. Można usunąć go ze zbioru kluczy. +. + +.gpg.keyedit.delsig.selfsig +To jest podpis wiążący identyfikator użytkownika z kluczem. Nie należy +go usuwać - GnuPG może nie móc posÅ‚ugiwać siÄ™ dalej kluczem bez +takiego podpisu. Bezpiecznie można go usunąć tylko jeÅ›li ten podpis +klucza nim samym z jakichÅ› przyczyn nie jest poprawny, i klucz jest +drugi raz podpisany w ten sam sposób. +. + +.gpg.keyedit.updpref.okay +Przestawienie wszystkich (lub tylko wybranych) identyfikatorów na aktualne +ustawienia. Data na odpowiednich podpisach zostane przesuniÄ™ta do przodu o +jednÄ… sekundÄ™. + +. + +.gpg.passphrase.enter +Podaj dÅ‚ugie, skomplikowane hasÅ‚o, np. caÅ‚e zdanie. + +. + +.gpg.passphrase.repeat +ProszÄ™ powtórzyć hasÅ‚o, aby upewnić siÄ™ że nie byÅ‚o pomyÅ‚ki. +. + +.gpg.detached_signature.filename +Podaj nazwÄ™ pliku którego dotyczy ten podpis +. + +.gpg.openfile.overwrite.okay +JeÅ›li można nadpisać ten plik, należy odpowiedzieć ,,tak'' +. + +.gpg.openfile.askoutname +Nazwa pliku. NaciÅ›niÄ™cie ENTER potwierdzi nazwÄ™ domyÅ›lnÄ… (w nawiasach). +. + +.gpg.ask_revocation_reason.code +Nalezy podać powód unieważnienia klucza. W zależnoÅ›ci od kontekstu można +go wybrać z listy: + "Klucz zostaÅ‚ skompromitowany" + Masz powody uważać że twój klucz tajny dostaÅ‚ siÄ™ w niepowoÅ‚ane rÄ™ce. + "Klucz zostaÅ‚ zastÄ…piony" + Klucz zostaÅ‚ zastÄ…piony nowym. + "Klucz nie jest już używany" + Klucz zostaÅ‚ wycofany z użycia. + "Identyfikator użytkownika przestaÅ‚ być poprawny" + Identyfikator użytkownika (najczęściej adres e-mail przestaÅ‚ być + poprawny. + +. + +.gpg.ask_revocation_reason.text +JeÅ›li chcesz, możesz podać opis powodu wystawienia certyfikatu +unieważnienia. Opis powinien byc zwiÄ™zÅ‚y. +Pusta linia koÅ„czy wprowadzanie tekstu. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.pt.txt b/doc/help.pt.txt new file mode 100644 index 0000000..dac17c0 --- /dev/null +++ b/doc/help.pt.txt @@ -0,0 +1,253 @@ +# help.pt.txt - pt GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.gpg.edit_ownertrust.value +Você decide que valor usar aqui; este valor nunca será exportado para +terceiros. Precisamos dele implementar a rede de confiança, que não tem +nada a ver com a rede de certificados (implicitamente criada). +. + +.gpg.edit_ownertrust.set_ultimate.okay +Para construir a Teia-de-Confiança ('Web-of-Trust'), o GnuPG precisa de +saber quais são as chaves em que deposita confiança absoluta - normalmente +estas são as chaves a que tem acesso à chave privada. Responda "sim" para +que esta chave seja de confiança absoluta. + +. + +.gpg.untrusted_key.override +Se você quiser usar esta chave, não de confiança, assim mesmo, responda "sim". +. + +.gpg.pklist.user_id.enter +Digite o ID de utilizador do destinatário para quem quer enviar a +mensagem. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.gpg.keygen.algo.rsa_se +Em geral não é uma boa ideia utilizar a mesma chave para assinar e para +cifrar. Este algoritmo só deve ser utilizado em alguns domÃnios. +Por favor consulte primeiro o seu perito em segurança. +. + +.gpg.keygen.size +Insira o tamanho da chave +. + +.gpg.keygen.size.huge.okay +Responda "sim" ou "não" +. + +.gpg.keygen.size.large.okay +Responda "sim" ou "não" +. + +.gpg.keygen.valid +Digite o valor necessário conforme pedido. +É possÃvel digitar uma data ISO (AAAA-MM-DD) mas você não terá uma boa +reacção a erros - o sistema tentará interpretar o valor dado como um intervalo. +. + +.gpg.keygen.valid.okay +Responda "sim" ou "não" +. + +.gpg.keygen.name +Digite o nome do possuidor da chave +. + +.gpg.keygen.email +por favor digite um endereço de email (opcional mas recomendado) +. + +.gpg.keygen.comment +Por favor digite um comentário (opcional) +. + +.gpg.keygen.userid.cmd +N para mudar o nome. +C para mudar o comentário. +E para mudar o endereço de email +O para continuar a geração da chave. +S para interromper a geração da chave. +. + +.gpg.keygen.sub.okay +Responda "sim" (ou apenas "s") se quiser gerar a subchave. +. + +.gpg.sign_uid.okay +Responda "sim" ou "não" +. + +.gpg.sign_uid.class +Quando assina uma chave de identificação de um utilizador, deve primeiro +verificar que a chave pertence realmente à pessoa em questão. É útil para +terceiros saberem com que cuidado é que efectuou esta verificação. + +"0" significa que não deseja declarar a forma com verificou a chave + +"1" significa que acredita que a chave pertence à pessoa em questão, mas + não conseguiu ou não tentou verificar. Este grau é útil para quando + assina a chave de uma utilizador pseudo-anónimo. + +"2" significa que efectuou uma verificação normal da chave. Por exemplo, + isto pode significar que verificou a impressão digital da chave e + verificou o identificador de utilizador da chave contra uma identificação + fotográfica. + +"3" significa que efectuou uma verificação exaustiva da chave. Por exemplo, + isto pode significar que efectuou a verificação pessoalmente, e que + utilizou um documento, com fotografia, difÃcil de falsificar + (como por exemplo um passaporte) que o nome do dono da chave é o + mesmo do que o identificador da chave, e que, finalmente, verificou + (através de troca de e-mail) que o endereço de email da chave pertence + ao done da chave. + +Atenção: os exemplos dados para os nÃveis 2 e 3 são *apenas* exemplos. +Compete-lhe a si decidir o que considera, ao assinar chaves, uma verificação +"normal" e uma verificação "exaustiva". + +Se não sabe qual é a resposta correcta, responda "0". +. + +.gpg.change_passwd.empty.okay +Responda "sim" ou "não" +. + +.gpg.keyedit.save.okay +Responda "sim" ou "não" +. + +.gpg.keyedit.cancel.okay +Responda "sim" ou "não" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.gpg.keyedit.remove.uid.okay +Responda "sim" se quiser realmente remover este ID de utilizador. +Todos os certificados também serão perdidos! +. + +.gpg.keyedit.remove.subkey.okay +Responda "sim" se quiser remover a subchave +. + +.gpg.keyedit.delsig.valid +Esta é uma assinatura válida na chave; normalmente não é desejável +remover esta assinatura porque ela pode ser importante para estabelecer +uma conexão de confiança à chave ou a outra chave certificada por esta. +. + +.gpg.keyedit.delsig.unknown +Esta assinatura não pode ser verificada porque você não tem a chave +correspondente. Você deve adiar sua remoção até saber que chave foi usada +porque a chave desta assinatura pode estabelecer uma conexão de confiança +através de outra chave já certificada. +. + +.gpg.keyedit.delsig.invalid +A assinatura não é válida. Faz sentido removê-la do seu porta-chaves. +. + +.gpg.keyedit.delsig.selfsig +Esta é uma assinatura que liga o ID de utilizador à chave. Geralmente +não é uma boa idéia remover tal assinatura. É possÃvel que o GnuPG +não consiga mais usar esta chave. Faça isto apenas se por alguma +razão esta auto-assinatura não for válida e há uma segunda disponÃvel. +. + +.gpg.keyedit.updpref.okay +Muda as preferências de todos os identificadores de utilizadores +(ou apenas dos seleccionados) para a lista actual de preferências. +O 'timestamp' de todas as auto-assinaturas afectuadas será avançado +em um segundo. + +. + +.gpg.passphrase.enter +Por favor digite a frase secreta + +. + +.gpg.passphrase.repeat +Por favor repita a frase secreta, para ter certeza do que digitou. +. + +.gpg.detached_signature.filename +Dê o nome para o ficheiro ao qual a assinatura se aplica +. + +.gpg.openfile.overwrite.okay +Responda "sim" se quiser escrever por cima do ficheiro +. + +.gpg.openfile.askoutname +Por favor digite um novo nome de ficheiro. Se você apenas carregar em RETURN +o ficheiro por omissão (que é mostrado entre parênteses) será utilizado. +. + +.gpg.ask_revocation_reason.code +Deve especificar uma razão para a emissão do certificado. Dependendo no +contexto, pode escolher as seguintes opções desta lista: + "A chave foi comprometida" + Utilize esta opção se tem razões para acreditar que indivÃduos não + autorizados obtiveram acesso à sua chave secreta. + "A chave foi substituida" + Utilize esta opção se substituiu esta chave com uma mais recente. + "A chave já não é utilizada" + Utilize esta opção se já não utiliza a chave. + "O identificador do utilizador já não é válido" + Utilize esta opção para comunicar que o identificador do utilizador + não deve ser mais utilizado; normalmente utilizada para indicar + que um endereço de email é inválido. + +. + +.gpg.ask_revocation_reason.text +Se desejar, pode inserir uma texto descrevendo a razão pela qual criou +este certificado de revogação. Por favor mantenha este texto conciso. +Uma linha vazia termina o texto. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.pt_BR.txt b/doc/help.pt_BR.txt new file mode 100644 index 0000000..25a23c3 --- /dev/null +++ b/doc/help.pt_BR.txt @@ -0,0 +1,253 @@ +# help.pt_BR.txt - Brazilian GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.gpg.edit_ownertrust.value +Você decide que valor usar aqui; este valor nunca será exportado para +terceiros. Precisamos dele implementar a rede de confiança, que não tem +nada a ver com a rede de certificados (implicitamente criada). +. + +.gpg.edit_ownertrust.set_ultimate.okay +Para construir a Teia-de-Confiança ('Web-of-Trust'), o GnuPG precisa de +saber quais são as chaves em que deposita confiança absoluta - normalmente +estas são as chaves a que tem acesso à chave privada. Responda "sim" para +que esta chave seja de confiança absoluta. + +. + +.gpg.untrusted_key.override +Se você quiser usar esta chave não confiável assim mesmo, responda "sim". +. + +.gpg.pklist.user_id.enter +Digite o ID de usuário do destinatário para o qual você quer enviar a +mensagem. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.gpg.keygen.algo.rsa_se +Em geral não é uma boa ideia utilizar a mesma chave para assinar e para +cifrar. Este algoritmo só deve ser utilizado em alguns domÃnios. +Por favor consulte primeiro o seu perito em segurança. +. + +.gpg.keygen.size +Digite o tamanho da chave +. + +.gpg.keygen.size.huge.okay +Responda "sim" ou "não" +. + +.gpg.keygen.size.large.okay +Responda "sim" ou "não" +. + +.gpg.keygen.valid +Digite o valor necessário conforme pedido. +É possÃvel digitar uma data ISO (AAAA-MM-DD) mas você não terá uma boa +reação a erros - o sistema tentará interpretar o valor dado como um intervalo. +. + +.gpg.keygen.valid.okay +Responda "sim" ou "não" +. + +.gpg.keygen.name +Digite o nome do possuidor da chave +. + +.gpg.keygen.email +por favor digite um endereço de email (opcional mas recomendado) +. + +.gpg.keygen.comment +Por favor digite um comentário (opcional) +. + +.gpg.keygen.userid.cmd +N para mudar o nome. +C para mudar o comentário. +E para mudar o endereço de correio eletrônico. +O para continuar a geração da chave. +S para interromper a geração da chave. +. + +.gpg.keygen.sub.okay +Responda "sim" (ou apenas "s") se quiser gerar a subchave. +. + +.gpg.sign_uid.okay +Responda "sim" ou "não" +. + +.gpg.sign_uid.class +Quando assina uma chave de identificação de um utilizador, deve primeiro +verificar que a chave pertence realmente à pessoa em questão. É útil para +terceiros saberem com que cuidado é que efectuou esta verificação. + +"0" significa que não deseja declarar a forma com verificou a chave + +"1" significa que acredita que a chave pertence à pessoa em questão, mas + não conseguiu ou não tentou verificar. Este grau é útil para quando + assina a chave de uma utilizador pseudo-anónimo. + +"2" significa que efectuou uma verificação normal da chave. Por exemplo, + isto pode significar que verificou a impressão digital da chave e + verificou o identificador de utilizador da chave contra uma identificação + fotográfica. + +"3" significa que efectuou uma verificação exaustiva da chave. Por exemplo, + isto pode significar que efectuou a verificação pessoalmente, e que + utilizou um documento, com fotografia, difÃcil de falsificar + (como por exemplo um passaporte) que o nome do dono da chave é o + mesmo do que o identificador da chave, e que, finalmente, verificou + (através de troca de e-mail) que o endereço de email da chave pertence + ao done da chave. + +Atenção: os exemplos dados para os nÃveis 2 e 3 são *apenas* exemplos. +Compete-lhe a si decidir o que considera, ao assinar chaves, uma verificação +"normal" e uma verificação "exaustiva". + +Se não sabe qual é a resposta correcta, responda "0". +. + +.gpg.change_passwd.empty.okay +Responda "sim" ou "não" +. + +.gpg.keyedit.save.okay +Responda "sim" ou "não" +. + +.gpg.keyedit.cancel.okay +Responda "sim" ou "não" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.gpg.keyedit.remove.uid.okay +Responda "sim" se quiser realmente remover este ID de usuário. +Todos os certificados também serão perdidos! +. + +.gpg.keyedit.remove.subkey.okay +Responda "sim" se quiser remover a subchave +. + +.gpg.keyedit.delsig.valid +Esta é uma assinatura válida na chave; normalmente não é desejável +remover esta assinatura porque ela pode ser importante para estabelecer +uma conexão de confiança à chave ou a outra chave certificada por esta. +. + +.gpg.keyedit.delsig.unknown +Esta assinatura não pode ser verificada porque você não tem a chave +correspondente. Você deve adiar sua remoção até saber que chave foi usada +porque a chave desta assinatura pode estabelecer uma conexão de confiança +através de outra chave já certificada. +. + +.gpg.keyedit.delsig.invalid +A assinatura não é válida. Faz sentido removê-la de seu chaveiro. +. + +.gpg.keyedit.delsig.selfsig +Esta é uma assinatura que liga o ID de usuário à chave. Geralmente +não é uma boa idéia remover tal assinatura. É possÃvel que o GnuPG +não consiga mais usar esta chave. Faça isto apenas se por alguma +razão esta auto-assinatura não for válida e há uma segunda disponÃvel. +. + +.gpg.keyedit.updpref.okay +Muda as preferências de todos os identificadores de utilizadores +(ou apenas dos seleccionados) para a lista actual de preferências. +O 'timestamp' de todas as auto-assinaturas afectuadas será avançado +em um segundo. + +. + +.gpg.passphrase.enter +Por favor digite a frase secreta + +. + +.gpg.passphrase.repeat +Por favor repita a última frase secreta, para ter certeza do que você digitou. +. + +.gpg.detached_signature.filename +Dê o nome para o arquivo ao qual a assinatura se aplica +. + +.gpg.openfile.overwrite.okay +Responda "sim" se quiser sobrescrever o arquivo +. + +.gpg.openfile.askoutname +Por favor digite um novo nome de arquivo. Se você apenas apertar RETURN o +arquivo padrão (que é mostrado em colchetes) será usado. +. + +.gpg.ask_revocation_reason.code +Deve especificar uma razão para a emissão do certificado. Dependendo no +contexto, pode escolher as seguintes opções desta lista: + "A chave foi comprometida" + Utilize esta opção se tem razões para acreditar que indivÃduos não + autorizados obtiveram acesso à sua chave secreta. + "A chave foi substituida" + Utilize esta opção se substituiu esta chave com uma mais recente. + "A chave já não é utilizada" + Utilize esta opção se já não utiliza a chave. + "O identificador do utilizador já não é válido" + Utilize esta opção para comunicar que o identificador do utilizador + não deve ser mais utilizado; normalmente utilizada para indicar + que um endereço de email é inválido. + +. + +.gpg.ask_revocation_reason.text +Se desejar, pode inserir uma texto descrevendo a razão pela qual criou +este certificado de revogação. Por favor mantenha este texto conciso. +Uma linha vazia termina o texto. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.ro.txt b/doc/help.ro.txt new file mode 100644 index 0000000..f655fdf --- /dev/null +++ b/doc/help.ro.txt @@ -0,0 +1,251 @@ +# help.ro.txt - ro GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.gpg.edit_ownertrust.value +Este sarcina d-voastră să atribuiÅ£i o valoare aici; această valoare +nu va fi niciodată exportată pentru o terţă parte. Trebuie să +implementăm reÅ£eaua-de-încredere; aceasta nu are nimic în comun cu +certificatele-de-reÅ£ea (create implicit). +. + +.gpg.edit_ownertrust.set_ultimate.okay +Pentru a construi ReÅ£eaua-de-ÃŽncredere, GnuPG trebuie să ÅŸtie care chei +au nivel de încredere suprem - acestea de obicei sunt cheile pentru care +aveÅ£i acces la cheia secretă. RăspundeÅ£i "da" pentru a seta +această cheie cu nivel de încredere suprem + +. + +.gpg.untrusted_key.override +Dacă doriÅ£i oricum să folosiÅ£i această cheie fără încredere, răspundeÅ£i "da". +. + +.gpg.pklist.user_id.enter +IntroduceÅ£i ID-ul utilizator al destinatarului mesajului. +. + +.gpg.keygen.algo +SelectaÅ£i algoritmul de folosit. + +DSA (aka DSS) este Digital Signature Algorithm ÅŸi poate fi folosit numai +pentru semnături. + +Elgamal este un algoritm numai pentru cifrare. + +RSA poate fi folosit pentru semnături sau cifrare. + +Prima cheie (primară) trebuie să fie întotdeauna o cheie cu care se poate semna. +. + +.gpg.keygen.algo.rsa_se +ÃŽn general nu este o idee bună să folosiÅ£i aceeaÅŸi cheie ÅŸi pentru +semnare ÅŸi pentru cifrare. Acest algoritm ar trebui folosit numai +în anumite domenii. Vă rugăm consultaÅ£i mai întâi un expert în domeniu. +. + +.gpg.keygen.size +IntroduceÅ£i lungimea cheii +. + +.gpg.keygen.size.huge.okay +RăspundeÅ£i "da" sau "nu" +. + +.gpg.keygen.size.large.okay +RăspundeÅ£i "da" sau "nu" +. + +.gpg.keygen.valid +IntroduceÅ£i valoarea cerută precum a arătat la prompt. +Este posibil să introduceÅ£i o dată ISO (AAAA-LL-ZZ) dar nu veÅ£i +obÅ£ine un răspuns de eroare bun - în loc sistemul încearcă să +interpreteze valoare dată ca un interval. +. + +.gpg.keygen.valid.okay +RăspundeÅ£i "da" sau "nu" +. + +.gpg.keygen.name +IntroduceÅ£i numele deÅ£inătorului cheii +. + +.gpg.keygen.email +vă rugăm introduceÅ£i o adresă de email (opÅ£ională dar recomandată) +. + +.gpg.keygen.comment +Vă rugăm introduceÅ£i un comentriu opÅ£ional +. + +.gpg.keygen.userid.cmd +N pentru a schimba numele. +C pentru a schimba comentariul. +E pentru a schimba adresa de email. +O pentru a continua cu generarea cheii. +T pentru a termina generarea cheii. +. + +.gpg.keygen.sub.okay +RăspundeÅ£i "da" (sau numai "d") dacă sunteÅ£i OK să generaÅ£i subcheia. +. + +.gpg.sign_uid.okay +RăspundeÅ£i "da" sau "nu" +. + +.gpg.sign_uid.class +Când semnaÅ£i un ID utilizator pe o cheie ar trebui să verificaÅ£i mai întâi +că cheia aparÅ£ine persoanei numite în ID-ul utilizator. Este util ÅŸi altora +să ÅŸtie cât de atent aÅ£i verificat acest lucru. + +"0" înseamnă că nu pretindeÅ£i nimic despre cât de atent aÅ£i verificat cheia +"1" înseamnă că credeÅ£i că cheia este a persoanei ce pretinde că este + proprietarul ei, dar n-aÅ£i putut, sau nu aÅ£i verificat deloc cheia. + Aceasta este utilă pentru verificare "persona", unde semnaÅ£i cheia + unui utilizator pseudonim. + +"2" înseamnă că aÅ£i făcut o verificare supericială a cheii. De exemplu, + aceasta ar putea însemna că aÅ£i verificat amprenta cheii ÅŸi aÅ£i verificat + ID-ul utilizator de pe cheie cu un ID cu poză. + +"3" înseamnă că aÅ£i făcut o verificare extensivă a cheii. De exemplu, + aceasta ar putea însemna că aÅ£i verificat amprenta cheii cu proprietarul + cheii în persoană, că aÅ£i verificat folosind un document dificil de + falsificat cu poză (cum ar fi un paÅŸaport) că numele proprietarului cheii + este acelaÅŸi cu numele ID-ului utilizator al cheii ÅŸi că aÅ£i verificat + (schimbând emailuri) că adresa de email de pe cheie aparÅ£ine proprietarului +cheii. + +De notat că exemplele date pentru nivelele 2 ÅŸi 3 ceva mai sus sunt *numai* +exemple. La urma urmei, d-voastră decideÅ£i ce înseamnă "superficial" ÅŸi +"extensiv" pentru d-voastră când semnaÅ£i alte chei. + +Dacă nu ÅŸtiÅ£i care este răspunsul, răspundeÅ£i "0". +. + +.gpg.change_passwd.empty.okay +RăspundeÅ£i "da" sau "nu" +. + +.gpg.keyedit.save.okay +RăspundeÅ£i "da" sau "nu" +. + +.gpg.keyedit.cancel.okay +RăspundeÅ£i "da" sau "nu" +. + +.gpg.keyedit.sign_all.okay +RăspundeÅ£i "da" dacă doriÅ£i să semnaÅ£i TOATE ID-urile utilizator +. + +.gpg.keyedit.remove.uid.okay +RăspundeÅ£i "da" dacă într-adevăr doriÅ£i să ÅŸtergeÅ£i acest ID utilizator. +Toate certificatele sunt de asemenea pierdute! +. + +.gpg.keyedit.remove.subkey.okay +RăspundeÅ£i "da" dacă este OK să ÅŸtergeÅ£i subcheia +. + +.gpg.keyedit.delsig.valid +Aceasta este o semnătură validă pe cheie; în mod normal n-ar trebui +să ÅŸtergeÅ£i această semnătură pentru că aceasta ar putea fi importantăla stabilirea conexiunii de încredere la cheie sau altă cheie certificată +de această cheie. +. + +.gpg.keyedit.delsig.unknown +Această semnătură nu poate fi verificată pentru că nu aveÅ£i cheia +corespunzătoare. Ar trebui să amânaÅ£i ÅŸtergerea sa până ÅŸtiÅ£i care +cheie a fost folosită pentru că această cheie de semnare ar putea +constitui o conexiune de încredere spre o altă cheie deja certificată. +. + +.gpg.keyedit.delsig.invalid +Semnătura nu este validă. Aceasta ar trebui ÅŸtearsă de pe inelul +d-voastră de chei. +. + +.gpg.keyedit.delsig.selfsig +Aceasta este o semnătură care leagă ID-ul utilizator de cheie. +De obicei nu este o idee bună să ÅŸtergeÅ£i o asemenea semnătură. +De fapt, GnuPG ar putea să nu mai poată folosi această cheie. +AÅŸa că faceÅ£i acest lucru numai dacă această auto-semnătură este +dintr-o oarecare cauză invalidă ÅŸi o a doua este disponibilă. +. + +.gpg.keyedit.updpref.okay +SchimbaÅ£i toate preferinÅ£ele ale tuturor ID-urilor utilizator (sau doar +cele selectate) conform cu lista curentă de preferinÅ£e. Timestamp-urile +tuturor auto-semnăturilor afectate vor fi avansate cu o secundă. + +. + +.gpg.passphrase.enter +Vă rugăm introduceÅ£i fraza-parolă; aceasta este o propoziÅ£ie secretă + +. + +.gpg.passphrase.repeat +Vă rugăm repetaÅ£i ultima frază-parolă, pentru a fi sigur(ă) ce aÅ£i tastat. +. + +.gpg.detached_signature.filename +DaÅ£i numele fiÅŸierului la care se aplică semnătura +. + +.gpg.openfile.overwrite.okay +RăspundeÅ£i "da" dacă este OK să suprascrieÅ£i fiÅŸierul +. + +.gpg.openfile.askoutname +Vă rugăm introduceÅ£i un nou nume-fiÅŸier. Dacă doar apăsaÅ£i RETURN, +va fi folosit fiÅŸierul implicit (arătat în paranteze). +. + +.gpg.ask_revocation_reason.code +Ar trebui să specificaÅ£i un motiv pentru certificare. ÃŽn funcÅ£ie de +context aveÅ£i posibilitatea să alegeÅ£i din această listă: + "Cheia a fost compromisă" + FolosiÅ£i această opÅ£iune dacă aveÅ£i un motiv să credeÅ£i că persoane + neautorizate au avut acces la cheia d-voastră secretă. + "Cheia este înlocuită" + FolosiÅ£i această opÅ£iune dacă înlocuiÅ£i cheia cu una nouă. + "Cheia nu mai este folosită" + FolosiÅ£i această opÅ£iune dacă pensionaÅ£i cheia. + "ID-ul utilizator nu mai este valid" + FolosiÅ£i această opÅ£iune dacă ID-ul utilizator nu mai trebuie folosit; + de obicei folosită pentru a marca o adresă de email ca invalidă. + +. + +.gpg.ask_revocation_reason.text +Dacă doriÅ£i, puteÅ£i introduce un text descriind de ce publicaÅ£i acest +certificat de revocare. Vă rugăm fiÅ£i concis. +O linie goală termină textul. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.ru.txt b/doc/help.ru.txt new file mode 100644 index 0000000..bd4ae14 --- /dev/null +++ b/doc/help.ru.txt @@ -0,0 +1,250 @@ +# help.ru.txt - ru GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.gpg.edit_ownertrust.value +Ð’Ñ‹ должны ввеÑти здеÑÑŒ значение; оно никогда не будет ÑкÑпортировано +третьей Ñтороне. Ðто необходимо Ð´Ð»Ñ Ñ€ÐµÐ°Ð»Ð¸Ð·Ð°Ñ†Ð¸Ð¸ Сети ДовериÑ; +и не имеет ничего общего Ñ (неÑвно Ñозданной) Ñетью Ñертификатов. +. + +.gpg.edit_ownertrust.set_ultimate.okay +Ð”Ð»Ñ Ð¿Ð¾ÑÑ‚Ñ€Ð¾ÐµÐ½Ð¸Ñ Ð¡ÐµÑ‚Ð¸ ДовериÑ, GnuPG должен знать, к каким ключам +имеетÑÑ Ð°Ð±Ñолютное доверие - обычно Ñто ключи Ð´Ð»Ñ ÐºÐ¾Ñ‚Ð¾Ñ€Ñ‹Ñ… у Ð’Ð°Ñ ÐµÑÑ‚ÑŒ +Ñекретный ключ. Ответьте "yes" Ð´Ð»Ñ Ð¿Ñ€Ð¸ÑÐ²Ð¾ÐµÐ½Ð¸Ñ Ð°Ð±Ñолютного Ð´Ð¾Ð²ÐµÑ€Ð¸Ñ +данному ключу + +. + +.gpg.untrusted_key.override +ЕÑли хотите иÑпользовать данный недоверÑемый ключ - ответьте "yes". +. + +.gpg.pklist.user_id.enter +Введите User ID адреÑата, которому хотите отправить Ñообщение. +. + +.gpg.keygen.algo +Выберите алгоритм. + +DSA (aka DSS) - Digital Signature Algorithm может иÑпользоватьÑÑ +только Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñей. + +Elgamal - алгоритм иÑпользуемый только Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ. + +RSA может иÑпользоватьÑÑ Ð¸ Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи, и Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ. + +Первый (он же главный) ключ вÑегда должен быть подпиÑывающим. +. + +.gpg.keygen.algo.rsa_se +Обычно не рекомендуетÑÑ Ð¸Ñпользовать один ключ и Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи, и Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ. +Данный алгоритм Ñледует иÑпользовтаь только в некоторых ÑлучаÑÑ…. +ПроконÑультируйтеÑÑŒ Ñ Ð’Ð°ÑˆÐ¸Ð¼ ÑкÑпертом по безопаÑноÑти перед тем, +как иÑпользовать данный ключ. +. + +.gpg.keygen.size +Введите размер ключа +. + +.gpg.keygen.size.huge.okay +Ответьте "yes" или "no" +. + +.gpg.keygen.size.large.okay +Ответьте "yes" или "no" +. + +.gpg.keygen.valid +Введите требуемое значение, как показано в подÑказке. +Можно ввеÑти дату в ISO формате (YYYY-MM-DD), но Ð’Ñ‹ не получите +уведомление при ошибке в формате - вмеÑто Ñтого ÑиÑтема попробует +интерпретировать введенное значение как интервал. +. + +.gpg.keygen.valid.okay +Ответьте "yes" или "no" +. + +.gpg.keygen.name +Введите Ð¸Ð¼Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†Ð° ключа +. + +.gpg.keygen.email +введите необÑзательный, но очень рекомендуемый email Ð°Ð´Ñ€ÐµÑ +. + +.gpg.keygen.comment +Введите необÑзательный комментарий +. + +.gpg.keygen.userid.cmd +N изменить имÑ. +C изменить комментарий. +E изменить email адреÑ. +O продолжить Ñоздание ключа. +Q выйти и прервать Ñоздание ключа. +. + +.gpg.keygen.sub.okay +Ответьте "yes" (или только "y"), еÑли готовы Ñоздавать подключ. +. + +.gpg.sign_uid.okay +Ответьте "yes" или "no" +. + +.gpg.sign_uid.class +Перед подпиÑыванием User ID ключа, Ñледует прежде удоÑтоверитьÑÑ, что +ключ дейÑтвительно принадлежит человеку указанному в User ID. Ðто очень важно +Ð´Ð»Ñ Ñ‚ÐµÑ…, кто учитывает как хорошо Ð’Ñ‹ проверÑете доÑтоверноÑÑ‚ÑŒ User ID. + +"0" означает, что Ð’Ñ‹ не можете Ñказать, как хорошо Ð’Ñ‹ проверили ключ. +"1" означает, что Ð’Ñ‹ полагаете, что ключ принадлежит человеку, который + указан в нем, но Ð’Ñ‹ не могли или не проводили проверку ключа ÑовÑем. + Ðто полезно, когда Ð’Ñ‹ подпиÑываете ключ Ñ Ð¿Ñевдонимом человека. + +"2" означает, что Ð’Ñ‹ делали неаккуратную проверку ключа. Ðапример, Ñто может + означать, что Ð’Ñ‹ проверили отпечаток ключа и проверили User ID на + ключе на оÑновании фото ID. + +"3" означает, что Ð’Ñ‹ выполнили вÑеÑтороннюю проверку ключа. Ðапример, Ñто может + означать, что Ð’Ñ‹ Ñверили отпечаток ключа Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†ÐµÐ¼ ключа лично + и что Ð’Ñ‹ Ñверили вÑÑ‘ поÑредÑтвом трудноподделываемого документа Ñ + фотографией (таким как паÑпорт), что Ð¸Ð¼Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†Ð° ключа Ñовпадает Ñ + именем в User ID ключа и наконец, что Ð’Ñ‹ проверили (обменом шифрованными + пиÑьмами), что email Ð°Ð´Ñ€ÐµÑ Ð½Ð° ключе принадлежит владельцу ключа. + +Учтите, что примеры данные Ð´Ð»Ñ ÑƒÑ€Ð¾Ð²Ð½ÐµÐ¹ 2 и 3 - только примеры. +Ð’ конечном итоге, Вам решать, как клаÑÑифицировать "неаккуратно" и "вÑеÑторонне", +при подпиÑывании чужих ключей. + +ЕÑли Ð’Ñ‹ не можете определитьÑÑ Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð»ÑŒÐ½Ñ‹Ð¼ ответом, ответьте "0". +. + +.gpg.change_passwd.empty.okay +Ответьте "yes" или "no" +. + +.gpg.keyedit.save.okay +Ответьте "yes" или "no" +. + +.gpg.keyedit.cancel.okay +Ответьте "yes" или "no" +. + +.gpg.keyedit.sign_all.okay +Ответьте "yes", еÑли хотите подпиÑать ВСЕ User ID +. + +.gpg.keyedit.remove.uid.okay +Ответьте "yes", еÑли дейÑтвительно хотите удалить данный User ID. +Ð’Ñе Ñертификаты также будут потерÑны! +. + +.gpg.keyedit.remove.subkey.okay +Ответьте "yes", еÑли готовы удалить подключ +. + +.gpg.keyedit.delsig.valid +Ðто дейÑÑ‚Ð²Ð¸Ñ‚ÐµÐ»ÑŒÐ½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ на ключе; обычно не желательно +удалÑÑ‚ÑŒ такие подпиÑи, потому, что она может быть важна Ð´Ð»Ñ ÑƒÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ +доÑтоверноÑти ключа или других ключей подпиÑанных данным ключом. +. + +.gpg.keyedit.delsig.unknown +Ð”Ð°Ð½Ð½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ не может быть проверена потому, что Ð’Ñ‹ не имеете +ÑоответÑтвующего ключа. Можете отложить ее удаление, пока не +узнаете, какой ключ был иÑпользован, Ñ‚.к. Ñта подпиÑÑŒ может +уÑтанавливать доÑтоверноÑÑ‚ÑŒ через другие уже удоÑтоверенные ключи. +. + +.gpg.keyedit.delsig.invalid +ПодпиÑÑŒ недейÑтвительна. Ðто дает оÑÐ½Ð¾Ð²Ð°Ð½Ð¸Ñ ÑƒÐ´Ð°Ð»Ð¸Ñ‚ÑŒ ее из +ÑвÑзки ключей. +. + +.gpg.keyedit.delsig.selfsig +Ð”Ð°Ð½Ð½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ ÑвлÑетÑÑ ÑамоподпиÑью и привÑзывает User ID к ключу. +Обычно Ñто Ð¿Ð»Ð¾Ñ…Ð°Ñ Ð¸Ð´ÐµÑ ÑƒÐ´Ð°Ð»Ð¸Ñ‚ÑŒ такую подпиÑÑŒ. Ðа Ñамом деле +GnuPG может не позволить иÑпользовать такой ключ далее. +Делайте Ñто только еÑли Ð´Ð°Ð½Ð½Ð°Ñ ÑамоподпиÑÑŒ не дейÑтвительна по +каким-либо причинам и ÑущеÑтвует доÑÑ‚ÑƒÐ¿Ð½Ð°Ñ Ð²Ñ‚Ð¾Ñ€Ð°Ñ. +. + +.gpg.keyedit.updpref.okay +Изменение предпочтений Ð´Ð»Ñ Ð²Ñех User ID (или только Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ…) +на текущий ÑпиÑок предпочтений. Отметка времени на вÑех затронутых +ÑамоподпиÑÑÑ… будет увеличена на одну Ñекунду. + +. + +.gpg.passphrase.enter +Введите фразу-пароль (Ñто ÑÐµÐºÑ€ÐµÑ‚Ð½Ð°Ñ Ñтрока) + +. + +.gpg.passphrase.repeat +Повторите фразу-пароль, чтобы убедитьÑÑ Ð² том, что она набрана правильно. +. + +.gpg.detached_signature.filename +Введите Ð¸Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°, к которому отноÑитÑÑ Ð´Ð°Ð½Ð½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ +. + +.gpg.openfile.overwrite.okay +Ответьте "yes", еÑли хотите перезапиÑать файл +. + +.gpg.openfile.askoutname +Введите новое Ð¸Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°. ЕÑли нажмете только RETURN будет иÑпользован +по умолчанию тот файл, который показан в квадратных Ñкобках. +. + +.gpg.ask_revocation_reason.code +Ð¡ÐµÐ¹Ñ‡Ð°Ñ Ñможете указать причину отзыва ключа. ОÑновываÑÑÑŒ на +контекÑте отзыва - можете выбрать один из Ñледующих вариантов: + "Ключ был Ñкомпрометирован" + Выберите, еÑли предполагаете, что поÑторонний человек + получил доÑтуп к Вашему Ñекретному ключу. + "Ключ заменен другим" + Выберите, еÑли заменÑете данный ключ на другой. + "Ключ больше не иÑпользуетÑÑ" + Выберите, еÑли отказываетеÑÑŒ от иÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð´Ð°Ð½Ð½Ð¾Ð³Ð¾ ключа. + "User ID больше не дейÑтвителен" + Выберите, еÑли больше не ÑобираетеÑÑŒ иÑпользовать данный User ID. + Обычно иÑпользуетÑÑ, Ð´Ð»Ñ ÑƒÐºÐ°Ð·Ð°Ð½Ð¸Ñ, что данный e-mail больше + не иÑпользуетÑÑ + +. + +.gpg.ask_revocation_reason.text +При необходимоÑти здеÑÑŒ можно прокомментировать причины +ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ñертификата отзыва. Будьте кратки. +Ð”Ð»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð¸Ñ Ð²Ð²ÐµÐ´Ð¸Ñ‚Ðµ пуÑтую Ñтроку. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.sk.txt b/doc/help.sk.txt new file mode 100644 index 0000000..a0fa4aa --- /dev/null +++ b/doc/help.sk.txt @@ -0,0 +1,254 @@ +# help.sk.txt - sk GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.gpg.edit_ownertrust.value +Je na Vás, aby ste sem priradili hodnotu; táto hodnota nebude nikdy +exportovaná tretej strane. Potrebujeme ju k implementácii "pavuÄiny +dôvery"; nemá to niÄ spoloÄné s (implicitne vytvorenou) "pavuÄinou +certifikátov". +. + +.gpg.edit_ownertrust.set_ultimate.okay +Aby bolo možné vybudovaÅ¥ pavuÄinu dôvery, musà GnuPG vedieÅ¥, ktorým kľúÄom +dôverujete absolútne - obyÄajne sú to tie kľúÄe, pre ktoré máte prÃstup +k tajným kľúÄom. Odpovedzte "ano", aby ste nastavili tieto kľúÄe +ako absolútne dôveryhodné + +. + +.gpg.untrusted_key.override +Pokiaľ aj tak chcete použiÅ¥ tento nedôveryhodný kľúÄ, odpovedzte "ano". +. + +.gpg.pklist.user_id.enter +Vložte identifikátor adresáta, ktorému chcete poslaÅ¥ správu. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.gpg.keygen.algo.rsa_se +VÅ¡ebecne nemožno odporúÄaÅ¥ použÃvaÅ¥ rovnaký kÄ¾ÃºÄ na Å¡ifrovanie a podeisovanie +Tento algoritmus je vhodné použiÅ¥ len za urÄitých podmienok. +Kontaktujte prosÃm najprv bezpeÄnostného Å¡pecialistu. +. + +.gpg.keygen.size +Vložte dĺžku kľúÄa +. + +.gpg.keygen.size.huge.okay +Odpovedzte "ano" alebo "nie" +. + +.gpg.keygen.size.large.okay +Odpovedzte "ano" alebo "nie" +. + +.gpg.keygen.valid +Vložte požadovanú hodnotu tak, ako je uvedené v prÃkazovom riadku. +Je možné vložiÅ¥ dátum vo formáte ISO (RRRR-MM-DD), ale nedostanete +správnu chybovú hlášku - miesto toho systém skúsi interpretovaÅ¥ +zadanú hodnotu ako interval. +. + +.gpg.keygen.valid.okay +Odpovedzte "ano" alebo "nie" +. + +.gpg.keygen.name +Vložte meno držiteľa kľúÄa +. + +.gpg.keygen.email +prosÃm, vložte e-mailovú adresu (nepovinné, ale veľmi odporúÄané) +. + +.gpg.keygen.comment +ProsÃm, vložte nepovinný komentár +. + +.gpg.keygen.userid.cmd +N pre zmenu názvu. +C pre zmenu komentára. +E pre zmenu e-mailovej adresy. +O pre pokraÄovanie generovania kľúÄa. +Q pre ukonÄenie generovania kľúÄa. +. + +.gpg.keygen.sub.okay +Ak chcete generovaÅ¥ podkľúÄ, odpovedzte "ano" (alebo len "a"). +. + +.gpg.sign_uid.okay +Odpovedzte "ano" alebo "nie" +. + +.gpg.sign_uid.class +Skôr ako podpÃÅ¡ete id užÃvateľa, mali by ste najprv overiÅ¥, Äi kÄ¾ÃºÄ +patrà osobe, ktorej meno je uvedené v identifikátore užÃvateľa. +Je veľmi užitoÄné, keÄ ostatnà vedia, ako dôsledne ste previedli +takéto overenie. + +"0" znamená, že neuvádzate, ako dôsledne ste pravosÅ¥ kľúÄa overili + +"1" znamená, že verÃte tomu, že kÄ¾ÃºÄ patrà osobe, ktorá je uvedená, + v užÃvateľskom ID, ale nemohli ste alebo jste nepreverili túto skutoÄnosÅ¥. + To je užitoÄné pre "osobnú" verifikáciu, keÄ podpisujete kľúÄe, ktoré + použÃvajú pseudonym užÃvateľa. + +"2" znamená, že ste ÄiastoÄne overili pravosÅ¥ kľúÄa. Napr. ste overili + fingerprint kľúÄa a skontrolovali identifikátor užÃvateľa + uvedený na kľúÄi s fotografickým id. + +"3" Znamená, že ste vykonali veľmi dôkladné overenie pravosti kľúÄa. + To môže naprÃklad znamenaÅ¥, že ste overili fingerprint kľúÄa + jeho vlastnÃka osobne a Äalej ste pomocou tažko falÅ¡ovateľného + dokumentu s fotografiou (naprÃklad pasu) overili, že meno majiteľa + kľúÄa sa zhoduje s menom uvedeným v užÃvateľskom ID a Äalej ste + overili (výmenou elektronických dopisov), že elektronická adresa uvedená + v ID užÃvateľa patrà majiteľovi kľúÄa. + +ProsÃm nezabúdajte, že prÃklady uvedené pre úroveň 2 a 3 sú *len* +prÃklady. +Je len na VaÅ¡om rozhodnutÃ, Äo "ÄiastoÄné" a "dôkladné" overenie znamená +keÄ budete podpisovaÅ¥ kľúÄe iným užÃvateľom. + +Pokiaľ neviete, aká je správna odpoveÄ, odpovedzte "0". +. + +.gpg.change_passwd.empty.okay +Odpovedzte "ano" alebo "nie" +. + +.gpg.keyedit.save.okay +Odpovedzte "ano" alebo "nie" +. + +.gpg.keyedit.cancel.okay +Odpovedzte "ano" alebo "nie" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.gpg.keyedit.remove.uid.okay +Pokiaľ skutoÄne chcete zmazaÅ¥ tento identifikátor užÃvateľa, odpovedzte "ano". +VÅ¡etky certifikáty budú tiež stratené! +. + +.gpg.keyedit.remove.subkey.okay +Odpovedzte "ano", pokiaľ chcete zmazaÅ¥ podkÄ¾ÃºÄ +. + +.gpg.keyedit.delsig.valid +Toto je platný podpis kľúÄa; normálne nechcete tento podpis zmazaÅ¥, +pretože môže byÅ¥ dôležitý pri vytváranà dôvery kľúÄa alebo iného kľúÄa +ceritifikovaného týmto kľúÄom. +. + +.gpg.keyedit.delsig.unknown +Tento podpis nemôže byÅ¥ overený, pretože nemáte zodpovedajúci verejný kľúÄ. +Jeho zmazanie by ste mali odložiÅ¥ do Äasu, keÄ budete vedieÅ¥, ktorý kÄ¾ÃºÄ +bol použitý, pretože tento podpisovacà kÄ¾ÃºÄ môže vytvoriÅ¥ dôveru +prostrednÃctvom iného už certifikovaného kľúÄa. +. + +.gpg.keyedit.delsig.invalid +Podpis je neplatný. Je rozumné ho odstrániÅ¥ z Vášho súboru kľúÄov. +. + +.gpg.keyedit.delsig.selfsig +Toto je podpis, ktorý viaže identifikátor užÃvateľa ku kľúÄu. ZvyÄajne +nie je dobré takýto podpis odstrániÅ¥. GnuPG nemôže tento kÄ¾ÃºÄ naÄalej +použÃvaÅ¥. Urobte to len v prÃpade, keÄ je tento podpis kľúÄa +nÃm samým z nejakého dôvodu neplatný a keÄ je k dispozÃcii iný kľúÄ. +. + +.gpg.keyedit.updpref.okay +ZmeniÅ¥ predvoľby pre vÅ¡etky užÃvateľské ID (alebo len pre oznaÄené) +na aktuálny zoznam predvolieb. ÄŒasové razÃtka vÅ¡etkých dotknutých podpisov +kľúÄov nimi samotnými budú posunuté o jednu sekundu dopredu. + +. + +.gpg.passphrase.enter +ProsÃm, vložte heslo; toto je tajná veta + +. + +.gpg.passphrase.repeat +ProsÃm, zopakujte posledné heslo, aby ste si boli istý, Äo ste napÃsali. +. + +.gpg.detached_signature.filename +Zadajte názov súboru, ku ktorému sa podpis vzÅ¥ahuje +. + +.gpg.openfile.overwrite.okay +Ak si prajete prepÃsanie súboru, odpovedzte "ano" +. + +.gpg.openfile.askoutname +ProsÃm, vložte nový názov súboru. Ak len stlaÄÃte RETURN, bude +použitý implicitný súbor (ktorý je zobrazený v zátvorkách). +. + +.gpg.ask_revocation_reason.code +Mali by ste Å¡pecifikovaÅ¥ dôvod certifikácie. V závislosti na kontexte +máte možnosÅ¥ si vybraÅ¥ zo zoznamu: + "kÄ¾ÃºÄ bol kompromitovaný" + Toto použite, pokiaľ si myslÃte, že k Vášmu tajnému kľúÄu zÃskali + prÃstup neoprávnené osoby. + "kÄ¾ÃºÄ je nahradený" + Toto použite, pokiaľ ste tento kÄ¾ÃºÄ nahradili novÅ¡Ãm kľúÄom. + "kÄ¾ÃºÄ sa už nepoužÃva" + Toto použite, pokiaľ tento kÄ¾ÃºÄ už nepoužÃvate. + "Identifikátor užÃvateľa už nie je platný" + Toto použite, pokiaľ by sa identifikátor užÃvateľa už nemal použÃvaÅ¥; + normálne sa použÃva na oznaÄenie neplatnej e-mailové adresy. + +. + +.gpg.ask_revocation_reason.text +Ak chcete, môžete vložiÅ¥ text popisujúcà pôvod vzniku tohto revokaÄného +ceritifikátu. ProsÃm, struÄne. +Text konÄà prázdnym riadkom. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.sv.txt b/doc/help.sv.txt new file mode 100644 index 0000000..36c9ffb --- /dev/null +++ b/doc/help.sv.txt @@ -0,0 +1,286 @@ +# help..txt - GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.#gpg.edit_ownertrust.value +# fixme: Please translate and remove the hash mark from the key line. +It's up to you to assign a value here; this value will never be exported +to any 3rd party. We need it to implement the web-of-trust; it has nothing +to do with the (implicitly created) web-of-certificates. +. + +.#gpg.edit_ownertrust.set_ultimate.okay +# fixme: Please translate and remove the hash mark from the key line. +To build the Web-of-Trust, GnuPG needs to know which keys are +ultimately trusted - those are usually the keys for which you have +access to the secret key. Answer "yes" to set this key to +ultimately trusted + +. + +.#gpg.untrusted_key.override +# fixme: Please translate and remove the hash mark from the key line. +If you want to use this untrusted key anyway, answer "yes". +. + +.#gpg.pklist.user_id.enter +# fixme: Please translate and remove the hash mark from the key line. +Enter the user ID of the addressee to whom you want to send the message. +. + +.#gpg.keygen.algo +# fixme: Please translate and remove the hash mark from the key line. +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + +.#gpg.keygen.algo.rsa_se +# fixme: Please translate and remove the hash mark from the key line. +In general it is not a good idea to use the same key for signing and +encryption. This algorithm should only be used in certain domains. +Please consult your security expert first. +. + +.#gpg.keygen.size +# fixme: Please translate and remove the hash mark from the key line. +Enter the size of the key +. + +.#gpg.keygen.size.huge.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.size.large.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.valid +# fixme: Please translate and remove the hash mark from the key line. +Enter the required value as shown in the prompt. +It is possible to enter a ISO date (YYYY-MM-DD) but you won't +get a good error response - instead the system tries to interpret +the given value as an interval. +. + +.#gpg.keygen.valid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keygen.name +# fixme: Please translate and remove the hash mark from the key line. +Enter the name of the key holder +. + +.#gpg.keygen.email +# fixme: Please translate and remove the hash mark from the key line. +please enter an optional but highly suggested email address +. + +.#gpg.keygen.comment +# fixme: Please translate and remove the hash mark from the key line. +Please enter an optional comment +. + +.#gpg.keygen.userid.cmd +# fixme: Please translate and remove the hash mark from the key line. +N to change the name. +C to change the comment. +E to change the email address. +O to continue with key generation. +Q to to quit the key generation. +. + +.#gpg.keygen.sub.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" (or just "y") if it is okay to generate the sub key. +. + +.#gpg.sign_uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.sign_uid.class +# fixme: Please translate and remove the hash mark from the key line. +When you sign a user ID on a key, you should first verify that the key +belongs to the person named in the user ID. It is useful for others to +know how carefully you verified this. + +"0" means you make no particular claim as to how carefully you verified the + key. + +"1" means you believe the key is owned by the person who claims to own it + but you could not, or did not verify the key at all. This is useful for + a "persona" verification, where you sign the key of a pseudonymous user. + +"2" means you did casual verification of the key. For example, this could + mean that you verified the key fingerprint and checked the user ID on the + key against a photo ID. + +"3" means you did extensive verification of the key. For example, this could + mean that you verified the key fingerprint with the owner of the key in + person, and that you checked, by means of a hard to forge document with a + photo ID (such as a passport) that the name of the key owner matches the + name in the user ID on the key, and finally that you verified (by exchange + of email) that the email address on the key belongs to the key owner. + +Note that the examples given above for levels 2 and 3 are *only* examples. +In the end, it is up to you to decide just what "casual" and "extensive" +mean to you when you sign other keys. + +If you don't know what the right answer is, answer "0". +. + +.#gpg.change_passwd.empty.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.save.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.cancel.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" or "no" +. + +.#gpg.keyedit.sign_all.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you want to sign ALL the user IDs +. + +.#gpg.keyedit.remove.uid.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if you really want to delete this user ID. +All certificates are then also lost! +. + +.#gpg.keyedit.remove.subkey.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to delete the subkey +. + +.#gpg.keyedit.delsig.valid +# fixme: Please translate and remove the hash mark from the key line. +This is a valid signature on the key; you normally don't want +to delete this signature because it may be important to establish a +trust connection to the key or another key certified by this key. +. + +.#gpg.keyedit.delsig.unknown +# fixme: Please translate and remove the hash mark from the key line. +This signature can't be checked because you don't have the +corresponding key. You should postpone its deletion until you +know which key was used because this signing key might establish +a trust connection through another already certified key. +. + +.#gpg.keyedit.delsig.invalid +# fixme: Please translate and remove the hash mark from the key line. +The signature is not valid. It does make sense to remove it from +your keyring. +. + +.#gpg.keyedit.delsig.selfsig +# fixme: Please translate and remove the hash mark from the key line. +This is a signature which binds the user ID to the key. It is +usually not a good idea to remove such a signature. Actually +GnuPG might not be able to use this key anymore. So do this +only if this self-signature is for some reason not valid and +a second one is available. +. + +.#gpg.keyedit.updpref.okay +# fixme: Please translate and remove the hash mark from the key line. +Change the preferences of all user IDs (or just of the selected ones) +to the current list of preferences. The timestamp of all affected +self-signatures will be advanced by one second. + +. + +.#gpg.passphrase.enter +# fixme: Please translate and remove the hash mark from the key line. +Please enter the passhrase; this is a secret sentence + +. + +.#gpg.passphrase.repeat +# fixme: Please translate and remove the hash mark from the key line. +Please repeat the last passphrase, so you are sure what you typed in. +. + +.#gpg.detached_signature.filename +# fixme: Please translate and remove the hash mark from the key line. +Give the name of the file to which the signature applies +. + +.#gpg.openfile.overwrite.okay +# fixme: Please translate and remove the hash mark from the key line. +Answer "yes" if it is okay to overwrite the file +. + +.#gpg.openfile.askoutname +# fixme: Please translate and remove the hash mark from the key line. +Please enter a new filename. If you just hit RETURN the default +file (which is shown in brackets) will be used. +. + +.#gpg.ask_revocation_reason.code +# fixme: Please translate and remove the hash mark from the key line. +You should specify a reason for the certification. Depending on the +context you have the ability to choose from this list: + "Key has been compromised" + Use this if you have a reason to believe that unauthorized persons + got access to your secret key. + "Key is superseded" + Use this if you have replaced this key with a newer one. + "Key is no longer used" + Use this if you have retired this key. + "User ID is no longer valid" + Use this to state that the user ID should not longer be used; + this is normally used to mark an email address invalid. + +. + +.#gpg.ask_revocation_reason.text +# fixme: Please translate and remove the hash mark from the key line. +If you like, you can enter a text describing why you issue this +revocation certificate. Please keep this text concise. +An empty line ends the text. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.tr.txt b/doc/help.tr.txt new file mode 100644 index 0000000..15bdf8e --- /dev/null +++ b/doc/help.tr.txt @@ -0,0 +1,242 @@ +# help.tr.txt - tr GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.gpg.edit_ownertrust.value +Bir deÄŸeri buraya iÅŸaretlemek size kalmış; bu deÄŸer herhangi bir 3. ÅŸahsa +gönderilmeyecek. Bir güvence ağı saÄŸlamak için bizim buna ihtiyacımız var; +bunun (açıkça belirtilmeden oluÅŸturulmuÅŸ) sertifikalar ağıyla +hiçbir alakası yok. +. + +.gpg.edit_ownertrust.set_ultimate.okay +Web-of-Trust oluÅŸturulabilmesi için GnuPG'ye hangi anahtarların son derece +güvenli (bunlar gizli anahtarlarına eriÅŸiminiz olan anahtarlardır) olduÄŸunun +bildirilmesi gerekir. "evet" yanıtı bu anahtarın son derece güvenli +olduÄŸunun belirtilmesi için yeterlidir. + +. + +.gpg.untrusted_key.override +Bu güvencesiz anahtarı yine de kullanmak istiyorsanız cevap olarak + "evet" yazın. +. + +.gpg.pklist.user_id.enter +Bu iletiyi göndereceÄŸiniz adresin kullanıcı kimliÄŸini giriniz. +. + +.gpg.keygen.algo +Kullanılacak algoritmayı seçiniz. + +DSA (nam-ı diÄŸer DSS) Sayısal Ä°mza Algortimasıdır ve +sadece imzalar için kullanılabilir. + +Elgamal sadece ÅŸifreleme amacıyla kullanılabilen bir algoritmadır. + +RSA hem imzalamak hem de ÅŸifrelemek amacıyla kullanılabilir. + +Ä°lk (asıl) anahtar daima imzalama yeteneÄŸine sahip bir anahtar olmalıdır. +. + +.gpg.keygen.algo.rsa_se +Genelde imzalama ve ÅŸifreleme için aynı anahtarı kullanmak iyi bir fikir +deÄŸildir. Bu algoritma sadece belli alanlarda kullanılabilir. +Lütfen güvenlik uzmanınıza danışın. +. + +.gpg.keygen.size +Anahtar uzunluÄŸunu giriniz +. + +.gpg.keygen.size.huge.okay +Cevap "evet" ya da "hayır" +. + +.gpg.keygen.size.large.okay +Cevap "evet" ya da "hayır" +. + +.gpg.keygen.valid +Ä°stenen deÄŸeri girin. ISO tarihi (YYYY-AA-GG) girmeniz mümkündür fakat +iyi bir hata cevabı alamazsınız -- onun yerine sistem verilen deÄŸeri +bir zaman aralığı olarak çözümlemeyi dener. +. + +.gpg.keygen.valid.okay +Cevap "evet" ya da "hayır" +. + +.gpg.keygen.name +Anahtar tutucunun ismini giriniz +. + +.gpg.keygen.email +lütfen bir E-posta adresi girin (isteÄŸe baÄŸlı ancak kuvvetle tavsiye edilir) +. + +.gpg.keygen.comment +Lütfen önbilgi girin (isteÄŸe baÄŸlı) +. + +.gpg.keygen.userid.cmd +S iSim deÄŸiÅŸtirmek için. +B önBilgiyi deÄŸiÅŸtirmek için. +P e-Posta adresini deÄŸiÅŸtirmek için. +D anahtar üretimine Devam etmek için. +K anahtar üretiminden çıKmak için. +. + +.gpg.keygen.sub.okay +Yardımcı anahtarı üretmek istiyorsanız "evet" ya da "e" girin. +. + +.gpg.sign_uid.okay +Cevap "evet" ya da "hayır" +. + +.gpg.sign_uid.class +Bir anahtarı bir kullanıcı kimlikle imzalamadan önce kullanıcı kimliÄŸin +içindeki ismin, anahtarın sahibine ait olup olmadığını kontrol etmelisiniz. + +"0" bu kontrolu yapmadığınız ve yapmayı da bilmediÄŸiniz anlamındadır. +"1" anahtar size sahibi tarafından gönderildi ama siz bu anahtarı baÅŸka + kaynaklardan doÄŸrulamadınız anlamındadır. Bu kiÅŸisel doÄŸrulama için + yeterlidir. En azında yarı anonim bir anahtar imzalaması yapmış + olursunuz. +"2" ayrıntılı bir inceleme yapıldığı anlamındadır. ÖrneÄŸin parmakizi ve + bir anahtarın foto kimliÄŸiyle kullanıcı kimliÄŸini karşılaÅŸtırmak + gibi denetimleri yapmışsınızdır. +"3" inceden inceye bir doÄŸrulama anlatır. ÖrneÄŸin, ÅŸahıstaki anahtarın + sahibi ile anahtar parmak izini karşılaÅŸtırmışsınızdır ve anahtardaki + kullanıcı kimlikte belirtilen isme ait bir basılı kimlik belgesindeki + bir fotoÄŸrafla ÅŸahsı karşılaÅŸtırmışsınızdır ve son olarak anahtar + sahibinin e-posta adresini kendisinin kullanmakta olduÄŸunu da + denetlemiÅŸsinizdir. +Burada 2 ve 3 için verilen örnekler *sadece* örnektir. +Eninde sonunda bir anahtarı imzalarken "ayrıntılı" ve "inceden inceye" kontroller arasındaki ayrıma siz karar vereceksiniz. +Bu kararı verebilecek durumda deÄŸilseniz "0" cevabını verin. +. + +.gpg.change_passwd.empty.okay +Cevap "evet" ya da "hayır" +. + +.gpg.keyedit.save.okay +Cevap "evet" ya da "hayır" +. + +.gpg.keyedit.cancel.okay +Cevap "evet" ya da "hayır" +. + +.gpg.keyedit.sign_all.okay +Kullanıcı kimliklerinin TÃœMünü imzalamak istiyorsanız "evet" ya da "yes" yazın +. + +.gpg.keyedit.remove.uid.okay +Bu kullanıcı kimliÄŸini gerçekten silmek istiyorsanız "evet" girin. +Böylece bütün sertifikaları kaybedeceksiniz! +. + +.gpg.keyedit.remove.subkey.okay +Bu yardımcı anahtarı silme izni vermek istiyorsanız "evet" girin +. + +.gpg.keyedit.delsig.valid +Bu, anahtar üzerinde geçerli bir imzadır; anahtara ya da bu anahtarla +sertifikalanmış bir diÄŸer anahtara bir güvence baÄŸlantısı saÄŸlamakta +önemli olabileceÄŸinden normalde bu imzayı silmek istemezsiniz. +. + +.gpg.keyedit.delsig.unknown +Bu imza, anahtarına sahip olmadığınızdan, kontrol edilemez. Bu imzanın +silinmesini hangi anahtarın kullanıldığını bilene kadar +ertelemelisiniz çünkü bu imzalama anahtarı baÅŸka bir sertifikalı +anahtar vasıtası ile bir güvence baÄŸlantısı saÄŸlayabilir. +. + +.gpg.keyedit.delsig.invalid +Ä°mza geçersiz. Anahtarlıktan kaldırmak uygun olacak. +. + +.gpg.keyedit.delsig.selfsig +Bu imza kullanıcı kimliÄŸini anahtara baÄŸlar. Öz-imzayı silmek hiç iyi +bir fikir deÄŸil. GnuPG bu anahtarı bir daha hiç kullanamayabilir. +Bunu sadece, eÄŸer bu öz-imza bazı durumlarda geçerli deÄŸilse ya da +kullanılabilir bir ikincisi var ise yapın. +. + +.gpg.keyedit.updpref.okay +Tüm kullanıcı kimlik tercihlerini (ya da seçilen birini) mevcut tercihler +listesine çevirir. Tüm etkilenen öz-imzaların zaman damgaları bir sonraki +tarafından öne alınacaktır. + +. + +.gpg.passphrase.enter +Lütfen bir anahtar parolası giriniz; yazdıklarınız görünmeyecek + +. + +.gpg.passphrase.repeat +Lütfen son parolayı tekrarlayarak ne yazdığınızdan emin olun. +. + +.gpg.detached_signature.filename +Ä°mzanın uygulanacağı dosyanın ismini verin +. + +.gpg.openfile.overwrite.okay +Dosyanın üzerine yazılacaksa lütfen "evet" yazın +. + +.gpg.openfile.askoutname +Lütfen yeni dosya ismini girin. Dosya ismini yazmadan RETURN tuÅŸlarsanız +parantez içinde gösterilen öntanımlı dosya kullanılacak. +. + +.gpg.ask_revocation_reason.code +Sertifikalama için bir sebep belirtmelisiniz. İçeriÄŸine baÄŸlı olarak +bu listeden seçebilirsiniz: + "Anahtar tehlikede" + Yetkisiz kiÅŸilerin gizli anahtarınıza eriÅŸebildiÄŸine inanıyorsanız + bunu seçin. + "Anahtar geçici" + Mevcut anahtarı daha yeni bir anahtar ile deÄŸiÅŸtirmiÅŸseniz bunu seçin. + "Anahtar artık kullanılmayacak" + Anahtarı emekliye ayıracaksanız bunu seçin. + "Kullanıcı kimliÄŸi artık geçersiz" + Kullanıcı kimliÄŸi artık kullanılamayacak durumdaysa bunu + seçin; genelde Eposta adresi geçersiz olduÄŸunda kullanılır. + +. + +.gpg.ask_revocation_reason.text +Ä°sterseniz, neden bu yürürlükten kaldırma sertifikasını +verdiÄŸinizi açıklayan bir metin girebilirsiniz. +Lütfen bu metin kısa olsun. Bir boÅŸ satır metni bitirir. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.txt b/doc/help.txt new file mode 100644 index 0000000..36b993d --- /dev/null +++ b/doc/help.txt @@ -0,0 +1,372 @@ +# help.txt - English GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +# Note that this help file needs to be UTF-8 encoded. When looking +# for a help item, GnuPG scans the help files in the following order +# (assuming a GNU or Unix system): +# +# /etc/gnupg/help.LL_TT.txt +# /etc/gnupg/help.LL.txt +# /etc/gnupg/help.txt +# /usr/share/gnupg/help.LL_TT.txt +# /usr/share/gnupg/help.LL.txt +# /usr/share/gnupg/help.txt +# +# Here LL_TT denotes the full name of the current locale with the +# territory (.e.g. "de_DE"), LL denotes just the locale name +# (e.g. "de"). The first matching item is returned. To put a dot or +# a hash mark at the beginning of a help text line, it needs to be +# prefixed with ". ". A single dot may be used to terminated ahelp +# entry. + +.#pinentry.qualitybar.tooltip +# [remove the hash mark from the key to enable this text] +# This entry is just an example on how to customize the tooltip shown +# when hovering over the quality bar of the pinentry. We don't +# install this text so that the hardcoded translation takes +# precedence. An administrator should write up a short help to tell +# the users about the configured passphrase constraints and save that +# to /etc/gnupg/help.txt. The help text should not be longer than +# about 800 characters. +This bar indicates the quality of the passphrase entered above. + +As long as the bar is shown in red, GnuPG considers the passphrase too +weak to accept. Please ask your administrator for details about the +configured passphrase constraints. +. + + +.gnupg.agent-problem +# There was a problem accessing or starting the agent. +It was either not possible to connect to a running Gpg-Agent or a +communication problem with a running agent occurred. + +The system uses a background process, called Gpg-Agent, for processing +private keys and to ask for passphrases. The agent is usually started +when the user logs in and runs as long the user is logged in. In case +that no agent is available, the system tries to start one on the fly +but that version of the agent is somewhat limited in functionality and +thus may lead to little problems. + +You probably need to ask your administrator on how to solve the +problem. As a workaround you might try to log out and in to your +session and see whether this helps. If this helps please tell the +administrator anyway because this indicates a bug in the software. +. + + +.gnupg.dirmngr-problem +# There was a problen accessing the dirmngr. +It was either not possible to connect to a running Dirmngr or a +communication problem with a running Dirmngr occurred. + +To lookup certificate revocation lists (CRLs), performing OCSP +validation and to lookup keys through LDAP servers, the system uses an +external service program named Dirmngr. The Dirmngr is usually running +as a system service (daemon) and does not need any attention by the +user. In case of problems the system might start its own copy of the +Dirmngr on a per request base; this is a workaround and yields limited +performance. + +If you encounter this problem, you should ask your system +administrator how to proceed. As an interim solution you may try to +disable CRL checking in gpgsm's configuration. +. + + +.gpg.edit_ownertrust.value +# The help identies prefixed with "gpg." used to be hard coded in gpg +# but may now be overridden by help texts from this file. +It's up to you to assign a value here; this value will never be exported +to any 3rd party. We need it to implement the web-of-trust; it has nothing +to do with the (implicitly created) web-of-certificates. +. + +.gpg.edit_ownertrust.set_ultimate.okay +To build the Web-of-Trust, GnuPG needs to know which keys are +ultimately trusted - those are usually the keys for which you have +access to the secret key. Answer "yes" to set this key to +ultimately trusted. + + +.gpg.untrusted_key.override +If you want to use this untrusted key anyway, answer "yes". +. + +.gpg.pklist.user_id.enter +Enter the user ID of the addressee to whom you want to send the message. +. + +.gpg.keygen.algo +Select the algorithm to use. + +DSA (aka DSS) is the Digital Signature Algorithm and can only be used +for signatures. + +Elgamal is an encrypt-only algorithm. + +RSA may be used for signatures or encryption. + +The first (primary) key must always be a key which is capable of signing. +. + + +.gpg.keygen.algo.rsa_se +In general it is not a good idea to use the same key for signing and +encryption. This algorithm should only be used in certain domains. +Please consult your security expert first. +. + + +.gpg.keygen.size +Enter the size of the key. + +The suggested default is usually a good choice. + +If you want to use a large key size, for example 4096 bit, please +think again whether it really makes sense for you. You may want +to view the web page http://www.xkcd.com/538/ . +. + +.gpg.keygen.size.huge.okay +Answer "yes" or "no". +. + + +.gpg.keygen.size.large.okay +Answer "yes" or "no". +. + + +.gpg.keygen.valid +Enter the required value as shown in the prompt. +It is possible to enter a ISO date (YYYY-MM-DD) but you won't +get a good error response - instead the system tries to interpret +the given value as an interval. +. + +.gpg.keygen.valid.okay +Answer "yes" or "no". +. + + +.gpg.keygen.name +Enter the name of the key holder. +The characters "<" and ">" are not allowed. +Example: Heinrich Heine +. + + +.gpg.keygen.email +Please enter an optional but highly suggested email address. +Example: heinrichh@duesseldorf.de +. + +.gpg.keygen.comment +Please enter an optional comment. +The characters "(" and ")" are not allowed. +In general there is no need for a comment. +. + + +.gpg.keygen.userid.cmd +# (Keep a leading empty line) + +N to change the name. +C to change the comment. +E to change the email address. +O to continue with key generation. +Q to to quit the key generation. +. + +.gpg.keygen.sub.okay +Answer "yes" (or just "y") if it is okay to generate the sub key. +. + +.gpg.sign_uid.okay +Answer "yes" or "no". +. + +.gpg.sign_uid.class +When you sign a user ID on a key, you should first verify that the key +belongs to the person named in the user ID. It is useful for others to +know how carefully you verified this. + +"0" means you make no particular claim as to how carefully you verified the + key. + +"1" means you believe the key is owned by the person who claims to own it + but you could not, or did not verify the key at all. This is useful for + a "persona" verification, where you sign the key of a pseudonymous user. + +"2" means you did casual verification of the key. For example, this could + mean that you verified the key fingerprint and checked the user ID on the + key against a photo ID. + +"3" means you did extensive verification of the key. For example, this could + mean that you verified the key fingerprint with the owner of the key in + person, and that you checked, by means of a hard to forge document with a + photo ID (such as a passport) that the name of the key owner matches the + name in the user ID on the key, and finally that you verified (by exchange + of email) that the email address on the key belongs to the key owner. + +Note that the examples given above for levels 2 and 3 are *only* examples. +In the end, it is up to you to decide just what "casual" and "extensive" +mean to you when you sign other keys. + +If you don't know what the right answer is, answer "0". +. + +.gpg.change_passwd.empty.okay +Answer "yes" or "no". +. + + +.gpg.keyedit.save.okay +Answer "yes" or "no". +. + + +.gpg.keyedit.cancel.okay +Answer "yes" or "no". +. + +.gpg.keyedit.sign_all.okay +Answer "yes" if you want to sign ALL the user IDs. +. + +.gpg.keyedit.remove.uid.okay +Answer "yes" if you really want to delete this user ID. +All certificates are then also lost! +. + +.gpg.keyedit.remove.subkey.okay +Answer "yes" if it is okay to delete the subkey. +. + + +.gpg.keyedit.delsig.valid +This is a valid signature on the key; you normally don't want +to delete this signature because it may be important to establish a +trust connection to the key or another key certified by this key. +. + +.gpg.keyedit.delsig.unknown +This signature can't be checked because you don't have the +corresponding key. You should postpone its deletion until you +know which key was used because this signing key might establish +a trust connection through another already certified key. +. + +.gpg.keyedit.delsig.invalid +The signature is not valid. It does make sense to remove it from +your keyring. +. + +.gpg.keyedit.delsig.selfsig +This is a signature which binds the user ID to the key. It is +usually not a good idea to remove such a signature. Actually +GnuPG might not be able to use this key anymore. So do this +only if this self-signature is for some reason not valid and +a second one is available. +. + +.gpg.keyedit.updpref.okay +Change the preferences of all user IDs (or just of the selected ones) +to the current list of preferences. The timestamp of all affected +self-signatures will be advanced by one second. +. + + +.gpg.passphrase.enter +# (keep a leading empty line) + +Please enter the passhrase; this is a secret sentence. +. + + +.gpg.passphrase.repeat +Please repeat the last passphrase, so you are sure what you typed in. +. + +.gpg.detached_signature.filename +Give the name of the file to which the signature applies. +. + +.gpg.openfile.overwrite.okay +# openfile.c (overwrite_filep) +Answer "yes" if it is okay to overwrite the file. +. + +.gpg.openfile.askoutname +# openfile.c (ask_outfile_name) +Please enter a new filename. If you just hit RETURN the default +file (which is shown in brackets) will be used. +. + +.gpg.ask_revocation_reason.code +# revoke.c (ask_revocation_reason) +You should specify a reason for the certification. Depending on the +context you have the ability to choose from this list: + "Key has been compromised" + Use this if you have a reason to believe that unauthorized persons + got access to your secret key. + "Key is superseded" + Use this if you have replaced this key with a newer one. + "Key is no longer used" + Use this if you have retired this key. + "User ID is no longer valid" + Use this to state that the user ID should not longer be used; + this is normally used to mark an email address invalid. +. + +.gpg.ask_revocation_reason.text +# revoke.c (ask_revocation_reason) +If you like, you can enter a text describing why you issue this +revocation certificate. Please keep this text concise. +An empty line ends the text. +. + + + + +.gpgsm.root-cert-not-trusted +# This text gets displayed by the audit log if +# a root certificates was not trusted. +The root certificate (the trust-anchor) is not trusted. Depending on +the configuration you may have been prompted to mark that root +certificate as trusted or you need to manually tell GnuPG to trust that +certificate. Trusted certificates are configured in the file +trustlist.txt in GnuPG's home directory. If you are in doubt, ask +your system administrator whether you should trust this certificate. + + +.gpgsm.crl-problem +# This tex is displayed by the audit log for problems with +# the CRL or OCSP checking. +Depending on your configuration a problem retrieving the CRL or +performing an OCSP check occurred. There are a great variety of +reasons why this did not work. Check the manual for possible +solutions. + + +# Local variables: +# mode: default-generic +# coding: utf-8 +# End: diff --git a/doc/help.zh_CN.txt b/doc/help.zh_CN.txt new file mode 100644 index 0000000..e000fa0 --- /dev/null +++ b/doc/help.zh_CN.txt @@ -0,0 +1,233 @@ +# help.zh_CN.txt - zh_CN GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.gpg.edit_ownertrust.value +在这里指定的数值完全由您自己决定;这些数值永远ä¸ä¼šè¢«è¾“出给任何第三方。 +我们需è¦å®ƒæ¥å®žçŽ°â€œä¿¡ä»»ç½‘络â€ï¼›è¿™è·Ÿéšå«å»ºç«‹èµ·æ¥çš„“验è¯ç½‘络â€æ— 关。 +. + +.gpg.edit_ownertrust.set_ultimate.okay +è¦å»ºç«‹èµ·ä¿¡ä»»ç½‘络,GnuPG 需è¦çŸ¥é“哪些密钥是å¯ç»å¯¹ä¿¡ä»»çš„――通常 +就是您拥有ç§é’¥çš„那些密钥。回甓yesâ€å°†æ¤å¯†é’¥è®¾æˆå¯ç»å¯¹ä¿¡ä»»çš„ + +. + +.gpg.untrusted_key.override +å¦‚æžœæ‚¨æ— è®ºå¦‚ä½•è¦ä½¿ç”¨è¿™æŠŠæœªè¢«ä¿¡ä»»çš„密钥,请回甓yesâ€ã€‚ +. + +.gpg.pklist.user_id.enter +输入您è¦é€’é€çš„æŠ¥æ–‡çš„æŽ¥æ”¶è€…çš„ç”¨æˆ·æ ‡è¯†ã€‚ +. + +.gpg.keygen.algo +选择使用的算法。 + +DSA (ä¹Ÿå« DSS)å³â€œæ•°å—ç¾å算法â€(ç¾Žå›½å›½å®¶æ ‡å‡†),åªèƒ½å¤Ÿç”¨ä½œç¾å。 + +Elgamal 是一ç§åªèƒ½ç”¨ä½œåŠ 密的算法。 + +RSA å¯ä»¥ç”¨ä½œç¾åæˆ–åŠ å¯†ã€‚ + +第一把密钥(主钥)必须具有ç¾å的能力。 +. + +.gpg.keygen.algo.rsa_se +通常æ¥è¯´ç”¨åŒä¸€æŠŠå¯†é’¥ç¾ååŠåŠ 密并ä¸æ˜¯ä¸ªå¥½ä¸»æ„。这个算法åªåœ¨ç‰¹å®šçš„情况 +下使用。请先咨询安全方é¢çš„专家。 +. + +.gpg.keygen.size +请输入密钥的尺寸 +. + +.gpg.keygen.size.huge.okay +请回甓yesâ€æˆ–“no†+. + +.gpg.keygen.size.large.okay +请回甓yesâ€æˆ–“no†+. + +.gpg.keygen.valid +请输入æ示所è¦æ±‚的数值。 +您å¯ä»¥è¾“å…¥ ISO æ—¥æœŸæ ¼å¼(YYYY-MM-DD),但是出错时您ä¸ä¼šå¾—到å‹å¥½çš„å“应 +――系统会å°è¯•å°†ç»™å®šå€¼è§£é‡Šä¸ºæ—¶é—´é—´éš”。 +. + +.gpg.keygen.valid.okay +请回甓yesâ€æˆ–“no†+. + +.gpg.keygen.name +请输入密钥æŒæœ‰äººçš„åå— +. + +.gpg.keygen.email +请输入电å邮件地å€(å¯é€‰é¡¹ï¼Œä½†å¼ºçƒˆæŽ¨è使用) +. + +.gpg.keygen.comment +请输入注释(å¯é€‰é¡¹) +. + +.gpg.keygen.userid.cmd +N 修改姓å。 +C 修改注释。 +E 修改电å邮件地å€ã€‚ +O 继ç»äº§ç”Ÿå¯†é’¥ã€‚ +Q ä¸æ¢äº§ç”Ÿå¯†é’¥ã€‚ +. + +.gpg.keygen.sub.okay +如果您å…许生æˆå钥,请回甓yesâ€(或者“yâ€)。 +. + +.gpg.sign_uid.okay +请回甓yesâ€æˆ–“no†+. + +.gpg.sign_uid.class +当您为æŸæŠŠå¯†é’¥ä¸ŠæŸä¸ªç”¨æˆ·æ ‡è¯†æ·»åŠ ç¾å时,您必须首先验è¯è¿™æŠŠå¯†é’¥ç¡®å®žå±žäºŽ +ç½²åäºŽå®ƒçš„ç”¨æˆ·æ ‡è¯†ä¸Šçš„é‚£ä¸ªäººã€‚äº†è§£åˆ°æ‚¨æ›¾å¤šä¹ˆè°¨æ…Žåœ°å¯¹æ¤è¿›è¡Œè¿‡éªŒè¯ï¼Œå¯¹å…¶ +他人是éžå¸¸æœ‰ç”¨çš„ + +“0†表示您对您有多么仔细地验è¯è¿™æŠŠå¯†é’¥çš„问题ä¸è¡¨æ€ã€‚ + +“1†表示您相信这把密钥属于那个声明是主人的人,但是您ä¸èƒ½æˆ–æ ¹æœ¬æ²¡æœ‰éªŒ + è¯è¿‡ã€‚如果您为一把属于类似虚拟人物的密钥ç¾å,这个选择很有用。 + +“2†表示您éšæ„地验è¯äº†é‚£æŠŠå¯†é’¥ã€‚例如,您验è¯äº†è¿™æŠŠå¯†é’¥çš„指纹,或比对 + 照片验è¯äº†ç”¨æˆ·æ ‡è¯†ã€‚ + +“3†表示您åšäº†å¤§é‡è€Œè¯¦å°½çš„验è¯å¯†é’¥å·¥ä½œã€‚例如,您åŒå¯†é’¥æŒæœ‰äººéªŒè¯äº†å¯† + é’¥æŒ‡çº¹ï¼Œè€Œä¸”é€šè¿‡æŸ¥éªŒé™„å¸¦ç…§ç‰‡è€Œéš¾ä»¥ä¼ªé€ çš„è¯ä»¶(如护照)ç¡®è®¤äº†å¯†é’¥æŒ + 有人的姓åä¸Žå¯†é’¥ä¸Šçš„ç”¨æˆ·æ ‡è¯†ä¸€è‡´ï¼Œæœ€åŽæ‚¨è¿˜(通过电å邮件往æ¥)éªŒè¯ + 了密钥上的电å邮件地å€ç¡®å®žå±žäºŽå¯†é’¥æŒæœ‰äººã€‚ + +请注æ„上述关于验è¯çº§åˆ« 2 å’Œ 3 的说明仅是例å而已。最终还是由您自己决定 +当您为其他密钥ç¾å时,什么是“éšæ„â€ï¼Œè€Œä»€ä¹ˆæ˜¯â€œå¤§é‡è€Œè¯¦å°½â€ã€‚ + +如果您ä¸çŸ¥é“应该选什么ç”案的è¯ï¼Œå°±é€‰â€œ0â€ã€‚ +. + +.gpg.change_passwd.empty.okay +请回甓yesâ€æˆ–“no†+. + +.gpg.keyedit.save.okay +请回甓yesâ€æˆ–“no†+. + +.gpg.keyedit.cancel.okay +请回甓yesâ€æˆ–“no†+. + +.gpg.keyedit.sign_all.okay +如果您想è¦ä¸ºæ‰€æœ‰ç”¨æˆ·æ ‡è¯†ç¾åçš„è¯å°±é€‰â€œyes†+. + +.gpg.keyedit.remove.uid.okay +如果您真的想è¦åˆ é™¤è¿™ä¸ªç”¨æˆ·æ ‡è¯†çš„è¯å°±å›žç”“yesâ€ã€‚ +所有相关认è¯åœ¨æ¤ä¹‹åŽä¹Ÿä¼šä¸¢å¤±ï¼ +. + +.gpg.keyedit.remove.subkey.okay +如果å¯ä»¥åˆ 除这把å钥,请回甓yes†+. + +.gpg.keyedit.delsig.valid +这是一份在这把密钥上有效的ç¾å;通常您ä¸ä¼šæƒ³è¦åˆ 除这份ç¾å, +å› ä¸ºè¦ä¸Žè¿™æŠŠå¯†é’¥æˆ–拥有这把密钥的ç¾å的密钥建立认è¯å…³ç³»å¯èƒ½ +相当é‡è¦ã€‚ +. + +.gpg.keyedit.delsig.unknown +这份ç¾åæ— æ³•è¢«æ£€éªŒï¼Œå› ä¸ºæ‚¨æ²¡æœ‰ç›¸åº”çš„å¯†é’¥ã€‚æ‚¨åº”è¯¥æš‚ç¼“åˆ é™¤å®ƒï¼Œ +直到您知é“æ¤ç¾åä½¿ç”¨äº†å“ªä¸€æŠŠå¯†é’¥ï¼›å› ä¸ºç”¨æ¥ç¾å的密钥å¯èƒ½ä¸Ž +其他已ç»éªŒè¯çš„密钥å˜åœ¨ä¿¡ä»»å…³ç³»ã€‚ +. + +.gpg.keyedit.delsig.invalid +这份ç¾åæ— æ•ˆã€‚åº”å½“æŠŠå®ƒä»Žæ‚¨çš„é’¥åŒ™çŽ¯é‡Œåˆ é™¤ã€‚ +. + +.gpg.keyedit.delsig.selfsig +è¿™æ˜¯ä¸€ä»½å°†å¯†é’¥ä¸Žç”¨æˆ·æ ‡è¯†ç›¸è”系的ç¾å。通常ä¸åº”åˆ é™¤è¿™æ ·çš„ç¾å。 +äº‹å®žä¸Šï¼Œä¸€æ—¦åˆ é™¤ï¼ŒGnuPGå¯èƒ½ä»Žæ¤å°±ä¸èƒ½å†ä½¿ç”¨è¿™æŠŠå¯†é’¥äº†ã€‚å› æ¤ï¼Œ +åªæœ‰åœ¨è¿™æŠŠå¯†é’¥çš„第一个自身ç¾åå› æŸäº›åŽŸå› å¤±æ•ˆï¼Œè€Œæœ‰ç¬¬äºŒä¸ªè‡ªèº«ç¾ +å—å¯ç”¨çš„情况下æ‰è¿™ä¹ˆåšã€‚ +. + +.gpg.keyedit.updpref.okay +用现有的首选项更新所有(或选定的)ç”¨æˆ·æ ‡è¯†çš„é¦–é€‰é¡¹ã€‚æ‰€æœ‰å—å½±å“çš„è‡ªèº«ç¾ +å—çš„æ—¶é—´æˆ³éƒ½ä¼šå¢žåŠ ä¸€ç§’é’Ÿã€‚ + +. + +.gpg.passphrase.enter +请输入密ç :这是一个秘密的å¥å + +. + +.gpg.passphrase.repeat +请å†æ¬¡è¾“入上次的密ç ,以确定您到底键入了些什么。 +. + +.gpg.detached_signature.filename +请给定è¦æ·»åŠ ç¾å的文件å +. + +.gpg.openfile.overwrite.okay +如果å¯ä»¥è¦†ç›–这个文件,请回甓yes†+. + +.gpg.openfile.askoutname +请输入一个新的文件å。如果您直接按下了回车,那么就会使用显示在括 +å·ä¸çš„默认的文件å。 +. + +.gpg.ask_revocation_reason.code +您应该为这份åŠé”€è¯ä¹¦æŒ‡å®šä¸€ä¸ªåŽŸå› ã€‚æ ¹æ®æƒ…境的ä¸åŒï¼Œæ‚¨å¯ä»¥ä»Žä¸‹åˆ—清å•ä¸ +选出一项: + “密钥已泄æ¼â€ + 如果您相信有æŸä¸ªæœªç»è®¸å¯çš„人已å–得了您的ç§é’¥ï¼Œè¯·é€‰æ¤é¡¹ã€‚ + “密钥已替æ¢â€ + 如果您已用一把新密钥代替旧的,请选æ¤é¡¹ã€‚ + “密钥ä¸å†è¢«ä½¿ç”¨â€ + 如果您已决定让这把密钥退休,请选æ¤é¡¹ + â€œç”¨æˆ·æ ‡è¯†ä¸å†æœ‰æ•ˆâ€ + å¦‚æžœè¿™ä¸ªç”¨æˆ·æ ‡è¯†ä¸å†è¢«ä½¿ç”¨äº†ï¼Œè¯·é€‰æ¤é¡¹ï¼›è¿™é€šå¸¸ç”¨è¡¨æ˜ŽæŸä¸ªç”µåé‚® + 件地å€å·²ä¸å†æœ‰æ•ˆã€‚ + +. + +.gpg.ask_revocation_reason.text +您也å¯ä»¥è¾“入一串文å—,æè¿°å‘布这份åŠé”€è¯ä¹¦çš„ç†ç”±ã€‚请尽é‡ä½¿è¿™æ®µæ–‡ +å—简明扼è¦ã€‚ +键入一空行以结æŸè¾“入。 + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/help.zh_TW.txt b/doc/help.zh_TW.txt new file mode 100644 index 0000000..800dad9 --- /dev/null +++ b/doc/help.zh_TW.txt @@ -0,0 +1,245 @@ +# help.zh_TW.txt - zh_TW GnuPG online help +# Copyright (C) 2007 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + + +.gpg.edit_ownertrust.value +在這裡指派的數值完全是看妳自己決定; 這些數值永é ä¸æœƒè¢«åŒ¯å‡ºçµ¦å…¶ä»–人. +我們需è¦å®ƒä¾†å¯¦æ–½ä¿¡ä»»ç¶²çµ¡; 這跟 (自動建立起的) 憑è‰ç¶²çµ¡ä¸€é»žé—œä¿‚也沒有. +. + +.gpg.edit_ownertrust.set_ultimate.okay +è¦å»ºç«‹èµ·ä¿¡ä»»ç¶²çµ¡, GnuPG 需è¦çŸ¥é“哪些金鑰是被徹底信任的 - +那些金鑰通常就是妳有辦法å˜å–到ç§é‘°çš„. å›žç” "yes" 來將這些 +金鑰è¨æˆè¢«å¾¹åº•ä¿¡ä»»çš„ + +. + +.gpg.untrusted_key.override +如果妳無論如何想è¦ä½¿ç”¨é€™æŠŠæœªè¢«ä¿¡ä»»çš„金鑰, è«‹å›žç” "yes". +. + +.gpg.pklist.user_id.enter +輸入妳è¦éžé€çš„訊æ¯æŽ¥æ”¶è€…的使用者 ID. +. + +.gpg.keygen.algo +è«‹é¸æ“‡è¦ä½¿ç”¨çš„演算法. + +DSA (äº¦å³ DSS) 是數ä½ç°½ç« 演算法 (Digital Signature Algorithm), +祇能用於簽署. + +Elgamal æ˜¯ç¥‡èƒ½ç”¨æ–¼åŠ å¯†çš„æ¼”ç®—æ³•. + +RSA å¯ä»¥è¢«ç”¨ä¾†ç°½ç½²åŠåŠ 密. + +第一把 (主è¦çš„) 金鑰一定è¦å«æœ‰èƒ½ç”¨æ–¼ç°½ç½²çš„金鑰. +. + +.gpg.keygen.algo.rsa_se +通常來說用åŒä¸€æŠŠé‡‘鑰簽署åŠåŠ 密並ä¸æ˜¯å€‹å¥½ä¸»æ„. +這個演算法應該祇被用於特定的情æ³ä¸‹. +è«‹å…ˆè¯çµ¡å¦³çš„安全專家. +. + +.gpg.keygen.size +請輸入金鑰的尺寸 +. + +.gpg.keygen.size.huge.okay +è«‹å›žç” "yes" 或 "no" +. + +.gpg.keygen.size.large.okay +è«‹å›žç” "yes" 或 "no" +. + +.gpg.keygen.valid +請輸入æ示裡所è¦æ±‚的數值. +妳å¯ä»¥è¼¸å…¥ ISO æ—¥æœŸæ ¼å¼ (YYYY-MM-DD), 但是ä¸æœƒå¾—到良好的錯誤回應 - +å之, 系統會試著把給定的數值ä¸æ–·æˆè‹¥å¹²ç‰‡æ®µ. +. + +.gpg.keygen.valid.okay +è«‹å›žç” "yes" 或 "no" +. + +.gpg.keygen.name +請輸入金鑰æŒæœ‰äººçš„åå— +. + +.gpg.keygen.email +請輸入é¸ç”¨ (但強烈建è°ä½¿ç”¨) çš„é›»å郵件ä½å€ +. + +.gpg.keygen.comment +請輸入é¸ç”¨çš„註釋 +. + +.gpg.keygen.userid.cmd +N 修改姓å. +C 修改註釋. +E 修改電å郵件ä½å€. +O 繼續產生金鑰. +Q ä¸æ¢ç”¢ç”Ÿé‡‘é‘°. +. + +.gpg.keygen.sub.okay +如果妳覺得產生åé‘°å¯ä»¥çš„話, å°±å›žç” "yes" (æˆ–è€…ç¥‡è¦ "y"). +. + +.gpg.sign_uid.okay +è«‹å›žç” "yes" 或 "no" +. + +.gpg.sign_uid.class +當妳在æŸæŠŠé‡‘鑰上簽署æŸå€‹ä½¿ç”¨è€… ID, å¦³é¦–å…ˆå¿…é ˆå…ˆé©—è‰é‚£æŠŠ +金鑰確實屬於那個使用者 ID 上å«é‚£å€‹åå—的人. 這å°é‚£äº›çŸ¥é“ +妳多å°å¿ƒé©—è‰çš„人來說很有用. + +"0" 表示妳ä¸èƒ½æ出任何特別的主張來表明 + 妳多仔細驗è‰é‚£æŠŠé‡‘é‘° + +"1" 表示妳相信這把金鑰屬於那個主張是主人的人, + 但是妳ä¸èƒ½æˆ–沒有驗è‰é‚£æŠŠé‡‘é‘°. + 這å°é‚£äº›ç¥‡æƒ³è¦ "個人的" é©—è‰çš„人來說很有用, + å› ç‚ºå¦³ç°½ç½²äº†ä¸€æŠŠæ“¬ä¼¼åŒ¿å使用者的金鑰. + +"2" 表示妳真的仔細驗è‰äº†é‚£æŠŠé‡‘é‘°. + 例如說, 這能表示妳驗è‰äº†é€™æŠŠé‡‘鑰的指紋和 + 使用者 ID, 並比å°äº†ç…§ç‰‡ ID. + +"3" 表示妳真的åšäº†å¤§è¦æ¨¡çš„é©—è‰é‡‘鑰工作. + 例如說, 這能表示妳å‘金鑰æŒæœ‰äººé©—è‰äº†é‡‘鑰指紋, + 而且妳é€éŽé™„帶照片而難以å½é€ 的文件 (åƒæ˜¯è·ç…§) + 確èªäº†é‡‘é‘°æŒæœ‰äººçš„姓å與金鑰上使用者 ID 的一致, + 最後妳還 (é€éŽé›»å郵件往來) é©—è‰äº†é‡‘鑰上的 + é›»å郵件ä½å€ç¢ºå¯¦å±¬æ–¼é‡‘é‘°æŒæœ‰äºº. + +請注æ„上述關於ç‰ç´š 2 å’Œ 3 的例å "祇是" 例å而已. +最後, 還是得由妳自己決定當妳簽署其他金鑰時, +甚麼是 "漫ä¸ç¶“心", 而甚麼是 "超級謹慎". + +如果妳ä¸çŸ¥é“應該é¸ç”šéº¼ç”案的話, å°±é¸ "0". +. + +.gpg.change_passwd.empty.okay +è«‹å›žç” "yes" 或 "no" +. + +.gpg.keyedit.save.okay +è«‹å›žç” "yes" 或 "no" +. + +.gpg.keyedit.cancel.okay +è«‹å›žç” "yes" 或 "no" +. + +.gpg.keyedit.sign_all.okay +如果妳想è¦ç°½ç½² *所有* 使用者 ID çš„è©±å°±å›žç” "yes" +. + +.gpg.keyedit.remove.uid.okay +如果妳真的想è¦åˆªé™¤é€™å€‹ä½¿ç”¨è€… ID çš„è©±å°±å›žç” "yes". +所有的憑è‰åœ¨é‚£ä¹‹å¾Œä¹Ÿéƒ½æœƒå¤±åŽ»! +. + +.gpg.keyedit.remove.subkey.okay +如果刪除這把åé‘°æ²’å•é¡Œçš„è©±å°±å›žç” "yes" +. + +.gpg.keyedit.delsig.valid +é€™æ˜¯ä¸€ä»½åœ¨é€™æŠŠé‡‘é‘°ä¸Šæœ‰æ•ˆçš„ç°½ç« ; 通常妳ä¸æœƒæƒ³è¦åˆªé™¤é€™ä»½ç°½ç« , +å› ç‚ºè¦è·Ÿåˆ¥çš„金鑰建立起信任連çµ, æˆ–ç”±é€™æŠŠé‡‘é‘°æ‰€ç°½ç½²çš„é‡‘é‘°æ†‘è‰ +會是一件相當é‡è¦çš„事. +. + +.gpg.keyedit.delsig.unknown +é€™ä»½ç°½ç« ç„¡æ³•è¢«æª¢é©—, å› ç‚ºå¦³æ²’æœ‰ç¬¦åˆçš„金鑰. 妳應該延緩刪除它, +直到妳知é“哪一把金鑰被使用了; å› ç‚ºé€™æŠŠä¾†ç°½ç½²çš„é‡‘é‘°å¯èƒ½é€éŽ +其他已經驗è‰çš„金鑰建立了一個信任連çµ. +. + +.gpg.keyedit.delsig.invalid +é€™ä»½ç°½ç« ç„¡æ•ˆ. 把它從妳的鑰匙圈裡移去相當åˆç†. +. + +.gpg.keyedit.delsig.selfsig +這是一份和這個金鑰使用者 ID ç›¸ç¹«çš„ç°½ç« . 通常 +æŠŠé€™æ¨£çš„ç°½ç« ç§»é™¤ä¸æœƒæ˜¯å€‹å¥½é»žå. 事實上 GnuPG +å¯èƒ½å¾žæ¤å°±ä¸èƒ½å†ä½¿ç”¨é€™æŠŠé‡‘鑰了. 所以祇有在這 +æŠŠé‡‘é‘°çš„ç¬¬ä¸€å€‹è‡ªæˆ‘ç°½ç« å› æŸäº›åŽŸå› 無效, 而第二 +個還å¯ç”¨çš„情æ³ä¸‹çº”這麼åš. +. + +.gpg.keyedit.updpref.okay +變更所有 (或祇有被é¸å–的那幾個) 使用者 ID çš„å好æˆç¾ç”¨çš„å好清單. +所有å—åˆ°å½±éŸ¿çš„è‡ªæˆ‘ç°½ç« çš„æ™‚é–“æˆ³è¨˜éƒ½æœƒå¢žåŠ ä¸€ç§’é˜. + +. + +.gpg.passphrase.enter +請輸入密語; 這是一個秘密的å¥å + +. + +.gpg.passphrase.repeat +è«‹å†æ¬¡è¼¸å…¥æœ€å¾Œçš„密語, 以確定妳到底éµé€²äº†äº›ç”šéº¼. +. + +.gpg.detached_signature.filename +è«‹çµ¦å®šç°½ç« æ‰€è¦å¥—用的檔案å稱 +. + +.gpg.openfile.overwrite.okay +如果覆寫這個檔案沒有å•é¡Œçš„è©±å°±å›žç” "yes" +. + +.gpg.openfile.askoutname +請輸入一個新的檔å. 如果妳直接按下了 Enter, 那麼 +就會使用é è¨çš„檔案 (顯示在括號ä¸). +. + +.gpg.ask_revocation_reason.code +妳應該為這份憑è‰æŒ‡å®šä¸€å€‹åŽŸå› . +æ ¹æ“šæƒ…å¢ƒçš„ä¸åŒ, 妳應該å¯ä»¥å¾žé€™å€‹æ¸…å–®ä¸é¸å‡ºä¸€é …: + "金鑰已經被洩æ¼äº†" + 如果妳相信有æŸå€‹æœªç¶“許å¯çš„傢伙å–得了妳的ç§é‘°çš„話, + å°±é¸é€™å€‹. + "金鑰被代æ›äº†" + 如果妳把妳的金鑰æ›æˆæ–°çš„了, å°±é¸é€™å€‹. + "金鑰ä¸å†è¢«ä½¿ç”¨äº†" + 如果妳已經撤回了這把金鑰, å°±é¸é€™å€‹. + "使用者 ID ä¸å†æœ‰æ•ˆäº†" + 如果這個使用者 ID ä¸å†è¢«ä½¿ç”¨äº†, å°±é¸é€™å€‹; + 這通常用來表示æŸå€‹é›»å郵件ä½å€ä¸å†æœ‰æ•ˆäº†. + +. + +.gpg.ask_revocation_reason.text +妳也å¯ä»¥è¼¸å…¥ä¸€ä¸²æ–‡å—來æ述為甚麼發佈這份撤銷憑è‰çš„ç†ç”±. +請讓這段文å—ä¿æŒç°¡æ˜Žæ‰¼è¦. +éµå…¥ç©ºç™½åˆ—以çµæŸé€™æ®µæ–‡å—. + +. + + + +# Local variables: +# mode: fundamental +# coding: utf-8 +# End: diff --git a/doc/howto-create-a-server-cert.texi b/doc/howto-create-a-server-cert.texi new file mode 100644 index 0000000..ce6dd2f --- /dev/null +++ b/doc/howto-create-a-server-cert.texi @@ -0,0 +1,288 @@ +@node Howto Create a Server Cert +@section Creating a TLS server certificate + + +Here is a brief run up on how to create a server certificate. It has +actually been done this way to get a certificate from CAcert to be used +on a real server. It has only been tested with this CA, but there +shouldn't be any problem to run this against any other CA. + +Before you start, make sure that gpg-agent is running. As there is no +need for a configuration file, you may simply enter: + +@cartouche +@example + $ gpgsm-gencert.sh >a.p10 + Key type + [1] RSA + [2] Existing key + [3] Direct from card + Your selection: 1 + You selected: RSA +@end example +@end cartouche + +I opted for creating a new RSA key. The other option is to use an +already existing key, by selecting @kbd{2} and entering the so-called +keygrip. Running the command @samp{gpgsm --dump-secret-key USERID} +shows you this keygrip. Using @kbd{3} offers another menu to create a +certificate directly from a smart card based key. + +Let's continue: + +@cartouche +@example + Key length + [1] 1024 + [2] 2048 + Your selection: 1 + You selected: 1024 +@end example +@end cartouche + +The script offers two common key sizes. With the current setup of +CAcert, it does not make much sense to use a 2k key; their policies need +to be revised anyway (a CA root key valid for 30 years is not really +serious). + +@cartouche +@example + Key usage + [1] sign, encrypt + [2] sign + [3] encrypt + Your selection: 1 + You selected: sign, encrypt +@end example +@end cartouche + +We want to sign and encrypt using this key. This is just a suggestion +and the CA may actually assign other key capabilities. + +Now for some real data: + +@cartouche +@example + Name (DN) + > CN=kerckhoffs.g10code.com +@end example +@end cartouche + +This is the most important value for a server certificate. Enter here +the canonical name of your server machine. You may add other virtual +server names later. + +@cartouche +@example + E-Mail addresses (end with an empty line) + > +@end example +@end cartouche + +We don't need email addresses in a server certificate and CAcert would +anyway ignore such a request. Thus just hit enter. + +If you want to create a client certificate for email encryption, this +would be the place to enter your mail address +(e.g. @email{joe@@example.org}). You may enter as many addresses as you like, +however the CA may not accept them all or reject the entire request. + +@cartouche +@example + DNS Names (optional; end with an empty line) + > www.g10code.com + DNS Names (optional; end with an empty line) + > ftp.g10code.com + DNS Names (optional; end with an empty line) + > +@end example +@end cartouche + +Here I entered the names of the servers which actually run on the +machine given in the DN above. The browser will accept a certificate for +any of these names. As usual the CA must approve all of these names. + +@cartouche +@example + URIs (optional; end with an empty line) + > +@end example +@end cartouche + +It is possible to insert arbitrary URIs into a certificate; for a server +certificate this does not make sense. + +We have now entered all required information and @command{gpgsm} will +display what it has gathered and ask whether to create the certificate +request: + +@cartouche +@example + Parameters for certificate request to create: + 1 Key-Type: RSA + 2 Key-Length: 1024 + 3 Key-Usage: sign, encrypt + 4 Name-DN: CN=kerckhoffs.g10code.com + 5 Name-DNS: www.g10code.com + 6 Name-DNS: ftp.g10code.com + + Really create such a CSR? + [1] yes + [2] no + Your selection: 1 + You selected: yes +@end example +@end cartouche + +@command{gpgsm} will now start working on creating the request. As this +includes the creation of an RSA key it may take a while. During this +time you will be asked 3 times for a passphrase to protect the created +private key on your system. A pop up window will appear to ask for +it. The first two prompts are for the new passphrase and for re-entering it; +the third one is required to actually create the certificate signing request. + +When it is ready, you should see the final notice: + +@cartouche +@example + gpgsm: certificate request created +@end example +@end cartouche + +Now, you may look at the created request: + +@cartouche +@example + $ cat a.p10 + -----BEGIN CERTIFICATE REQUEST----- + MIIBnzCCAQgCAQAwITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCB + nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVyg + HtB7kr+YISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlS + wFTALLX78GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkm + Bj5cNy+YMbGVldECAwEAAaA+MDwGCSqGSIb3DQEJDjEvMC0wKwYDVR0RBCQwIoIP + d3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5jb20wDQYJKoZIhvcNAQEFBQAD + gYEAzBRIi8KTfKyebOlMtDN6oDYBOv+r9A4w3u/Z1ikjffaiN1Bmd2o9Ez9KXKHA + IezLeSEA/rGUPN5Ur5qIJnRNQ8xrS+iLftr8msWQSZppVnA/vnqMrtqBUpitqAr0 + eYBmt1Uem2Y3UFABrKPglv2xzgGkrKX6AqmFoOnJWQ0QcTw= + -----END CERTIFICATE REQUEST----- + $ +@end example +@end cartouche + +You may now proceed by logging into your account at the CAcert website, +choose @code{Server Certificates - New}, check @code{sign by class 3 root +certificate}, paste the above request block into the text field and +click on @code{Submit}. + +If everything works out fine, a certificate will be shown. Now run + +@cartouche +@example +$ gpgsm --import +@end example +@end cartouche + +and paste the certificate from the CAcert page into your terminal +followed by a Ctrl-D + +@cartouche +@example + -----BEGIN CERTIFICATE----- + MIIEIjCCAgqgAwIBAgIBTDANBgkqhkiG9w0BAQQFADBUMRQwEgYDVQQKEwtDQWNl + cnQgSW5jLjEeMBwGA1UECxMVaHR0cDovL3d3dy5DQWNlcnQub3JnMRwwGgYDVQQD + ExNDQWNlcnQgQ2xhc3MgMyBSb290MB4XDTA1MTAyODE2MjA1MVoXDTA3MTAyODE2 + MjA1MVowITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCBnzANBgkq + hkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVygHtB7kr+Y + ISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlSwFTALLX7 + 8GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkmBj5cNy+Y + MbGVldECAwEAAaOBtTCBsjAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUF + BwMCBggrBgEFBQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMAsGA1UdDwQEAwIF + oDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2Vy + dC5vcmcwKwYDVR0RBCQwIoIPd3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5j + b20wDQYJKoZIhvcNAQEEBQADggIBAAj5XAHCtzQR8PV6PkQBgZqUCbcfxGO/ZIp9 + aIT6J2z0Jo1OZI6KmConbqnZG9WyDlV5P7msQXW/Z9nBfoj4KSmNR8G/wtb8ClJn + W8s75+K3ZLq1UgEyxBDrS7GjtbVaj7gsfZsuiQzxmk9lbl1gbkpJ3VEMjwVCTMlM + fpjp8etyPhUZqOZaoKVaq//KTOsjhPMwz7TcfOkHvXketPrWTcefJQU7NKLH16D3 + mZAwnBxp3P51H6E6VG8AoJO8xCBuVwsbXKEf/FW+tmKG9pog6CaZQ9WibROTtnKj + NJjSBsrUk5C+JowO/EyZRGm6R1tlok8iFXj+2aimyeBqDcxozNmFgh9F3S5u0wK0 + 6cfYgkPVMHxgwV3f3Qh+tJkgLExN7KfO9hvpZqAh+CLQtxVmvpxEVEXKR6nwBI5U + BaseulvVy3wUfg2daPkG17kDDBzQlsWC0BRF8anH+FWSrvseC3nS0a9g3sXF1Ic3 + gIqeAMhkant1Ac3RR6YCWtJKr2rcQNdDAxXK35/gUSQNCi9dclEzoOgjziuA1Mha + 94jYcvGKcwThn0iITVS5hOsCfaySBLxTzfIruLbPxXlpWuCW/6I/7YyivppKgEZU + rUTFlNElRXCwIl0YcJkIaYYqWf7+A/aqYJCi8+51usZwMy3Jsq3hJ6MA3h1BgwZs + Rtct3tIX + -----END CERTIFICATE----- + gpgsm: issuer certificate (#/CN=CAcert Class 3 Ro[...]) not found + gpgsm: certificate imported + + gpgsm: total number processed: 1 + gpgsm: imported: 1 +@end example +@end cartouche + +gpgsm tells you that it has imported the certificate. It is now +associated with the key you used when creating the request. The root +certificate has not been found, so you may want to import it from the +CACert website. + +To see the content of your certificate, you may now enter: + +@cartouche +@example + $ gpgsm -K kerckhoffs.g10code.com + /home/foo/.gnupg/pubring.kbx + --------------------------- + Serial number: 4C + Issuer: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.[...] + Subject: /CN=kerckhoffs.g10code.com + aka: (dns-name www.g10code.com) + aka: (dns-name ftp.g10code.com) + validity: 2005-10-28 16:20:51 through 2007-10-28 16:20:51 + key type: 1024 bit RSA + key usage: digitalSignature keyEncipherment + ext key usage: clientAuth (suggested), serverAuth (suggested), [...] + fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:19:D8:E9:65:B9:BD:4F:B1:98:CC:57 +@end example +@end cartouche + +I used @option{-K} above because this will only list certificates for +which a private key is available. To see more details, you may use +@option{--dump-secret-keys} instead of @option{-K}. + + +To make actual use of the certificate you need to install it on your +server. Server software usually expects a PKCS\#12 file with key and +certificate. To create such a file, run: + +@cartouche +@example + $ gpgsm --export-secret-key-p12 -a >kerckhoffs-cert.pem +@end example +@end cartouche + +You will be asked for the passphrase as well as for a new passphrase to +be used to protect the PKCS\#12 file. The file now contains the +certificate as well as the private key: + +@cartouche +@example + $ cat kerckhoffs-cert.pem + Issuer ...: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.CA[...] + Serial ...: 4C + Subject ..: /CN=kerckhoffs.g10code.com + aka ..: (dns-name www.g10code.com) + aka ..: (dns-name ftp.g10code.com) + + -----BEGIN PKCS12----- + MIIHlwIBAzCCB5AGCSqGSIb37QdHAaCCB4EEggd9MIIHeTk1BJ8GCSqGSIb3DQEu + [...many more lines...] + -----END PKCS12----- + $ +@end example +@end cartouche + +Copy this file in a secure way to the server, install it there and +delete the file then. You may export the file again at any time as long +as it is available in GnuPG's private key database. + + diff --git a/doc/howtos.texi b/doc/howtos.texi new file mode 100644 index 0000000..bd48de0 --- /dev/null +++ b/doc/howtos.texi @@ -0,0 +1,15 @@ +@c Copyright (C) 2007 Free Software Foundation, Inc. +@c This is part of the GnuPG manual. +@c For copying conditions, see the file gnupg.texi. + +@node Howtos +@chapter How to do certain things + +This is a collection of small howto documents. + +@menu +* Howto Create a Server Cert:: Creating a TLS server certificate. +@end menu + + +@include howto-create-a-server-cert.texi diff --git a/doc/instguide.texi b/doc/instguide.texi new file mode 100644 index 0000000..d6815e2 --- /dev/null +++ b/doc/instguide.texi @@ -0,0 +1,91 @@ +@c instguide.texi - Installation guide for GnuPG +@c Copyright (C) 2006 Free Software Foundation, Inc. +@c This is part of the GnuPG manual. +@c For copying conditions, see the file gnupg.texi. + +@node Installation +@chapter A short installation guide. + +Unfortunately the installation guide has not been finished in time. +Instead of delaying the release of GnuPG 2.0 even further, I decided to +release without that guide. The chapter on gpg-agent and gpgsm do +include brief information on how to set up the whole thing. Please +watch the GnuPG website for updates of the documentation. In the +meantime you may search the GnuPG mailing list archives or ask on the +gnupg-users mailing listsfor advise on how to solve problems or how to +get that whole thing up and running. + +** Building the software + +Building the software is decribed in the file @file{INSTALL}. Given +that you are already reading this documentation we can only give some +extra hints + +To comply with the rules on GNU systems you should have build time +configured @command{dirmngr} using: + +@example +./configure --sysconfdir=/etc --localstatedir=/var +@end example + +This is to make sure that system wide configuration files are searched +in the directory @file{/etc/gnupg} and variable data below @file{/var}; +the default would be to also install them below @file{/usr/local} where +the binaries get installed. If you selected to use the +@option{--prefix=/} you obviously don't need those option as they are +the default then. + + + +** Explain how to setup a root CA key as trusted + + +Such questions may also help to write a proper installation guide. + +[to be written] + + +XXX Tell how to setup the system, install certificates, how dirmngr relates +to GnuPG etc. + +** Explain how to setup a root CA key as trusted + +X.509 is based on a hierarchical key infrastructure. At the root of the +tree a trusted anchor (root certificate) is required. There are usually +no other means of verifying whether this root certificate is trustworthy +than looking it up in a list. GnuPG uses a file (@file{trustlist.txt}) +to keep track of all root certificates it knows about. There are 3 ways +to get certificates into this list: + +@itemize +@item +Use the list which comes with GnuPG. However this list only +contains a few root certificates. Most installations will need more. + +@item +Let @command{gpgsm} ask you whether you want to insert a new root +certificate. To enable this feature you need to set the option +@option{allow-mark-trusted} into @file{gpg-agent.conf}. In general it +is not a good idea to do it this way. Checking whether a root +certificate is really trustworthy requires decisions, which casual +users are not up to. Thus, by default this option is not enabled. + +@item +Manually maintain the list of trusted root certificates. For a multi +user installation this can be done once for all users on a machine. +Specific changes on a per-user base are also possible. +@end itemize + +XXX decribe how to maintain trustlist.txt and /etc/gnupg/trustlist.txt. + + +** How to get the ssh support running + +XXX How to use the ssh support. + + +@section Installation Overview + +XXXX + + diff --git a/doc/opt-homedir.texi b/doc/opt-homedir.texi new file mode 100644 index 0000000..e382f63 --- /dev/null +++ b/doc/opt-homedir.texi @@ -0,0 +1,10 @@ +@c This option is included at several places. +@item --homedir @var{dir} +@opindex homedir +Set the name of the home directory to @var{dir}. If this option is not +used, the home directory defaults to @file{~/.gnupg}. It is only +recognized when given on the command line. It also overrides any home +directory stated through the environment variable @env{GNUPGHOME} or +(on W32 systems) by means of the Registry entry +@var{HKCU\Software\GNU\GnuPG:HomeDir}. + diff --git a/doc/qualified.txt b/doc/qualified.txt new file mode 100644 index 0000000..c0e4da5 --- /dev/null +++ b/doc/qualified.txt @@ -0,0 +1,243 @@ +# This is the list of root certificates used for qualified +# certificates. They are defined as certificates capable of creating +# legally binding signatures in the same way as a handwritten +# signatures are. Comments like this one and empty lines are allowed +# Lines do have a length limit but this is not a serious limitation as +# the format of the entries is fixed and checked by gpgsm: A +# non-comment line starts with optional whitespaces, followed by +# exactly 40 hex character, whitespace and a lowercased 2 letter +# country code. Additional data delimited with by a whitespace is +# current ignored but might late be used for other purposes. +# +# Note: The subversion copy of this file carries a gpg:signature +# property with its OpenPGP signature. Check this signature before +# adding entries: +# svn pg gpg:signature qualified.txt | gpg --verify - qualified.txt +# to create a new signature: +# f=qualified.txt; gpg -sba $f && svn ps gpg:signature -F $f.asc $f + +#******************************************* +# +# Belgium +# +# Need to figure out a reliable source. +#******************************************* + + + +#******************************************* +# +# Germany +# +# The information for Germany is available +# at http://www.bundesnetzagentur.de +#******************************************* + +#Serial number: 32D18D +# Issuer: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde +# fÈur Telekommunikation und Post/C=DE +# Subject: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde +# fÈur Telekommunikation und Post/C=DE +# validity: 2001-02-01 09:52:17 through 2005-06-01 09:52:17 +# key type: 1024 bit RSA +# key usage: certSign crlSign +#[checked: 2005-11-14] +EA:8D:99:DD:36:AA:2D:07:1A:3C:7B:69:00:9E:51:B9:4A:2E:E7:60 de + + +#Serial number: 00C48C8D +# Issuer: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde +# fÈur Telekommunikation und Post/C=DE +# Subject: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde +# fÈur Telekommunikation und Post/C=DE +# validity: 2001-10-15 11:15:15 through 2006-02-15 11:15:15 +# key type: 1024 bit RSA +# key usage: certSign crlSign +#[checked: 2005-11-14] +DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B de + + +#Serial number: 01 +# Issuer: /CN=8R-CA 1:PN/O=Regulierungsbehörde für +# Telekommunikation und Post/C=DE +# Subject: /CN=8R-CA 1:PN/O=Regulierungsbehörde für +# Telekommunikation und Post/C=DE +# validity: 2004-11-25 14:10:37 through 2007-12-31 14:04:03 +# key type: 1024 bit RSA +# key usage: certSign +# policies: 1.3.36.8.1.1:N: +# chain length: unlimited +#[checked: 2005-11-14] +42:6A:F6:78:30:E9:CE:24:5B:EF:41:A2:C1:A8:51:DA:C5:0A:6D:F5 de + + +#Serial number: 02 +# Issuer: /CN=9R-CA 1:PN/O=Regulierungsbehörde für +# Telekommunikation und Post/C=DE +# Subject: /CN=9R-CA 1:PN/O=Regulierungsbehörde für +# Telekommunikation und Post/C=DE +# validity: 2004-11-25 14:59:11 through 2007-12-31 14:56:59 +# key type: 1024 bit RSA +# key usage: certSign +# policies: 1.3.36.8.1.1:N: +# chain length: unlimited +#[checked: 2005-11-14] +75:9A:4A:CE:7C:DA:7E:89:1B:B2:72:4B:E3:76:EA:47:3A:96:97:24 de + + +#Serial number: 2A +# Issuer: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE +# Subject: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE +# validity: 2005-08-03 15:30:36 through 2007-12-31 15:09:23 +# key type: 1024 bit RSA +# key usage: certSign +# policies: 1.3.36.8.1.1:N: +# chain length: unlimited +#[checked: 2005-11-14] +31:C9:D2:E6:31:4D:0B:CC:2C:1A:45:00:A6:6B:97:98:27:18:8E:CD de + + +#Serial number: 2D +# Issuer: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE +# Subject: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE +# validity: 2005-08-03 18:09:49 through 2007-12-31 18:04:28 +# key type: 1024 bit RSA +# key usage: certSign +# policies: 1.3.36.8.1.1:N: +# chain length: unlimited +#[checked: 2005-11-14] +A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D de + + +# ID: 0x5B4757B0 +# S/N: 0139 +# Issuer: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE +# Subject: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE +# validity: 2007-05-25 11:01:44 through 2012-05-25 10:56:07 +# key type: 2048 bit RSA +# key usage: certSign +# policies: 1.3.36.8.1.1:N: +# chain length: unlimited +# [checked: 2008-06-25] +44:7E:D4:E3:9A:D7:92:E2:07:FA:53:1A:2E:F5:B8:02:5B:47:57:B0 de + +# ID: 0x46A2CC8A +# S/N: 013C +# Issuer: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE +# Subject: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE +# validity: 2007-05-29 11:02:37 through 2012-05-29 10:55:54 +# key type: 2048 bit RSA +# key usage: certSign +# policies: 1.3.36.8.1.1:N: +# chain length: unlimited +# [checked: 2008-06-25] +AC:A7:BE:45:1F:A6:BF:09:F2:D1:3F:08:7B:BC:EB:7F:46:A2:CC:8A de + + +# +# D-Trust root certificates. Probably by shifting a lot of Euros to +# laywer companies, German CAs achieved to get the permission to +# create their own legally binding root certificates - independent of +# the Bundesnetzagentur. The main problem with this is that it is +# hard to figure out what qualified root certificates are actually +# active. There is now no way to be sure whether a signature is a +# qualified one. A pettifogger's way of validating certificates. +# + +#Serial number: 00B95F +# Issuer: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE +# Subject: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE +# aka: info@d-trust.net +# aka: (uri http://www.d-trust.net) +# validity: 2006-04-27 12:40:54 through 2011-04-27 12:40:54 +# key type: 2048 bit RSA +# key usage: certSign crlSign +# policies: 1.3.6.1.4.1.4788.2.30.1:N: +# chain length: unlimited +#[checked: 2007-01-31 by phone 030-259391-0 and callback by Mrs. Enke] +E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:37:23:96:B1:4A:2E:5C de + + +#Serial number: 00B960 +# Issuer: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE +# Subject: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE +# aka: info@d-trust.net +# aka: (uri http://www.d-trust.net) +# validity: 2006-04-27 12:40:54 through 2011-04-27 12:40:54 +# key type: 2048 bit RSA +# key usage: certSign crlSign +# policies: 1.3.6.1.4.1.4788.2.30.1:N: +# chain length: unlimited +#[checked: 2007-01-31 by phone 030-259391-0 and callback by Mrs. Enke] +98:2A:75:67:0F:F8:28:4A:94:E0:9D:23:D8:E7:62:C8:BD:A4:54:04 de + + +# +# S-Trust root certificates. +# + +#Serial number: 00DF749F80AA51F0EDC0CB1FC183E97EE2 +# Issuer: /CN=S-TRUST Qualified Root CA 2006-001:PN +# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart +# /ST=Baden-Wuerttemberg (BW)/C=DE +# Subject: /CN=S-TRUST Qualified Root CA 2006-001:PN +# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart +# /ST=Baden-Wuerttemberg (BW)/C=DE +# validity: 2006-01-01 00:00:00 through 2010-12-30 23:59:59 +# key type: 2048 bit RSA +# key usage: certSign crlSign +# chain length: 1 +#[checked: 2007-01-31 by phone 0711-782-0 Mr. Brommer] +7D:DC:76:1C:FD:AF:4C:E0:3A:B5:3A:DD:C9:FA:13:35:19:A3:DE:C9 de + +#Serial number: 00BC098E0402E92956B8D7DE74977E26F7 +# Issuer: /CN=S-TRUST Qualified Root CA 2007-001:PN +# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart +# /ST=Baden-Wuerttemberg (BW)/C=DE +# Subject: /CN=S-TRUST Qualified Root CA 2007-001:PN +# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart +# /ST=Baden-Wuerttemberg (BW)/C=DE +# validity: 2007-01-01 00:00:00 through 2011-12-30 23:59:59 +# key type: 2048 bit RSA +# key usage: certSign crlSign +# chain length: 1 +#[checked: 2007-01-31 by phone 0711-782-0 Mr. Brommer] +7A:3C:1B:60:2E:BD:A4:A1:E0:EB:AD:7A:BA:4F:D1:43:69:A9:39:FC de + + +# ID: 0xA8FEA3CA +# S/N: 00B3963E0E6C2D65125853E970665402E5 +# Issuer: /CN=S-TRUST Qualified Root CA 2008-001:PN +# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE +# Subject: /CN=S-TRUST Qualified Root CA 2008-001:PN +# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE +# validity: 2008-01-01 00:00:00 through 2012-12-30 23:59:59 +# key type: 2048 bit RSA +# key usage: certSign crlSign +# chain length: 1 +#[checked: 2007-12-13 via received ZIP file with qualified signature from +# /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag +# /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg] +C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA de + +# ID: 0x3A7D979B +# S/N: 00C4216083F35C54F67B09A80C3C55FE7D +# Issuer: /CN=S-TRUST Qualified Root CA 2008-002:PN +# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE +# Subject: /CN=S-TRUST Qualified Root CA 2008-002:PN +# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE +# validity: 2008-01-01 00:00:00 through 2012-12-30 23:59:59 +# key type: 2048 bit RSA +# key usage: certSign crlSign +# chain length: 1 +#[checked: 2007-12-13 via received ZIP file with qualified signature from +# /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag +# /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg"] +D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B de + + +#******************************************* +# +# End of file +# +#******************************************* diff --git a/doc/samplekeys.asc b/doc/samplekeys.asc new file mode 100644 index 0000000..34eea8d --- /dev/null +++ b/doc/samplekeys.asc @@ -0,0 +1,939 @@ + pub 2048D/1E42B367 2007-12-31 [expires: 2018-12-31] + uid Werner Koch <wk@gnupg.org> + uid Werner Koch <wk@g10code.com> + sub 1024D/77F95F95 2011-11-02 + sub 2048R/C193565B 2011-11-07 [expires: 2013-12-31] + + pub 4096R/99242560 2002-01-28 + uid David M. Shaw <dshaw@jabberwocky.com> + + pub 1024D/87978569 1999-05-13 + uid Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de> + uid Marcus Brinkmann + uid Marcus Brinkmann <brinkmd@debian.org> + uid Marcus Brinkmann <mb@g10code.de> + uid Marcus Brinkmann <mb@g10code.com> + sub 2048g/C3AF90C1 1999-05-13 + sub 1024R/08AEA692 2006-04-14 + sub 1024R/FCD2A293 2006-04-14 + sub 1024R/233A942F 2006-04-14 + + pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] + uid Werner Koch (dist sig) + sub 2048R/AC87C71A 2011-01-12 [expires: 2019-12-31] + + pub 1024D/5B0358A2 1999-03-15 [expired: 2011-07-11] + uid Werner Koch <wk@gnupg.org> + uid Werner Koch <wk@g10code.com> + uid Werner Koch + uid Werner Koch <werner@fsfe.org> + + pub 1024D/57548DCD 1998-07-07 [expired: 2005-12-31] + uid Werner Koch (gnupg sig) <dd9jn@gnu.org> + + pub 1024D/B2D7795E 2001-01-04 + uid Philip R. Zimmermann <prz@mit.edu> + uid Philip R. Zimmermann <prz@acm.org> + uid [jpeg image of size 3369] + uid [jpeg image of size 3457] + uid Philip R. Zimmermann <prz@philzimmermann.com> + sub 3072g/A8E92834 2001-01-04 + + pub 1024R/1CE0C630 2006-01-01 [expired: 2011-06-30] + uid Werner Koch (dist sig) <dd9jn@gnu.org> + + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.11 (GNU/Linux) + +mQGiBDWiHh4RBAD+l0rg5p9rW4M3sKvmeyzhs2mDxhRKDTVVUnTwpMIR2kIA9pT4 +3No/coPajDvhZTaDM/vSz25IZDZWJ7gEu86RpoEdtr/eK8GuDcgsWvFs5+YpCDwW +G2dx39ME7DN+SRvEE1xUm4E9G2Nnd2UNtLgg82wgi/ZK4Ih9CYDyo0a9awCgisn3 +RvZ/MREJmQq1+SjJgDx+c2sEAOEnxGYisqIKcOTdPOTTie7o7x+nem2uac7uOW68 +N+wRWxhGPIxsOdueMIa7U94Wg/Ydn4f2WngJpBvKNaHYmW8j1Q5zvZXXpIWRXSvy +TR641BceGHNdYiR/PiDBJsGQ3ac7n7pwhV4qex3IViRDJWz5Dzr88x+Oju63KtxY +urUIBACi7d1rUlHr4ok7iBRlWHYXU2hpUIQ8C+UOE1XXT+HB7mZLSRONQnWMyXnq +bAAW+EUUX2xpb54CevAg4eOilt0es8GZMmU6c0wdUsnMWWqOKHBFFlDIvyI27aZ9 +quf0yvby63kFCanQKc0QnqGXQKzuXbFqBYW2UQrYgjXji8rd8bQnV2VybmVyIEtv +Y2ggKGdudXBnIHNpZykgPGRkOWpuQGdudS5vcmc+iGEEExECACECF4AFCQ4Uh/0F +AkG8aF4GCwkIBwMCAxUCAwMWAgECHgEACgkQaLeriVdUjc0EkwCfTXfXdqDS2COs +ZRm0OUphuY0h4x4AnRSlWyPGnKUFxKOw8TwwCSLsdvZHmQGiBDbtSOkRBACURhKn +GIFyXIeX61GAY9hJA5FgG4UalV55ohdz4whBgDzDGLE3XYlO8HCn4ggKilll6MOw +Y0yZeg6PEU9Y3SqTzpQSV6qj2M7MgcS8xOpi6bNCu0iyZUik0KklUXMdI8e/CVmB +pQJT9CofbD1dsP6z4dC6z3jil0+5Wbfw6yIXzwCgy/7Fagq5mN0H760/JEiiXILS +1n0D/3H26lTaxo1vGput9Td1FQN7Vn6YDP0/To5ipsOODROV3zyUwF5QleY+8zTF +JA3qD5KxRfA726WELOF1mB6Mw44UdkPniOoGdMH5oSx6qnNnlVZBBu3U+e1qfQwL +QjHu0WX4Z2q00DKpWLThGv7Loh5NKi6OfTbMhfHoevCAzQnmA/wKc6J8GqthENTh +KXxZaei3Ep0t+PlBmbUzuAYCXZhI6/0KyD6emyQ7LYIaPv9qEfMkMLhxicG0v/AA +wOCBRKS3bkqc6wAYaO0bjUHJvem3HkWPux82t83+6YPyRnVjm/mwt0uEyKSvt7Md +2DVrO3lEcKRkRHiYuf0nonPhl5Rs5bQaV2VybmVyIEtvY2ggPHdrQGdudXBnLm9y +Zz6IawQTEQIAIwIXgAIZAQULBwoDAgMVAgMDFgIBAh4BBQJGtcWFBQkXLil/ABIH +ZUdQRwABAQkQXeJJllsDWKJBTACfQI8TnuVIxE88u2napOMyUfoWZSMAn2t47LUM +uyDEHRcYvEBiP/SRVvsrtBxXZXJuZXIgS29jaCA8d2tAZzEwY29kZS5jb20+iGME +ExECACMCGwMCHgECF4AFCwcKAwIDFQIDAxYCAQUCRrXFkQUJFy4pfwAKCRBd4kmW +WwNYomksAJ4q+Lv3fDvzDJl4JcOmzWHPsPg2QQCdHcj5DwCCM7YnRLiE58ApHdrg +11S0C1dlcm5lciBLb2NoiGMEExECABsDCwoDAxUDAgMWAgECF4AFAka1xZEFCRcu +KX8AEgdlR1BHAAEBCRBd4kmWWwNYokHUAKCKSLq+i1yHrG8ZXqJRk+d4SyanGwCe +KFwqqRr3tbae+m4iK+EcyY+BR2a0HVdlcm5lciBLb2NoIDx3ZXJuZXJAZnNmZS5v +cmc+iGMEExECACMCGwMCHgECF4AFCwcKAwIDFQIDAxYCAQUCRrXFkQUJFy4pfwAK +CRBd4kmWWwNYomC9AKCOTnRhGus67gV2k+8K2SwytYDqVQCfcaEJKu8EBd0sx3F0 +24GX/RNwnZq5AQsEQF3bKQEIANEoVLSVnD/YxrBL3s/edXK3YUX1dZvyyLtP0mCX +41EX3e6pQ4gLXmze7lJU9zB0iGgbTjBgodMsqHIECMWnhrN8uaIgEMOnfsNjdIC0 +lPpOyBQtH7IWRdtG+4g5Tk3/RbHOsroknCUVUTJo9fvOZZUowKP5IyPYWuaW25VL +RoJ/SKjef3ttQC+5Td2CNMWgepbjTXuyZ9sThUzCctiLf/VJL2zTKwozo/HnIQze +hCI5b/2lLjzBIV+zeVeLw3UGKSA91TkUUD7kEZJSHHIV/6Wp2PBwHIELstPd0KsV +5ZA4vRR5WHrAbjw7rePyO57uZ9Ob7nn25ecP8nrk+IdxlOcABimITwQYEQIADwUC +QF3bKQIbDAUJA1jvAAAKCRBd4kmWWwNYohLWAKCgnbPg6cDR1W3tkz894CwpcDQo +VQCfcBXfK5kpfhYfDk+d/mwuYXktSSW5AQsEQ7gWIgEIANFah4LB/iVUglBqEzvK +0VG88yuRJlDLTvb8jr/hA8qxocj4eegHw+NOYGnIEMsrxjo5/djWE1vvvF76baD7 +xar8FQoe9SLUX7HOzOmeLG0yv5A6LLpTuQIkDp8a+rSqbOtcZy/mteka9bDJl/KZ +MtbhfZYqA0vxuE4PLS4n1lH9+GMTuecgeAhuhKcEBQ8cKwj0EW6axtTwUqwokI4G +rOIcTIMduLHu4/oHJiyUfa1TD1Z1BTxjOjaZaiOCFemMTtRPS0BvhA1N3C6suCIQ +gfm6awzjd6WvX/ad3ToqKBBf41HgyrK1H7bwm0QQq9QvAlmmYTGzgH44HjHyX7ot +zT8ABimITwQYEQIADwUCQ7gWIgIbDAUJA8EVgAAKCRBd4kmWWwNYol3LAJ43JG07 +X/IjKI2Si1hF87nLfG4ehwCcDIDiNrFrvTaxGziI9H9ZYmQyASq5AaIER3ko1BEE +AITOSpTeW3g46dEaTnGDrre9/WrhXvHzL7kP1TpzYC4jig7C2t63xUgLCgmv17ie +C9j+VqiK6olGPIL8y5RdHjJgStNAL+psZ0kjx2yGACUpgDky49hRtfxWGuohJnBH +Upsp/2DGOCyL0nlzkvJRIVdIZAMgYYmnGu8atilHpHb/AKD/aYLuxeQfHRjylB8y +Od7iHEE7VwP/QSxhwtSQWXdgz/KyTwjAjN69JGNx6iUKrwNiPLphEufYi0EzdKkr +xltkTLuZYmd+yoxMKvoKHAOgLe+RcnF9ZZDc2XUjujIlu0lDIe0/2xUXJYQ3zKza +St1qbzuk414SzRjkisVUne/GuJNuM2wAwTSmeGXhO/fgc++1MiuLdr8D/j/T8lfN +S48czJ0eF+/VG2FG5l+JVucRbvmBWilVWFXWOTWyoFuqQ+8t6uHAdlyyxZlgt3rZ +WsU6r2vQ+ayELJ3nny4zZdxlBA8O2XbpV3fXf5NlUsZWY3/tifySOwHIQRvJX0NA +Sz2Ao4qXBKF7CM6sZzlbXja6XHZyUG5p3anAiJcEGBECAA8FAkd5KNQCGwIFCQah +TGwAUgkQXeJJllsDWKJHIAQZEQIABgUCR3ko1AAKCRDNP81ePVLCghD5AJ46ond0 +H0ny3nPQrXI5/CQxk12YzACfR+j9+k0y+vLYfzuDCWoSuLeWuvBYygCePPYlR8Tt +yegne86Z/xquxNFgFjsAoL6wDuo4gsI+6/bzSNlyrkUYmLO7uQENBEd5KWMBCADe +LY1DPSaB2NyWLeaLLTa1G0QTIXp2y6FpLvgC/PIzR8InRxNhkBDaswFBPuc/oASN +QCvXTCjFsgPvc1jS6UpTHY3NnZlxB6s5NbW1YDPQE1CklJ73uNU9r8aBxMhsrzoq +VO/PzLqUhcwWp/6sBjyFz5Zb+WNip4Id9J+ej537r2UJo/GiMh3JOWgp5/SqUTWz +wowtU111eROlURVh6wrG11ZbQqFo7qMY1lAut8Vt4vJxKvjTdlls7fhRfPwmcxBD +XxZycPOKO8VF3XJPI3bVxkoKFRuOJZK/fHnghgEYwrviKiG0vDISUOTqOE63haot +a72gUUlDTJGrorvNO8C/ABEBAAGITwQYEQIADwUCR3kpYwIbDAUJBp/6XQAKCRBd +4kmWWwNYohbBAKDA1ZUpbI3OWd+5Efnj482Urmv47gCgtXRryMuxJZ8MWhfBZ0Yq +vH7DeKC5AaIEQF3aTxEEAP9SgfIbIPL6BQ1nqoblsTYoiwWPL48uBZPjkDfy8XsV +R5V9aRQlggC4x4/MD3Ip5AUgReI7PcHnp4m3vcVLXPl+/7i7hAwd84iKzgN8I8VW +0EevflcNm7nbWEnpjaGxJWFbhSLI1DmqnafoU8nZgGp2QoE+flgGDd559C3SiHRT +AKDbqgS3EDhTbwfS+bAhW5Xi8/2CPwP9HueeuW9M/cyt8UvliLsj2eYMEIy7CeSL +O13XfnqCjcnHK+b59/ADd99dpMaq3gKj7Aj1RIsRV2qWDJpDNXVxP7Cy+FzxelQs +ytPQOV8H8AkB+RgmSyfxlNRUkC3sQU6jR9IwmPD4iB5fp/SqUpn++77TAArXqsfH +bmlnwcuU1EAD/i7CEhxLBYS1N77hwxL8DWCqjpi+1PKG+6dc0BQFIU3uUhbzLGfq +EobUDhveqgtlsvoEZ/lR8RgMv/uOjXEgiATQyTEa7s3M2vjXlpLjXjzklma3Lqmc +am3dEf/5OR02yZif6hPU/x8f/VQle0kKNKdOCV1+dlo8aJH2UIZRRIvtiJcEGBEC +AA8CGwIFCQcbVgAFAkR1rB0AUkcgBBkRAgAGBQJEdawTAAoJEGB4TpQBClft2RMA +n1XiL/bC9hByZInCJTaCd8WS8kYCAKCfpAWwLIxkfwAeD/RI+2p00nQfvAkQXeJJ +llsDWKKx7QCguc4/HiEs64Ey5p6Yihy67X8E0YsAnRXMFdXVP7ww8uldljPiD1Tg +yurpiEYEEBECAAYFAjc3I8UACgkQ9u7fIBhLxNmHZQCglWbPDznIcnOxdDW+k7Yg +A9+/n00An1ZjSiJipverUxLEFHAbSBWI0IntiEYEEBECAAYFAjc6+aMACgkQdQ9k +lcidkz6GiwCdGe0KSP/vSyEZM/GClQXvjMD4RvMAoJwyTIdcjPZbQizDeAO3btn2 +CCwTiEYEEBECAAYFAjgUDhkACgkQYAeQgHPH80+I2gCdHeTAPusmEfN2bdkijpW1 +gpxBvGoAn1kzL7Mg7tC4pqlqw2fV3kRUy1a5iEYEEBECAAYFAjgqYh4ACgkQ4/JY +VBKPDnkPkACgmzk7HMlJ1h0qw6OHyMtDE4RI4ToAni+Cm+01pHfzh0EnFQTvLE1M +9PtoiEYEEBECAAYFAjnKOw4ACgkQK7tDpvCerwquXwCfbW9xGF2AHQakBPakh61x +KmC8WEEAn3TytfY5qrTjxIj2HZFKN5QuQpYSiEYEEBECAAYFAjnKiy8ACgkQF6ZB +bfeUj9ombQCfYQYxpipdMGBxbNd8jbL9RDmH3nMAoITmZnDJwXzpHNuSLY8o3c5Y +hHXziEYEEBECAAYFAjnKnXcACgkQNfZhfFE679le7gCggQjsjFhjaIO1lWHfPusn +0dqdhRYAn3rOW0XSeh64V9o+VItH2LZngmNAiEYEEBECAAYFAjnLMigACgkQUaz2 +rXW+gJcIVgCfRRq0G2fCcZOFoey9uZGAkWctKsQAoLw6lUhdeZDgULrDC7OQRIk7 +CnMtiEYEEBECAAYFAjnPp1IACgkQkVrMRaj0wv0IqwCfWGMeiZ58ysuZCAP9IsX3 +aKcSPtcAoJno1COOjAMhoWjUiHctgLZX9+gTiEYEEBECAAYFAjnQ39UACgkQbyOL +wk/aWgxfIwCfb/GeMAD8w84hq5/aUQMCvVqUYqAAn07SKuWYsZLEUuPWIgYY0yoB +yJxviEYEEBECAAYFAjnSCrEACgkQv+EgZWshSJq8jACfdf20dqs3IWOPHgFMdYb5 +VF+WkJUAn05quvyHB3Xug8csxWg6RwSfQBTBiEYEEBECAAYFAjpMy0UACgkQ7UaB +yb89+bRUrQCg6aozpYiCEDPVAHe54/8/q48FLP8AniviG9fjxInPaSKB+LXRmQjc +2jLZiEYEEBECAAYFAjqJgd8ACgkQYogE2yD8bPYGagCggMsqGJN61JuOQkY5MiKb +4UPQpBwAniNYwQb+hlEzJF7qnPECh0MAxq8OiEYEEBECAAYFAjrBCNQACgkQt1an +jIgqbEu30gCdEsSeFtJ5KziD5l/CvAhVZt9lnQUAnRrmbV8HkndXp3+DNoREgscZ +k/rliEYEEBECAAYFAjrB0SkACgkQ0vCiU5+ISsiPkgCeOFayt7NkcymwTC2UKNjj +yukNDvAAoLq/bOTNZECtztYIMDQ2VrzZ3m6KiEYEEBECAAYFAjr1eYsACgkQ7A6v +cTZ3gCXdrQCgllIx6G2DkKSGKBhYCgsyywFBXLUAn2PJGrCOov0LS8jCMD2Xo4T7 +qfsjiEYEEBECAAYFAjr1mwEACgkQLBigKrTF83+E4ACffa4yaJ6Pj4uFZY7dVuiO +fkuoTE8AniIdw0DVkHBuxlNp9PAglhztyE+oiEYEEBECAAYFAjtFbTsACgkQ53Xj +JNtBs4ex3wCfXLPNscM4Uxtmy0/t5Ygg9lDWEQAAnR39P9eJtEeBtMPfbEGYc10A +BqjkiEYEEBECAAYFAjtF2QAACgkQI/q1+wgWzBuJgACeIak+A98IheVSowXG4J6j +zBA439MAn2IFA8EB/EkQ1rn7OEmFNX++PNZyiEYEEBECAAYFAjtF8RYACgkQJ4bC +RH+KQBfSwgCaAvm7pL+LioYj/oKDBQ1pJAj+UqMAn10W8RKrYblMZ4L11R2TO9xO +vFn6iEYEEBECAAYFAjtIDxYACgkQBgac8paUV/DLWACgifbHtSi50JxmSr18Wofe +VcVcAXUAoJs99aH6/t9gkO34ajXjiIQxc0qMiEYEEBECAAYFAjtIJ18ACgkQ11ld +N0tyliUx5gCggbhG1uzvdgHNY8oCt4cc6TfHUREAoJuRw8q2kbztnt8TQ4mjiTIN +cBXziEYEEBECAAYFAjtJwaAACgkQUI/TY7yTaDkPjgCcDSJQUZBBP/5OvW48Q3BU +kUkRSQkAn1Mjqe4WTFEEA8HK5h+KDcqR0aZIiEYEEBECAAYFAjtKFVcACgkQliSD +4VZixzSYCgCeJpt98LMq02q9W1bK5iPUvCkcsSYAn1dqFcoXctXVnMj53z8zfAaW +0BcwiEYEEBECAAYFAjtLFwcACgkQDqdWtRRIQ/XMGQCdH1u9tmtUYY3ExVLdT/H2 +IIQCU3MAoI69Y4Z17RDh4Bj2gmJwmEAmfDwbiEYEEBECAAYFAjtMF8oACgkQ1w1f +WGA80Hj2mwCfazudYZSMmQWO85xZvg0uTB3rhZQAn3DSyrvXxIpmv0CcnBtUQu5N +21kSiEYEEBECAAYFAjtRuWUACgkQ5DsVPMtGficbLACeNpRJOS9AZ7q7bhX2sBJg +lKLloTsAoLm5FTnY6iAySfPZZlwAVeE6zMJwiEYEEBECAAYFAjtSxD8ACgkQO/YJ +xouvzb1F7ACfVp8vhxAWCeRZN3InlvYLrxFTng4An1QO6+D3QUjX+0YRNZ3tpZDT +Sd6QiEYEEBECAAYFAjtXQl8ACgkQeRYvNvf2qtklNwCfcg4Tss3C9Nf6NiyOAHhX +O4JLhtkAn055IHb4i2IO5TQLSQi0tk4ktZVfiEYEEBECAAYFAjtnOlkACgkQwAsN +NiHlPr2cagCg07IN1/MaXn+8yd4Ncp9/723gEBgAnjNCoGAAccbvCCVE29sXBNAv +Uo8MiEYEEBECAAYFAjuYRI4ACgkQkC29kYw4qQpqwACfcyB4krJFqyeHoKzRYDqW +8JDUdvcAn2pa3UDeKM7FVe8LgCQyz0McM4JqiEYEEBECAAYFAjwH+10ACgkQ2tKw +XV88MYVF8gCeMoYaFN7v/VDmuYt+G1BXDxzcuusAnR8fAcIyBjSffB0yEIwaA7O9 +X7ZxiEYEEBECAAYFAjwIEdIACgkQaliC34RARgJ9zgCfS1K0bROVSB+9wX4g+xEE +0phEAToAn3etSLME5hzsisIRMjUsGbBDe7+aiEYEEBECAAYFAjwjtVQACgkQRHJT +9Ar9DKjv+QCbBE3lRMzyKxTbPUd9v+nB8EVqv4cAn0DxPkAIkuriAuwtOjCypTDN +ydyxiEYEEBECAAYFAjxdq0AACgkQ7vDbNLMhJgNwvwCeMc0QmOS0ctJOX1J9a3DW +kMyUdf4An3iIslZ7stkMOi1VdyE5fR2YDvNFiEYEEBECAAYFAjxw4+MACgkQGM0l +pSLzivNlngCeLdkkRkcyHVKttl6Z9IQExE+gaNsAnRko+7BQOu5jXMfGarg1rE2z +DhsFiEYEEBECAAYFAjxxJxIACgkQscRzFz57S3PkJwCg3qepdTsiNKuGYC6a1RlJ +ZTBqkiEAn2G6ypvCpWAL43LWbMbyyf/rYxSoiEYEEBECAAYFAjxxQYIACgkQOhqm +NZCaVAYvbACgz9mXzo/nC64mx03IFgL8oFuBAhIAoL91NILXxGYrkaOnM+2Ci20U +vA3ZiEYEEBECAAYFAjxzeIMACgkQo+C50no0+t5J7QCgpSCgGQ8eMefvsDsF0DlE +ZzuAHNoAoK1TFwuK7ZowUQJyWp1tKDtNDbx3iEYEEBECAAYFAjx+gfMACgkQjjtz +nt0rzJ3/dgCgnDMnLna3yPskxeVf32wDbTHLxf0AnjWCw4lfYauS0LumGv9uHN9P +aErhiEYEEBECAAYFAjyAY8EACgkQ14NrbAzZIOdEPgCgt5DiZfRFkvzAPecRDCIp +3pOdUwkAnjj1CDE+Kzg2RiK9Z73QM8B0J4driEYEEBECAAYFAjyBd5kACgkQ/3vb +rZlD49+lmwCfS9apz+gEHsRV6ELS4NtCLvrJsRkAn3AexpisdP+8KwolieJwaVPi +tN2giEYEEBECAAYFAjyMzCQACgkQhbmQdcKRDkGoiACaAqrwXn6kf3aD7wss1rgQ +mrCtJKIAoIU6uifoxBubp2+YjW6kjbnkFMD0iEYEEBECAAYFAjyXNDoACgkQoegC +cNp0M5aGrgCeLBRQ8CAVzPO8OTz2TMFqYLIbFrcAoK2qJqojmF2+THtFCHz0hhiB +AekNiEYEEBECAAYFAjyXNjgACgkQg2i7WWb7wYxzxwCfcrZ5yTwjn9Sh1S/yL3MB +KBs8uxUAn0pC4GgIsbbaxcf1QA5AYwFiPcPEiEYEEBECAAYFAjyxODEACgkQJXt5 +TsZsoD0pVgCfTIJ88OFNFlnUFoNZemDdbd4ZqEsAn1y5ZyCl5SYkqFTGiVtkgtII +EhK7iEYEEBECAAYFAjyxguAACgkQeuuK7Uc6ScnBgACfUlQrrDUb78b93JEvThA/ +f1ZankIAni448ZxagzPjnj/vH33yK14agnq0iEYEEBECAAYFAjyxj4MACgkQocWS +fM5dzg4qigCdHrjYquNu2aphWggG5E0G6zCW5MEAn1NQJmKkTEUsbanbVOBx1G5w +vYkeiEYEEBECAAYFAjyyhzsACgkQVlEzpFDUq7k99gCeMJc5KvC2gAHgCVjv6Hn7 +AKgY+rMAnRFIrjunb1Sh77542URoWAVmuPN0iEYEEBECAAYFAjzyIFQACgkQX180 +7qC7Pev9PgCfcW15D2cS4UTkn11BSqn+pgrA4KIAoKzLDc78X3OFDzVXTOvk8V89 +OshGiEYEEBECAAYFAj1uHIwACgkQKMb1a4F8NWhPPQCaAprFvggEHBTVR+KWzm0Z +3l9ijLIAnAw2QtJ1Mlnz0ctNwSJwORM87/ARiEYEEBECAAYFAj2ERksACgkQ1Dyz +BZX+yjSzyACgjUKL3CH2UYciEAarZU9H0ZYIIWQAnA6I1aJ0FgWiF2bd/jgWaBL2 +jtd4iEYEEBECAAYFAj2F5U4ACgkQdZc6ENbQhKbt/gCfblKSqJohqhaFawtXPs8T +X1UqY/sAnjqwumhFN4YAAez36gItTB9BxcmJiEYEEBECAAYFAj43BmIACgkQkQgh +ntzeiQqeGACfSyyIi1vPniQOq8xLfgjDxFkkVEYAoJSFbH8uhrwBMa8aOIRkjN9u +RdY2iEYEEBECAAYFAj+Q/gMACgkQdt8qX2QD4/2lhwCgnv3QSQPCGbmTI67mtAxl +9d4rZ4UAn1WXmoSknE2WYeqRUb6d4wAhG/jViEYEEBECAAYFAkCnUpQACgkQt+hx +Iz4tn22gnwCfTWoR3vhEv0yp1Ks/vz7jow0Tw6QAn3YXgQn0DS9/9u7AyG5gjh18 +VLtuiEYEEBECAAYFAkCnUqEACgkQt+hxIz4tn22dOACgjeYArERuayyqZmozCahs +gUyPihMAn0PkgZDTwKgSw690xdLuR2rWJrPQiEYEEBECAAYFAkGD05gACgkQ9oi/ +YaVie2EkhgCg582nMvFSTXDb/PdF0+kZTBQTCGQAmwSEka7EMzOzoCxEefZd+GQm +EdcXiEYEEBECAAYFAkGGD60ACgkQ6gnEQD//YGyIWQCgruyF9KSG2GuqPVQIsizC +CV8rjPcAnRQsBzfw9QLM960FP64YWUCqhYkYiEYEEhECAAYFAj0EW94ACgkQj/Ea +xd/oD7Lv2ACfUACXl0hDfGeEdbGjhIa/hSaZCrkAmwV4SdeJnBoXV22VBEekmTfz +HKHEiEYEExECAAYFAjyvU4oACgkQ6pxm6rn41tmEewCbB4FZ6z6dmSJ2epBIdeoS +8KHLNhEAn2ZcUDKfuFpVVDuV/bMhpjbbHJRIiEYEExECAAYFAj0FswMACgkQoWMM +j3Tgt2a46gCdFwSWzfEmyuvfjnmNPzCyvdO2R2cAoJRl1Ibl/2hPXjenl1f08pQL +ThZAiEYEExECAAYFAj0GRB8ACgkQKb5dImj9VJ8FHACcDjdyCPMWjSbrXKCVFjDt +uapl428AnRSI7e1VYRJcVdGmrAtmu360GrQpiEYEExECAAYFAj2J/ScACgkQ74J3 +yv6ZHpg4ogCgj8BllYTJEQ5sF62Qd2q9o2FNJ8cAn2K/7zpy9M/Oig+yIYofaN+5 +fnUUiEYEExECAAYFAj4ykiMACgkQaqtaJwF/Vr1MmgCfcNfOOm6/woHpEtuFVgYX +vUh0tG4AnRTPBwdemHFViOojNJ0glWck/84ciEYEExECAAYFAkDa3nAACgkQRTxF +SQIw1gIZCQCg/jjaczO/s9GkLq/kftPN8A6kLr8AoPwGlVzoq5yWxhgCkEMfV+KI +tmDViEYEExECAAYFAkGE+RcACgkQ3ZHkUS+VgsFX/ACfRYBeswRWTHOdc4gLefxU +VSGbj8wAnA3CWEF3MQOIpJQ5KSFLE2104h5riEYEExECAAYFAkGNFPwACgkQ+C5c +wEsrK56k8QCguxJO7l5effxWbaYOgeVko8HiQ80AoKSJGsOZGx1nvQRKeRK/7DrZ +bB2piEYEExECAAYFAkGqFTYACgkQztt/8ZMtg2MVMgCfZevJcAcVXa4hUUJSjkWo +0j/b9MkAn2HZC4sNs9nMN1PvX95Ge39wfBEKiEYEExECAAYFAkIrN0cACgkQi0rE +gawecV4jeQCdF+GUDJuQnCaFZqw6sNgZtol0UncAn1/VQvGDB0Or+JItHnUlCU98 +URNXiEkEExECAAkFAkGD3AUCBwAACgkQQSganqDijRh6lQCgmgm1rqgdF3qYuDQn +/S1vFxggwpIAn1htaL3fD6o4LnT/8BIm6K6tPGPWiEwEEBECAAwFAj0BE/8Fgwa1 +sWoACgkQFBE43aPkXWatjQCdF96DM2kdreTGbWTKjTMTuwB3AtYAoOxTFERoyUCn +7nTsufD4QpxIkJCiiEwEEBECAAwFAj2GAuUFgwYwwoQACgkQU+KFTgvh8OP+lgCf +TLjRfVihRNQQ/MVIuHttesX/s/4An1ZBth8G2EvCfiOU2KoOjl3MZUJ4iEwEEBEC +AAwFAj+ObrAFgwQoVrkACgkQCmLlNDenkUkzjQCeIR3z4h7TMEeNI9Sy5/4Sgclj +9WsAoK9yVbdDuWQJQh/ZBUpx0GjxMSW1iEwEEBECAAwFAj+SeAcFgwQkTWIACgkQ +78vN/2HwW4xfggCgg+yTSXldBhvFoDXoAeOwcC74YqkAn0b+tC5AZ2BQkg0vJXZ6 +tFXuOvhaiEwEEBECAAwFAkCoZL4FgwmwcCoACgkQEgljnRFKqFxfngCfbXYSsBtM +M5hcUCsnm9IvyCmMhgAAnjtDe7q+5cW/JmzE3illB+u8fc9DiEwEEBECAAwFAkC/ +Rz8FgwmZjakACgkQ2S0k392WXIP5uwCfTlmW1u9U3nck5mCo6DeTHNTmUvkAn2jn +jXhvqKoLfS2ERRwQlFFAw6NRiEwEEBECAAwFAkDbVF4Fgwl9gIoACgkQ9ijrk0dD +IGxiBQCeJIrdN0kFT16KL4COSILMmcjVxygAni6OinWWNJqCk+k+BNIvKpm+QKm2 +iEwEEBECAAwFAkDxIncFgwlnsnEACgkQkvv9V4b8pZK7gACgwOU8kI9ZBzryS+Hx +AeWEo4WjeC8Anjl67/wgPGr4XAS/XA1xmWzRwZiPiEwEEBECAAwFAkGsm40Fgwis +OVsACgkQLEmBxMM0hsB4NgCeLxvQw1g9MSpWY9+2VbSK/4vNd4EAnicGGKdS3Zy4 +8E4GBZr62ZmWjr/iiEwEEBECAAwFAkHCEoIFgwiWwmYACgkQGFnQH2d7oezd+QCe +JzuPIHb2H/PX1R9NYqC6z+63wFsAmgJUX4Ei+WzKGs2r8LVtIo03nc/niEwEEBEC +AAwFAkHCKOAFgwiWrAgACgkQgcL36+ITtpJ6eQCfQ5aTW9WLJNVWTdp4fi618YDd +nNEAn36Vz84EsZ0gpO0Je9S+geCrffj6iEwEEBECAAwFAkHCKTAFgwiWq7gACgkQ +a3Ds2V3D9HOXdgCg91Pqo7tiv00Je9XoTIJq82ug6gsAn2Q37v0WzuggX1xyzDSR +7oxz77owiEwEEBECAAwFAkIi82wFgwg14XwACgkQ2KgHx8zsInvpsgCfdHcjOaK7 +aK1MBAYBaWwkK4rfd7kAoKxblxsQzllz7sLvFbK7xG2ipuNJiEwEEBECAAwFAkIo +ngEFgwgwNucACgkQLADuUthSlVgXawCcCbstExBnVkd/fHvatuzJ3sJ0g0gAn1t1 +CmnaMwV/HVQlUhfqefYlVN3giEwEEBECAAwFAkJTjYsFgwgFR10ACgkQlvNNek/0 +hjUNPgCfRJZleAq/j/4tbek4A3/lhgXJha0An1aToz0bp8HSf2NBjW1euvf/4VZC +iEwEEBECAAwFAkKYjoAFgwfARmgACgkQTbbnG4BhqDBuUgCgyBpzBy8k7OKzjiYr +KMGIWZqiMiYAnjHdHdzo6dKcV+J3ef4hl3VcLqDfiEwEEBECAAwFAkK9MmEFgweb +oocACgkQr2QksT29OyBNEACfbNEfltwRZ1RmZEkt9ZTwOJSli5gAn3brUt3vc1JI +xs8dlkwHV1fSJpH8iEwEEBECAAwFAkK9RW4Fgwebj3oACgkQ62zWxYk/rQd1UACg +wJNmfL/Cs6bYMFPC1dRrNsf2GtAAnR6K37k2u63FX1lbg4aSMLCcNviCiEwEEBEC +AAwFAkLinZ0Fgwd2N0sACgkQ9D5yZjzIjAkhqgCgj/Uy+2Xvfw9FAwPdWSaC+o4A +VUEAoIvJ06LeJppo5EQqEt1mc8bYV1UjiEwEEBECAAwFAkLlBZcFgwdzz1EACgkQ +g2E6UBaCfQMWAwCgk0N+XcWaLDssH7wYu0EtOFW1kKUAn3Vq83yrmg+F4TvieNmP +hhqTP6W2iEwEEhECAAwFAj5ecYsFgwVYU94ACgkQUF6IRyLnX0ugAwCgnZ5NnBWJ +3j9/7slzg5Iy/pU6UesAoLaNJiUgVfg+h3uP4vUJhum91P/biEwEEhECAAwFAj97 +CToFgwQ7vC8ACgkQW7P1GVgWeRq/ZACeL6lVKkE1iFiC/YonlBzLqNAdVkgAoIBH +8VYDXLRIgBpyfSdwc1YxTeDDiEwEEhECAAwFAj+P7j8FgwQm1yoACgkQKLKVw/Ru +rbuqxACfb1X6tBq7g3z5HgfCXv2sm2gQI5sAn1JLb8gDxuSRcWMHulGZY0hZJfvy +iEwEEhECAAwFAkCn2cEFgwmw+ycACgkQt5wosOl/hW1B0wCgiQGkFQEonh2cRtw1 +xXowakWqx/EAnjp2Du5T+xpOdf4O+JwV5DmtKqW+iEwEEhECAAwFAkGE6LYFgwjT +7DIACgkQGKDMjVcGpLQO+QCgsc+A/SO9bY78+ul2KU+7SCcztq8AnRbnT0G0HnJd +QYMffrLF5Ing2fP5iEwEEhECAAwFAkGxhHAFgwinUHgACgkQAVLWA9/qxLltoQCg +24DNLxMnSOcPFPCNLTPkyyjyQu4AoIe0tZDEDS7mvM6RQaHREvCuFIOZiEwEEhEC +AAwFAkKWAqQFgwfC0kQACgkQi5YpQ/wkPzzhMQCgj+rrxz3tJgTrmh3g3+5rIcWE +EUYAnjKOFjzGL/7SyFlpehh0Xa3oO69WiEwEEhECAAwFAkLrbeoFgwdtZv4ACgkQ +wm9wFgHGy4MQfQCffyaecfqcThyxP9FNgZ2Uz4pBwAEAnjMFgtk5JN6gZ+Ztgqe+ +YyYrGvvuiEwEEhECAAwFAkLw+X4Fgwdn22oACgkQWNqWrwuQEUHBCgCgn3XtRj5q +JxudfYkec540HnkoerEAnR2x0A8LAA49rsbhCiLZlmTaaD67iEwEExECAAwFAj0H +TRcFgwaveFIACgkQPGLK2OTUMk2IMgCfUXkZfmZrMFIiYO8F/naQMBs/94UAn2Xr +f2uaISYrPudIbRkxYm+R2NrZiEwEExECAAwFAj14eLIFgwY+TLcACgkQ0BqcGU12 +bN6ruACgi2uFjh4Sy0Kjyd760dvfpa/9jtMAnjHyPQ0tHYSqSZDD9qaQvb/F3PlM +iEwEExECAAwFAj15MRMFgwY9lFYACgkQcFxTidXBs1halQCgiR5GTSx4fSCqkikz +rOOOXAonDVcAnRFQ13dmkjLcRy4E8bxLtm8xPyAdiEwEExECAAwFAj2DrfMFgwYz +F3YACgkQAtbtIeMsT0ugzQCaA50Snyeu82nth0ikNVnzHD4W0eAAnA9WxGBmmpvW +YOq5LOTy2fVe2P+EiEwEExECAAwFAj2F/AoFgwYwyV8ACgkQ9Wsmo6Y5nnPZcgCf +UvxNXjoWYEsAYJz3z+MWDeGrfJQAn3slXF9ced2OAN3YgYZNTlIC7UUaiEwEExEC +AAwFAj2IEOQFgwYutIUACgkQg2XL3N1NTv7QVACgr+C/P7gqGDupYTC21jl07mPf +G/cAoLZ9zkmr1YF6Br7szUKksSan6fwtiEwEExECAAwFAj2IOwAFgwYuimkACgkQ +Hb1edYOZ4buWMwCff0YYdFZ7gdc1qjCaeXDhCfLe0OAAn1OJuZ/eKGk+i0V/ScLp +OMLn/SCCiEwEExECAAwFAj22wZ4FgwYAA8sACgkQVkEm8inxm9HyigCfaNbjyIlH +YA9cAv8sLkz5uHRoTe4AnRyDPfAFiBPZZhwJNDlmTEColXL/iEwEExECAAwFAj72 +Ip0FgwTAoswACgkQofbulCQLTD21TQCfcKuy3MEjJRrikDBgKtpIP1at2cQAmwRl +ZNeKOT0UJ4RNt2piAHqTD47giEwEExECAAwFAj72z7wFgwS/9a0ACgkQBYtazUQc +X4H/jgCfaQXW+LvjoJacVNYrdxhXUYx2a+4AoMQV/y+zjcnaNRbZTH6unq4fBDB5 +iEwEExECAAwFAj8AnloFgwS2Jw8ACgkQMozWs+vCdRW8xQCeJLRNfZLO7twP4DnA +saP9wNdsI+AAoKChEzuM19HrksvckWmBVafawaPRiEwEExECAAwFAj8Fq5cFgwSx +GdIACgkQTrg06OLM8A+J1wCgmucpP9rc1NjzPHDFNcQokRbp/REAnRvctW/8AwDa +H/btQjPtXgQGCbrPiEwEExECAAwFAj+PlHgFgwQnMPEACgkQbHYXjKDtmC0gWwCg +rfQwM+i6i82wTcXx8LRPVHm//88AnjOiqMYKpGj4cpkwdX2nhUlZEyGOiEwEExEC +AAwFAj+QUxgFgwQmclEACgkQnQioDO2QjWrbcwCeNw1qkRaDRy3/fl41K0F7fbCq +q58AnRXqq6031t7zmMdmZDvFlB5M6uFXiEwEExECAAwFAj+Qbb4FgwQmV6sACgkQ +lSxWI2ynbPR51wCgkZpbx8pnoqj6mmXrUQgJSce7eRMAoJcbGZ0ls3JXAJRD5y0P +YzznxLIriEwEExECAAwFAj+RGicFgwQlq0IACgkQ46aNyqaY2pkmnQCeLsrSrn63 +Mnhc7lwklc3UHlYHQLwAniZuyemrUEsU0fdQKHdafHg471iPiEwEExECAAwFAj+S +mrkFgwQkKrAACgkQtamfe9tFLSc5AwCfaA0hJcLIfm1Eek+X2hs01q3f2lMAn04y +qK1H85hZ+77goaEBj2YEEiYsiEwEExECAAwFAj+TKtsFgwQjmo4ACgkQrSAagZQ6 +Xw5tYQCbBE8yHKPJrUivqIYiVJL8y7voOqAAoJc/HBTNTrRSxyjK7nPmyBYlbY8m +iEwEExECAAwFAj+UBecFgwQiv4IACgkQOiUrvZ0kS1UvJwCg2Lw5xCu5/pUTEFEr +cShPUDM3uDIAoNLDQt61O5Wego+ez43N2N8doSqFiEwEExECAAwFAj+VCZoFgwQh +u88ACgkQTDL5CJndlGiZvgCgiM3ez6j21lBLfJnMIKhGMrMhW/gAn0WLirWDnek/ +f9iDEMVcGMEnwOOciEwEExECAAwFAj+cMmsFgwQakv4ACgkQNgJWU6vgsQY8MQCc +DE5hjYq9uHuyC7ZnBg47a5BkVdsAoNxLfUY6DeCekwPu3e+3qJsbwib7iEwEExEC +AAwFAj/UdIUFgwPiUOQACgkQW5ql+IAeqTKRqACfd21FYGEziCv14kLK2bD6ghb8 +0jUAni5XNqaFLg8i+0bg/MSQVf88ZQKziEwEExECAAwFAkDcUg4Fgwl8gtoACgkQ +zQ+com69o1nN6gCfUXjD5LUESFXa08Px3pbfXidXAuAAoMJ1/H/oFgcer7t+tACN +2vC8GGYsiEwEExECAAwFAkDkGbAFgwl0uzgACgkQHckf8471INHpVQCfV67np1ke +Bn20I5JABN5Swm51B+EAnRxMBVbypQcppBhdWnxQadrjhHVqiEwEExECAAwFAkDu +oKIFgwlqNEYACgkQyA90Wa3Cns2o+wCgjBXhs2mEn9HFs5F8WR4AdTpWp0UAnj/Q +ls/ZRkcy/RAfAN12XgHOkpyciEwEExECAAwFAkENp5kFgwlLLU8ACgkQK6gmAsLO +gJlWDQCfe7E7rcFCn9xuL5Rh9MDVVueAJY4AoIL6CdZIlgg9Lt/HG2dDFgwPwbkG +iEwEExECAAwFAkEYu4wFgwlAGVwACgkQ1W4oD4nfjasGFACgyTFOT3NMOo7DObxu +lYi+WtYriqUAn1Y740hi4fWeByAn5qoUj8brf24piEwEExECAAwFAkEiMZoFgwk2 +o04ACgkQ+FmQsCSK63O7vwCePBtM5gchuVC3gXAMO7r1A/le76AAoIMM0oq6wuiH +nT/dUAG858Cw09t0iEwEExECAAwFAkGA8OwFgwjX4/wACgkQsYn2tNI6QchEuQCe +N/pbbqMBzHuAfWO/g9QfmlmVIW0An2WQXrXoE3xnVp2C85BtML2phOWPiEwEExEC +AAwFAkGEAf8FgwjU0ukACgkQTjypAm4rQ9yB6ACfYnJx27fjxYsq+5UfQEemQt2V +O3cAnApE8yUw0B3ZpqCyfRo8JQIb/cJUiEwEExECAAwFAkGEkIoFgwjURF4ACgkQ +lPH09zrL0iMiigCcCIbdWZPauTvF4Pn724WxH6Qed5EAmwcodEzOE/rElE7fqScR +mudd8Ur7iEwEExECAAwFAkGEvnwFgwjUFmwACgkQTbPZ7n9FhNqFGgCeNgwyzTJY +1OABEu/EoBXEUOENxdMAnA6Ul/yxKQihc39VvKQfpdwPGUhRiEwEExECAAwFAkGE +6B8FgwjT7MkACgkQLMilaHDIrOVJxQCeIJI+GgF1UfUOjkYsjkq260Q72OUAoL0e +kc/ixpvh4Vs0j1q9Wx0fpQUwiEwEExECAAwFAkGFRwQFgwjTjeQACgkQDecnbV4F +d/JDbACfW5h+kLB3Y0wokkr/sxy8RFXwp9kAnjMs2yoVbG2ZbkHQV2ZODRF66zuM +iEwEExECAAwFAkGFVkIFgwjTfqYACgkQqI/9z8xhHubw1wCfWLT8UnjyRQIuxGPP +WjtGVeezdP4An2GJa9XsZW3yv2eOPAsP93+npZtdiEwEExECAAwFAkGFXLkFgwjT +eC8ACgkQT6RVPNdrU1mZHgCgq9+wyMgDr96Ism0gY9OxSqMA+88Ani8EIVnKhI6t +rTzgZLZDrZ5pdzDuiEwEExECAAwFAkGG8eAFgwjR4wgACgkQbHYXjKDtmC3wYACg +1f05WHi83tg/PMHoBkqlngdDIuIAoK7KZ/to5FrkfNphn6Zo0fozB1n0iEwEExEC +AAwFAkGHwbsFgwjREy0ACgkQVm02LO4Jd+iS0wCfbUWuTf4DZrjdua5kNdfvk65g +ojgAoLHPPvTdAlVKacX/rnPD7c36LfuYiEwEExECAAwFAkGH6+oFgwjQ6P4ACgkQ +TTx8oVVPtMYoQQCfXmZAzk9EjL3qPz50zZgSUO8l3m4An0Xoqn603NHFaHfbBKdt +WGijlgl5iEwEExECAAwFAkGMPFkFgwjMmI8ACgkQiSG13M0VqIMbDQCfSxC8XNls +eJ9VQ50GJ66KwSDljmMAn33ApYFWTs8qa/EBIQSgqPlVEBO/iEwEExECAAwFAkGS +MFkFgwjGpI8ACgkQ/2R3A0yRcenRkgCbB5vYhB0cv0S9X1y54Ci1KmaMDNkAnjeO +H5rAZQsOQZXoDJPzHNrjYpLciEwEExECAAwFAkGTrb0FgwjFJysACgkQ1mvqN8E/ +x7b7ygCaAyFqMIKTMqQYuQ7hnGpMTx7FPmoAoJtfYoL1pFmVZ5Mhwkv9GFUee+HH +iEwEExECAAwFAkGZWWUFgwi/e4MACgkQSvFUKpY6VLAkgACgiL8te7hejTXfDXRI +OAZeVzd76/cAoJbmj0tdYt2QGc3j/4yMnmXrKPC/iEwEExECAAwFAkGc8GEFgwi7 +5IcACgkQV5nlLYTPmpDPdACfbASh9WQ47r2zzcVcjlfbvsz2VvgAn0KtwOo73pm3 +e7aPO/mYlLsP4V9iiEwEExECAAwFAkGqMckFgwiuox8ACgkQdDpVTOTwh9cWbgCf +aMETpI9v6LZgWuTCzE7DceGsuW8AoIcBSwWGF0XkXpRYcvXfjvAg57+piEwEExEC +AAwFAkGrJUQFgwitr6QACgkQzop515gBbccEhwCfZhBXUVoNKDbW5mpYGxfKrMfS +cIgAnj0XoOlYmWWNN1hlKoSQrZSvh4FFiEwEExECAAwFAkG3PJoFgwihmE4ACgkQ +EfLcQ8rmNEIRiwCgpAzSttJZSiGIffSr4/dixsFUVxAAoIwnyzPthchrUSMR10Av +PAu8Czm9iEwEExECAAwFAkG4HyoFgwigtb4ACgkQ5Vyxg0d4n7u8mQCfdQ++3anp +pXuhZp6cQIp1DCCz56AAnRA9B/n9ah1wL+IMjoBhFvgSW7JLiEwEExECAAwFAkG4 +K9cFgwigqREACgkQ4We9YdVB4USYCgCeLsm06Ov/Yoi9lfn4UB0IX3qwBFgAoIPE +VT2gGxQYua51y70pjVYG6t4eiEwEExECAAwFAkG4Wg0FgwigetsACgkQBMQfNs0k +hKmYzACfZgUeTlimmFrhBDEV6SsslxvVIGUAoKZR9c4+kfE0+BJ069AUZBkkeRKG +iEwEExECAAwFAkG5dt4FgwifXgoACgkQPrq84hvwIdMBbgCeJhjUvC1klrCPhWqK +hyfoKJE+hWYAnitsOnNDnjkKDdKta+mrdL23iPD5iEwEExECAAwFAkHCqnIFgwiW +KnYACgkQPG1Ayb4vCvZS9ACfROLs6kU6Z93eoFUJl5H1M3U/L3sAoIgAGfCxQ3sA +DvFiYg11GTGnDzffiEwEExECAAwFAkHq47IFgwht8TYACgkQvdkzt4X+wX/UgACf +eM81+Z/SliH++ZzOmy5ZR9ljTo8AnA5DGAsPAbdU7j1NN0NXUg53dNvkiEwEExEC +AAwFAkIIjHoFgwhQSG4ACgkQIqUcje1P4MASOwCeLyBkToAQ+3Bvup4B9POq1xip +ZNgAnAui9pLAdwaGAZ8w5PFxuS2GoXxEiEwEExECAAwFAkI2qnwFgwgiKmwACgkQ +1cW3Q8Sn6j4gRACfQWmnt2z+J0tB79JQ50hNEVrYuKEAoNAe1Y5xlLlDTSKJmnwj +qnN0qaeriFsEExECABsFAjbtSOoFCQzJfIADCwoDAxUDAgMWAgECF4AACgkQXeJJ +llsDWKK11gCfUgltInjqS+wGOrxfjiGjJsNmVtYAoJLaNHln4KYwLlYOo16kdcB7 +dqUDiF4EExECAB4DCwoDAxUDAgMWAgECF4ACGQEFAkBd2egFCRNri/8ACgkQXeJJ +llsDCRDs0gCgy5RdOqhFvwUFYWj+dHb4LGt7xi0AoKduFxGMuM/loPShQnjvk/VV +FesAiIMEExECAEMFAkKVnMMFgwfDOCU2Gmh0dHA6Ly93d3cudmFuaGV1c2Rlbi5j +b20vcGdwLWtleS1zaWduaW5nLXBvbGljeS5odG1sAAoJEDAZDowfKNiuNUAAnjPH +ZE2+qGvOkOkRYAmqCFMXw9euAJ4lr8dHPg0y8xeNH8M6rSswZaeHT4kAlQMFEDuB +4BNSrOsu06QsYQEB6AYD/iRZgJ2U+hTGt879PPwLW1y7dQFbjMHqbyyM7eml9ZbC ++m+jqNvMsniFCR5qvStMgbXuUZGGpd41mL5+vqF0wwM00nBQe+rr5grY2oMPCSEJ +RNtHEamOsbc4GP59nrwbUhA7MKPSrPCvh9bvh+XQ7MSlar9eVBkqvnYmKdaKI1io +iKIEEwECAAwFAj+WOcoFgwQgi58ACgkQ4WdUde/jR61yvQQAghvUxGu+fWc6RUEZ +nrQ8n69FOPRq+od8fiYNF5iSWfBon3hmT8IQi3vRFbqCcKsd7fn+rl2zZjFU5f7S +uzaF8+hODuH7B/jK+bW/dnhpgDRZyvmZMtLpeAOPh3IkrGEeknV1LeTZcRJnbGTZ +iSu3LS8E/AVuSXmmj+2tXXBzSFKJARUDBRA3Q97TUoBXRHZTQB0BAchxB/9iTH4O +9RoIshiUysQgMpncn9o9snx+sCO/NiSuAVleHNBP1d/Kvo6SGLJYoVfbfLPMNVyu +Z4jGi8JQjsgVjpAz93nIevhjz7Xwd3JpS9oUvPej1mdWnUB4AnkKQfN+5+eso9Gk +7OC9cWq20lU9tpVMDIlOj8GHR9kYfJ4fBbzdCGbG5Z9pzo+96gDUMzX5ZrHlChdV +4eHJPMi60XeK+mpocQFQH3GBUSTeM3Sy93JoYJLdAA2ZcwMF5xI8HRx8u0rwCZNX +nDTgPaRbDiW7587n3dWn7Pwmxu/CPtCQ4YO+WdjcKvHio7CqojtM8/7xuclkp3Wb +1pE1s9w929ca9SHdiQEVAwUQOcqYVhpPhku+30gxAQGDOwgAjoKCGePm8h7g2edN +YGosrPTMcZ8PNCMETXMZozgCbEd5oWvotRaZnta2CZyj/u5gOrE7z8XR2PNttenu +HVDii5y0KwaaTR12/wrp9VJ61wLy/4zncnx/C9Nwg/Mu9Y2bMS8EuL16yWNrm6Yx +prWsaaYy7G251NI7cseXcVnuAowzm6k8ovEwCAqVl4s7EUibNQQCuDgH4idUdr41 +0fDnpUalpvsGYf1wqhs93RbjU7pNEaLmnlz8zESHYaev+JpMVAfnw/jjWp97xyCu +al75xrc/aj93anrobvU/sSKCDbteDzW9xYyjqZGu2npn+rBR4iUHZf9j/glwT0PV +nH/jf4kBHAQTAQIABgUCQQm8qwAKCRAz/XFX/s5mTm10B/wK4tRztfYKQVVYYl3r +duOE1rEntFEP3yV0H5qkIlPrXNi3j2hgOiUEBNDgFpuJ9rSz7IZ3GcIGlP2IlT9O +icGwpabAtoB81S8rJKkzI+bBLCK2J1xJslIdjk2FO1u+KjLu1gu3RZYaYPc3bETX +XmtECI2h5hNazvDw+QS1JTIkqr/vhl3TY9JAxiLwNBWn30phh8kRzvRJh1EI584v +RVb7nTSd6PYpnpoEskJbXyAc+BV2QLPk95oj52MweGADFNv3uuyUq2WH9H1KP3Mn +wNReTy++woQfLzobHHMyBr4ccC4uKlqOmBcZ+kkmEjxrJTRALelu2quUhpR7a0tc +qFxSiQGiBBMBAgAMBQJBhRYSBYMI077WAAoJENJkZhEZk6qtGSkL/0qaizY3Ix+h +wNj+UAN8sGhPLYNGSnPCgLyLMceByJP7fpF96Try6wIYsVAsXdltuC6wEsDNjIc7 +4FCduAc0HfhnJ5Yu3ciJ/DvR//vlbnE1pp+RysVf7V3CVNxLgOdfSBd76tgktcfb +sh+R+qKR4JtWjojkET+XAOrCDYNj8P3nNxHzzYO9UHSBsNzrm46RBFNxtETh0nDx +mgzfu6i2vpSwoRMbi/39VGlHJNYoA7itVZfZx8FebJA9KcirRDGtWcofsUhWWfnQ +A2K+ahPIx+N0xVzuxjKZoXbkSC+LFwzaoYFUE6OcFsBkUY40QhCNKIWUX3kSZVUW +ro6WuwMltQAkXG+03awShgpciqzZ3o+Oro8zmMoESJl9c5oUWuIfJwHpvrw7UrAr +cZLdf6bcOjHlJqGv2XSRJIxeiUtLghPrZF8pqN7j58yL94QC7PsQLsRkcgGLp9aS +v87O7XzGU9nlyOS7wR56pQPClpTO8tm6ckquKh7T5jIqnszVh2t4yYkCIgQQAQIA +DAUCQcIpbgWDCJaregAKCRCq4+bOZqFEaCX4D/4kRmZ8eDsYuKrw8OS0yUK3PI9k +4wyBGxUQmuJKgXFRAbCkUpATHvRh6ZXquWFSVbgkay3cfbGLfZWiT7TAz+k3eiVS +tm/Mk88pqlTfu2pUq0/5bpqJF9zt/L/i2aY/030A4l5gsEccCsdy5F1FXQPbYGFT +vjtPJx8hMstAG761HhaOib/A2O8jd7f8elZMGSTubtsFJ1/K2Po6sy/3ylJlfo/F +zgvqTJYju4IPsIrq44D3k4kQDMahU2W4k6crQncV7w2wqC0zxmuZIuCio1wyvYG3 +ey/pjNfrOemSuA/gmmN38uBJM+vEQIPnUdJslc9H2eH4rVKFEQZuqUk+HUdwVQhJ +KfwaMmSiGj4PeXphtFc6a3lqfhsiN+7lOnzk0dRMCxZEMgLjIC6pGquJ610zsYGR +b/viXDUliNBJod7CeOHRH653/00U9aaqh1Km2He+BWmtZt+Kzw10YUm8oox0/E6X +lE4EL8p/LP1uv8vbaGzTVxX5NIr9gVhrnOVDHHXtlFZxatg7ZLuSNkK6oiqsR2yn +xk2ysmTQEzyi20UFxnH8ICsUyRyEDbJlbewQPtJRnknpV6QhsUA6bVytyYYA3RkJ +qSDojEgAgz5LL+Zhm1Ttz9ccwxJY6/ZevzlScNrFxPnzmaotfWPgFis0yF+PLZGT +uf/gssj8yYMAWhhtBJkBogQ3OvfdEQQAw/+RYsI0gH0jpxd1Y6dsbupdOX+dmT/U +5Hha81a/nTrEP/vOIjx83r26zigtSXBDr+zrMTh18Xu2CYLOogsLcE6ayhdzMes6 +OSd57S7WmoWufFEQOB1+28aaLFyzI0XW6MpnCPYJVS3mVrMr48My2jWL0jitpZMs +cjGy5i4afSsAoIwpCTjZRgFmv7Gflb+BGVUuEnOlBADBZ0X//+VHI1zZTApL8VhG +n7bt2EB/u5INdQ2wc29m1zqQB8T3rU5//5csVlTvW6i2w4gDHIAlIRNxvvdPNIPX +t/jYIXQwM//UDAc5IN0DEOXT5rMklel/mw7yVYfejiY5W4SxYhiGW3D4ybwKYQ7l +atQBBHYmGWLPE/YAjxdKFgP+LqWWdZ5KV6clKp43AkUk73hDMvGnl8Z/Vv2M+waj +66/MbJJdBgUW/Pu2NJGasxVSK8q36EXj9pNB0K8FVrx6u2eANEdrWj9MO/cchQ3s +C3I3et1N568qqnXOu/7mV1yVHJfS8sQc2tptMTneb7usmXAF5+OziUOcS7ukwSEX +nJy0Nk1hcmN1cyBCcmlua21hbm4gPE1hcmN1cy5Ccmlua21hbm5AcnVoci11bmkt +Ym9jaHVtLmRlPohgBBMRAgAYAwsKAwMVAwIDFgIBAheABQI/gWcwAhkBABIHZUdQ +RwABAQkQwKTLuYeXhWkpeQCdGJrYN/uT05T+grdci+zzNebybfYAmgK2OjM0TLkD +SZeSjVgKEx6tG7wltBBNYXJjdXMgQnJpbmttYW5uiFUEExECABUFAjc6990DCwoD +AxUDAgMWAgECF4AACgkQwKTLuYeXhWlAywCdGYJpwUWVH0GGNZ39SAt5NzOerMcA +n2Nfqz0v/sdr0mMPNbSziGNUevyBtCVNYXJjdXMgQnJpbmttYW5uIDxicmlua21k +QGRlYmlhbi5vcmc+iF0EExECABUFAjc6+dkDCwoDAxUDAgMWAgECF4AAEgkQwKTL +uYeXhWkHZUdQRwABAbX/AJ47R66dq4o3vobMe3LqOHhXEdWeUACfTvV0bshBX3MI +bIY53lhOnqkNvVS0IE1hcmN1cyBCcmlua21hbm4gPG1iQGcxMGNvZGUuZGU+iF8E +ExECABcFAjxw+b0FCwcKAwQDFQMCAxYCAQIXgAASCRDApMu5h5eFaQdlR1BHAAEB +jmYAni0grvGxgcgSuXK3vzLErIkfFK+jAJ9OfvRc1QinOAydyujUX5roXM/opLQh +TWFyY3VzIEJyaW5rbWFubiA8bWJAZzEwY29kZS5jb20+iGYEExECAB4FAjx7ebMC +GwMGCwcKAwQCAxUDAgMWAgECHgECF4AAEgkQwKTLuYeXhWkHZUdQRwABAZRBAJ4o +xvVUX6skfJud8oKoYvy0l/ArGQCePXVckzHYxtiuH7NsDTesxWN2Jx25Ag0ENzr5 +dhAIAKcsu8SB0lBBOxYbd/oX0mirpH6wmQCE9p+GAsUA84pj9xE+beb7hWlBLGeD +mfDWLoel7AsD7vVCciK7u/3I5XDPWE57TIJht0F4pfQ58p90EK2qqIxrVkmj8L51 +ohy0rot2VuklO/+2SlYj7a+wApfwPU9hkBCKmoQKbMNbkeX1C9O6cAOwa3bLyhd+ +5ZwVKtbsFXO08dkEmR0g7i0+jOzKVZdTAzE2uLg/3m58Uy9g3UMxhg4tbWZrS0Hs +cWdZXoAjo/cw3nC6utaZSy582gxpGXf4D7DjmUOW9AwkDbPZFuHCyYRrpO/Q+4kQ +vKTkDIi6m3w1P9eGm7eq7ds3Wu8AAwUH/j8DBqWtXC2m1G+9nsj9bUuYtC5OMKyi +9MRiwbrCdlkR/q7hRgpvojxiui6M69s5raBIDa+3k2mAHVHqfR+7QC+n4KTXIXHO +rN4GHD6jlEDwnVrylqawMFAgCRutD7ipTPffJ9G5cHqPLuBJo57P49uR+DZ+lpng +qr4XTRMW9k95RkM5I7GnUU+13Tj54AzThi4se1leKYQjWBYQLbi//MOFZ8EpPeAd +P4nNCULHRNj0wix4U7hwEBWKHndFSrQKypwotIsTnoyfme2JdArcr532tD8+3miV +NHqd2BiRYInQRCGsVaLKzEs79sxMreBpv2qp+LCLWZ6V4QMaInonLdmITgQYEQIA +BgUCNzr5dgASCRDApMu5h5eFaQdlR1BHAAEBnD0Anif1Vuv+XbRwwHOnUyvytsWJ +WeMYAJ9+8bxaWB4D8NDgqzYSzcgpCWdF1biOBERAD/ABBAClEc+ggo3tKaaLNJSQ +E+C6sUQjjqXQnFgOengMBFio5Ur7+si8DK9iKolgk6HuIYFH6MeCmFvURicKoclY +MVGKGx8mc3iq7awBIrU4j74Rj5XiXjeMui/jHggH90bf/ouHNcTTsHX5kziweTdq +WVYo7Agjdh5ckv6cYqlg8/+DSQAg/KqjY4hJBBgRAgAJBQJEQA/wAhsgAAoJEMCk +y7mHl4VpGNgAn2cLCf57hXUddxvbPBgtWX4WyPxDAJ9fg38QhJrqfK9+z+zL2pZ7 +GqGrdIhGBBARAgAGBQI3eHY0AAoJEHEtyVg9xXb3TzMAnR0w/cs3O5FAaFw+aVSD +k9uUJP6yAJ9loILfam+WveF+MrGnusXsDvf93YhGBBARAgAGBQI3eRy6AAoJEDdA +fgkueqrNIqgAniqrGi+nLmBPc/iORHs3j8yMnN2oAJ9xp5U/RAYg2iPtlROY0EXk +pvqYL4hGBBARAgAGBQI3jxN5AAoJEKnmZ/8mzHhTgkgAoNlFm5PawxyMGlXB0yNN +tWu7iGuHAJ9gH6O2TKuIj7fYloIoBLke1F3uXIhGBBARAgAGBQI7QP/MAAoJEHkW +Lzb39qrZZMgAn04SZfDYEEO0H8+5/pkG3Z1J68AbAJ9hyy44uuT9q+5pvcEllbkl +yEYtaIhGBBARAgAGBQI7QQXvAAoJEDv2CcaLr829DjAAoNQfXgbkxwImu4O3D53P +p6Yw+dn9AKCoXLfEm6zS+k3dDRiulTpJ94NMSIhGBBARAgAGBQI7SG89AAoJEOd1 +4yTbQbOHoFoAoJxye0ZLZnOzejGbaAjddDnFFrRFAJ9JiefttTviGzVcZNYi6x9m +IU3uKYhGBBARAgAGBQI7SzZQAAoJEA6nVrUUSEP1/PAAn1fjkC9n6gLfWZFiD9h2 +5rtlx8NqAJ9+GN3xGvYw5oJkrkK6E/hyJKcI+YhGBBARAgAGBQI7S1hbAAoJECtK +7KmxIjWtboYAniB0KO+NBf7tH6jfR4atZfB9oJEYAKDUsALj1UN3GoCKQVxBPYWy +nYA9w4hGBBARAgAGBQI7UsBUAAoJEPHSzMhJehdtJRwAn1ZW50Mgvhp5Eo6mt+rM +Mgwy2cJ5AJsEuWt5hQhJBhn704ZjghvziiAfoIhGBBARAgAGBQI7Yxq8AAoJEI8f +38m84JQ2t9wAnR9xQ46nFf/hQzZZCLVWNvtKuxN3AJ0bCgAa4eqwqB5hg/yuNPEz +FbwhqIhGBBARAgAGBQI8bmBGAAoJEIeVOB4bvrhK6WMAn3ZhE2bM5T2GaF/Fh8Tp +EIVVQ3FKAJ0Q9Uwjr/Epn/57Yit+lmbMfnVijIhGBBARAgAGBQI8cRerAAoJEJss +h2hy8fIND28An1Z5Hls+Jskp6DbiIfGErYHYcjaPAKCW1DtpYhFK2uV4Pza37KWi +lvx4cYhGBBARAgAGBQI8cUClAAoJEDoapjWQmlQG7xkAn0bSTKB3BHl66795wtmR +doFKZ614AJ42rgO2IJG5XRh/+/jrcGjztvsBSYhGBBARAgAGBQI8dK6yAAoJENGj +7q+v0QrPm3wAoIe0Co9vlKf6gwjz4Yky9BiXvYyCAJ9m923YzjngFMGB47gqKmS3 +U4IIYohGBBARAgAGBQI8e3KdAAoJEG74r8KGV0rKYiwAniujSnXrQZ2eNGC+mXTS +oLBEWmzjAJ0Zk27daFO6GUgfwM92bu6XW3ZeT4hGBBARAgAGBQI8fUKyAAoJECwY +oCq0xfN/PrQAniShB8M6BMHsw3rOuIvxOc3XbAv5AKCYx7ubF1eWysuTN7GyrUZB +44Z8QIhGBBARAgAGBQI8jL2vAAoJEIW5kHXCkQ5BtCIAoInMgQPBUeS3wW2kq6/H +Cv5f+S/iAKCrl00OZZomz14dgloHRsz8169iKIhGBBARAgAGBQI9Bsd9AAoJEIy7 +QVMRS68RLqIAniJuMJxQyTaBG1jqO1WN78OXrBMNAJ95cE8pmb0CEMax3jmm3qwJ +ReaZj4hGBBARAgAGBQI9KMbSAAoJEHw7eXCIx8H3MKoAnj8ejnMUKjC5koe6wJtc +9LVJT0RpAKCIzW4B7a9CLQ5fz8hPQRvsWRP/o4hGBBARAgAGBQI9KMbdAAoJECdl +aNdcYVOt6iUAoJuvqfjsSHKGO49j2NrKZMJ67CRdAJ0fnfurvWJ3uQIqruDSQZWH +p8KYu4hGBBARAgAGBQI9MZAnAAoJEBjNJaUi84rziG0Anj2uvYByl0PC5AdxzFLk +XXp5dk8pAJ49YzZVnhkMBMPAO0Sm/QI63vBvs4hGBBARAgAGBQI9MuXOAAoJEFCP +02O8k2g5ZSMAoN4H5EETb1cMQs17fGuL1joMtVLuAJ45UH/ZE+AZLSWAdfe9dDFO +ZQnkAIhGBBARAgAGBQI9Noz9AAoJEJEIIZ7c3okKP0MAn0EOq7NUy8WKGo1KV/EZ +n5xqKUiUAJwLjZ+oDrBSqK0DUiyLjjOEIU9VmIhGBBARAgAGBQI9PHAWAAoJEIRj +NbghwGWY11AAoInXmR/k8Ne9PdwnYSFOE5E4qmmRAJsG+HisIophbRek8Gv/+JJU +Kua4fohGBBARAgAGBQI9T4h+AAoJEFSPWeucFDVdf0UAniptwdlWlYCFFfKW/pnz +Dd8FHGWyAKCHM7EKGExVSBggS85+fw4SfBooJohGBBARAgAGBQI9UvZFAAoJEJUz +dHX4v2Q6fr8An1koj58GE8xW9THsD+MWOUQ7mCC8AJ0ZmZKZ2SLfkPiabIMT2SzF +w1pivohGBBARAgAGBQI9tOMPAAoJEFKS90Pr1ZNrDF8AoJSdILy4qjGGbQlliBCq +pWE2shTdAJ0bMLGPV22bdiCAb+ClRTUf+N30zYhGBBARAgAGBQI9vAmLAAoJEKjd +nYDckq4wdJ0An2EyKrDlGADPuTxalNV9Jl3lk3LzAJ99srXCSn1Q/yiZ4QRN09bG ++E3QMohGBBARAgAGBQI9vJT9AAoJEDbPukR4kWuEUlgAn38GC0wC5e52psalECLX +tbhSe5TPAJ94pkrDtmSHfiDzc4wcTHZyTkBx4IhGBBARAgAGBQI9yzuyAAoJEAmU +kfeRsNO3mSAAnAhDCThzCLAeYLmJuaqEdgUsXuBMAJ9CqoF4TxYaGjLCrvi1BNwm +k1WsS4hGBBARAgAGBQI+MbfNAAoJEO7w2zSzISYDinoAn0oHAHeQNngKkgOzsYWa +0yylqnLZAJ0Uw/vXC85jTknV0mnQVdq2gPjK6YhGBBARAgAGBQI+SvTqAAoJEJh2 +iWGe0QG/ozEAoMCIqXaTTFCIxKnv4F+EbB80OdkSAJ97SDPfLqiJzAMXG6lvjHDa +rw3XdIhGBBARAgAGBQI/UOXyAAoJEJFazEWo9ML9ZBMAn35HFpq2xA/wWHM7Xu4S +roXw4R4fAJ4lFCPx04BnsgssRiaE031lZQuv0YhGBBARAgAGBQJBfAG5AAoJEBhZ +0B9ne6HsqnEAn3HyxNjfzzEVjzLoy0XZ+ZQ5hP9/AJoDLUzLUkc2fLXnjVzBlm8g +ZkAcQ4hGBBARAgAGBQJBfBJgAAoJEIHC9+viE7aSrCgAn2EuRkEC/AiVvXodTQWk +S5YS3DclAJ0ZkaSD/AB1dfba4ew+eJq1ZhFH1ohGBBARAgAGBQJBfBK4AAoJEGtw +7Nldw/RzcSoAnRvnV5SsgKsmKVogURBP10GMeWz/AJ44hk9u/COHiSetWHPT6PIH +72vUeohGBBARAgAGBQJCKNAAAAoJELZr9ntxA8Xa4A8AoLOrStPezgIdnhfSDc53 +3a6f3krSAJ9zJFv7eYIDceXsrBNAVGbKXiEA9IhGBBARAgAGBQJCXCq4AAoJECqL +xADARsA5ez0AnjIC2fOR4A4laWtCc8DeaeCv+luuAKDhzoNo0SdivuqPXvMYZTZ7 +LFixiIhGBBARAgAGBQJEEXJjAAoJEBJ2JBfPBQjsGUYAnArkZVd+f8AsuxVJJ2/Z +6HmWOEGpAKCj6YVSBxQBpyoX3dl5TH98CHnbkohGBBIRAgAGBQI9J19CAAoJEAsP +KSnfge6DXRsAoIDfyLevFYw2Nyfp4OZlB9IUZH5tAJ9bSlzv7sZ7vBiiVgYbYddy +6U6+hIhGBBIRAgAGBQI/GXHjAAoJEDMLA4tsY3Rt3AIAoLCm358o91ksXqe9TEgy +qEouaO+YAJoC7eKWbnMe+zOncqmkIe92+3RIeohGBBIRAgAGBQJBi+CkAAoJENvD +6/wz4/5WsSQAni0OEioU1TqooxTW2d6FocGs+eZ+AJ9byIvaBCapruL0gLAxejwd +FIrU+ohGBBMRAgAGBQI9BOe4AAoJEHFe1qB+e4rJCI4Ani/RIDLie4DJBD5vcOQl +XkQ/B0boAJ9Gs8lCM5RJ5Md1WIlPvaLLff6YpYhGBBMRAgAGBQI9NJl7AAoJEDm2 +Yqiv44FpnHcAn2RrMkIIuRwWS+olbhI29rqLOYQcAJ96OTzBv9HnLQk97MgrIk0u +MTEoC4hGBBMRAgAGBQI9tWUKAAoJEMuWmJRMxwhdbz8An0jDzVqVBr3R8Paca3YG +rkg/B57VAJ42uzjJS7+2gWdvSCIPbfNqyzJUM4hGBBMRAgAGBQI9tkNMAAoJELLT +fwi1TAkwUw8An0XpAx/1YVEIAl/bBUh8vQNVfXQ+AJ9ZqEEth2Qm/btpLG21+9PN +CQimwohGBBMRAgAGBQI9vG9/AAoJEC4s9nt3lqYLkZwAoKliHAv9tlFYFquFB6Uo +NyJYRRVeAJ9/askE+TClHgOeX/tAutVWTeVgyohGBBMRAgAGBQI9vczLAAoJECn4 +5GVniJZfCtUAn3fwEjTyMPsSkMACHZlRwTKJTn+MAJ9RJGFw+H4SOfcFyzQl26OQ +xUDla4hGBBMRAgAGBQI9zVX8AAoJEO9n+8dii45pisgAoIlvGenK8VWdjEHdJ9Iq +zbsVQybaAJ9fR0pBQQF/VSq0iLz0UNfitcs4F4hGBBMRAgAGBQI+SY57AAoJEN56 +r26UwJx/9lYAoOVoRTgMTEI2mPFriutraU32X23OAJ9JwE+eS9nTIOmicFcKL3Nu +tCQTUIhGBBMRAgAGBQI/hFB8AAoJEMUUr45LpAHDePsAoNyxJbmjCjwi4sPKFF3B +0Mf2gn2xAKCtEVTTWYUILahVdnjru7PmlHlCIohGBBMRAgAGBQJBcnkMAAoJEE97 +8oSv+wwXC/8AnigNNsG2wTGZSPyaEwk2hYwNxzvhAJ49XlqwWx0yp3NRxzR3R7lo +cjcozYhGBBMRAgAGBQJCM5T6AAoJEOSLZbVLOU9+BAEAoJmB1Ghp0atCi86bnLcr +vxLBVJQOAJ47shbjSakiqp7V89s45voH0JZUdYhGBBMRAgAGBQJEEK6PAAoJEL7C +TATaqJiSTCIAoIE+Fx+fKPJYDhl2YoDdFKyJub3OAJ9IGj6D2KN4UMhhYhBMXEMR +7pAFmIhdBBMRAgAVBQI3OvnBAwsKAwMVAwIDFgIBAheAABIJEMCky7mHl4VpB2VH +UEcAAQG3FQCfZy6nZ6K2JJ3p8jnNjP+KnCgBf6IAn3WumBB9RjfvYCPL7EkOWhGR +J21NiQCVAwUQOHtkh0wn7WU2580JAQHcGQQAij9e1yHjYezeVWVhWhjg07qEfc/V +5PVQ5u5KW7zW0ztS8RtTIaaJaI8lLnJMV6gj5cx991GzaL4+nD0Hn+XpDacNGnO6 +vTlel4xrvcRJetC5dD6kd/vvb+mKiVwHbK+bF4hiBzbsreJ2T0HUEVKoSz1Wpbhr +EO2h5N3fPdHKDh6JASIEEAECAAwFAkKczAUFAwASdQAACgkQlxC4m8pXrXzJaQf+ +Nn46e4Gu7Jsj0iBOECOFTHCYwvCtBXYSiAJ2qNbVQ4G9zHCW25nMcmnCxoT5LISX +buvTpw5wSvDOlIsJtDvAfVK48SXXqoMJ5S/0oj6nJKJllMCGHEIhjCHyvWWVk79Z +pit5glaUBfG/mYqs07fm6KuYQ8Zt6kB0Sl8igdE/fozRkoUgeIjNUbVqLvr0JXz1 +TCRjQmlwzqc0Pgi/Hb5dbVBh6v3hXK0ELN6jvaNenxz2yDGIgJsI7g2etofHLGQj +g/pKkAnoHHs7/EeteY94Owz/5SwM7U3dfQ2rKq0Ff+U1UNpnnyQOjMc/xSODFA5R +q2vB0HeoGmoxBXQjvB+Pi4kCHAQQAQIABgUCQXwTXwAKCRCq4+bOZqFEaJ8SEACo +zWbFSR5Va3uz7ycxX8Ca6CT0RUyPFXgGfOH1TbvSKsW1Mfbqv/TL1RNI1yHZtAd5 +i8NGLCBsr/bJDZ/HYNdvGjWGKjklcFFjMDiGF/Q4c3CYSLl3JbFyovIX2Vd2FWxf +PoLFdBRQL8AJkcZSXgkSFUPaqkZ2HUGDbzoCM9H7u9tScmDYjhBnhlWQuFoy5wjp +baxAidZtcG4yccXfQtuJZKvyPwEp0TFUb1w2hKW7akS0i+wHcZpXlS2qqs2z/Bsy +0YqNYR2K6qBmbbVkuWiBGYatDyuSBD0XyoE1hcuFX92qt6KfMYgV5sjcwiGE/di7 +Bw1KbZfW4UKhvlJMYtCLncfkR/6qPNA2W4xAh2QDklSeR+W0gsTe2H817y9ud7+7 +xOnMC0u+QGFqXLzRA2O77oMfNFvi+3BvxS9kI+8PBP/aU/e7iGYGnOguvsZqv8NL +IbEX37AfK03w7G+WdhW8WuseXIjQzshpsE4JNY0vRyfaKCsaVjqkS4Nm3fXsC3KL +72FzZBLAhZ+650xce11DwshqffGPYrz9WDRC545AdTp2dzw3/XnH/GMJyjZs9mSB +zUsJ4MkLo+zO0tAguNnL2Olr1H34fmAJkgDT1C1ieLBmRlSiujyfd/xNEnugKAzJ +4qworARVplLRhhYtuTD+txWkxDUmOnu26DMnulpQSriOBERAEBQBBADTb0UqApeh +0QVKA86Vdw0FcbCj7//sD2EtgMYWFm6pQx/9j/7om2gMkaEFaJ/qylQci0P35Vdj +lBTuwt7a4bnLHqdcMMImfI1RiziGrGnU4dXupizQ/jkgZZs+De9JKM3G0u0Tl20+ +Nuqz/rIyDkhxRqu3uRD7CkzYb6sG3EnJkQAgwuBLPYhJBBgRAgAJBQJEQBAUAhsC +AAoJEMCky7mHl4Vp/3EAn3lLjZHnh5J8vDPX0EfXTiaCxcRwAJ9mXDiOfaSXENw+ +uZGLREwJhEeZxIjnBBgRAgAJAhsCBQJGlKAIAKidIAQZAQIABgUCRpSgAQAKCRD7 +iGK9/NKik3GsA/9kPscavUwGxHQuxeY8DpMF/kYBxY2cupj/JCEymaxZpA5ErBt0 +k3y0P2mNPy1FLmAO8zmr8M7/ehrwinMzYZuNY6o7pc7ldxtRsLnTcM4pRfM/9LKq +hXz4vFx5W5Qulb92uUnt4qBmepSikFAIajfEDGRjl91b37Sa8/nfkXWZxAkQwKTL +uYeXhWkzwgCfQaaSyjLGy3WIyGuMVzLdlmuaHtQAn21yptlhrgcvevUDTI6gLyom +emvvuI4EREAQLgEEANcDmpVzzww3xczTgL8ekK+Tr9hiwvEhtLkUtPtCQVxEVri7 +HvF0U78T5ep59Ex9I8lfGjBmUtJ1T1cFXRnbYys/+HMO8DEbUdoiRTLet3+mR/ek +2own7avqokaCSO1xr3n6Km02drp7H9HyUlOC+QKhP6FvtdhIpd4Hi7WQyJUdACD1 +VIwTiEkEGBECAAkFAkRAEC4CGwwACgkQwKTLuYeXhWmi1wCeIyRDSxYXMi2CmZYR +SkmOdAtG+tkAn0KyfLD/DbjXYGLUqIAU3fvZ88UWmQGiBDpU6CcRBADCT/tGpBu0 +EHpjd3G11QtkTWYnihZDBdenjYV2EvotgRZAj5h4ewprq1u/zqzGBYpiYL/9j+5X +DFcoWF24bzsUmHXsbDSiv+XEyQND1GUdx4wVcEY5rNjkArX06XuZzObvXFXOvqRj +6LskePtw3xLf5uj8jPN0Nf6YKnhfGIHRWQCg/0UAr3hMK6zcA/egvWRGsm9dJecD +/18XWekzt5JJeK3febJO/3Mwe43O6VNOxmMpGWOYTrhivyOb/ZLgLedqX+MeXHGd +GroARZ+kxYq/a9y5jNcivD+EyN+IiNDPD64rl00FNZksx7dijD89PbIULDCtUpps +2J0gk5inR+yzinf+jDyFnn5UEHI2rPFLUbXWHJXJcp0UBACBkzDdesPjEVXZdTRT +Lk0sfiWEdcBM/5GpNswMlK4A7A6iqJoSNJ4pO5Qq6PYOwDFqGir19WEfoTyHW0kx +ipnVbvq4q2vAhSIKOqNEJGxg4DTEKecf3xCdJ0kW8dVSogHDH/c+Q4+RFQq/31ae +v3HDy20YayxAE94BWIsKkhaMyohhBB8RAgAhBQI6VPBbAgcAFwyAET/HMgQdI+nq +Zt21AJydvCHfdNxhAAoJEMdGNjmy13leV7gAoKHV2q0XEP8GJkyp0/V5lgbwBmBM +AJ9TtVfw2khoaZ3LNV2tINSjj0Alp7QiUGhpbGlwIFIuIFppbW1lcm1hbm4gPHBy +ekBtaXQuZWR1PohdBBARAgAVBQI6VOgnBQsJCAcDAhkBBRsDAAAAABIJEMdGNjmy +13leB2VHUEcAAQFWUQCfWWfTDHzSezrDawgN2Z4Qb7dHKooAoJyVnm61utdRsdLr +2e6QnV5Z0yjjtCJQaGlsaXAgUi4gWmltbWVybWFubiA8cHJ6QGFjbS5vcmc+iE4E +EBECAAYFAjpU6LcAEgkQx0Y2ObLXeV4HZUdQRwABARPJAKDmKL2Aeo6OWwcZKyqS +WLD4drQxfgCguJ7k7XEuQr+tL0ndoin0RSQTkCHRzH//AAANOgEQAAEBAAAAAAAA +AAAAAAAA/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQ +Dg0NDh0VFhEYIx8lJCIfIiEmKzcvJik0KSEiMEExNDk7Pj4+JS5ESUM8SDc9Pjv/ +2wBDAQoLCw4NDhwQEBw7KCIoOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7 +Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozv/wAARCACQAHgDASIAAhEBAxEB/8QAHwAAAQUB +AQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQID +AAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0 +NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKT +lJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl +5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL +/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHB +CSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpj +ZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3 +uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIR +AxEAPwDqKXFKDSEgDJOBXSeeHaoJrqKIfMwqleanyUi/Osi4udqNLM+EUZJNNIlv +sakuqjnYazbzxKlopLOHYfwqa5S/8QvOxjtyY1z17msqWZpGAzuz1wP61LmuhrGk +3udHceO9RL4gSNB6EbjVU+Ndd3YEir9UFc+nLYC49jWhbt5UW0RIGbpyKzuzbliu +huWfjnUw377ypQv3vk2/rXVaV4o07VFCiUQzd43P8j3rzVpnLESIgHoopZJIYIxP +Dg89Vb7tNSZLppnsIIYAggj1FKa4XQ/G7r5dvexI0R4WVTgj6jpXbxyrNGskZ3Iw +yCD1FWncxaa3F24oNLRTJIyKKecUUwHjrWbql2Y/3KHk9a084HPauZu7gTXLseme +KEgkyLmuS8TaqXmNlG3yofnweprp7qdba1lnbpGhavPH3yN5rH55DuJNKo9LF0Y3 +d2T2sTt+8dflPQYzk1twaJK8AeVCxfkKOMVBo1qJLmJSPkHzH3ru4bRJlXjFc7Z2 +JXOBudBlIyEYAevaq8FkLRsld5J69xXpDaNC5PByffAqlJ4b8wkFiPTjpSci/ZnA +3cXDbmcsRkEmoILGWYkpu9zXfjwkzgGUqVHtWhbaFbWyjEa7vYUlIfszy+e1uLEh +njfY3Xjiu28EeJZJ3XSpxuVUzFJ3Hsa0dU02IwMCgI78VxEcB0nxAnlOUDfPGfQ1 +pF6mNSN0eu0lQ2c4ubOKYfxoGqatjjG0UtFMQTsFgdj2U1zGB2OfwroNTcrZPjvx +XP5pxJkZniF9miz5/iwv61xA+aUDOR3x3rq/F0hWwhjH8cmT+ArmIIvNmSJeD61l +U3OqivdOn0KNTPuU5xxgdBXZ2TAIOe1YGj2ItLYYGTitSK7ghchpBk9hWD1OqKsb +Ccke1WkdcYIFUYZo3I2uDn0q2FIIx3pGy1JHAJAAHNVpCu4kcCpFJaZgOiioJm2v +t6E9KQzPvZAUIHNcL4jjC3Fq/cOR+FdtdHnHrXH+JSjMmexP8qqLMah1vgq4kuPD +NuZc5jLRgnuAeK3s+lYng2PZ4YtAeSdx5/3jW5XUtjzpbsaTRSniimSUdZmCwrF3 +bmsWtDWj/pKD/ZrNzVLYh7lTVbCG8tQ1wGKKTgoeR71yGmWNzPdpLb/NsfOG4yK7 +2+XfoU20Y8uJmJPucf41geG38wSMRwpCiuVu8nc9JRUYRSNoXqiHywjJOy/LH1J9 +hWcraeFBup0jnI3FVXcfyrYvoEmsSdoLqQQ2ORyKVdDRcmNEORz2P51m20aRjcy5 +L0mKIWmpWpVc8mHa2M8c960NP1q9hjYSSJMy85wentg/zph0OSCJ47UCNJAA4JBz ++lVv7NayUlV3DG04bGc1Dl2NIxstTootVaMFlaEmY4UEkZ9hVPUtZS2lU3Aj3DjC +PnH8qp60vkWVrDHkMoULjocVizRXDxB41aSbJLh1BUjtjvmmmEtDVk8QWLLuD89g +3Ga5bxDceY0Ei5AJY4PrV9mit40juNPXbIPneNSNp+hrLvdO86SGCJsB5Pl3N68Y +FXFmMr9T0vw2mzw7YjrmEH8+a06itYkhto4kXasaBQPoKkNdR57EPSig0UyTH1sE +XSHsVrNzW7q1uZoBIvVKwqtbEvcfefPoN1GpADR4ye3P/wBesDQEaJHU93PFbNzP +5em3K7S25OlZumxFGXBGc5I9zya5ZRs2ehCfMkdJbqs0LRN91hg1pQQtDCBKPMI4 +3L396yLeTax7VdGrJbqRlWfsDWLZ1xWhPcXFvEhZoZRj8vzqghM9woMe1B8yoe3u +feo5pDcobiW4Tcpyq54H1qGDW0aXeFUhOCVOaSa6ltE2twubZZlHzQsGA9aW1WC6 +gVwVdT09foaj1PXbaeLy1CqzcbV706ygiZQs4aFnGUkjOD9D60SaYK4XenW5iJ2c +/WucVJX1qzEfOJlUH6cmupeJY1w11Iw9OP8ACsSNgNegRFyC/AA6Zq6aVznr6RO3 +4Hako5PUYorrPMENFIaKACQZiYY6iuWcFZCp7Gur61z+qQ+TclscNzTiTIoyLvjZ +emQRVLTTifyygUr156VezmsbUDLY3YlDYSQ8H0qaqujWhK0jo2woDk8DrXOs8l9e +TeQHI3EgjkYqpca4fLMcbEMoxyeM07RL42t+vmk7W6iuJxaPRTTdh10bpVMDu0eT +yDnp9aq2drdfaFaNhgckKwBxXaXKwtH52wEDuRWNJqVgGKPbINo5YDrSTNuWK3Zg +38N48m9iS2SQA2cYq9aapdJCIblnjKn5WHar32GzuxvjTAPYHFJq7W1qkEPAbpgU +eRMlbZlqHUjdW2cguDg46fWl0KJ7jxIWIysEe4nHeq1oYYrNSD0GcVueFICIbi6Y +YM0mVz/d7VtSWpy15e6dATSGkJpO2a6ThFJoppNFAhj3MUf3mFZGqXUdy6BMELU8 +GiXExDXcu0d1Xk1p2+nQWw/cwgH+83JqrWFqznorC7nGUgYL/ebgfrVfVdGa80h1 +UZlQFlx3xXXT7RE67yXI7dKrImxAw7c090C0dzxIFkk2SZznByav2skk0qFDzjLH +0xXVeLvBzMx1CxA2Ocso7E1xdtI9rO6SDb2NcjXQ9BSuro7bT74y2z2rNkA4znNS +tpNreyGZTtJTHXpXJR3ptFUhyNwzx61oQeIvs8flocnGCcVm1Y3jNPc04mTSRKGc +Nj7g+lc5qN897dPcHg54x2FNu9Qku5Bu4XJp+m6Re61MIrZDsj5eRuFH1pxjqROf +3Gr4etLnVL0LyE6s3YCvRLeFLW3SFOFRQBVHQ9Ihs7IxIoL5yzdCTV4xvE3D/g4r +qjCyPPnPmdyQkH8aCaZv28suPXHNKGBGQc07MgDn6UUhNFAGmqHkscewpjnJ4qZh +lKZjJ/CmXYrtFhSzDkn+lMWPAGOhHFXJUypHr/hUUe0t5ZHJGV/qKLisJDtKmNgC +p4wen0rl/EPgS0ut09rFjOSUX7y+49R7V1DJ5b5/hNVtb1mHRdHlvJ2xtwqcZyx6 +Cs5JM0hJpnkWoaBeW0525aMHA/wqrBoWoXMwSOI7mOABySa6ifW9W1KASBLe3twe +bhgCfwNNi8XQ6XgpKbmXp+7iChvbNYdTp5tNCzpHw6uSY5dRnVVz80SHJI9zXZix +tdOsRDaQpDHnhVHU+tSWFyL6yjnG5RIPmRuGQ91PuDQd1zc4AyqV0xSRySk5bkcc +eyMHkHOanWN2HJyOvNSiIAHPvUuAAvvxVXJsVli4IBwR1HrTXtznrjPtVhky+fUU +7naCfUU7isUGhZejZ9sUVcdCxxjt1op6CsWs/u/ypFHzfhS9Bj3pT1yKg0FwGB/G +q7Aq4YdRyKtIMg1E69PUYpDB8MgbsaxtZ05NYhXTp8i3kzvI6j0x/OtUuBGUP1qj +JJ5CvczSrGicszHhR70xdTy7XLS60y8bR5jmKGMNERwHH96r3gfR7aZ5NZvFL/Z3 +2wRkcbgMlj9M8VDqeo22t+JZL2V3Fq37qM9DtAxn8Sa6fwtAunatPprOJLe5Tzrd +/cDDD8ufwrFW5rGzb5Tb0xwLad1BCtIWAIx1AqzCjIAwOGPWoogzyunyhSR90VfE +f9DW2xh1IP3jORk9anVG8sbjyKfgA09edwouFiJ+GH4il2ZUjvQ/b609SN2KYC4A +GexopkzHyyB1ooSBs//ZiE4EEBECAAYFAjpWjyIAEgkQx0Y2ObLXeV4HZUdQRwAB +AQfRAKCSnx3toHhFsCAaIsCRkmFdI4Hn9gCbBDKIqvBEjybcnaBW+iZufcjAzsfR +zNf/AAANkgEQAAEBAAAAAAAAAAAAAAAA/9j/4AAQSkZJRgABAQAAAQABAAD/2wBD +AAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIfIiEmKzcvJik0KSEiMEEx +NDk7Pj4+JS5ESUM8SDc9Pjv/2wBDAQoLCw4NDhwQEBw7KCIoOzs7Ozs7Ozs7Ozs7 +Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozv/wAARCACPAHUD +ASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAA +AgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAk +M2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlq +c3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXG +x8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEB +AQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx +BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5 +OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaX +mJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq +8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD2aiiigAooooAKyNb8S6boUZN1Lulx8sS/ +eP8Ah+NZXjbxcdCt/sdjh7+UdcjES+p968fvLyW6leaa4mmlY5kkL4AP1qXLsaQh +fVnc6l8TdSncrYRRW6Zx03t/L+lYsvjjXnA8zUZY8nI2kr/QVzlu0b8+S2R/HvJN +WFgAYuwDFuvJ/lzms2/M2UbdDrLPxlrETK51CRxn7sm1gfzrs9F8b2d8ix3v+jyn ++Ij5T/hXkQj8gZX5hnlCMZq9YShm8vzDt7HuDQm0KUUz3ZHWRQ6MGU9CDkGnV5VZ +6xf6FJ5qTlY8/Mh5Vh9K77QNfi1uEkJskUZI7EeorRSuYyjY16KKKogKKKKACiii +gArO17VU0XR575sFkXCKf4mPQVo1wHxXvfJ0yztw+N8hdh3IHA/nSew4q7PNdT1G +a9vpLi4kaaaRyWY8KDRYWCXkuG5Qc+gzWe8mWAUYz19TW9pbGJAScZ6msJuyO2nG +7NOPTrcxhAMdOmOKp3eg36OWsw0qY4x2rVgkynIyfrite0bKDBrBNo3aOOtvDWr3 +dwPPjEKDOS1dJbeFJYY/3UqKxGC5TJ/Wt+Fdx4HNaMUSlM9yK1TbMJ2RwWo+GtXe +MiaZLlByCo2mpvCOpTaDrKpdEmA/KxIwVz612rR4PPWue13T4RcwXBUBWYI5A6Z6 +GmpNMmyasejghgCDkHkGlrD8J3ck+lfZ5m3SWreXu/vL/Cfy/lW5XQnc5GrMKKKK +YgooooAK8j+LF4ZNchtmACQQjGDySefy6V6jqeowaVp099cnEcK7j7+grwXxjq1x +r2ovqYRUV8DaCTtA7VMmtjWnBv3jMgjM0wAUnFbcCtHGFHOevtUek2RisUmkwS3O +4HIqeWTaP3e0HPzMemfwrmk7s7oWSuatk7BQG71v28OFUpjHt2rj7XWreH91NLGW +PQ7W/qK6bTdYs5IgFuI8njGajlsPmubtrmMGVuAo5q7GxWMcZBH51nmVDaIqMpEr +DJB7VcWf98Y+wXg9jVowlqTtIpGP6Vj+KNv/AAj1y4xuUAr9cjFajHnHWsvxG6DS +ij8h3H6c0yUW/Aju/n7xg7Rn6gkV2Fc14Lg22MszD53IBPf1rpa6I7HNLcKKKKok +KKKKAOQ+JchHhuOIMR5twufoATXkjOkjqqAHLYAzxXq3xLikl0uzKAkCYg49SvFe +YR2htbqKJyN3JODnNc837zO6l/DSNOLeijyuy7cEZzVG50jUbsmWKTamTny1GRzV +4TAPtUZ+la2nyJbBWmZogScBhgfnWN7G9jmrfR7/AM7ZJdq8GDw8Suf6VRtXubfU +FjMZR8jATjP0r0jfbMM7ULHvgVyl3BFPreICruTglTwvPr60+buKK1NeKe5S3W5l +iaNmHBTgKfU//WpJ/E13bYVJxM+MnEYyK25LKNtPtkPCK4U/TNYF94IinuWfcUVj +uDxnBBpITa7GppvitLnalxZzRseN6pkE/TtUviOVbmC0jhdSGk+b26VlGz1PSpkE +Vz9sthgGN/vr7hq6PT7Qajq9os4ZI0BfYB1AOcH/AD3rSOrsYzVlc6bQrZrXR4Ed +drldzD3P+RWjRRXUcQUUUUAFFFFAGN4r06bU9Blhtl3TIQ6qOrY7D8K8fvraW31J +VmR0ZQPlYYI/Cvea8q+IVi0PiFrgnImjBUY/P+VZTj1OijP7JyP2n/SMnPB9eldX +pV/5kIRsbfQ9K4yTMbhmyMnvUg1FoGYyI4THAXoPT+dYONztckkb2v69ZwSJa29q +gLf6ybYPlHt7+9Q6JdWA1NWgYBMdBXOzTf2id0aFg3anW+l3Fkv2tmcL1A/wo5VY +Sl9x6+ghnswgcEOOcdvemWs7zQHgSMjFGK+oNcZpd/Kl5Ct1JMIVAOA+M/WtGzu1 +0nXHWObdbXZ8xCT3PVTSuRyHTymN1QeUSwYcba1dHt1W5Z2xvVOg9z/9YVmC583G +OM9BWtoTectzN/CZNi+4H/661p2uc9S6ia1FFFdBzBRRRQAUUVi6x4v0HQwft2ox +K4/5ZodzfkOn40AbVcX8SrHdo6akg+e2ba2P7p/+v/OsDVvjhYws0elaZLO3Z5m2 +g/gM/wA6525+I+t+IQ+n3ywQ290rDy0jwQMZHJOetS9jSKdzm7i+USAlhkZ56Dr1 +rd0vy5o9r4cuvzcg54rjLzNvcFMY55xW3od8FKx4GR8zMemazlG6N4zfMap02KC6 +bEcTJ6Nx+tbumPYyRrb/AL+Jc/dBEig+wYcU20FtqSguuMcZ7mtCx8PrDMZGkJVG +yB/Kuf1Oly7Ej6XcyebgQ3IZTtdl2OD26cViw2lxeSrayYTyzklTnbg9veun1LUU +021IDb5Dwi+vvXOaVfIJZJN4LF8YHuadmTzHTqZEt/3eTIFwg7lu1dnpdn9g06K3 +7gZb6nrXn0mvWujeVqOoI8ltG6/LHyS3b/Gu20TxRo3iCMNp16kj4yYm+Vx/wE10 +U1ZHJWd3oa9FFFamAUUUUAeF+KPijqurI0Fq32K3PaJvmP1avPbi5kuZCWJOTyfW +mzOzNinwxBRuPXtSNCe3hSIBiMv/ACp1vcbdThkbp5gz9KYzEL9agcE7vXND1Hex +s6raecSVA3jkZ71nWdy1qWjkG3sQRWlBdi8tQ+cuvyuPcVFMsc3yyrz2P/16yi2t +GdE4p+8jWsfEMNsU3H7vf+92rdt/FyiI4Zcnt6GvPmsyv3HB46k4zUiQTRKF3gAH +Od3ehwi9SVOSVrHT6nrjzSYMgJUjknOKgsZnS4MrMVRerY/zk1mafAly2W3SAclg +NoNWPNaW+kUDbFF8qovQHufr/hVqFkTzXNG+v3v5T5oxGq4WM9AKxlMlheCS1leN +kO5CrYI59a0XOPvAfX1rN1OPPIB5TB+lUSekeF/ipNEqWutKbhBwJ1Hzj6jv/nrX +pWnaxp2rRCSxu4pwRnCtyPqOor5ht5G3Dca2bW+mtXEkEzxsDkMuQaCeVM+kqK8W +sPiPr1rB5bXImx0MqbiPxoouTyM80jh8xyxHyg1KVx1qxEEeNfK5FI6euKZViq5I +FJDGZA+Occ0sik9BVaYMqZUkFecjjFIksQtJZT7+iEjcPSt63W1mUNIRjFc9ZXhu +D5FwQSwwre/oa3raW3+xlGwWPr1FRUj1RtSl0GmW1jdlWCNz2Y/40yCBNQZijq0a +NtKp/X/P51nXk4RJdqYBPJJHJq74a2x6XM4I3NJyM46f5NaQgkyZVG9DRv7hNPsW +8pQP4VA7k/8A66g06Hy7dcnJbkk9yetU9TZpr+KHnKfO2fXoK0LYqYh1x6ZqpPUm +JKy45z+XaqV8AUQ89x06VeccHA6896rXSbrZj3Ug1JRjYKsQfXrVxX+Xg+4qCVQQ +D0NOhJYcdTSEtGWVkIyFU/gtFJGEywbA568c0UFmUomil/dAtk9B3q/nzBjHTqKW +BVjIPU45NMPDn3pkLQY6jBwRxTIoxJIE7HjmpW4/OmQcXC+maBdTG2FHdckFDxWp +p7yyyu+eMcD/AGj3qpdLsvpAMdTWxpkQjsVfpn5j+NVFXZCIL6N5YhG5GeWA6laT +w/c+TJLYy4Al5TI/iHb8v5VYlwblAW6qMZ9c1mztgSleCzAKR26c1T0dwL1sDNPN +Oed7HafYcCr8MnlSAZwrdSfWobSLZCij0xRLlXHHDVBojSLZGSTz29KYFDK6nncM +VHbTCSMqx+739RUJvWz+5A4/jbp+VIZSnGFOAOKbC3zZzjr0pbjvnkk9qihyZAB3 +4oFfU0IEO05BH9f0oq1hIkXIySKKBn//2YhGBBARAgAGBQI8ZiQyAAoJEMdGNjmy +13leJSIAoIx0Ql/m4Gf4ZZeFQ1Of+zq6499DAKCHBzmIEtE740kuUl5HGNvCJ4Qb +MLQtUGhpbGlwIFIuIFppbW1lcm1hbm4gPHByekBwaGlsemltbWVybWFubi5jb20+ +iEwEEBECAAwFAj6+zxoFCwkIBwMACgkQx0Y2ObLXeV4M5gCgnemzKjFcpG5MpeFC +TjVg24ptLhsAn03rO14zwfdxKS9ZSuGLeBG+d/eUuQMNBDpU6CcQDADMHXdXJDhK +4sTw6I4TZ5dOkhNh9tvrJQ4X/faY98h8ebByHTh1+/bBc8SDESYrQ2DD4+jWCv2h +KCYLrqmus2UPogBTAaB81qujEh76DyrOH3SET8rzF/OkQOnX0ne2Qi0CNsEmy2he +nXyYCQqNfi3t5F159dSST5sYjvwqp0t8MvZCV7cIfwgXcqK61qlC8wXo+VMROU+2 +8W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZS +Tz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI6 +1Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/Cl +WxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgH +KXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVelMMm8AAgIMAI1R +XgrY9LqHnvhnc1oGwhB7mORU7jwxKiGMLqzb0KM+GVTv1xAhhaYGm41/CuhnrOW3 +LPpjYWbrlXQh+9WJxHvO8UUI6FqEy6TVyv5Cn3fo4wSr2wtkbFOMKWDCscZLtikx +JmsQLtuk6YRGOjgX+fliYIckIfxDMI5z37zSCNUSweIlUAGsLzLKSMovnHVX89IC +sThC0wtuQE8aZBg7DxvHqMIeg7jdCNTNupF8EwdmpZUnKgghkKn6fXdczj4079wN +WxnxuNyHQsg7IytPzmfbjJ9dGU/SzsEWMubn0mOF/h2O4laKQlrBYROXKkDLzo5h +FG7AJsjI1q4F5MrL5q9m8Xagu+nAfhSe52kLTr87SOSPaVCmf0QRTDXVHA7qyr3N +hPABTIp6s3TRxsJ/KJmXTUIijRu1xM7qFArdzrs9qWgn2VUfz+Yfsu6qQwsMfm6C +SnOZ53/xKit+pWRqSd7pviZHJIUIFdpVmgqYMfNwfahJIyEz17HKHp3OLVsa7ohU +BBgRAgAMBQI6VOgnBRsMAAAAABIJEMdGNjmy13leB2VHUEcAAQHlbQCg+N+fI3bz +qF9+fB50J5sFHVHM7hYAn0+9AfDl5ncnr4D7ReMDlYoIZwRRmQILBDxUyXkBEACg +g6vxNPigg9FQz14CkPtR/dEq3sCjK1r4+2oyeoRno+pqZ6Z7ZfphgA/q5woweFAG +Og17KD2WXegoQ5pXbFvP+w9j9zm3g59XzTRSzZgScelTibPnKy6g8r8GDAY6IQra +R6pxe4297/NznqvRvKpTt5g1XP5LyjVBsEv9HAYJE1vyy10qSQRtEz3QunUzfELN +C4kiYNMZOnmgaFeW4APIIhWDtrrxqW3Ofjp1K4DAhqcnayrfvYbOtqh0sxJ246kv +Vc3Bc9pH6wDw/yub2deuPq6BZBLBJwrtu/20qD0nsZ9is/5j0aL1MZuVmr7xKYqe +ehyzJ1WdpJK52qng9natYedS+GefKDIw1Jq7ppQNWfVduTNITFTF0JswggjQuPqK +T8Td5GCywQWN/kGHbp6EdybiUXZ+9fp4eek0UB5M+srSwbkF4hQ0mBrqlsaoji4C +uXjc0c+Zx1D0pGfqqBCmvEV1tLul3U8h0TzR4opUA8mLKegQp5cjh/dHz7zTPDxV +gSr3blJ9FxI1Z69th/+jJj3q6joo3uW/5y8qQCrzdSCzs+TDEWwucZtJIuIhTct8 +AMPY/Ayt+Pf9jXfI+xSQgz3r7Eu5o+rEu02/cthaOc4b3KYDtNkjLKszgiext1BY +Oq06R+Yyh2qgsg9azzkfudvvpwhCpJ7EOxcdaP3bxwAGKbQlRGF2aWQgTS4gU2hh +dyA8ZHNoYXdAamFiYmVyd29ja3kuY29tPokCNAQTAQIAHgUCPFTJfAIbAwYLBwoD +BAIDFQMCAxYCAQIeAQIXgAAKCRDbaY1xmSQlYCQ7D/9MCQd8s1ueGLy81tlxq5LB +qnSo2cuNQsssxjnskxjbOJId08RdiOAh23fdKXm6T05vTAUAN8oJDsXoaI9jTPjo +avQ8o/wj94zTm8ni1OoQkTw5wDOte0qbw1B4msSfmeImdC0opJoYz6Nyp+4OXHCW +fhvmOvAbBvwuchC726NyhGXCzDlfNqFysphgc/epR93AbOHiNKQ0/oJTWaxR0KeG +j2K+ihOsKx/Tl/0pXVfo7zobAzO+UelHpvH4VMcnaxo2pjIn6eMyDxP4WuiyiqdL +D3PZI6R6PotPfIdtzCmKJzAXBW4SIBp9ZHdFXs8P5E8oYKBbnO1TDSAtYG8EnqGk +bbZvCVfd0Utz4miEpvv0EukdoAoqSLz7ZKStrM2jlQNIVVRFbA89srSAZYSGN3s4 +TA3LSxmDaw4Z6gRWBhOtuAeIfhLQ+QTC9h8aqyfWt2nP+4qA8du0FHJANopeBfJo +vz/4sSx4z0PkbQqUS9lnPxqoNqyqUzP1Ocpg7f8yFYvY28Xsc25c4ImI4ADxlo4r +/sK00k/vxcGUhg7wE0Xy9r+Rp31GMyUpMd3zF5uD2/qNhd9vVxKM7sWDZuDjczOJ +yodWjp2DdZWqe+AOvapAvPCQIwWc++Y/xOgina1V8uqadA+Ntc0+jhTM/E3smOfL +3A0cJIMKSYaU4kfTts6h2rkCDQQ8VMsEEAgA7lKuNHz6iYb+2pAZbxrjp5AHV86p +btVJQBWpGWkGLERGb6w2hYTL8YXr7JgteBmy1a/+l5ZYjnZFQ8603eZRC1g+/krr +uWmfiJxE/HtHVcVSDUxXNJiE67DpSdGPf8icIx3c91Xkui9ifS3VMSj1ezWLm5/O +YF1utTQ5QiwrvzTuaCs8jWDUzxI77FczQYQELuDmHevde4Ke66MeWCJabs9OQ6i6 +1vurJrj1WQQ9pvXOzcbdoQFtAF/vGK82rnr0p5cDyes3S5lCKC4nIhvokHotCf63 +YUU6afG9OLp/ASlcp2h21vmtDp7xSg6D7Ivn5cHtHnBvChG6vjQ9IO5gdwADBQgA +nNF7z5VcV00LbYQxN1vX77iKwJ1aEZVSYMrJnvthtJPM5alAsOQRRe85pgZsBfd2 +xgKbDZFsQaPei+n59nMPTxl68YsrYOWaBe9IRnEKBYIHSVwDAGsEdxyOKgphNO7c +QKcpRWdeqi9FQ11cWVLZrSqChmT9Z6uYGLDabKwAhYl6TrEQ2J9OzM586LARZHb8 +m2MOcGrla+XZZannjEVfaei5on8IuhOLalx/vx74C1qLi9B1fI/JyCsJlMQujkDr +pz80hwIyavutLB9TdQZn8TuNqL/m7cpU1YMbNIa/1Ow2Cio7zrhr/FvTX4KgMaGq +6ukx7qWDDbME96BF57IMtIkCIgQYAQIADAUCPFTLBAUJEswDAAAKCRDbaY1xmSQl +YPGsD/40gsxyQv4M8BFfPgnPEOYlSEBwpibr+XRdq7q98n3F9ZlXjJHq74RhX6ao +tL10wpeMb6fcFKhmaMu8Nhx4PUP9+h11I7EwmMeLn2prG/sSbsgCY4tsEW08NbDz +cXdj6+KvekpE6lYmOa4ORQTEODx81d9R8DxcqUCYHYn+iYMbEDnBZmHgPc5hkGvB +Nj2F+dGs4n0iBvxFSBoTSzHb9XksG3/cq8DdW59McJw1/nTyN2kLIvGjNqSeV+2P +2oeh5NRJAHs9X5W+Zar+sqvlHDa1e0jq2SrMhWdOD1qgTX3BzFyuhWW3IJLdcyFE +p6NsC/L2eJdkWwclT1xhEvm8LEsB21ndE2UNpIjOUcdFvEnYa84Di8ZpIvEvngG6 +q9tm5K14DXZYQczsN+rrOXgTYfxbEuCzpFCg1DZaRQmWkXcywzo7F2YUgw1nFe9T +lIrLJgXZcjg+ho3UNmquVr+qNV1IzYCkE6I70J/Q3fuXOfVdM2V0JQTaWfBOUFow +wVNyzI5XSl8TTwslsGN8roEAGBR33JwhBy6TldhErnR1pvIOVt0kkGXbEqIIYONv +fsdd2LIFZUfyegh8oFCJNDmKObKnuVyZH53Q3bgTn06D5TdBaCK9usVqUe+JZ1K4 +VLy+20kSiBqaLkel3417o+bqdpL3Uu8gXy1bsOhyo9m79ug8ookCIgQYAQIADAUC +PFTLCAUJEswDAAAKCRDbaY1xmSQlYGW9D/9ZQP1N5o7Ndm0Nh3WJ6oqSmjhWUQ2f +AZJqD/4U+z2fqOCQwI5QodSN/DJPRfbx4JnibPkui/8YBktB8SxhoqyD0W7oE5h0 +Xvj0+LeJ/ByhdZCgR/a2RAPu9D64xxh5p/7oyutI2sdLrsTs1OCeCMdaMz5ptrdb +oGpk4Wv94m1TOC+bztrRhEjDLrEJIPotpOYdSbq+moipSVJBMv9NrxfdeVb40Y4D +GGqtfsggarquJu9Lnq7PfrCdmdSzQcLI28yP1s6V0f3MZxH+stzTxtCCIsFjTsgx +Ubuxa/WYiW3qM+At+B6B3HDhBvjFdg2OBP12/2I/2ZiDQdZbUZJ42ND7oi1k34Pd +fExpCZRMWGr4UTJgtGqlCqSlTLTKmzxkI8d7Z+PHt7uQbew/GnFkzsU+VKtpfpIl +m3ym+0CgP6ap/nn5B2kSvf77p9iQQXHarl0L3cW7sQMlnPy8L5AqPWkg5+C/ihZW +gJWT7ujwnbrkrzddJxdBGEBvPNWEoCGzKBp6E0TXxgKfsp4dbszXcGLaaK/cUV2x +MgVLogjCPnAwaP3l60rc2nb3gV4JfVP9ogoI/Ikbf9nVeruT9dhVWZgNmvj7rRBV +VN7XjF0VN9ou7N3xuEiRaetd5pmr+Fme0HDCsSlVQuEOcP5LCGQpcwHMdz+DFGvW +OyACu33k12k2prkBogQ8VMvbEQQA9YjnqxRaPgKrbhTQqrzGMYBuP4QlbsQeEDA3 +y94jlPK++edfyUGUTnquXHDKmPnLwsqszYZCsC35nVP8FOsg0eATYYAj5A9uPDUX +GQkW1eNQFGoh5p4SxBQZKlVJCAJyVgMxXDtUwDbjQ9CkOONrv1YlajDz9h9yHfFU +jQrC47sAoOX8LBxMJVdAqGMOQGcI2lTWTfq1BACabalqZ3571+ePoAEsqSxZelhH +A/Se6oxlfxWNQilDGsgUSm53l7yeJn+8qZuiRm49wMlPZnzLA5isMAh0UyoTSnPs +8lnZDLbo4/s4H2Jz0+MahJSYtNtSKTNhuJv7Fh/kQGVltAaniUQeecoJK7YxhKbn +vsXKzg7YEL2DLKDA4AP/RDeDRhK7ehXbkeONeJsOPjvjdATxSa7Io+GIUFB1CSLg +aHfC43b8j7S5pEiZ8MOW+kwnP35G89h1K89nFpC47Xt8y/5DH4Z/tw3SdaEIr8TS +L3u/UOK4gZEc5uVhCGBAX/BdIYFWdO2UUjEaO3ox38lgH0HfNscqgN5zCEEc6lmJ +AiIEGAECAAwFAjxUy9sFCRLMAwAACgkQ22mNcZkkJWAthQ//QCSN1sFaeqFQEki7 +fg6E0n+t7mO+V1llNymp7G8Pq3iSI2d99oijVk2BQnrbhdLy+wjl9LyyzfvvaQ04 +QwAUvJNRgIaOpxkYb3z2tc31ho9eOYsQRmKxVzGWw1ii1OEnMBylsAaG58GpFI/5 +MTfucIlJBvXoESkHSoiyov2Pd1c3hJ/6OuFYbn5dvYplBi2K3pAq12OCmWticFvP +TBpVlvTED0h+I133oO1e1Rx999u1/PQgLem5qfuz3wLv9r8qkXgy1AqdOEBNsvXS +o09yWaDTKaZWb6k7viOq6k2aDOi4mr8qgrf8obs6fpOfg6WQw+DRL/T9KUHF0EUS +PVEMkbMc1V2iHURqXBGnIsa5JAi1eV1cMrp9T25DXWHlEfXRnPPjzTSJyJh2FmL9 +NnQrsmHf8f7DiR7uzCgA8+SZqRmr6o2j0FAPUrV4EmMYB7wTYPwPT7EXXmYs8m0o +vamXwGbIwT2Z/EGhOc3UdAQF232o156m097tib5HMbTT+8AcjX3TaeXDJpjI35Wy +bfJ8F2LEWmJsQwPC9MMCfy7SlW8BUqTBaelPvSYoKdLT6FOxtnoAVYn10WRIF7LE +SySJqENspSpv3ACJ/q1jZN6cXYKFlvKLR5Be/MWtnZ2AXqwHmR/XYGtXI6FRmNd6 +xrb+mP2QwkihMezVT+y2Q/EogXSJAmoEGAECAAwFCRLMAwAFAkQS4BkAUkcgBBkR +AgAGBQJEEuACAAoJEOJmXIdJ4cvJKsUAn3R2myTGfaAyxiDwL9l3ObofNnX9AJ46 +M4YTuhT9ETVc15IOaHY5VCLcUQkQ22mNcZkkJWCOtg//RVzC6tHMnmZXXA6jslgc +a2yf/q0zJIULR9azhcraU3yy8OzjVorX1i5Xh5Rr3SmZkHiNUMrOK0jCzyM9ykBa +58WOwwN1sZoNUQpUtmYja9kj/y444Atf0iIFW9TT4O31j25qEjz7cLZtmv+TnzcS +IaZekJrIZ/8D74eDqNrfy/WaAi0JK2iMiw4dqwLtIc2W7UTtXfSgiAtNrkp4smrO +6AUI2Xas7D+3zZiMlIv//W3ZSTF0vHtyBdmvcEPrs6DdjhsM+L7QHLnxD7HD86cv +Vh+9SzHelc5erhSWbwKMcZKykQ3uHhU9XCt60MYdbc8HHW92g0e9nEipZ7iS23uD +mzoKvfihtho2+j1w5uKM/S6N/fditlWJ9qHvLHVPLNKPp4DEHo4ns56LCY1cRUX7 +N4TOWu2iVSdtzg8NFvhfnKyWkUTCYFuU64Jiq9XcJLMAn2AY02RzQcF8LwbgzdyI +NK9pC0y0lH9ZrN6QyGinxILPVtwLsWO17JpDvKQf4+rmR9nHQSsvGJ/FjCDydMx5 +HaT+TfC4KRR8BBgTDgZkq6cllbeC1qgCz3LXgai9pIlvT9httrVcpOL0QHnKM5jd +7R8JZ1dt5qlltuWsC8Dw52kEGiBn095qmY1FFd02BxL7y7sxHp81m31yTErho+HQ +lcXTIscl65wt2LwowPG0n2iYjgRDt/rHAQQA0JkZeitcyQMqk2xGd/5mGoc4+YNw +Qo8OSmVwIvY8UAI3tBorhF6ha9niaqZU4vdldTnXMU0j1oPckAhOgRPaOvaEZhYU +TF0F/15piAF5dkZQ6dsmXVUkPNYMZTpkc2nA+IACBiOmygGBkLFuXvHRW1i6SNz2 +8iRH/UZcYLi/2iEAIIFWUJm0Jldlcm5lciBLb2NoIChkaXN0IHNpZykgPGRkOWpu +QGdudS5vcmc+iLwEEwECACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCTS2M +twUJClROYQAKCRBTtiDQHODGMPB4A/0U1DJR9LbkWuBs8Ko6KJoKLMVI6iYNJBhA +tm3dxWeUxA16eYDWW/b9Lk5KnjtSWuGOeqa7MCsXnkyHkO88KE9IcM3mFnhfFN2q +agd/nRchl9MPsdOgf/ug7j72Alv2V8s28R10HTjfwySe/omXWwK3qn8ou6N7ID+E +wCV7i2e2u5kDKgRHeRfDEQgAnwKxwiRUep5JsTYlvlBODwFt20JWvSVhagsLuFai +5DyP5R2+acR33/Bc8tjvPQcQ/+oV0g8dkpVZgBhzgiYUocdb3zRlWDbCZ9qDSudI +p/ZBrw9PplQAn8uTMj1fJrTHDjNqdfMFlbjHdoHmG3TWIAK35/wzaVP+fTOnglKY +V5GBA3BAgamUSo0gdSTRJ6hwDPoHOX3OFZWHWfh2AaxGU1/2Sz2YOZH30e18gOiI +Klj0mND62MQzsRro8nkracmYZpE+3s1c6CgSPspY926Sjq5Lii4wd1uU54Aiy2L0 +0f4O8szcoLf/rq6czTvOSrBiwVQ5JEoUrMIjyHrbdGRQfwDg/A2sKSzVE19nOszO +ndICn0vPw068V+j0uQOWcwf+MRAaZ45wq9kY5204uJXDS4Pm9uXPZa209Ul8ra1I +n1EG3DhJAnn5Pl+yT6FP8dw29Q7gveCwGjBX1NqOhlj08wTbRAQbRqYODLOUNcNY +NYA0RKSjN5hiD8nCyl4QfiX4vKRfqrwakYgN8Z1mQC2T9NPWXy2PvJzAdOrv+fcy +nC8s/of84wpqSCXRa+cUKLZus7SvEJrNRhtTDlT0NbwlAh4ksCGu1dSrZZWCCLB6 +ke7CF7k0poiyePE6tTWOfZxNYQ+yYnHHIIcj3l+dqJxXxMOahxDyaF4XDo8Urmts +fVPYu3KSZ8yypyAYXWWu00Ibe/4y+Au+UsvnxMXhEp4PDwgAlAU/s1FMwC3sxjmR +r8Z/NjjOq0f5dplfVl3qShAfiAzxtSQcKn5dX/NP5iPIYcJK9i2K8oXebvnHnEcu +9ffd3T0pwGA2srBv/rCFcWM/TOHaFkFYUnvRDiZ4FnL2D+Wwlg8m5pQWECYApKxV +KjL0EyTgpJaam40Jv7sV2lrpvXUgMaeWHhwiqgSC1J4wVS6Gq5ldG3Fl8KLWYlxX +d1qZwR4xP0Ep8nBYd9+Pm60fCk0p5kvr+iPgelvlTnMsx7fvFqV7qNWEuKJApmb+ +n8yJX+h3FSTiU/Haaqc8jIap+GGE9C20QvaK3NiqMdIc2oqLPStBKCn+TEUBDLAB +wHTNDLQcV2VybmVyIEtvY2ggPHdrQGcxMGNvZGUuY29tPohxBBMRCwAhAhsDBQkU +sIqNAh4BAheABQsHCgkCBRUIAgoDBQJHeR6AAAoJEPKthaweQrNn+kQA33yabKyY +9z1ujVoxcLF7ROc0mSsX75srRXIjxTgA4NKwgnV1GN1QL6bKH4G7AFTgmJMQjWLy +wpguY3G0Gldlcm5lciBLb2NoIDx3a0BnbnVwZy5vcmc+iHQEExELACQCGwMFCRSw +io0CHgECF4AFCwcKCQIFFQgCCgMFAkd5HpcCGQEACgkQ8q2FrB5Cs2eXYwDfUNqv +I0xrFP47l0+sBBD5j8Z9H9FygT4ZuVZOxwDePf9XYQuNja+MQUqZEtZbvilME5zf +5wUMo3sVtLkBDQRH47TPAQgArMK+fv08+pw2sCF0DQtk717TSyHmcmn8e7ndGXEB +xZWy/sQWoZrKKr5/gmkCH3O0p/sSZhijfCzTeElFO0ASFaSAvaXcQqhUnjEcI4ic +3KLbI7fSqoqgvkJ8qwfIFovb8jMO/tBQgNmYAODTBlnLq5zJIvTvpqEAePBZdd90 +SGiC6vNADZ04D5Pbl3ZdXNwakv1y+eLc4jnYPcAkqsf8U7/ClpGcaADPLC0Kp1lN +6lYBXRV6QXpEa0qh2JT4PGu7981hFVvKjBdvClbz6E8I3aSny8acUF6bBRV+/H9k +2lW9xrD7+E3obBXJ55CWOL4ynoS69ii2XyVQxyWz+a7ZlwARAQABiF8EGBELAA8F +AkfjtM8CGwwFCQcajaEACgkQ8q2FrB5Cs2cuqQDfYDr3l9GbFNxAZSv/HSXKcZ5M +Jys5TLffQYPQXwDfRzV6imKyGJmI6tAaDVAgLDNld64LDP2wrcOezLkBogROsUyG +EQQAlCMDC6m1nkcdAK3MV884airO5/akCJhT0CWjd6LxbM27SremsW7HSaUoOSNX +SXpPgktdDcA7y6Y8cXteGm9+/ZHwNoXgYWnTpWjk50qLre0iCNLcpT1V0cMEev5B +/2YXOiog/7obnI+tjG/y7V41bNzAceKehSFbSi5hyz7EAZMAoIbBb88QRdsh1RKm +tHdVXsjuvldpA/0cp/wmWwWEfWMGKvtCk5i6Ayl8T6YHRjtqZwnMFrNbjEssulkQ +0XpDGRcAyO92utp12sl7h8DWl4OSEFh6rnFVJPrII8YQXahrAchB7Mtc5AzDFFmg +JqvJdp8WEVnx+nLl9shaRifHUSdLwdt909p+1CFm8ChDl7+eZE7YbvEWGQP+JNA0 +DHFqNSxCFzs667Cnic7op3BkaUN13zNuR1aVpepxUEhkk6LfiiHmQON7QHVAqvtq +/TO0svyy8nAeFhlWqcXX84tuoobmnsCowa137CXYV/SD7JVjy5X/b6cbs2sIty37 +eJLjoffnxQHvN+azf+JtxtTXhMTedhBQAgdlBGaIoQQYEQgACQUCTrgQCQIbAgBS +CRDyrYWsHkKzZ0cgBBkRCAAGBQJOuBAJAAoJEE8FQNV3+V+VkpoAnA5MTmFbkcoM +4N4OYwb3YGMfoAD0AJ9j2e0iEo9fhMfcSoKG9xssLopUTOj0AODNadm6ajGAly1I +oam+eLSbqxHfSkQEHOxhMiFjAN9q4LuirSOu65uR1bnTmF+Z92++qMIuEkH4/LnN +uQENBE64FVgBCAChkCmMrdCKW/PWuBQs2/lcTqz3i33KOUCynyj1aOzen9HUJVHy +mJnN4dZTjq3ARlSTuCSoJmQwcmom0wjDS2L9qqCnUctdyIoFxTetnMP3JkBhJ4j5 +IxtwkTznWa0SgEjvBdNUkLTBG/3lgfMFoqlQNh1or07wsHS+LlvaxvFnqMozssKq +YLC9mTVqWfXvTeRsCzYLvZ6jy4rqbJnDIJzHgqV3K6cyqA5NcZqoWj8OQNUbS+sV +CU8nkYkDYQA7wm2nwolEfROSdFtSTmL49PNQS1V3MUdLUb7SfsDmwfm59SDmJUp4 +iw3F535P/ei+G5cBYzHO0jN0nzUH/sfM7njjABEBAAGIXwQYEQgADwUCTrgVWAIb +DAUJBAqORwAKCRDyrYWsHkKzZ6TKAN0WMNFzexmPvciaqa2LyUVUI/ht3suw/tlV +SGDCAN9tCWF1UFBrQORgcrpgQBfNKPkUdAxxyiDrXfZ1mQENBE0ti4EBCACqGtKl +X9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3IUe8TuDrGT742XFncG9Po +MBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjgjvDAH8cZ+fkIayWtObTx +wqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7KRw6B5ucs4qSzp5VH4Cq +Dr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8uqA35ZiyczUvvJSLYvf7S +TO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB1BAY5s3FKqrkaxZr3BBj +euGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChkaXN0IHNpZymJAT4EEwEC +ACgFAk0ti4ECGwMFCRDdnwIGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECSb +OdJPJeO2PlMIAJxPtFXf5yozPpFjRbSkSdjsk9eru05shKZOAKw3RUePTU80SRLP +dg4AH+vkm1JMWFFpwvHlgfxqnE9rp13o7L/4UwNUwqH85zCwu7SHz9cX3d4UUwzc +P6qQP4BQEH9/xlpQS9eTK9b2RMyggqwd/J8mxjvoWzL8Klf/wl6jXHn/yP92xG9/ +YA86lNOL1N3/PhlZzLuJ6bdD9WzsEp/+kh3UDfjkIrOcWkqwupB+d01R4bHPu9tv +Xy8Xut8Sok2zku2xVkEOsV2TXHbwuHO2AGC5pWDX6wgCE4F5XeCB/0ovao2/bk22 +w1TxzP6PMxo6sLkmaF6D0frhM2bl4C/uSsq5AQ0ETS2LgQEIAKHwucgbaRj0V7Ht +0FnM6RmbqwZ7IFV2lR+YN1gkZaWRRCaJoPEZFKhhPEBX1bDVwr/iTPaPPEtpi7oQ +oHk65yeLrhtOmXXpNVkV/5WQjAJIrWn+JQ3z/ZejxHULhzKsGg5FC6pRYcEyzRXH +tv4BO9kBIKNVirZjEkQG4BnIrQgl6e2YFa47GNMqcQH7nJdwG1cGQOZOIDQQM41g +BzwoSrStMA6DjHkukFegKfcSbSLArBtYNAwTwmW7RqOMEJwlo0+NYx2Yn75x66bY +wdlsP0FLOgez/O/IxoPRxXr0l4e+uj6dFHqvBi04dx6JsPmXEyeAyLiCWSh7Rwq8 +uIhBUBUAEQEAAYkBJQQYAQIADwUCTS2LgQIbIAUJEN2fAgAKCRAkmznSTyXjtrsS +CACRNgfGkD0OqOiwYo1/+KyWnrQLusVvSYOw8hN66geU3BO8iQ0Koy+m0QKY1kWj +aHwewpg8ZebY4E2sHbNIC9Spyiyz29sAJ2invf4/4MepTgpxNiw4+XmykCkN1AfV +hvMTQXMzRbO5ZwRtPpjsMr1j5vX1s6U3/RxSAItpAkCu1GGTTOH0r12Ochc/um+Q +GAyO6WUj/IiZ1MX7toXW0SCo8DSl8z5Q7KmJWF6TQLK1Lku4bIVG1Huwo1/0WHc2 +vCad5BxHjgoy8TsKLTmvYQZWtnjWvQGV2UOABYWcacutZXQQ2PPCIY7LlpuS/45C +XWbT5Y+mxY3y7dbz4aF+8uyCiJwEEAECAAYFAk0tjQQACgkQU7Yg0BzgxjBGTwQA +i5qzI6cJslbyOl+TeDZVnLV0FmPuDg8dojvQrVDPxfemIjxZZoMLCVM8ly8AC2JP +rIYfN040C343saIc0tTtOwwmVMuy7G/Uex22CdWH/0HBMpG4gFuOuQmW9QQDjEdh +1DgwU2gAWonX54ZlMybWss+2NCikRwMflVUupH57Bas= +=WK93 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi new file mode 100644 index 0000000..200fed8 --- /dev/null +++ b/doc/scdaemon.texi @@ -0,0 +1,731 @@ +@c Copyright (C) 2002 Free Software Foundation, Inc. +@c This is part of the GnuPG manual. +@c For copying conditions, see the file gnupg.texi. + +@node Invoking SCDAEMON +@chapter Invoking the SCDAEMON +@cindex SCDAEMON command options +@cindex command options +@cindex options, SCDAEMON command + +@manpage scdaemon.1 +@ifset manverb +.B scdaemon +\- Smartcard daemon for the GnuPG system +@end ifset + +@mansect synopsis +@ifset manverb +.B scdaemon +.RB [ \-\-homedir +.IR dir ] +.RB [ \-\-options +.IR file ] +.RI [ options ] +.B \-\-server +.br +.B scdaemon +.RB [ \-\-homedir +.IR dir ] +.RB [ \-\-options +.IR file ] +.RI [ options ] +.B \-\-daemon +.RI [ command_line ] +@end ifset + + +@mansect description +The @command{scdaemon} is a daemon to manage smartcards. It is usually +invoked by @command{gpg-agent} and in general not used directly. + +@manpause +@xref{Option Index}, for an index to @command{scdaemon}'s commands and +options. +@mancont + +@menu +* Scdaemon Commands:: List of all commands. +* Scdaemon Options:: List of all options. +* Card applications:: Description of card applications. +* Scdaemon Configuration:: Configuration files. +* Scdaemon Examples:: Some usage examples. +* Scdaemon Protocol:: The protocol the daemon uses. +@end menu + +@mansect commands + +@node Scdaemon Commands +@section Commands + +Commands are not distinguished from options except for the fact that +only one command is allowed. + +@table @gnupgtabopt +@item --version +@opindex version +Print the program version and licensing information. Not that you can +abbreviate this command. + +@item --help, -h +@opindex help +Print a usage message summarizing the most useful command-line options. +Not that you can abbreviate this command. + +@item --dump-options +@opindex dump-options +Print a list of all available options and commands. Not that you can +abbreviate this command. + +@item --server +@opindex server +Run in server mode and wait for commands on the @code{stdin}. This is +default mode is to create a socket and listen for commands there. + +@item --multi-server +@opindex multi-server +Run in server mode and wait for commands on the @code{stdin} as well as +on an additional Unix Domain socket. The server command @code{GETINFO} +may be used to get the name of that extra socket. + +@item --daemon +@opindex daemon +Run the program in the background. This option is required to prevent +it from being accidentally running in the background. + +@end table + + +@mansect options + +@node Scdaemon Options +@section Option Summary + +@table @gnupgtabopt + +@item --options @var{file} +@opindex options +Reads configuration from @var{file} instead of from the default +per-user configuration file. The default configuration file is named +@file{scdaemon.conf} and expected in the @file{.gnupg} directory directly +below the home directory of the user. + +@include opt-homedir.texi + + +@item -v +@item --verbose +@opindex v +@opindex verbose +Outputs additional information while running. +You can increase the verbosity by giving several +verbose commands to @command{gpgsm}, such as @samp{-vv}. + +@item --debug-level @var{level} +@opindex debug-level +Select the debug level for investigating problems. @var{level} may be +a numeric value or a keyword: + +@table @code +@item none +No debugging at all. A value of less than 1 may be used instead of +the keyword. +@item basic +Some basic debug messages. A value between 1 and 2 may be used +instead of the keyword. +@item advanced +More verbose debug messages. A value between 3 and 5 may be used +instead of the keyword. +@item expert +Even more detailed messages. A value between 6 and 8 may be used +instead of the keyword. +@item guru +All of the debug messages you can get. A value greater than 8 may be +used instead of the keyword. The creation of hash tracing files is +only enabled if the keyword is used. +@end table + +How these messages are mapped to the actual debugging flags is not +specified and may change with newer releases of this program. They are +however carefully selected to best aid in debugging. + +@quotation Note +All debugging options are subject to change and thus should not be used +by any application program. As the name says, they are only used as +helpers to debug problems. +@end quotation + + +@item --debug @var{flags} +@opindex debug +This option is only useful for debugging and the behaviour may change at +any time without notice. FLAGS are bit encoded and may be given in +usual C-Syntax. The currently defined bits are: + +@table @code +@item 0 (1) +command I/O +@item 1 (2) +values of big number integers +@item 2 (4) +low level crypto operations +@item 5 (32) +memory allocation +@item 6 (64) +caching +@item 7 (128) +show memory statistics. +@item 9 (512) +write hashed data to files named @code{dbgmd-000*} +@item 10 (1024) +trace Assuan protocol. See also option @option{--debug-assuan-log-cats}. +@item 11 (2048) +trace APDU I/O to the card. This may reveal sensitive data. +@item 12 (4096) +trace some card reader related function calls. +@end table + +@item --debug-all +@opindex debug-all +Same as @code{--debug=0xffffffff} + +@item --debug-wait @var{n} +@opindex debug-wait +When running in server mode, wait @var{n} seconds before entering the +actual processing loop and print the pid. This gives time to attach a +debugger. + +@item --debug-ccid-driver +@opindex debug-wait +Enable debug output from the included CCID driver for smartcards. +Using this option twice will also enable some tracing of the T=1 +protocol. Note that this option may reveal sensitive data. + +@item --debug-disable-ticker +@opindex debug-disable-ticker +This option disables all ticker functions like checking for card +insertions. + +@item --debug-allow-core-dump +@opindex debug-allow-core-dump +For security reasons we won't create a core dump when the process +aborts. For debugging purposes it is sometimes better to allow core +dump. This options enables it and also changes the working directory to +@file{/tmp} when running in @option{--server} mode. + +@item --debug-log-tid +@opindex debug-log-tid +This option appends a thread ID to the PID in the log output. + +@item --debug-assuan-log-cats @var{cats} +@opindex debug-assuan-log-cats +Changes the active Libassuan logging categories to @var{cats}. The +value for @var{cats} is an unsigned integer given in usual C-Syntax. +A value of of 0 switches to a default category. If this option is not +used the categories are taken from the environment variable +@samp{ASSUAN_DEBUG}. Note that this option has only an effect if the +Assuan debug flag has also been with the option @option{--debug}. For +a list of categories see the Libassuan manual. + +@item --no-detach +@opindex no-detach +Don't detach the process from the console. This is mainly useful for +debugging. + +@item --log-file @var{file} +@opindex log-file +Append all logging output to @var{file}. This is very helpful in +seeing what the agent actually does. + + +@item --pcsc-driver @var{library} +@opindex pcsc-driver +Use @var{library} to access the smartcard reader. The current default +is @file{libpcsclite.so}. Instead of using this option you might also +want to install a symbolic link to the default file name +(e.g. from @file{libpcsclite.so.1}). + +@item --ctapi-driver @var{library} +@opindex ctapi-driver +Use @var{library} to access the smartcard reader. The current default +is @file{libtowitoko.so}. Note that the use of this interface is +deprecated; it may be removed in future releases. + +@item --disable-ccid +@opindex disable-ccid +Disable the integrated support for CCID compliant readers. This +allows to fall back to one of the other drivers even if the internal +CCID driver can handle the reader. Note, that CCID support is only +available if libusb was available at build time. + +@item --reader-port @var{number_or_string} +@opindex reader-port +This option may be used to specify the port of the card terminal. A +value of 0 refers to the first serial device; add 32768 to access USB +devices. The default is 32768 (first USB device). PC/SC or CCID +readers might need a string here; run the program in verbose mode to get +a list of available readers. The default is then the first reader +found. + +To get a list of available CCID readers you may use this command: +@smallexample +echo scd getinfo reader_list | gpg-connect-agent --decode | awk '/^D/ @{print $2@}' +@end smallexample + + +@item --card-timeout @var{n} +@opindex card-timeout +If @var{n} is not 0 and no client is actively using the card, the card +will be powered down after @var{n} seconds. Powering down the card +avoids a potential risk of damaging a card when used with certain +cheap readers. This also allows non Scdaemon aware applications to +access the card. The disadvantage of using a card timeout is that +accessing the card takes longer and that the user needs to enter the +PIN again after the next power up. + +Note that with the current version of Scdaemon the card is powered +down immediately at the next timer tick for any value of @var{n} other +than 0. + + +@item --disable-keypad +@opindex disable-keypad +Even if a card reader features a keypad, do not try to use it. + + +@item --deny-admin +@opindex deny-admin +@opindex allow-admin +This option disables the use of admin class commands for card +applications where this is supported. Currently we support it for the +OpenPGP card. This commands is useful to inhibit accidental access to +admin class command which could ultimately lock the card through wrong +PIN numbers. Note that GnuPG versions older than 2.0.11 featured an +@option{--allow-admin} command which was required to use such admin +commands. This option has no more effect today because the default is +now to allow admin commands. + +@item --disable-application @var{name} +@opindex disable-application +This option disables the use of the card application named +@var{name}. This is mainly useful for debugging or if a application +with lower priority should be used by default. + +@end table + +All the long options may also be given in the configuration file after +stripping off the two leading dashes. + + +@mansect card applications +@node Card applications +@section Description of card applications + +@command{scdaemon} supports the card applications as described below. + +@menu +* OpenPGP Card:: The OpenPGP card application +* NKS Card:: The Telesec NetKey card application +* DINSIG Card:: The DINSIG card application +* PKCS#15 Card:: The PKCS#15 card application +* Geldkarte Card:: The Geldkarte application +* Undefined Card:: The Undefined stub application +@end menu + +@node OpenPGP Card +@subsection The OpenPGP card application ``openpgp'' + +This application is currently only used by @command{gpg} but may in +future also be useful with @command{gpgsm}. Version 1 and version 2 of +the card is supported. + +The specifications for these cards are available at +@uref{http://g10code.com/docs/openpgp-card-1.0.pdf} and +@uref{http://g10code.com/docs/openpgp-card-2.0.pdf}. + +@node NKS Card +@subsection The Telesec NetKey card ``nks'' + +This is the main application of the Telesec cards as available in +Germany. It is a superset of the German DINSIG card. The card is +used by @command{gpgsm}. + +@node DINSIG Card +@subsection The DINSIG card application ``dinsig'' + +This is an application as described in the German draft standard +@emph{DIN V 66291-1}. It is intended to be used by cards supporting +the German signature law and its bylaws (SigG and SigV). + +@node PKCS#15 Card +@subsection The PKCS#15 card application ``p15'' + +This is common framework for smart card applications. It is used by +@command{gpgsm}. + +@node Geldkarte Card +@subsection The Geldkarte card application ``geldkarte'' + +This is a simple application to display information of a German +Geldkarte. The Geldkarte is a small amount debit card application which +comes with almost all German banking cards. + +@node Undefined Card +@subsection The Undefined card application ``undefined'' + +This is a stub application to allow the use of the APDU command even +if no supported application is found on the card. This application is +not used automatically but must be explicitly requested using the +SERIALNO command. + + +@c ******************************************* +@c *************** **************** +@c *************** FILES **************** +@c *************** **************** +@c ******************************************* +@mansect files +@node Scdaemon Configuration +@section Configuration files + +There are a few configuration files to control certain aspects of +@command{scdaemons}'s operation. Unless noted, they are expected in the +current home directory (@pxref{option --homedir}). + +@table @file + +@item scdaemon.conf +@cindex scdaemon.conf +This is the standard configuration file read by @command{scdaemon} on +startup. It may contain any valid long option; the leading two dashes +may not be entered and the option may not be abbreviated. This default +name may be changed on the command line (@pxref{option --options}). + +@item scd-event +@cindex scd-event +If this file is present and executable, it will be called on veyer card +reader's status changed. An example of this script is provided with the +distribution + +@item reader_@var{n}.status +This file is created by @command{sdaemon} to let other applications now +about reader status changes. Its use is now deprecated in favor of +@file{scd-event}. + +@end table + + +@c +@c Examples +@c +@mansect examples +@node Scdaemon Examples +@section Examples + +@c man begin EXAMPLES + +@example +$ scdaemon --server -v +@end example + +@c man end + +@c +@c Assuan Protocol +@c +@manpause +@node Scdaemon Protocol +@section Scdaemon's Assuan Protocol + +The SC-Daemon should be started by the system to provide access to +external tokens. Using Smartcards on a multi-user system does not +make much sense expect for system services, but in this case no +regular user accounts are hosted on the machine. + +A client connects to the SC-Daemon by connecting to the socket named +@file{/var/run/scdaemon/socket}, configuration information is read from +@var{/etc/scdaemon.conf} + +Each connection acts as one session, SC-Daemon takes care of +synchronizing access to a token between sessions. + +@menu +* Scdaemon SERIALNO:: Return the serial number. +* Scdaemon LEARN:: Read all useful information from the card. +* Scdaemon READCERT:: Return a certificate. +* Scdaemon READKEY:: Return a public key. +* Scdaemon PKSIGN:: Signing data with a Smartcard. +* Scdaemon PKDECRYPT:: Decrypting data with a Smartcard. +* Scdaemon GETATTR:: Read an attribute's value. +* Scdaemon SETATTR:: Update an attribute's value. +* Scdaemon WRITEKEY:: Write a key to a card. +* Scdaemon GENKEY:: Generate a new key on-card. +* Scdaemon RANDOM:: Return random bytes generate on-card. +* Scdaemon PASSWD:: Change PINs. +* Scdaemon CHECKPIN:: Perform a VERIFY operation. +* Scdaemon RESTART:: Restart connection +* Scdaemon APDU:: Send a verbatim APDU to the card +@end menu + +@node Scdaemon SERIALNO +@subsection Return the serial number + +This command should be used to check for the presence of a card. It is +special in that it can be used to reset the card. Most other commands +will return an error when a card change has been detected and the use of +this function is therefore required. + +Background: We want to keep the client clear of handling card changes +between operations; i.e. the client can assume that all operations are +done on the same card unless he call this function. + +@example + SERIALNO +@end example + +Return the serial number of the card using a status response like: + +@example + S SERIALNO D27600000000000000000000 0 +@end example + +The trailing 0 should be ignored for now, it is reserved for a future +extension. The serial number is the hex encoded value identified by +the @code{0x5A} tag in the GDO file (FIX=0x2F02). + + + +@node Scdaemon LEARN +@subsection Read all useful information from the card + +@example + LEARN [--force] +@end example + +Learn all useful information of the currently inserted card. When +used without the force options, the command might do an INQUIRE +like this: + +@example + INQUIRE KNOWNCARDP <hexstring_with_serialNumber> <timestamp> +@end example + +The client should just send an @code{END} if the processing should go on +or a @code{CANCEL} to force the function to terminate with a cancel +error message. The response of this command is a list of status lines +formatted as this: + +@example + S KEYPAIRINFO @var{hexstring_with_keygrip} @var{hexstring_with_id} +@end example + +If there is no certificate yet stored on the card a single "X" is +returned in @var{hexstring_with_keygrip}. + +@node Scdaemon READCERT +@subsection Return a certificate + +@example + READCERT @var{hexified_certid}|@var{keyid} +@end example + +This function is used to read a certificate identified by +@var{hexified_certid} from the card. With OpenPGP cards the keyid +@code{OpenPGP.3} may be used to rad the certificate of version 2 cards. + + +@node Scdaemon READKEY +@subsection Return a public key + +@example +READKEY @var{hexified_certid} +@end example + +Return the public key for the given cert or key ID as an standard +S-Expression. + + + +@node Scdaemon PKSIGN +@subsection Signing data with a Smartcard + +To sign some data the caller should use the command + +@example + SETDATA @var{hexstring} +@end example + +to tell @command{scdaemon} about the data to be signed. The data must be given in +hex notation. The actual signing is done using the command + +@example + PKSIGN @var{keyid} +@end example + +where @var{keyid} is the hexified ID of the key to be used. The key id +may have been retrieved using the command @code{LEARN}. If another +hash algorithm than SHA-1 is used, that algorithm may be given like: + +@example + PKSIGN --hash=@var{algoname} @var{keyid} +@end example + +With @var{algoname} are one of @code{sha1}, @code{rmd160} or @code{md5}. + + +@node Scdaemon PKDECRYPT +@subsection Decrypting data with a Smartcard + +To decrypt some data the caller should use the command + +@example + SETDATA @var{hexstring} +@end example + +to tell @command{scdaemon} about the data to be decrypted. The data +must be given in hex notation. The actual decryption is then done +using the command + +@example + PKDECRYPT @var{keyid} +@end example + +where @var{keyid} is the hexified ID of the key to be used. + + +@node Scdaemon GETATTR +@subsection Read an attribute's value. + +TO BE WRITTEN. + +@node Scdaemon SETATTR +@subsection Update an attribute's value. + +TO BE WRITTEN. + +@node Scdaemon WRITEKEY +@subsection Write a key to a card. + +@example + WRITEKEY [--force] @var{keyid} +@end example + +This command is used to store a secret key on a smartcard. The +allowed keyids depend on the currently selected smartcard +application. The actual keydata is requested using the inquiry +@code{KEYDATA} and need to be provided without any protection. With +@option{--force} set an existing key under this @var{keyid} will get +overwritten. The key data is expected to be the usual canonical encoded +S-expression. + +A PIN will be requested in most cases. This however depends on the +actual card application. + + +@node Scdaemon GENKEY +@subsection Generate a new key on-card. + +TO BE WRITTEN. + +@node Scdaemon RANDOM +@subsection Return random bytes generate on-card. + +TO BE WRITTEN. + + +@node Scdaemon PASSWD +@subsection Change PINs. + +@example + PASSWD [--reset] [--nullpin] @var{chvno} +@end example + +Change the PIN or reset the retry counter of the card holder +verification vector number @var{chvno}. The option @option{--nullpin} +is used to initialize the PIN of TCOS cards (6 byte NullPIN only). + + +@node Scdaemon CHECKPIN +@subsection Perform a VERIFY operation. + +@example + CHECKPIN @var{idstr} +@end example + +Perform a VERIFY operation without doing anything else. This may be +used to initialize a the PIN cache earlier to long lasting +operations. Its use is highly application dependent: + +@table @strong +@item OpenPGP + +Perform a simple verify operation for CHV1 and CHV2, so that further +operations won't ask for CHV2 and it is possible to do a cheap check on +the PIN: If there is something wrong with the PIN entry system, only the +regular CHV will get blocked and not the dangerous CHV3. @var{idstr} is +the usual card's serial number in hex notation; an optional fingerprint +part will get ignored. + +There is however a special mode if @var{idstr} is suffixed with the +literal string @code{[CHV3]}: In this case the Admin PIN is checked if +and only if the retry counter is still at 3. + +@end table + + + +@node Scdaemon RESTART +@subsection Perform a RESTART operation. + +@example + RESTART +@end example + +Restart the current connection; this is a kind of warm reset. It +deletes the context used by this connection but does not actually +reset the card. + +This is used by gpg-agent to reuse a primary pipe connection and +may be used by clients to backup from a conflict in the serial +command; i.e. to select another application. + + + + +@node Scdaemon APDU +@subsection Send a verbatim APDU to the card. + +@example + APDU [--atr] [--more] [--exlen[=@var{n}]] [@var{hexstring}] +@end example + + +Send an APDU to the current reader. This command bypasses the high +level functions and sends the data directly to the card. +@var{hexstring} is expected to be a proper APDU. If @var{hexstring} is +not given no commands are send to the card; However the command will +implicitly check whether the card is ready for use. + +Using the option @code{--atr} returns the ATR of the card as a status +message before any data like this: +@example + S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1 +@end example + +Using the option @code{--more} handles the card status word MORE_DATA +(61xx) and concatenate all responses to one block. + +Using the option @code{--exlen} the returned APDU may use extended +length up to N bytes. If N is not given a default value is used +(currently 4096). + + + +@mansect see also +@ifset isman +@command{gpg-agent}(1), +@command{gpgsm}(1), +@command{gpg2}(1) +@end ifset +@include see-also-note.texi + diff --git a/doc/see-also-note.texi b/doc/see-also-note.texi new file mode 100644 index 0000000..b18efc3 --- /dev/null +++ b/doc/see-also-note.texi @@ -0,0 +1,14 @@ +@c We append this note to all ``see also'' sections of the man pages + +@ifset isman +The full documentation for this tool is maintained as a Texinfo manual. +If GnuPG and the info program are properly installed at your site, the +command + +@example +info gnupg +@end example + +should give you access to the complete manual including a menu structure +and an index. +@end ifset diff --git a/doc/specify-user-id.texi b/doc/specify-user-id.texi new file mode 100644 index 0000000..7d23ed8 --- /dev/null +++ b/doc/specify-user-id.texi @@ -0,0 +1,171 @@ +@c Include file to allow for different placements in man pages and the manual + +There are different ways to specify a user ID to GnuPG. Some of them +are only valid for @command{gpg} others are only good for +@command{gpgsm}. Here is the entire list of ways to specify a key: + +@itemize @bullet + +@item By key Id. +This format is deduced from the length of the string and its content or +@code{0x} prefix. The key Id of an X.509 certificate are the low 64 bits +of its SHA-1 fingerprint. The use of key Ids is just a shortcut, for +all automated processing the fingerprint should be used. + +When using @command{gpg} an exclamation mark (!) may be appended to +force using the specified primary or secondary key and not to try and +calculate which primary or secondary key to use. + +The last four lines of the example give the key ID in their long form as +internally used by the OpenPGP protocol. You can see the long key ID +using the option @option{--with-colons}. + +@cartouche +@example +234567C4 +0F34E556E +01347A56A +0xAB123456 + +234AABBCC34567C4 +0F323456784E56EAB +01AB3FED1347A5612 +0x234AABBCC34567C4 +@end example +@end cartouche + + + +@item By fingerprint. +This format is deduced from the length of the string and its content or +the @code{0x} prefix. Note, that only the 20 byte version fingerprint +is available with @command{gpgsm} (i.e. the SHA-1 hash of the +certificate). + +When using @command{gpg} an exclamation mark (!) may be appended to +force using the specified primary or secondary key and not to try and +calculate which primary or secondary key to use. + +The best way to specify a key Id is by using the fingerprint. This +avoids any ambiguities in case that there are duplicated key IDs. + +@cartouche +@example +1234343434343434C434343434343434 +123434343434343C3434343434343734349A3434 +0E12343434343434343434EAB3484343434343434 +0xE12343434343434343434EAB3484343434343434 +@end example +@end cartouche + +@noindent +(@command{gpgsm} also accepts colons between each pair of hexadecimal +digits because this is the de-facto standard on how to present X.509 +fingerprints.) + +@item By exact match on OpenPGP user ID. +This is denoted by a leading equal sign. It does not make sense for +X.509 certificates. + +@cartouche +@example +=Heinrich Heine <heinrichh@@uni-duesseldorf.de> +@end example +@end cartouche + +@item By exact match on an email address. +This is indicated by enclosing the email address in the usual way +with left and right angles. + +@cartouche +@example +<heinrichh@@uni-duesseldorf.de> +@end example +@end cartouche + + +@item By word match. +All words must match exactly (not case sensitive) but can appear in any +order in the user ID or a subjects name. Words are any sequences of +letters, digits, the underscore and all characters with bit 7 set. + +@cartouche +@example ++Heinrich Heine duesseldorf +@end example +@end cartouche + +@item By exact match on the subject's DN. +This is indicated by a leading slash, directly followed by the RFC-2253 +encoded DN of the subject. Note that you can't use the string printed +by "gpgsm --list-keys" because that one as been reordered and modified +for better readability; use --with-colons to print the raw (but standard +escaped) RFC-2253 string + +@cartouche +@example +/CN=Heinrich Heine,O=Poets,L=Paris,C=FR +@end example +@end cartouche + +@item By exact match on the issuer's DN. +This is indicated by a leading hash mark, directly followed by a slash +and then directly followed by the rfc2253 encoded DN of the issuer. +This should return the Root cert of the issuer. See note above. + +@cartouche +@example +#/CN=Root Cert,O=Poets,L=Paris,C=FR +@end example +@end cartouche + + +@item By exact match on serial number and issuer's DN. +This is indicated by a hash mark, followed by the hexadecimal +representation of the serial number, then followed by a slash and the +RFC-2253 encoded DN of the issuer. See note above. + +@cartouche +@example +#4F03/CN=Root Cert,O=Poets,L=Paris,C=FR +@end example +@end cartouche + +@item By keygrip +This is indicated by an ampersand followed by the 40 hex digits of a +keygrip. @command{gpgsm} prints the keygrip when using the command +@option{--dump-cert}. It does not yet work for OpenPGP keys. + +@cartouche +@example +&D75F22C3F86E355877348498CDC92BD21010A480 +@end example +@end cartouche + + +@item By substring match. +This is the default mode but applications may want to explicitly +indicate this by putting the asterisk in front. Match is not case +sensitive. + +@cartouche +@example +Heine +*Heine +@end example +@end cartouche + +@end itemize + + +Please note that we have reused the hash mark identifier which was used +in old GnuPG versions to indicate the so called local-id. It is not +anymore used and there should be no conflict when used with X.509 stuff. + +Using the RFC-2253 format of DNs has the drawback that it is not +possible to map them back to the original encoding, however we don't +have to do this because our key database stores this encoding as meta +data. + + + diff --git a/doc/stamp-vti b/doc/stamp-vti new file mode 100644 index 0000000..8f6243a --- /dev/null +++ b/doc/stamp-vti @@ -0,0 +1,4 @@ +@set UPDATED 27 March 2012 +@set UPDATED-MONTH March 2012 +@set EDITION 2.0.19 +@set VERSION 2.0.19 diff --git a/doc/sysnotes.texi b/doc/sysnotes.texi new file mode 100644 index 0000000..a8cea87 --- /dev/null +++ b/doc/sysnotes.texi @@ -0,0 +1,86 @@ +@c Copyright (C) 2004 Free Software Foundation, Inc. +@c This is part of the GnuPG manual. +@c For copying conditions, see the file gnupg.texi. + +@node System Notes +@chapter Notes pertaining to certain OSes. + +GnuPG has been developed on GNU/Linux systems and is know to work on +almost all Free OSes. All modern POSIX systems should be supported +right now, however there are probably a lot of smaller glitches we need +to fix first. The major problem areas are: + +@itemize +@item +For logging to sockets and other internal operations the +@code{fopencookie} function (@code{funopen} under *BSD) is used. This +is a very convenient function which makes it possible to create outputs in +a structures and easy maintainable way. The drawback however is that +most proprietary OSes don't support this function. At g10@tie{}Code we +have looked into several ways on how to overcome this limitation but no +sufficiently easy and maintainable way has been found. Porting +@emph{glibc} to a general POSIX system is of course an option and would +make writing portable software much easier; this it has not yet been +done and the system administrator would need to cope with the GNU +specific admin things in addition to the generic ones of his system. + +We have now settled to use explicit stdio wrappers with a functionality +similar to funopen. Although the code for this has already been written +(@emph{libestream}), we have not yet changed GnuPG to use it. + +This means that on systems not supporting either @code{funopen} or +@code{fopencookie}, logging to a socket won't work, prompts are not +formatted as pretty as they should be and @command{gpgsm}'s +@code{LISTKEYS} Assuan command does not work. + +@item +We are planning to use file descriptor passing for interprocess +communication. This will allow us save a lot of resources and improve +performance of certain operations a lot. Systems not supporting this +won't gain these benefits but we try to keep them working the standard +way as it is done today. + +@item +We require more or less full POSIX compatibility. This has been +around for 15 years now and thus we don't believe it makes sense to +support non POSIX systems anymore. Well, we of course the usual +workarounds for near POSIX systems well be applied. + +There is one exception of this rule: Systems based the Microsoft Windows +API (called here @emph{W32}) will be supported to some extend. + +@end itemize + + +@menu +* W32 Notes:: Microsoft Windows Notes +@end menu + + +@node W32 Notes +@section Microsoft Windows Notes + +@noindent +Current limitations are: + +@itemize + +@item +@command{gpgconf} does not create backup files, so in case of trouble +your configuration file might get lost. + +@item +@command{watchgnupg} is not available. Logging to sockets is not +possible. + +@item +The periodical smartcard status checking done by @command{scdaemon} is +not yet supported. + +@end itemize + + + + + + diff --git a/doc/texi.css b/doc/texi.css new file mode 100644 index 0000000..a369abc --- /dev/null +++ b/doc/texi.css @@ -0,0 +1,6 @@ +/* The gnupg.org standard stylesheet. */ + @import url(/share/site.css); + + + + diff --git a/doc/tools.texi b/doc/tools.texi new file mode 100644 index 0000000..be1233b --- /dev/null +++ b/doc/tools.texi @@ -0,0 +1,1899 @@ +@c Copyright (C) 2004, 2008 Free Software Foundation, Inc. +@c This is part of the GnuPG manual. +@c For copying conditions, see the file GnuPG.texi. + +@node Helper Tools +@chapter Helper Tools + +GnuPG comes with a couple of smaller tools: + +@menu +* watchgnupg:: Read logs from a socket. +* gpgv:: Verify OpenPGP signatures. +* addgnupghome:: Create .gnupg home directories. +* gpgconf:: Modify .gnupg home directories. +* applygnupgdefaults:: Run gpgconf for all users. +* gpgsm-gencert.sh:: Generate an X.509 certificate request. +* gpg-preset-passphrase:: Put a passphrase into the cache. +* gpg-connect-agent:: Communicate with a running agent. +@ifset gpgtwoone +* dirmngr-client:: How to use the Dirmngr client tool. +@end ifset +* gpgparsemail:: Parse a mail message into an annotated format +* symcryptrun:: Call a simple symmetric encryption tool. +* gpg-zip:: Encrypt or sign files into an archive. +@end menu + +@c +@c WATCHGNUPG +@c +@manpage watchgnupg.1 +@node watchgnupg +@section Read logs from a socket +@ifset manverb +.B watchgnupg +\- Read and print logs from a socket +@end ifset + +@mansect synopsis +@ifset manverb +.B watchgnupg +.RB [ \-\-force ] +.RB [ \-\-verbose ] +.I socketname +@end ifset + +@mansect description +Most of the main utilities are able to write their log files to a Unix +Domain socket if configured that way. @command{watchgnupg} is a simple +listener for such a socket. It ameliorates the output with a time stamp +and makes sure that long lines are not interspersed with log output from +other utilities. This tool is not available for Windows. + + +@noindent +@command{watchgnupg} is commonly invoked as + +@example +watchgnupg --force ~/.gnupg/S.log +@end example +@manpause + +@noindent +This starts it on the current terminal for listening on the socket +@file{~/.gnupg/S.log}. + +@mansect options +@noindent +@command{watchgnupg} understands these options: + +@table @gnupgtabopt + +@item --force +@opindex force +Delete an already existing socket file. + +@anchor{option watchgnupg --tcp} +@item --tcp @var{n} +Instead of reading from a local socket, listen for connects on TCP port +@var{n}. + +@item --verbose +@opindex verbose +Enable extra informational output. + +@item --version +@opindex version +Print version of the program and exit. + +@item --help +@opindex help +Display a brief help page and exit. + +@end table + +@noindent +@mansect examples +@chapheading Examples + +@example +$ watchgnupg --force /home/foo/.gnupg/S.log +@end example + +This waits for connections on the local socket +@file{/home/foo/.gnupg/S.log} and shows all log entries. To make this +work the option @option{log-file} needs to be used with all modules +which logs are to be shown. The value for that option must be given +with a special prefix (e.g. in the conf file): + +@example +log-file socket:///home/foo/.gnupg/S.log +@end example + +For debugging purposes it is also possible to do remote logging. Take +care if you use this feature because the information is send in the +clear over the network. Use this syntax in the conf files: + +@example +log-file tcp://192.168.1.1:4711 +@end example + +You may use any port and not just 4711 as shown above; only IP addresses +are supported (v4 and v6) and no host names. You need to start +@command{watchgnupg} with the @option{tcp} option. Note that under +Windows the registry entry @var{HKCU\Software\GNU\GnuPG:DefaultLogFile} +can be used to change the default log output from @code{stderr} to +whatever is given by that entry. However the only useful entry is a TCP +name for remote debugging. + + +@mansect see also +@ifset isman +@command{gpg}(1), +@command{gpgsm}(1), +@command{gpg-agent}(1), +@command{scdaemon}(1) +@end ifset +@include see-also-note.texi + + +@c +@c GPGV +@c +@include gpgv.texi + + +@c +@c ADDGNUPGHOME +@c +@manpage addgnupghome.8 +@node addgnupghome +@section Create .gnupg home directories. +@ifset manverb +.B addgnupghome +\- Create .gnupg home directories +@end ifset + +@mansect synopsis +@ifset manverb +.B addgnupghome +.I account_1 +.IR account_2 ... account_n +@end ifset + +@mansect description +If GnuPG is installed on a system with existing user accounts, it is +sometimes required to populate the GnuPG home directory with existing +files. Especially a @file{trustlist.txt} and a keybox with some +initial certificates are often desired. This scripts help to do this +by copying all files from @file{/etc/skel/.gnupg} to the home +directories of the accounts given on the command line. It takes care +not to overwrite existing GnuPG home directories. + +@noindent +@command{addgnupghome} is invoked by root as: + +@example +addgnupghome account1 account2 ... accountn +@end example + + +@c +@c GPGCONF +@c +@manpage gpgconf.1 +@node gpgconf +@section Modify .gnupg home directories. +@ifset manverb +.B gpgconf +\- Modify .gnupg home directories +@end ifset + +@mansect synopsis +@ifset manverb +.B gpgconf +.RI [ options ] +.B \-\-list-components +.br +.B gpgconf +.RI [ options ] +.B \-\-list-options +.I component +.br +.B gpgconf +.RI [ options ] +.B \-\-change-options +.I component +@end ifset + + +@mansect description +The @command{gpgconf} is a utility to automatically and reasonable +safely query and modify configuration files in the @file{.gnupg} home +directory. It is designed not to be invoked manually by the user, but +automatically by graphical user interfaces (GUI).@footnote{Please note +that currently no locking is done, so concurrent access should be +avoided. There are some precautions to avoid corruption with +concurrent usage, but results may be inconsistent and some changes may +get lost. The stateless design makes it difficult to provide more +guarantees.} + +@command{gpgconf} provides access to the configuration of one or more +components of the GnuPG system. These components correspond more or +less to the programs that exist in the GnuPG framework, like GnuPG, +GPGSM, DirMngr, etc. But this is not a strict one-to-one +relationship. Not all configuration options are available through +@command{gpgconf}. @command{gpgconf} provides a generic and abstract +method to access the most important configuration options that can +feasibly be controlled via such a mechanism. + +@command{gpgconf} can be used to gather and change the options +available in each component, and can also provide their default +values. @command{gpgconf} will give detailed type information that +can be used to restrict the user's input without making an attempt to +commit the changes. + +@command{gpgconf} provides the backend of a configuration editor. The +configuration editor would usually be a graphical user interface +program, that allows to display the current options, their default +values, and allows the user to make changes to the options. These +changes can then be made active with @command{gpgconf} again. Such a +program that uses @command{gpgconf} in this way will be called GUI +throughout this section. + +@menu +* Invoking gpgconf:: List of all commands and options. +* Format conventions:: Formatting conventions relevant for all commands. +* Listing components:: List all gpgconf components. +* Checking programs:: Check all programs know to gpgconf. +* Listing options:: List all options of a component. +* Changing options:: Changing options of a component. +* Listing global options:: List all global options. +* Files used by gpgconf:: What files are used by gpgconf. +@end menu + +@manpause +@node Invoking gpgconf +@subsection Invoking gpgconf + +@mansect commands +One of the following commands must be given: + +@table @gnupgtabopt + +@item --list-components +List all components. This is the default command used if none is +specified. + +@item --check-programs +List all available backend programs and test whether they are runnable. + +@item --list-options @var{component} +List all options of the component @var{component}. + +@item --change-options @var{component} +Change the options of the component @var{component}. + +@item --check-options @var{component} +Check the options for the component @var{component}. + +@item --apply-defaults +Update all configuration files with values taken from the global +configuration file (usually @file{/etc/gnupg/gpgconf.conf}). + +@item --list-dirs +Lists the directories used by @command{gpgconf}. One directory is +listed per line, and each line consists of a colon-separated list where +the first field names the directory type (for example @code{sysconfdir}) +and the second field contains the percent-escaped directory. Although +they are not directories, the socket file names used by +@command{gpg-agent} and @command{dirmngr} are printed as well. Note +that the socket file names and the @code{homedir} lines are the default +names and they may be overridden by command line switches. + +@item --list-config [@var{filename}] +List the global configuration file in a colon separated format. If +@var{filename} is given, check that file instead. + +@item --check-config [@var{filename}] +Run a syntax check on the global configuration file. If @var{filename} +is given, check that file instead. + +@item --reload [@var{component}] +@opindex reload +Reload all or the given component. This is basically the same as sending +a SIGHUP to the component. Components which don't support reloading are +ignored. + +@item --kill [@var{component}] +@opindex kill +Kill the given component. Components which support killing are +gpg-agent and scdaemon. Components which don't support reloading are +ignored. Note that as of now reload and kill have the same effect for +scdaemon. + +@end table + + +@mansect options + +The following options may be used: + +@table @gnupgtabopt +@c FIXME: Not yet supported. +@c @item -o @var{file} +@c @itemx --output @var{file} +@c Use @var{file} as output file. + +@item -v +@itemx --verbose +Outputs additional information while running. Specifically, this +extends numerical field values by human-readable descriptions. + +@item -n +@itemx --dry-run +Do not actually change anything. This is currently only implemented +for @code{--change-options} and can be used for testing purposes. + +@item -r +@itemx --runtime +Only used together with @code{--change-options}. If one of the +modified options can be changed in a running daemon process, signal +the running daemon to ask it to reparse its configuration file after +changing. + +This means that the changes will take effect at run-time, as far as +this is possible. Otherwise, they will take effect at the next start +of the respective backend programs. +@manpause +@end table + + +@node Format conventions +@subsection Format conventions + +Some lines in the output of @command{gpgconf} contain a list of +colon-separated fields. The following conventions apply: + +@itemize @bullet +@item +The GUI program is required to strip off trailing newline and/or +carriage return characters from the output. + +@item +@command{gpgconf} will never leave out fields. If a certain version +provides a certain field, this field will always be present in all +@command{gpgconf} versions from that time on. + +@item +Future versions of @command{gpgconf} might append fields to the list. +New fields will always be separated from the previously last field by +a colon separator. The GUI should be prepared to parse the last field +it knows about up until a colon or end of line. + +@item +Not all fields are defined under all conditions. You are required to +ignore the content of undefined fields. +@end itemize + +There are several standard types for the content of a field: + +@table @asis +@item verbatim +Some fields contain strings that are not escaped in any way. Such +fields are described to be used @emph{verbatim}. These fields will +never contain a colon character (for obvious reasons). No de-escaping +or other formatting is required to use the field content. This is for +easy parsing of the output, when it is known that the content can +never contain any special characters. + +@item percent-escaped +Some fields contain strings that are described to be +@emph{percent-escaped}. Such strings need to be de-escaped before +their content can be presented to the user. A percent-escaped string +is de-escaped by replacing all occurrences of @code{%XY} by the byte +that has the hexadecimal value @code{XY}. @code{X} and @code{Y} are +from the set @code{0-9a-f}. + +@item localised +Some fields contain strings that are described to be @emph{localised}. +Such strings are translated to the active language and formatted in +the active character set. + +@item @w{unsigned number} +Some fields contain an @emph{unsigned number}. This number will +always fit into a 32-bit unsigned integer variable. The number may be +followed by a space, followed by a human readable description of that +value (if the verbose option is used). You should ignore everything +in the field that follows the number. + +@item @w{signed number} +Some fields contain a @emph{signed number}. This number will always +fit into a 32-bit signed integer variable. The number may be followed +by a space, followed by a human readable description of that value (if +the verbose option is used). You should ignore everything in the +field that follows the number. + +@item @w{boolean value} +Some fields contain a @emph{boolean value}. This is a number with +either the value 0 or 1. The number may be followed by a space, +followed by a human readable description of that value (if the verbose +option is used). You should ignore everything in the field that follows +the number; checking just the first character is sufficient in this +case. + +@item option +Some fields contain an @emph{option} argument. The format of an +option argument depends on the type of the option and on some flags: + +@table @asis +@item no argument +The simplest case is that the option does not take an argument at all +(@var{type} @code{0}). Then the option argument is an unsigned number +that specifies how often the option occurs. If the @code{list} flag +is not set, then the only valid number is @code{1}. Options that do +not take an argument never have the @code{default} or @code{optional +arg} flag set. + +@item number +If the option takes a number argument (@var{alt-type} is @code{2} or +@code{3}), and it can only occur once (@code{list} flag is not set), +then the option argument is either empty (only allowed if the argument +is optional), or it is a number. A number is a string that begins +with an optional minus character, followed by one or more digits. The +number must fit into an integer variable (unsigned or signed, +depending on @var{alt-type}). + +@item number list +If the option takes a number argument and it can occur more than once, +then the option argument is either empty, or it is a comma-separated +list of numbers as described above. + +@item string +If the option takes a string argument (@var{alt-type} is 1), and it +can only occur once (@code{list} flag is not set) then the option +argument is either empty (only allowed if the argument is optional), +or it starts with a double quote character (@code{"}) followed by a +percent-escaped string that is the argument value. Note that there is +only a leading double quote character, no trailing one. The double +quote character is only needed to be able to differentiate between no +value and the empty string as value. + +@item string list +If the option takes a number argument and it can occur more than once, +then the option argument is either empty, or it is a comma-separated +list of string arguments as described above. +@end table +@end table + +The active language and character set are currently determined from +the locale environment of the @command{gpgconf} program. + +@c FIXME: Document the active language and active character set. Allow +@c to change it via the command line? + + +@mansect usage +@node Listing components +@subsection Listing components + +The command @code{--list-components} will list all components that can +be configured with @command{gpgconf}. Usually, one component will +correspond to one GnuPG-related program and contain the options of +that programs configuration file that can be modified using +@command{gpgconf}. However, this is not necessarily the case. A +component might also be a group of selected options from several +programs, or contain entirely virtual options that have a special +effect rather than changing exactly one option in one configuration +file. + +A component is a set of configuration options that semantically belong +together. Furthermore, several changes to a component can be made in +an atomic way with a single operation. The GUI could for example +provide a menu with one entry for each component, or a window with one +tabulator sheet per component. + +The command argument @code{--list-components} lists all available +components, one per line. The format of each line is: + +@code{@var{name}:@var{description}:@var{pgmname}:} + +@table @var +@item name +This field contains a name tag of the component. The name tag is used +to specify the component in all communication with @command{gpgconf}. +The name tag is to be used @emph{verbatim}. It is thus not in any +escaped format. + +@item description +The @emph{string} in this field contains a human-readable description +of the component. It can be displayed to the user of the GUI for +informational purposes. It is @emph{percent-escaped} and +@emph{localized}. + +@item pgmname +The @emph{string} in this field contains the absolute name of the +program's file. It can be used to unambiguously invoke that program. +It is @emph{percent-escaped}. +@end table + +Example: +@example +$ gpgconf --list-components +gpg:GPG for OpenPGP:/usr/local/bin/gpg2: +gpg-agent:GPG Agent:/usr/local/bin/gpg-agent: +scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon: +gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm: +dirmngr:Directory Manager:/usr/local/bin/dirmngr: +@end example + + + +@node Checking programs +@subsection Checking programs + +The command @code{--check-programs} is similar to +@code{--list-components} but works on backend programs and not on +components. It runs each program to test whether it is installed and +runnable. This also includes a syntax check of all config file options +of the program. + +The command argument @code{--check-programs} lists all available +programs, one per line. The format of each line is: + +@code{@var{name}:@var{description}:@var{pgmname}:@var{avail}:@var{okay}:@var{cfgfile}:@var{line}:@var{error}:} + +@table @var +@item name +This field contains a name tag of the program which is identical to the +name of the component. The name tag is to be used @emph{verbatim}. It +is thus not in any escaped format. This field may be empty to indicate +a continuation of error descriptions for the last name. The description +and pgmname fields are then also empty. + +@item description +The @emph{string} in this field contains a human-readable description +of the component. It can be displayed to the user of the GUI for +informational purposes. It is @emph{percent-escaped} and +@emph{localized}. + +@item pgmname +The @emph{string} in this field contains the absolute name of the +program's file. It can be used to unambiguously invoke that program. +It is @emph{percent-escaped}. + +@item avail +The @emph{boolean value} in this field indicates whether the program is +installed and runnable. + +@item okay +The @emph{boolean value} in this field indicates whether the program's +config file is syntactically okay. + +@item cfgfile +If an error occurred in the configuration file (as indicated by a false +value in the field @code{okay}), this field has the name of the failing +configuration file. It is @emph{percent-escaped}. + +@item line +If an error occurred in the configuration file, this field has the line +number of the failing statement in the configuration file. +It is an @emph{unsigned number}. + +@item error +If an error occurred in the configuration file, this field has the error +text of the failing statement in the configuration file. It is +@emph{percent-escaped} and @emph{localized}. + +@end table + +@noindent +In the following example the @command{dirmngr} is not runnable and the +configuration file of @command{scdaemon} is not okay. + +@example +$ gpgconf --check-programs +gpg:GPG for OpenPGP:/usr/local/bin/gpg2:1:1: +gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:1:1: +scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:1:0: +gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:1:1: +dirmngr:Directory Manager:/usr/local/bin/dirmngr:0:0: +@end example + +@noindent +The command @w{@code{--check-options @var{component}}} will verify the +configuration file in the same manner as @code{--check-programs}, but +only for the component @var{component}. + + +@node Listing options +@subsection Listing options + +Every component contains one or more options. Options may be gathered +into option groups to allow the GUI to give visual hints to the user +about which options are related. + +The command argument @code{@w{--list-options @var{component}}} lists +all options (and the groups they belong to) in the component +@var{component}, one per line. @var{component} must be the string in +the field @var{name} in the output of the @code{--list-components} +command. + +There is one line for each option and each group. First come all +options that are not in any group. Then comes a line describing a +group. Then come all options that belong into each group. Then comes +the next group and so on. There does not need to be any group (and in +this case the output will stop after the last non-grouped option). + +The format of each line is: + +@code{@var{name}:@var{flags}:@var{level}:@var{description}:@var{type}:@var{alt-type}:@var{argname}:@var{default}:@var{argdef}:@var{value}} + +@table @var +@item name +This field contains a name tag for the group or option. The name tag +is used to specify the group or option in all communication with +@command{gpgconf}. The name tag is to be used @emph{verbatim}. It is +thus not in any escaped format. + +@item flags +The flags field contains an @emph{unsigned number}. Its value is the +OR-wise combination of the following flag values: + +@table @code +@item group (1) +If this flag is set, this is a line describing a group and not an +option. +@end table + +The following flag values are only defined for options (that is, if +the @code{group} flag is not used). + +@table @code +@item optional arg (2) +If this flag is set, the argument is optional. This is never set for +@var{type} @code{0} (none) options. + +@item list (4) +If this flag is set, the option can be given multiple times. + +@item runtime (8) +If this flag is set, the option can be changed at runtime. + +@item default (16) +If this flag is set, a default value is available. + +@item default desc (32) +If this flag is set, a (runtime) default is available. This and the +@code{default} flag are mutually exclusive. + +@item no arg desc (64) +If this flag is set, and the @code{optional arg} flag is set, then the +option has a special meaning if no argument is given. + +@item no change (128) +If this flag is set, gpgconf ignores requests to change the value. GUI +frontends should grey out this option. Note, that manual changes of the +configuration files are still possible. +@end table + +@item level +This field is defined for options and for groups. It contains an +@emph{unsigned number} that specifies the expert level under which +this group or option should be displayed. The following expert levels +are defined for options (they have analogous meaning for groups): + +@table @code +@item basic (0) +This option should always be offered to the user. + +@item advanced (1) +This option may be offered to advanced users. + +@item expert (2) +This option should only be offered to expert users. + +@item invisible (3) +This option should normally never be displayed, not even to expert +users. + +@item internal (4) +This option is for internal use only. Ignore it. +@end table + +The level of a group will always be the lowest level of all options it +contains. + +@item description +This field is defined for options and groups. The @emph{string} in +this field contains a human-readable description of the option or +group. It can be displayed to the user of the GUI for informational +purposes. It is @emph{percent-escaped} and @emph{localized}. + +@item type +This field is only defined for options. It contains an @emph{unsigned +number} that specifies the type of the option's argument, if any. The +following types are defined: + +Basic types: + +@table @code +@item none (0) +No argument allowed. + +@item string (1) +An @emph{unformatted string}. + +@item int32 (2) +A @emph{signed number}. + +@item uint32 (3) +An @emph{unsigned number}. +@end table + +Complex types: + +@table @code +@item pathname (32) +A @emph{string} that describes the pathname of a file. The file does +not necessarily need to exist. + +@item ldap server (33) +A @emph{string} that describes an LDAP server in the format: + +@code{@var{hostname}:@var{port}:@var{username}:@var{password}:@var{base_dn}} + +@item key fingerprint (34) +A @emph{string} with a 40 digit fingerprint specifying a certificate. + +@item pub key (35) +A @emph{string} that describes a certificate by user ID, key ID or +fingerprint. + +@item sec key (36) +A @emph{string} that describes a certificate with a key by user ID, +key ID or fingerprint. + +@item alias list (37) +A @emph{string} that describes an alias list, like the one used with +gpg's group option. The list consists of a key, an equal sign and space +separated values. +@end table + +More types will be added in the future. Please see the @var{alt-type} +field for information on how to cope with unknown types. + +@item alt-type +This field is identical to @var{type}, except that only the types +@code{0} to @code{31} are allowed. The GUI is expected to present the +user the option in the format specified by @var{type}. But if the +argument type @var{type} is not supported by the GUI, it can still +display the option in the more generic basic type @var{alt-type}. The +GUI must support all the defined basic types to be able to display all +options. More basic types may be added in future versions. If the +GUI encounters a basic type it doesn't support, it should report an +error and abort the operation. + +@item argname +This field is only defined for options with an argument type +@var{type} that is not @code{0}. In this case it may contain a +@emph{percent-escaped} and @emph{localised string} that gives a short +name for the argument. The field may also be empty, though, in which +case a short name is not known. + +@item default +This field is defined only for options for which the @code{default} or +@code{default desc} flag is set. If the @code{default} flag is set, +its format is that of an @emph{option argument} (@xref{Format +conventions}, for details). If the default value is empty, then no +default is known. Otherwise, the value specifies the default value +for this option. If the @code{default desc} flag is set, the field is +either empty or contains a description of the effect if the option is +not given. + +@item argdef +This field is defined only for options for which the @code{optional +arg} flag is set. If the @code{no arg desc} flag is not set, its +format is that of an @emph{option argument} (@xref{Format +conventions}, for details). If the default value is empty, then no +default is known. Otherwise, the value specifies the default argument +for this option. If the @code{no arg desc} flag is set, the field is +either empty or contains a description of the effect of this option if +no argument is given. + +@item value +This field is defined only for options. Its format is that of an +@emph{option argument}. If it is empty, then the option is not +explicitly set in the current configuration, and the default applies +(if any). Otherwise, it contains the current value of the option. +Note that this field is also meaningful if the option itself does not +take a real argument (in this case, it contains the number of times +the option appears). +@end table + + +@node Changing options +@subsection Changing options + +The command @w{@code{--change-options @var{component}}} will attempt +to change the options of the component @var{component} to the +specified values. @var{component} must be the string in the field +@var{name} in the output of the @code{--list-components} command. You +have to provide the options that shall be changed in the following +format on standard input: + +@code{@var{name}:@var{flags}:@var{new-value}} + +@table @var +@item name +This is the name of the option to change. @var{name} must be the +string in the field @var{name} in the output of the +@code{--list-options} command. + +@item flags +The flags field contains an @emph{unsigned number}. Its value is the +OR-wise combination of the following flag values: + +@table @code +@item default (16) +If this flag is set, the option is deleted and the default value is +used instead (if applicable). +@end table + +@item new-value +The new value for the option. This field is only defined if the +@code{default} flag is not set. The format is that of an @emph{option +argument}. If it is empty (or the field is omitted), the default +argument is used (only allowed if the argument is optional for this +option). Otherwise, the option will be set to the specified value. +@end table + +@noindent +The output of the command is the same as that of +@code{--check-options} for the modified configuration file. + +Examples: + +To set the force option, which is of basic type @code{none (0)}: + +@example +$ echo 'force:0:1' | gpgconf --change-options dirmngr +@end example + +To delete the force option: + +@example +$ echo 'force:16:' | gpgconf --change-options dirmngr +@end example + +The @code{--runtime} option can influence when the changes take +effect. + + +@node Listing global options +@subsection Listing global options + +Sometimes it is useful for applications to look at the global options +file @file{gpgconf.conf}. +The colon separated listing format is record oriented and uses the first +field to identify the record type: + +@table @code +@item k +This describes a key record to start the definition of a new ruleset for +a user/group. The format of a key record is: + + @code{k:@var{user}:@var{group}:} + +@table @var +@item user +This is the user field of the key. It is percent escaped. See the +definition of the gpgconf.conf format for details. + +@item group +This is the group field of the key. It is percent escaped. +@end table + +@item r +This describes a rule record. All rule records up to the next key record +make up a rule set for that key. The format of a rule record is: + + @code{r:::@var{component}:@var{option}:@var{flags}:@var{value}:} + +@table @var +@item component +This is the component part of a rule. It is a plain string. + +@item option +This is the option part of a rule. It is a plain string. + +@item flag +This is the flags part of a rule. There may be only one flag per rule +but by using the same component and option, several flags may be +assigned to an option. It is a plain string. + +@item value +This is the optional value for the option. It is a percent escaped +string with a single quotation mark to indicate a string. The quotation +mark is only required to distinguish between no value specified and an +empty string. +@end table + +@end table + +@noindent +Unknown record types should be ignored. Note that there is intentionally +no feature to change the global option file through @command{gpgconf}. + + + +@mansect files +@node Files used by gpgconf +@subsection Files used by gpgconf + +@table @file + +@item /etc/gnupg/gpgconf.conf +@cindex gpgconf.conf + If this file exists, it is processed as a global configuration file. + A commented example can be found in the @file{examples} directory of + the distribution. +@end table + + +@mansect see also +@ifset isman +@command{gpg}(1), +@command{gpgsm}(1), +@command{gpg-agent}(1), +@command{scdaemon}(1), +@command{dirmngr}(1) +@end ifset +@include see-also-note.texi + + + +@c +@c APPLYGNUPGDEFAULTS +@c +@manpage applygnupgdefaults.8 +@node applygnupgdefaults +@section Run gpgconf for all users. +@ifset manverb +.B applygnupgdefaults +\- Run gpgconf --apply-defaults for all users. +@end ifset + +@mansect synopsis +@ifset manverb +.B applygnupgdefaults +@end ifset + +@mansect description +This script is a wrapper around @command{gpgconf} to run it with the +command @code{--apply-defaults} for all real users with an existing +GnuPG home directory. Admins might want to use this script to update he +GnuPG configuration files for all users after +@file{/etc/gnupg/gpgconf.conf} has been changed. This allows to enforce +certain policies for all users. Note, that this is not a bulletproof of +forcing a user to use certain options. A user may always directly edit +the configuration files and bypass gpgconf. + +@noindent +@command{applygnupgdefaults} is invoked by root as: + +@example +applygnupgdefaults +@end example + + +@c +@c GPGSM-GENCERT.SH +@c +@node gpgsm-gencert.sh +@section Generate an X.509 certificate request +@manpage gpgsm-gencert.sh.1 +@ifset manverb +.B gpgsm-gencert.sh +\- Generate an X.509 certificate request +@end ifset + +@mansect synopsis +@ifset manverb +.B gpgsm-gencert.sh +@end ifset + +@mansect description +This is a simple tool to interactively generate a certificate request +which will be printed to stdout. + +@manpause +@noindent +@command{gpgsm-gencert.sh} is invoked as: + +@samp{gpgsm-cencert.sh} + +@mansect see also +@ifset isman +@command{gpgsm}(1), +@command{gpg-agent}(1), +@command{scdaemon}(1) +@end ifset +@include see-also-note.texi + + + +@c +@c GPG-PRESET-PASSPHRASE +@c +@node gpg-preset-passphrase +@section Put a passphrase into the cache. +@manpage gpg-preset-passphrase.1 +@ifset manverb +.B gpg-preset-passphrase +\- Put a passphrase into gpg-agent's cache +@end ifset + +@mansect synopsis +@ifset manverb +.B gpg-preset-passphrase +.RI [ options ] +.RI [ command ] +.I cache-id +@end ifset + +@mansect description +The @command{gpg-preset-passphrase} is a utility to seed the internal +cache of a running @command{gpg-agent} with passphrases. It is mainly +useful for unattended machines, where the usual @command{pinentry} tool +may not be used and the passphrases for the to be used keys are given at +machine startup. + +Passphrases set with this utility don't expire unless the +@option{--forget} option is used to explicitly clear them from the cache +--- or @command{gpg-agent} is either restarted or reloaded (by sending a +SIGHUP to it). It is necessary to allow this passphrase presetting by +starting @command{gpg-agent} with the +@option{--allow-preset-passphrase}. + +@menu +* Invoking gpg-preset-passphrase:: List of all commands and options. +@end menu + +@manpause +@node Invoking gpg-preset-passphrase +@subsection List of all commands and options. +@mancont + +@noindent +@command{gpg-preset-passphrase} is invoked this way: + +@example +gpg-preset-passphrase [options] [command] @var{cacheid} +@end example + +@var{cacheid} is either a 40 character keygrip of hexadecimal +characters identifying the key for which the passphrase should be set +or cleared. The keygrip is listed along with the key when running the +command: @code{gpgsm --dump-secret-keys}. Alternatively an arbitrary +string may be used to identify a passphrase; it is suggested that such +a string is prefixed with the name of the application (e.g +@code{foo:12346}). + +@noindent +One of the following command options must be given: + +@table @gnupgtabopt +@item --preset +@opindex preset +Preset a passphrase. This is what you usually will +use. @command{gpg-preset-passphrase} will then read the passphrase from +@code{stdin}. + +@item --forget +@opindex forget +Flush the passphrase for the given cache ID from the cache. + +@end table + +@noindent +The following additional options may be used: + +@table @gnupgtabopt +@item -v +@itemx --verbose +@opindex verbose +Output additional information while running. + +@item -P @var{string} +@itemx --passphrase @var{string} +@opindex passphrase +Instead of reading the passphrase from @code{stdin}, use the supplied +@var{string} as passphrase. Note that this makes the passphrase visible +for other users. +@end table + +@mansect see also +@ifset isman +@command{gpg}(1), +@command{gpgsm}(1), +@command{gpg-agent}(1), +@command{scdaemon}(1) +@end ifset +@include see-also-note.texi + + + + +@c +@c GPG-CONNECT-AGENT +@c +@node gpg-connect-agent +@section Communicate with a running agent. +@manpage gpg-connect-agent.1 +@ifset manverb +.B gpg-connect-agent +\- Communicate with a running agent +@end ifset + +@mansect synopsis +@ifset manverb +.B gpg-connect-agent +.RI [ options ] [commands] +@end ifset + +@mansect description +The @command{gpg-connect-agent} is a utility to communicate with a +running @command{gpg-agent}. It is useful to check out the commands +gpg-agent provides using the Assuan interface. It might also be useful +for scripting simple applications. Input is expected at stdin and out +put gets printed to stdout. + +It is very similar to running @command{gpg-agent} in server mode; but +here we connect to a running instance. + +@menu +* Invoking gpg-connect-agent:: List of all options. +* Controlling gpg-connect-agent:: Control commands. +@end menu + +@manpause +@node Invoking gpg-connect-agent +@subsection List of all options. + +@noindent +@command{gpg-connect-agent} is invoked this way: + +@example +gpg-connect-agent [options] [commands] +@end example +@mancont + +@noindent +The following options may be used: + +@table @gnupgtabopt +@item -v +@itemx --verbose +@opindex verbose +Output additional information while running. + +@item -q +@item --quiet +@opindex q +@opindex quiet +Try to be as quiet as possible. + +@include opt-homedir.texi + +@item --agent-program @var{file} +@opindex agent-program +Specify the agent program to be started if none is running. + + +@item -S +@itemx --raw-socket @var{name} +@opindex raw-socket +Connect to socket @var{name} assuming this is an Assuan style server. +Do not run any special initializations or environment checks. This may +be used to directly connect to any Assuan style socket server. + +@item -E +@itemx --exec +@opindex exec +Take the rest of the command line as a program and it's arguments and +execute it as an assuan server. Here is how you would run @command{gpgsm}: +@smallexample + gpg-connect-agent --exec gpgsm --server +@end smallexample +Note that you may not use options on the command line in this case. + +@item --no-ext-connect +@opindex no-ext-connect +When using @option{-S} or @option{--exec}, @command{gpg-connect-agent} +connects to the assuan server in extended mode to allow descriptor +passing. This option makes it use the old mode. + +@item --run @var{file} +@opindex run +Run the commands from @var{file} at startup and then continue with the +regular input method. Note, that commands given on the command line are +executed after this file. + +@item -s +@itemx --subst +@opindex subst +Run the command @code{/subst} at startup. + +@item --hex +@opindex hex +Print data lines in a hex format and the ASCII representation of +non-control characters. + +@item --decode +@opindex decode +Decode data lines. That is to remove percent escapes but make sure that +a new line always starts with a D and a space. + +@end table + +@mansect control commands +@node Controlling gpg-connect-agent +@subsection Control commands. + +While reading Assuan commands, gpg-agent also allows a few special +commands to control its operation. These control commands all start +with a slash (@code{/}). + +@table @code + +@item /echo @var{args} +Just print @var{args}. + +@item /let @var{name} @var{value} +Set the variable @var{name} to @var{value}. Variables are only +substituted on the input if the @command{/subst} has been used. +Variables are referenced by prefixing the name with a dollar sign and +optionally include the name in curly braces. The rules for a valid name +are identically to those of the standard bourne shell. This is not yet +enforced but may be in the future. When used with curly braces no +leading or trailing white space is allowed. + +If a variable is not found, it is searched in the environment and if +found copied to the table of variables. + +Variable functions are available: The name of the function must be +followed by at least one space and the at least one argument. The +following functions are available: + +@table @code +@item get +Return a value described by the argument. Available arguments are: + +@table @code +@item cwd +The current working directory. +@item homedir +The gnupg homedir. +@item sysconfdir +GnuPG's system configuration directory. +@item bindir +GnuPG's binary directory. +@item libdir +GnuPG's library directory. +@item libexecdir +GnuPG's library directory for executable files. +@item datadir +GnuPG's data directory. +@item serverpid +The PID of the current server. Command @command{/serverpid} must +have been given to return a useful value. +@end table + +@item unescape @var{args} +Remove C-style escapes from @var{args}. Note that @code{\0} and +@code{\x00} terminate the returned string implicitly. The string to be +converted are the entire arguments right behind the delimiting space of +the function name. + +@item unpercent @var{args} +@itemx unpercent+ @var{args} +Remove percent style escaping from @var{args}. Note that @code{%00} +terminates the string implicitly. The string to be converted are the +entire arguments right behind the delimiting space of the function +name. @code{unpercent+} also maps plus signs to a spaces. + +@item percent @var{args} +@itemx percent+ @var{args} +Escape the @var{args} using percent style escaping. Tabs, formfeeds, +linefeeds, carriage returns and colons are escaped. @code{percent+} also +maps spaces to plus signs. + +@item errcode @var{arg} +@itemx errsource @var{arg} +@itemx errstring @var{arg} +Assume @var{arg} is an integer and evaluate it using @code{strtol}. Return +the gpg-error error code, error source or a formatted string with the +error code and error source. + + +@item + +@itemx - +@itemx * +@itemx / +@itemx % +Evaluate all arguments as long integers using @code{strtol} and apply +this operator. A division by zero yields an empty string. + +@item ! +@itemx | +@itemx & +Evaluate all arguments as long integers using @code{strtol} and apply +the logical oeprators NOT, OR or AND. The NOT operator works on the +last argument only. + + +@end table + + +@item /definq @var{name} @var{var} +Use content of the variable @var{var} for inquiries with @var{name}. +@var{name} may be an asterisk (@code{*}) to match any inquiry. + + +@item /definqfile @var{name} @var{file} +Use content of @var{file} for inquiries with @var{name}. +@var{name} may be an asterisk (@code{*}) to match any inquiry. + +@item /definqprog @var{name} @var{prog} +Run @var{prog} for inquiries matching @var{name} and pass the +entire line to it as command line arguments. + +@item /datafile @var{name} +Write all data lines from the server to the file @var{name}. The file +is opened for writing and created if it does not exists. An existing +file is first truncated to 0. The data written to the file fully +decoded. Using a single dash for @var{name} writes to stdout. The +file is kept open until a new file is set using this command or this +command is used without an argument. + +@item /showdef +Print all definitions + +@item /cleardef +Delete all definitions + +@item /sendfd @var{file} @var{mode} +Open @var{file} in @var{mode} (which needs to be a valid @code{fopen} +mode string) and send the file descriptor to the server. This is +usually followed by a command like @code{INPUT FD} to set the +input source for other commands. + +@item /recvfd +Not yet implemented. + +@item /open @var{var} @var{file} [@var{mode}] +Open @var{file} and assign the file descriptor to @var{var}. Warning: +This command is experimental and might change in future versions. + +@item /close @var{fd} +Close the file descriptor @var{fd}. Warning: This command is +experimental and might change in future versions. + +@item /showopen +Show a list of open files. + +@item /serverpid +Send the Assuan command @command{GETINFO pid} to the server and store +the returned PID for internal purposes. + +@item /sleep +Sleep for a second. + +@item /hex +@itemx /nohex +Same as the command line option @option{--hex}. + +@item /decode +@itemx /nodecode +Same as the command line option @option{--decode}. + +@item /subst +@itemx /nosubst +Enable and disable variable substitution. It defaults to disabled +unless the command line option @option{--subst} has been used. +If /subst as been enabled once, leading whitespace is removed from +input lines which makes scripts easier to read. + +@item /while @var{condition} +@itemx /end +These commands provide a way for executing loops. All lines between +the @code{while} and the corresponding @code{end} are executed as long +as the evaluation of @var{condition} yields a non-zero value or is the +string @code{true} or @code{yes}. The evaluation is done by passing +@var{condition} to the @code{strtol} function. Example: + +@smallexample + /subst + /let i 3 + /while $i + /echo loop couter is $i + /let i $@{- $i 1@} + /end +@end smallexample + +@item /if @var{condition} +@itemx /end +These commands provide a way for conditional execution. All lines between +the @code{if} and the corresponding @code{end} are executed only if +the evaluation of @var{condition} yields a non-zero value or is the +string @code{true} or @code{yes}. The evaluation is done by passing +@var{condition} to the @code{strtol} function. + +@item /run @var{file} +Run commands from @var{file}. + +@item /bye +Terminate the connection and the program + +@item /help +Print a list of available control commands. + +@end table + + +@ifset isman +@mansect see also +@command{gpg-agent}(1), +@command{scdaemon}(1) +@include see-also-note.texi +@end ifset + +@ifset gpgtwoone +@c +@c DIRMNGR-CLIENT +@c +@node dirmngr-client +@section The Dirmngr Client Tool + +@manpage dirmngr-client.1 +@ifset manverb +.B dirmngr-client +\- Tool to access the Dirmngr services +@end ifset + +@mansect synopsis +@ifset manverb +.B dirmngr-client +.RI [ options ] +.RI [ certfile | pattern ] +@end ifset + +@mansect description +The @command{dirmngr-client} is a simple tool to contact a running +dirmngr and test whether a certificate has been revoked --- either by +being listed in the corresponding CRL or by running the OCSP protocol. +If no dirmngr is running, a new instances will be started but this is +in general not a good idea due to the huge performance overhead. + +@noindent +The usual way to run this tool is either: + +@example +dirmngr-client @var{acert} +@end example + +@noindent +or + +@example +dirmngr-client <@var{acert} +@end example + +Where @var{acert} is one DER encoded (binary) X.509 certificates to be +tested. +@ifclear isman +The return value of this command is +@end ifclear + +@mansect return value +@ifset isman +@command{dirmngr-client} returns these values: +@end ifset +@table @code + +@item 0 +The certificate under question is valid; i.e. there is a valid CRL +available and it is not listed tehre or teh OCSP request returned that +that certificate is valid. + +@item 1 +The certificate has been revoked + +@item 2 (and other values) +There was a problem checking the revocation state of the certificate. +A message to stderr has given more detailed information. Most likely +this is due to a missing or expired CRL or due to a network problem. + +@end table + +@mansect options +@noindent +@command{dirmngr-client} may be called with the following options: + + +@table @gnupgtabopt +@item --version +@opindex version +Print the program version and licensing information. Note that you cannot +abbreviate this command. + +@item --help, -h +@opindex help +Print a usage message summarizing the most useful command-line options. +Note that you cannot abbreviate this command. + +@item --quiet, -q +@opindex quiet +Make the output extra brief by suppressing any informational messages. + +@item -v +@item --verbose +@opindex v +@opindex verbose +Outputs additional information while running. +You can increase the verbosity by giving several +verbose commands to @sc{dirmngr}, such as @samp{-vv}. + +@item --pem +@opindex pem +Assume that the given certificate is in PEM (armored) format. + +@item --ocsp +@opindex ocsp +Do the check using the OCSP protocol and ignore any CRLs. + +@item --force-default-responder +@opindex force-default-responder +When checking using the OCSP protocl, force the use of the default OCSP +responder. That is not to use the Reponder as given by the certificate. + +@item --ping +@opindex ping +Check whether the dirmngr daemon is up and running. + +@item --cache-cert +@opindex cache-cert +Put the given certificate into the cache of a running dirmngr. This is +mainly useful for debugging. + +@item --validate +@opindex validate +Validate the given certificate using dirmngr's internal validation code. +This is mainly useful for debugging. + +@item --load-crl +@opindex load-crl +This command expects a list of filenames with DER encoded CRL files. +With the option @option{--url} URLs are expected in place of filenames +and they are loaded directly from the given location. All CRLs will be +validated and then loaded into dirmngr's cache. + +@item --lookup +@opindex lookup +Take the remaining arguments and run a lookup command on each of them. +The results are Base-64 encoded outputs (without header lines). This +may be used to retrieve certificates from a server. However the output +format is not very well suited if more than one certificate is returned. + +@item --url +@itemx -u +@opindex url +Modify the @command{lookup} and @command{load-crl} commands to take an URL. + +@item --local +@itemx -l +@opindex url +Let the @command{lookup} command only search the local cache. + +@item --squid-mode +@opindex squid-mode +Run @sc{dirmngr-client} in a mode suitable as a helper program for +Squid's @option{external_acl_type} option. + + +@end table + +@ifset isman +@mansect see also +@command{dirmngr}(8), +@command{gpgsm}(1) +@include see-also-note.texi +@end ifset +@end ifset + +@c +@c GPGPARSEMAIL +@c +@node gpgparsemail +@section Parse a mail message into an annotated format + +@manpage gpgparsemail.1 +@ifset manverb +.B gpgparsemail +\- Parse a mail message into an annotated format +@end ifset + +@mansect synopsis +@ifset manverb +.B gpgparsemail +.RI [ options ] +.RI [ file ] +@end ifset + +@mansect description +The @command{gpgparsemail} is a utility currently only useful for +debugging. Run it with @code{--help} for usage information. + + + +@c +@c SYMCRYPTRUN +@c +@node symcryptrun +@section Call a simple symmetric encryption tool. +@manpage symcryptrun.1 +@ifset manverb +.B symcryptrun +\- Call a simple symmetric encryption tool +@end ifset + +@mansect synopsis +@ifset manverb +.B symcryptrun +.B \-\-class +.I class +.B \-\-program +.I program +.B \-\-keyfile +.I keyfile +.RB [ --decrypt | --encrypt ] +.RI [ inputfile ] +@end ifset + +@mansect description +Sometimes simple encryption tools are already in use for a long time and +there might be a desire to integrate them into the GnuPG framework. The +protocols and encryption methods might be non-standard or not even +properly documented, so that a full-fledged encryption tool with an +interface like gpg is not doable. @command{symcryptrun} provides a +solution: It operates by calling the external encryption/decryption +module and provides a passphrase for a key using the standard +@command{pinentry} based mechanism through @command{gpg-agent}. + +Note, that @command{symcryptrun} is only available if GnuPG has been +configured with @samp{--enable-symcryptrun} at build time. + +@menu +* Invoking symcryptrun:: List of all commands and options. +@end menu + +@manpause +@node Invoking symcryptrun +@subsection List of all commands and options. + +@noindent +@command{symcryptrun} is invoked this way: + +@example +symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE + [--decrypt | --encrypt] [inputfile] +@end example +@mancont + +For encryption, the plain text must be provided on STDIN or as the +argument @var{inputfile}, and the ciphertext will be output to STDOUT. +For decryption vice versa. + +@var{CLASS} describes the calling conventions of the external tool. +Currently it must be given as @samp{confucius}. @var{PROGRAM} is +the full filename of that external tool. + +For the class @samp{confucius} the option @option{--keyfile} is +required; @var{keyfile} is the name of a file containing the secret key, +which may be protected by a passphrase. For detailed calling +conventions, see the source code. + +@noindent +Note, that @command{gpg-agent} must be running before starting +@command{symcryptrun}. + +@noindent +The following additional options may be used: + +@table @gnupgtabopt +@item -v +@itemx --verbose +@opindex verbose +Output additional information while running. + +@item -q +@item --quiet +@opindex q +@opindex quiet +Try to be as quiet as possible. + +@include opt-homedir.texi + + +@item --log-file @var{file} +@opindex log-file +Append all logging output to @var{file}. Default is to write logging +information to STDERR. + +@end table + +@noindent +The possible exit status codes of @command{symcryptrun} are: + +@table @code +@item 0 + Success. +@item 1 + Some error occured. +@item 2 + No valid passphrase was provided. +@item 3 + The operation was canceled by the user. + +@end table + +@mansect see also +@ifset isman +@command{gpg}(1), +@command{gpgsm}(1), +@command{gpg-agent}(1), +@end ifset +@include see-also-note.texi + + +@c +@c GPG-ZIP +@c +@c The original manpage on which this section is based was written +@c by Colin Tuckley <colin@tuckley.org> and Daniel Leidert +@c <daniel.leidert@wgdd.de> for the Debian distribution (but may be used by +@c others). +@manpage gpg-zip.1 +@node gpg-zip +@section Encrypt or sign files into an archive +@ifset manverb +.B gpg-zip \- Encrypt or sign files into an archive +@end ifset + +@mansect synopsis +@ifset manverb +.B gpg-zip +.RI [ options ] +.I filename1 +.I [ filename2, ... ] +.I directory1 +.I [ directory2, ... ] +@end ifset + +@mansect description +@command{gpg-zip} encrypts or signs files into an archive. It is an +gpg-ized tar using the same format as used by PGP's PGP Zip. + +@manpause +@noindent +@command{gpg-zip} is invoked this way: + +@example +gpg-zip [options] @var{filename1} [@var{filename2}, ...] @var{directory} [@var{directory2}, ...] +@end example + +@mansect options +@noindent +@command{gpg-zip} understands these options: + +@table @gnupgtabopt + +@item --encrypt +@itemx -e +@opindex encrypt +Encrypt data. This option may be combined with @option{--symmetric} (for output that may be decrypted via a secret key or a passphrase). + +@item --decrypt +@itemx -d +@opindex decrypt +Decrypt data. + +@item --symmetric +@itemx -c +Encrypt with a symmetric cipher using a passphrase. The default +symmetric cipher used is CAST5, but may be chosen with the +@option{--cipher-algo} option to @command{gpg}. + +@item --sign +@itemx -s +Make a signature. See @command{gpg}. + +@item --recipient @var{user} +@itemx -r @var{user} +@opindex recipient +Encrypt for user id @var{user}. See @command{gpg}. + +@item --local-user @var{user} +@itemx -u @var{user} +@opindex local-user +Use @var{user} as the key to sign with. See @command{gpg}. + +@item --list-archive +@opindex list-archive +List the contents of the specified archive. + +@item --output @var{file} +@itemx -o @var{file} +@opindex output +Write output to specified file @var{file}. + +@item --gpg @var{gpgcmd} +@opindex gpg +Use the specified command @var{gpgcmd} instead of @command{gpg}. + +@item --gpg-args @var{args} +@opindex gpg-args +Pass the specified options to @command{gpg}. + +@item --tar @var{tarcmd} +@opindex tar +Use the specified command @var{tarcmd} instead of @command{tar}. + +@item --tar-args @var{args} +@opindex tar-args +Pass the specified options to @command{tar}. + +@item --version +@opindex version +Print version of the program and exit. + +@item --help +@opindex help +Display a brief help page and exit. + +@end table + +@mansect diagnostics +@noindent +The program returns 0 if everything was fine, 1 otherwise. + + +@mansect examples +@ifclear isman +@noindent +Some examples: + +@end ifclear +@noindent +Encrypt the contents of directory @file{mydocs} for user Bob to file +@file{test1}: + +@example +gpg-zip --encrypt --output test1 --gpg-args -r Bob mydocs +@end example + +@noindent +List the contents of archive @file{test1}: + +@example +gpg-zip --list-archive test1 +@end example + + +@mansect see also +@ifset isman +@command{gpg}(1), +@command{tar}(1), +@end ifset +@include see-also-note.texi diff --git a/doc/version.texi b/doc/version.texi new file mode 100644 index 0000000..8f6243a --- /dev/null +++ b/doc/version.texi @@ -0,0 +1,4 @@ +@set UPDATED 27 March 2012 +@set UPDATED-MONTH March 2012 +@set EDITION 2.0.19 +@set VERSION 2.0.19 diff --git a/doc/yat2m.c b/doc/yat2m.c new file mode 100644 index 0000000..a22176c --- /dev/null +++ b/doc/yat2m.c @@ -0,0 +1,1360 @@ +/* yat2m.c - Yet Another Texi 2 Man converter + * Copyright (C) 2005 g10 Code GmbH + * Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +/* + This is a simple textinfo to man page converter. It needs some + special markup in th e texinfo and tries best to get a create man + page. It has been designed for the GnuPG man pages and thus only + a few texinfo commands are supported. + + To use this you need to add the following macros into your texinfo + source: + + @macro manpage {a} + @end macro + @macro mansect {a} + @end macro + @macro manpause + @end macro + @macro mancont + @end macro + + They are used by yat2m to select parts of the Texinfo which should + go into the man page. These macros need to be used without leading + left space. Processing starts after a "manpage" macro has been + seen. "mansect" identifies the section and yat2m make sure to + emit the sections in the proper order. Note that @mansect skips + the next input line if that line begins with @section, @subsection or + @chapheading. + + To insert verbatim troff markup, the following texinfo code may be + used: + + @ifset manverb + .B whateever you want + @end ifset + + alternativly a special comment may be used: + + @c man:.B whatever you want + + This is useful in case you need just one line. If you want to + include parts only in the man page but keep the texinfo + translation you may use: + + @ifset isman + stuff to be rendered only on man pages + @end ifset + + or to exclude stuff from man pages: + + @ifclear isman + stuff not to be rendered on man pages + @end ifclear + + the keyword @section is ignored, however @subsection gets rendered + as ".SS". @menu is completely skipped. Several man pages may be + extracted from one file, either using the --store or the --select + option. + + If you want to indent tables in the source use this style: + + @table foo + @item + @item + @table + @item + @end + @end + + Don't change the indentation within a table and keep the same + number of white space at the start of the line. yat2m simply + detects the number of white spaces in front of an @item and remove + this number of spaces from all following lines until a new @item + is found or there are less spaces than for the last @item. +*/ + +#include <stdio.h> +#include <stdlib.h> +#include <stddef.h> +#include <string.h> +#include <errno.h> +#include <stdarg.h> +#include <assert.h> +#include <ctype.h> +#include <time.h> + + +#define PGM "yat2m" +#define VERSION "1.0" + +/* The maximum length of a line including the linefeed and one extra + character. */ +#define LINESIZE 1024 + +/* Option flags. */ +static int verbose; +static int quiet; +static int debug; +static const char *opt_source; +static const char *opt_release; +static const char *opt_select; +static const char *opt_include; +static int opt_store; + +/* The only define we understand is -D gpgone. Thus we need a simple + boolean tro track it. */ +static int gpgone_defined; + +/* Flag to keep track whether any error occurred. */ +static int any_error; + + +/* Object to keep macro definitions. */ +struct macro_s +{ + struct macro_s *next; + char *value; /* Malloced value. */ + char name[1]; +}; +typedef struct macro_s *macro_t; + +/* List of all defined macros. */ +static macro_t macrolist; + + +/* Object to store one line of content. */ +struct line_buffer_s +{ + struct line_buffer_s *next; + int verbatim; /* True if LINE contains verbatim data. The default + is Texinfo source. */ + char *line; +}; +typedef struct line_buffer_s *line_buffer_t; + + +/* Object to collect the data of a section. */ +struct section_buffer_s +{ + char *name; /* Malloced name of the section. This may be + NULL to indicate this slot is not used. */ + line_buffer_t lines; /* Linked list with the lines of the section. */ + line_buffer_t *lines_tail; /* Helper for faster appending to the + linked list. */ + line_buffer_t last_line; /* Points to the last line appended. */ +}; +typedef struct section_buffer_s *section_buffer_t; + +/* Variable to keep info about the current page together. */ +static struct +{ + /* Filename of the current page or NULL if no page is active. Malloced. */ + char *name; + + /* Number of allocated elements in SECTIONS below. */ + size_t n_sections; + /* Array with the data of the sections. */ + section_buffer_t sections; + +} thepage; + + +/* The list of standard section names. COMMANDS and ASSUAN are GnuPG + specific. */ +static const char * const standard_sections[] = + { "NAME", "SYNOPSIS", "DESCRIPTION", + "RETURN VALUE", "EXIT STATUS", "ERROR HANDLING", "ERRORS", + "COMMANDS", "OPTIONS", "USAGE", "EXAMPLES", "FILES", + "ENVIRONMENT", "DIAGNOSTICS", "SECURITY", "CONFORMING TO", + "ASSUAN", "NOTES", "BUGS", "AUTHOR", "SEE ALSO", NULL }; + + +/*-- Local prototypes. --*/ +static void proc_texi_buffer (FILE *fp, const char *line, size_t len, + int *table_level, int *eol_action); + + + +/* Print diagnostic message and exit with failure. */ +static void +die (const char *format, ...) +{ + va_list arg_ptr; + + fflush (stdout); + fprintf (stderr, "%s: ", PGM); + + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + putc ('\n', stderr); + + exit (1); +} + + +/* Print diagnostic message. */ +static void +err (const char *format, ...) +{ + va_list arg_ptr; + + fflush (stdout); + if (strncmp (format, "%s:%d:", 6)) + fprintf (stderr, "%s: ", PGM); + + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + putc ('\n', stderr); + any_error = 1; +} + +/* Print diagnostic message. */ +static void +inf (const char *format, ...) +{ + va_list arg_ptr; + + fflush (stdout); + fprintf (stderr, "%s: ", PGM); + + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + putc ('\n', stderr); +} + + +static void * +xmalloc (size_t n) +{ + void *p = malloc (n); + if (!p) + die ("out of core: %s", strerror (errno)); + return p; +} + +static void * +xcalloc (size_t n, size_t m) +{ + void *p = calloc (n, m); + if (!p) + die ("out of core: %s", strerror (errno)); + return p; +} + +static void * +xrealloc (void *old, size_t n) +{ + void *p = realloc (old, n); + if (!p) + die ("out of core: %s", strerror (errno)); + return p; +} + +static char * +xstrdup (const char *string) +{ + void *p = malloc (strlen (string)+1); + if (!p) + die ("out of core: %s", strerror (errno)); + strcpy (p, string); + return p; +} + + +/* Uppercase the ascii characters in STRING. */ +static char * +ascii_strupr (char *string) +{ + char *p; + + for (p = string; *p; p++) + if (!(*p & 0x80)) + *p = toupper (*p); + return string; +} + + +/* Return the current date as an ISO string. */ +const char * +isodatestring (void) +{ + static char buffer[11+5]; + struct tm *tp; + time_t atime = time (NULL); + + if (atime < 0) + strcpy (buffer, "????" "-??" "-??"); + else + { + tp = gmtime (&atime); + sprintf (buffer,"%04d-%02d-%02d", + 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday ); + } + return buffer; +} + + + +/* Return a section buffer for the section NAME. Allocate a new buffer + if this is a new section. Keep track of the sections in THEPAGE. + This function may reallocate the section array in THEPAGE. */ +static section_buffer_t +get_section_buffer (const char *name) +{ + int i; + section_buffer_t sect; + + /* If there is no section we put everything into the required NAME + section. Given that this is the first one listed it is likely + that error are easily visible. */ + if (!name) + name = "NAME"; + + for (i=0; i < thepage.n_sections; i++) + { + sect = thepage.sections + i; + if (sect->name && !strcmp (name, sect->name)) + return sect; + } + for (i=0; i < thepage.n_sections; i++) + if (!thepage.sections[i].name) + break; + if (i < thepage.n_sections) + sect = thepage.sections + i; + else + { + /* We need to allocate or reallocate the section array. */ + size_t old_n = thepage.n_sections; + size_t new_n = 20; + + if (!old_n) + thepage.sections = xcalloc (new_n, sizeof *thepage.sections); + else + { + thepage.sections = xrealloc (thepage.sections, + ((old_n + new_n) + * sizeof *thepage.sections)); + memset (thepage.sections + old_n, 0, + new_n * sizeof *thepage.sections); + } + thepage.n_sections += new_n; + + /* Setup the tail pointers. */ + for (i=old_n; i < thepage.n_sections; i++) + { + sect = thepage.sections + i; + sect->lines_tail = §->lines; + } + sect = thepage.sections + old_n; + } + + /* Store the name. */ + assert (!sect->name); + sect->name = xstrdup (name); + return sect; +} + + + +/* Add the content of LINE to the section named SECTNAME. */ +static void +add_content (const char *sectname, char *line, int verbatim) +{ + section_buffer_t sect; + line_buffer_t lb; + + sect = get_section_buffer (sectname); + if (sect->last_line && !sect->last_line->verbatim == !verbatim) + { + /* Lets append that line to the last one. We do this to keep + all lines of the same kind (i.e.verbatim or not) together in + one large buffer. */ + size_t n1, n; + + lb = sect->last_line; + n1 = strlen (lb->line); + n = n1 + 1 + strlen (line) + 1; + lb->line = xrealloc (lb->line, n); + strcpy (lb->line+n1, "\n"); + strcpy (lb->line+n1+1, line); + } + else + { + lb = xcalloc (1, sizeof *lb); + lb->verbatim = verbatim; + lb->line = xstrdup (line); + sect->last_line = lb; + *sect->lines_tail = lb; + sect->lines_tail = &lb->next; + } +} + + +/* Prepare for a new man page using the filename NAME. */ +static void +start_page (char *name) +{ + if (verbose) + inf ("starting page `%s'", name); + assert (!thepage.name); + thepage.name = xstrdup (name); + thepage.n_sections = 0; +} + + +/* Write the .TH entry of the current page. Return -1 if there is a + problem with the page. */ +static int +write_th (FILE *fp) +{ + char *name, *p; + + fputs (".\\\" Created from Texinfo source by yat2m " VERSION "\n", fp); + + name = ascii_strupr (xstrdup (thepage.name)); + p = strrchr (name, '.'); + if (!p || !p[1]) + { + err ("no section name in man page `%s'", thepage.name); + free (name); + return -1; + } + *p++ = 0; + fprintf (fp, ".TH %s %s %s \"%s\" \"%s\"\n", + name, p, isodatestring (), opt_release, opt_source); + return 0; +} + + +/* Process the texinfo command COMMAND (without the leading @) and + write output if needed to FP. REST is the remainer of the line + which should either point to an opening brace or to a white space. + The function returns the number of characters already processed + from REST. LEN is the usable length of REST. TABLE_LEVEL is used to + control the indentation of tables. */ +static size_t +proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, + int *table_level, int *eol_action) +{ + static struct { + const char *name; /* Name of the command. */ + int what; /* What to do with this command. */ + const char *lead_in; /* String to print with a opening brace. */ + const char *lead_out;/* String to print with the closing brace. */ + } cmdtbl[] = { + { "command", 0, "\\fB", "\\fR" }, + { "code", 0, "\\fB", "\\fR" }, + { "sc", 0, "\\fB", "\\fR" }, + { "var", 0, "\\fI", "\\fR" }, + { "samp", 0, "\\(aq", "\\(aq" }, + { "file", 0, "\\(oq\\fI","\\fR\\(cq" }, + { "env", 0, "\\(oq\\fI","\\fR\\(cq" }, + { "acronym", 0 }, + { "dfn", 0 }, + { "option", 0, "\\fB", "\\fR" }, + { "example", 1, ".RS 2\n.nf\n" }, + { "smallexample", 1, ".RS 2\n.nf\n" }, + { "asis", 7 }, + { "anchor", 7 }, + { "cartouche", 1 }, + { "xref", 0, "see: [", "]" }, + { "pxref", 0, "see: [", "]" }, + { "uref", 0, "(\\fB", "\\fR)" }, + { "footnote",0, " ([", "])" }, + { "emph", 0, "\\fI", "\\fR" }, + { "w", 1 }, + { "c", 5 }, + { "opindex", 1 }, + { "cpindex", 1 }, + { "cindex", 1 }, + { "noindent", 0 }, + { "section", 1 }, + { "chapter", 1 }, + { "subsection", 6, "\n.SS " }, + { "chapheading", 0}, + { "item", 2, ".TP\n.B " }, + { "itemx", 2, ".TP\n.B " }, + { "table", 3 }, + { "itemize", 3 }, + { "bullet", 0, "* " }, + { "end", 4 }, + { "quotation",1, ".RS\n\\fB" }, + { NULL } + }; + size_t n; + int i; + const char *s; + const char *lead_out = NULL; + int ignore_args = 0; + + for (i=0; cmdtbl[i].name && strcmp (cmdtbl[i].name, command); i++) + ; + if (cmdtbl[i].name) + { + s = cmdtbl[i].lead_in; + if (s) + fputs (s, fp); + lead_out = cmdtbl[i].lead_out; + switch (cmdtbl[i].what) + { + case 1: /* Throw away the entire line. */ + s = memchr (rest, '\n', len); + return s? (s-rest)+1 : len; + case 2: /* Handle @item. */ + break; + case 3: /* Handle table. */ + if (++(*table_level) > 1) + fputs (".RS\n", fp); + /* Now throw away the entire line. */ + s = memchr (rest, '\n', len); + return s? (s-rest)+1 : len; + break; + case 4: /* Handle end. */ + for (s=rest, n=len; n && (*s == ' ' || *s == '\t'); s++, n--) + ; + if (n >= 5 && !memcmp (s, "table", 5) + && (!n || s[5] == ' ' || s[5] == '\t' || s[5] == '\n')) + { + if ((*table_level)-- > 1) + fputs (".RE\n", fp); + } + else if (n >= 7 && !memcmp (s, "example", 7) + && (!n || s[7] == ' ' || s[7] == '\t' || s[7] == '\n')) + { + fputs (".fi\n.RE\n", fp); + } + else if (n >= 12 && !memcmp (s, "smallexample", 12) + && (!n || s[12] == ' ' || s[12] == '\t' || s[12] == '\n')) + { + fputs (".fi\n.RE\n", fp); + } + else if (n >= 9 && !memcmp (s, "quotation", 9) + && (!n || s[9] == ' ' || s[9] == '\t' || s[9] == '\n')) + { + fputs ("\\fR\n.RE\n", fp); + } + /* Now throw away the entire line. */ + s = memchr (rest, '\n', len); + return s? (s-rest)+1 : len; + case 5: /* Handle special comments. */ + for (s=rest, n=len; n && (*s == ' ' || *s == '\t'); s++, n--) + ; + if (n >= 4 && !memcmp (s, "man:", 4)) + { + for (s+=4, n-=4; n && *s != '\n'; n--, s++) + putc (*s, fp); + putc ('\n', fp); + } + /* Now throw away the entire line. */ + s = memchr (rest, '\n', len); + return s? (s-rest)+1 : len; + case 6: + *eol_action = 1; + break; + case 7: + ignore_args = 1; + break; + default: + break; + } + } + else + { + macro_t m; + + for (m = macrolist; m ; m = m->next) + if (!strcmp (m->name, command)) + break; + if (m) + { + proc_texi_buffer (fp, m->value, strlen (m->value), + table_level, eol_action); + ignore_args = 1; /* Parameterized macros are not yet supported. */ + } + else + inf ("texinfo command `%s' not supported (%.*s)", command, + ((s = memchr (rest, '\n', len)), (s? (s-rest) : len)), rest); + } + + if (*rest == '{') + { + /* Find matching closing brace. */ + for (s=rest+1, n=1, i=1; i && *s && n < len; s++, n++) + if (*s == '{') + i++; + else if (*s == '}') + i--; + if (i) + { + err ("closing brace for command `%s' not found", command); + return len; + } + if (n > 2 && !ignore_args) + proc_texi_buffer (fp, rest+1, n-2, table_level, eol_action); + } + else + n = 0; + + if (lead_out) + fputs (lead_out, fp); + + return n; +} + + + +/* Process the string LINE with LEN bytes of Texinfo content. */ +static void +proc_texi_buffer (FILE *fp, const char *line, size_t len, + int *table_level, int *eol_action) +{ + const char *s; + char cmdbuf[256]; + int cmdidx = 0; + int in_cmd = 0; + size_t n; + + for (s=line; *s && len; s++, len--) + { + if (in_cmd) + { + if (in_cmd == 1) + { + switch (*s) + { + case '@': case '{': case '}': + putc (*s, fp); in_cmd = 0; + break; + case ':': /* Not ending a sentence flag. */ + in_cmd = 0; + break; + case '.': case '!': case '?': /* Ending a sentence. */ + putc (*s, fp); in_cmd = 0; + break; + case ' ': case '\t': case '\n': /* Non collapsing spaces. */ + putc (*s, fp); in_cmd = 0; + break; + default: + cmdidx = 0; + cmdbuf[cmdidx++] = *s; + in_cmd++; + break; + } + } + else if (*s == '{' || *s == ' ' || *s == '\t' || *s == '\n') + { + cmdbuf[cmdidx] = 0; + n = proc_texi_cmd (fp, cmdbuf, s, len, table_level, eol_action); + assert (n <= len); + s += n; len -= n; + s--; len++; + in_cmd = 0; + } + else if (cmdidx < sizeof cmdbuf -1) + cmdbuf[cmdidx++] = *s; + else + { + err ("texinfo command too long - ignored"); + in_cmd = 0; + } + } + else if (*s == '@') + in_cmd = 1; + else if (*s == '\n') + { + switch (*eol_action) + { + case 1: /* Create a dummy paragraph. */ + fputs ("\n\\ \n", fp); + break; + default: + putc (*s, fp); + } + *eol_action = 0; + } + else if (*s == '\\') + fputs ("\\\\", fp); + else + putc (*s, fp); + } + + if (in_cmd > 1) + { + cmdbuf[cmdidx] = 0; + n = proc_texi_cmd (fp, cmdbuf, s, len, table_level, eol_action); + assert (n <= len); + s += n; len -= n; + s--; len++; + in_cmd = 0; + } +} + + +/* Do something with the Texinfo line LINE. */ +static void +parse_texi_line (FILE *fp, const char *line, int *table_level) +{ + int eol_action = 0; + + /* A quick test whether there are any texinfo commands. */ + if (!strchr (line, '@')) + { + fputs (line, fp); + putc ('\n', fp); + return; + } + proc_texi_buffer (fp, line, strlen (line), table_level, &eol_action); + putc ('\n', fp); +} + + +/* Write all the lines LINES to FP. */ +static void +write_content (FILE *fp, line_buffer_t lines) +{ + line_buffer_t line; + int table_level = 0; + + for (line = lines; line; line = line->next) + { + if (line->verbatim) + { + fputs (line->line, fp); + putc ('\n', fp); + } + else + { +/* fputs ("TEXI---", fp); */ +/* fputs (line->line, fp); */ +/* fputs ("---\n", fp); */ + parse_texi_line (fp, line->line, &table_level); + } + } +} + + + +static int +is_standard_section (const char *name) +{ + int i; + const char *s; + + for (i=0; (s=standard_sections[i]); i++) + if (!strcmp (s, name)) + return 1; + return 0; +} + + +/* Finish a page; that is sort the data and write it out to the file. */ +static void +finish_page (void) +{ + FILE *fp; + section_buffer_t sect = NULL; + int idx; + const char *s; + int i; + + if (!thepage.name) + return; /* No page active. */ + + if (verbose) + inf ("finishing page `%s'", thepage.name); + + if (opt_select) + { + if (!strcmp (opt_select, thepage.name)) + { + inf ("selected `%s'", thepage.name ); + fp = stdout; + } + else + { + fp = fopen ( "/dev/null", "w" ); + if (!fp) + die ("failed to open /dev/null: %s\n", strerror (errno)); + } + } + else if (opt_store) + { + inf ("writing `%s'", thepage.name ); + fp = fopen ( thepage.name, "w" ); + if (!fp) + die ("failed to create `%s': %s\n", thepage.name, strerror (errno)); + } + else + fp = stdout; + + if (write_th (fp)) + goto leave; + + for (idx=0; (s=standard_sections[idx]); idx++) + { + for (i=0; i < thepage.n_sections; i++) + { + sect = thepage.sections + i; + if (sect->name && !strcmp (s, sect->name)) + break; + } + if (i == thepage.n_sections) + sect = NULL; + + if (sect) + { + fprintf (fp, ".SH %s\n", sect->name); + write_content (fp, sect->lines); + /* Now continue with all non standard sections directly + following this one. */ + for (i++; i < thepage.n_sections; i++) + { + sect = thepage.sections + i; + if (sect->name && is_standard_section (sect->name)) + break; + if (sect->name) + { + fprintf (fp, ".SH %s\n", sect->name); + write_content (fp, sect->lines); + } + } + + } + } + + + leave: + if (fp != stdout) + fclose (fp); + free (thepage.name); + thepage.name = NULL; + /* FIXME: Cleanup the content. */ +} + + + + +/* Parse one Texinfo file and create manpages according to the + embedded instructions. */ +static void +parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) +{ + char *line; + int lnr = 0; + /* Fixme: The following state variables don't carry over to include + files. */ + int in_verbatim = 0; + int skip_to_end = 0; /* Used to skip over menu entries. */ + int skip_sect_line = 0; /* Skip after @mansect. */ + int ifset_nesting = 0; /* How often a ifset has been seen. */ + int ifclear_nesting = 0; /* How often a ifclear has been seen. */ + int in_gpgone = 0; /* Keep track of "@ifset gpgone" parts. */ + int not_in_gpgone = 0; /* Keep track of "@ifclear gpgone" parts. */ + int not_in_man = 0; /* Keep track of "@ifclear isman" parts. */ + int item_indent = 0; /* How far is the current @item indented. */ + + /* Helper to define a macro. */ + char *macroname = NULL; + char *macrovalue = NULL; + size_t macrovaluesize = 0; + size_t macrovalueused = 0; + + line = xmalloc (LINESIZE); + while (fgets (line, LINESIZE, fp)) + { + size_t n = strlen (line); + int got_line = 0; + char *p; + + lnr++; + if (!n || line[n-1] != '\n') + { + err ("%s:%d: trailing linefeed missing, line too long or " + "embedded Nul character", fname, lnr); + break; + } + line[--n] = 0; + + /* Kludge to allow indentation of tables. */ + for (p=line; *p == ' ' || *p == '\t'; p++) + ; + if (*p) + { + if (*p == '@' && !strncmp (p+1, "item", 4)) + item_indent = p - line; /* Set a new indent level. */ + else if (p - line < item_indent) + item_indent = 0; /* Switch off indention. */ + + if (item_indent) + { + memmove (line, line+item_indent, n - item_indent + 1); + n -= item_indent; + } + } + + + if (*line == '@') + { + for (p=line+1, n=1; *p && *p != ' ' && *p != '\t'; p++) + n++; + while (*p == ' ' || *p == '\t') + p++; + } + else + p = line; + + /* Take action on macro. */ + if (macroname) + { + if (n == 4 && !memcmp (line, "@end", 4) + && (line[4]==' '||line[4]=='\t'||!line[4]) + && !strncmp (p, "macro", 5) + && (p[5]==' '||p[5]=='\t'||!p[5])) + { + macro_t m; + + if (macrovalueused) + macrovalue[--macrovalueused] = 0; /* Kill the last LF. */ + macrovalue[macrovalueused] = 0; /* Terminate macro. */ + macrovalue = xrealloc (macrovalue, macrovalueused+1); + + for (m= macrolist; m; m = m->next) + if (!strcmp (m->name, macroname)) + break; + if (m) + free (m->value); + else + { + m = xcalloc (1, sizeof *m + strlen (macroname)); + strcpy (m->name, macroname); + m->next = macrolist; + macrolist = m; + } + m->value = macrovalue; + macrovalue = NULL; + free (macroname); + macroname = NULL; + } + else + { + if (macrovalueused + strlen (line) + 2 >= macrovaluesize) + { + macrovaluesize += strlen (line) + 256; + macrovalue = xrealloc (macrovalue, macrovaluesize); + } + strcpy (macrovalue+macrovalueused, line); + macrovalueused += strlen (line); + macrovalue[macrovalueused++] = '\n'; + } + continue; + } + + + if (n >= 5 && !memcmp (line, "@node", 5) + && (line[5]==' '||line[5]=='\t'||!line[5])) + { + /* Completey ignore @node lines. */ + continue; + } + + + if (skip_sect_line) + { + skip_sect_line = 0; + if (!strncmp (line, "@section", 8) + || !strncmp (line, "@subsection", 11) + || !strncmp (line, "@chapheading", 12)) + continue; + } + + /* We only parse lines we need and ignore the rest. There are a + few macros used to control this as well as one @ifset + command. Parts we know about are saved away into containers + separate for each section. */ + + /* First process ifset/ifclear commands. */ + if (*line == '@') + { + if (n == 6 && !memcmp (line, "@ifset", 6) + && (line[6]==' '||line[6]=='\t')) + { + ifset_nesting++; + + if (!strncmp (p, "manverb", 7) && (p[7]==' '||p[7]=='\t'||!p[7])) + { + if (in_verbatim) + err ("%s:%d: nested \"@ifset manverb\"", fname, lnr); + else + in_verbatim = ifset_nesting; + } + else if (!strncmp (p, "gpgone", 6) + && (p[6]==' '||p[6]=='\t'||!p[6])) + { + if (in_gpgone) + err ("%s:%d: nested \"@ifset gpgone\"", fname, lnr); + else + in_gpgone = ifset_nesting; + } + continue; + } + else if (n == 4 && !memcmp (line, "@end", 4) + && (line[4]==' '||line[4]=='\t') + && !strncmp (p, "ifset", 5) + && (p[5]==' '||p[5]=='\t'||!p[5])) + { + if (in_verbatim && ifset_nesting == in_verbatim) + in_verbatim = 0; + if (in_gpgone && ifset_nesting == in_gpgone) + in_gpgone = 0; + + if (ifset_nesting) + ifset_nesting--; + else + err ("%s:%d: unbalanced \"@end ifset\"", fname, lnr); + continue; + } + else if (n == 8 && !memcmp (line, "@ifclear", 8) + && (line[8]==' '||line[8]=='\t')) + { + ifclear_nesting++; + + if (!strncmp (p, "gpgone", 6) + && (p[6]==' '||p[6]=='\t'||!p[6])) + { + if (not_in_gpgone) + err ("%s:%d: nested \"@ifclear gpgone\"", fname, lnr); + else + not_in_gpgone = ifclear_nesting; + } + + else if (!strncmp (p, "isman", 5) + && (p[5]==' '||p[5]=='\t'||!p[5])) + { + if (not_in_man) + err ("%s:%d: nested \"@ifclear isman\"", fname, lnr); + else + not_in_man = ifclear_nesting; + } + + continue; + } + else if (n == 4 && !memcmp (line, "@end", 4) + && (line[4]==' '||line[4]=='\t') + && !strncmp (p, "ifclear", 7) + && (p[7]==' '||p[7]=='\t'||!p[7])) + { + if (not_in_gpgone && ifclear_nesting == not_in_gpgone) + not_in_gpgone = 0; + if (not_in_man && ifclear_nesting == not_in_man) + not_in_man = 0; + + if (ifclear_nesting) + ifclear_nesting--; + else + err ("%s:%d: unbalanced \"@end ifclear\"", fname, lnr); + continue; + } + } + + /* Take action on ifset/ifclear. */ + if ( (in_gpgone && !gpgone_defined) + || (not_in_gpgone && gpgone_defined) + || not_in_man) + continue; + + /* Process commands. */ + if (*line == '@') + { + if (skip_to_end + && n == 4 && !memcmp (line, "@end", 4) + && (line[4]==' '||line[4]=='\t'||!line[4])) + { + skip_to_end = 0; + } + else if (in_verbatim) + { + got_line = 1; + } + else if (n == 6 && !memcmp (line, "@macro", 6)) + { + macroname = xstrdup (p); + macrovalue = xmalloc ((macrovaluesize = 1024)); + macrovalueused = 0; + } + else if (n == 8 && !memcmp (line, "@manpage", 8)) + { + free (*section_name); + *section_name = NULL; + finish_page (); + start_page (p); + in_pause = 0; + } + else if (n == 8 && !memcmp (line, "@mansect", 8)) + { + if (!thepage.name) + err ("%s:%d: section outside of a man page", fname, lnr); + else + { + free (*section_name); + *section_name = ascii_strupr (xstrdup (p)); + in_pause = 0; + skip_sect_line = 1; + } + } + else if (n == 9 && !memcmp (line, "@manpause", 9)) + { + if (!*section_name) + err ("%s:%d: pausing outside of a man section", fname, lnr); + else if (in_pause) + err ("%s:%d: already pausing", fname, lnr); + else + in_pause = 1; + } + else if (n == 8 && !memcmp (line, "@mancont", 8)) + { + if (!*section_name) + err ("%s:%d: continue outside of a man section", fname, lnr); + else if (!in_pause) + err ("%s:%d: continue while not pausing", fname, lnr); + else + in_pause = 0; + } + else if (n == 5 && !memcmp (line, "@menu", 5) + && (line[5]==' '||line[5]=='\t'||!line[5])) + { + skip_to_end = 1; + } + else if (n == 8 && !memcmp (line, "@include", 8) + && (line[8]==' '||line[8]=='\t'||!line[8])) + { + char *incname = xstrdup (p); + FILE *incfp = fopen (incname, "r"); + + if (!incfp && opt_include && *opt_include && *p != '/') + { + free (incname); + incname = xmalloc (strlen (opt_include) + 1 + + strlen (p) + 1); + strcpy (incname, opt_include); + if ( incname[strlen (incname)-1] != '/' ) + strcat (incname, "/"); + strcat (incname, p); + incfp = fopen (incname, "r"); + } + + if (!incfp) + err ("can't open include file `%s':%s", + incname, strerror (errno)); + else + { + parse_file (incname, incfp, section_name, in_pause); + fclose (incfp); + } + free (incname); + } + else if (n == 4 && !memcmp (line, "@bye", 4) + && (line[4]==' '||line[4]=='\t'||!line[4])) + { + break; + } + else if (!skip_to_end) + got_line = 1; + } + else if (!skip_to_end) + got_line = 1; + + if (got_line && in_verbatim) + add_content (*section_name, line, 1); + else if (got_line && thepage.name && *section_name && !in_pause) + add_content (*section_name, line, 0); + + } + if (ferror (fp)) + err ("%s:%d: read error: %s", fname, lnr, strerror (errno)); + free (macroname); + free (macrovalue); + free (line); +} + + +static void +top_parse_file (const char *fname, FILE *fp) +{ + char *section_name = NULL; /* Name of the current section or NULL + if not in a section. */ + while (macrolist) + { + macro_t next = macrolist->next; + free (macrolist->value); + free (macrolist); + macrolist = next; + } + + parse_file (fname, fp, §ion_name, 0); + free (section_name); + finish_page (); +} + + +int +main (int argc, char **argv) +{ + int last_argc = -1; + + opt_source = "GNU"; + opt_release = ""; + + if (argc) + { + argc--; argv++; + } + while (argc && last_argc != argc ) + { + last_argc = argc; + if (!strcmp (*argv, "--")) + { + argc--; argv++; + break; + } + else if (!strcmp (*argv, "--help")) + { + puts ( + "Usage: " PGM " [OPTION] [FILE]\n" + "Extract man pages from a Texinfo source.\n\n" + " --source NAME use NAME as source field\n" + " --release STRING use STRING as the release field\n" + " --store write output using @manpage name\n" + " --select NAME only output pages with @manpage NAME\n" + " --verbose enable extra informational output\n" + " --debug enable additional debug output\n" + " --help display this help and exit\n" + " -I DIR also search in include DIR\n" + " -D gpgone the only useable define\n\n" + "With no FILE, or when FILE is -, read standard input.\n\n" + "Report bugs to <bugs@g10code.com>."); + exit (0); + } + else if (!strcmp (*argv, "--version")) + { + puts (PGM " " VERSION "\n" + "Copyright (C) 2005 g10 Code GmbH\n" + "This program comes with ABSOLUTELY NO WARRANTY.\n" + "This is free software, and you are welcome to redistribute it\n" + "under certain conditions. See the file COPYING for details."); + exit (0); + } + else if (!strcmp (*argv, "--verbose")) + { + verbose = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--quiet")) + { + quiet = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--debug")) + { + verbose = debug = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--source")) + { + argc--; argv++; + if (argc) + { + opt_source = *argv; + argc--; argv++; + } + } + else if (!strcmp (*argv, "--release")) + { + argc--; argv++; + if (argc) + { + opt_release = *argv; + argc--; argv++; + } + } + else if (!strcmp (*argv, "--store")) + { + opt_store = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--select")) + { + argc--; argv++; + if (argc) + { + opt_select = strrchr (*argv, '/'); + if (opt_select) + opt_select++; + else + opt_select = *argv; + argc--; argv++; + } + } + else if (!strcmp (*argv, "-I")) + { + argc--; argv++; + if (argc) + { + opt_include = *argv; + argc--; argv++; + } + } + else if (!strcmp (*argv, "-D")) + { + argc--; argv++; + if (argc) + { + if (!strcmp (*argv, "gpgone")) + gpgone_defined = 1; + argc--; argv++; + } + } + } + + if (argc > 1) + die ("usage: " PGM " [OPTION] [FILE] (try --help for more information)\n"); + + /* Start processing. */ + if (argc && strcmp (*argv, "-")) + { + FILE *fp = fopen (*argv, "rb"); + if (!fp) + die ("%s:0: can't open file: %s", *argv, strerror (errno)); + top_parse_file (*argv, fp); + fclose (fp); + } + else + top_parse_file ("-", stdin); + + return !!any_error; +} + + +/* +Local Variables: +compile-command: "gcc -Wall -g -Wall -o yat2m yat2m.c" +End: +*/ |